From sle-updates at lists.suse.com Tue Nov 1 02:18:56 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 1 Nov 2022 03:18:56 +0100 (CET) Subject: SUSE-RU-2022:3821-1: moderate: Recommended update for adcli Message-ID: <20221101021856.B1595F78D@maintenance.suse.de> SUSE Recommended Update: Recommended update for adcli ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:3821-1 Rating: moderate References: #1202647 Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Storage 7.1 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for adcli fixes the following issues: - Remove errx() calls on error conditions to execute the cleanup function and delete the krb5 snippets created in /tmp (bsc#1202647) - Set umask before calling mkdtemp (bsc#1202647) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-3821=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-3821=1 Package List: - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): adcli-0.8.2-150200.9.9.1 adcli-debuginfo-0.8.2-150200.9.9.1 adcli-debugsource-0.8.2-150200.9.9.1 adcli-doc-0.8.2-150200.9.9.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): adcli-0.8.2-150200.9.9.1 adcli-debuginfo-0.8.2-150200.9.9.1 adcli-debugsource-0.8.2-150200.9.9.1 adcli-doc-0.8.2-150200.9.9.1 References: https://bugzilla.suse.com/1202647 From sle-updates at lists.suse.com Tue Nov 1 02:19:32 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 1 Nov 2022 03:19:32 +0100 (CET) Subject: SUSE-RU-2022:3822-1: moderate: Recommended update for adcli Message-ID: <20221101021932.30788F78D@maintenance.suse.de> SUSE Recommended Update: Recommended update for adcli ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:3822-1 Rating: moderate References: #1202647 Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for adcli fixes the following issues: - Remove errx() calls on error conditions to execute the cleanup function and delete the krb5 snippets created in /tmp (bsc#1202647) - Set umask before calling mkdtemp (bsc#1202647) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-3822=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-3822=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): adcli-0.8.2-150400.17.3.1 adcli-debuginfo-0.8.2-150400.17.3.1 adcli-debugsource-0.8.2-150400.17.3.1 adcli-doc-0.8.2-150400.17.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): adcli-0.8.2-150400.17.3.1 adcli-debuginfo-0.8.2-150400.17.3.1 adcli-debugsource-0.8.2-150400.17.3.1 adcli-doc-0.8.2-150400.17.3.1 References: https://bugzilla.suse.com/1202647 From sle-updates at lists.suse.com Tue Nov 1 08:29:45 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 1 Nov 2022 09:29:45 +0100 (CET) Subject: SUSE-CU-2022:2778-1: Recommended update of suse/sle-micro/5.3/toolbox Message-ID: <20221101082945.77B43F78D@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.3/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2778-1 Container Tags : suse/sle-micro/5.3/toolbox:11.1 , suse/sle-micro/5.3/toolbox:11.1-5.2.22 , suse/sle-micro/5.3/toolbox:latest Container Release : 5.2.22 Severity : moderate Type : recommended References : 1177578 ----------------------------------------------------------------- The container suse/sle-micro/5.3/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3812-1 Released: Mon Oct 31 09:44:26 2022 Summary: Recommended update for sudo Type: recommended Severity: moderate References: 1177578 This update for sudo fixes the following issues: - Removed redundant and confusing 'secure_path' settings in sudo-sudoers file (bsc#1177578). The following package changes have been done: - sudo-1.9.9-150400.4.3.1 updated From sle-updates at lists.suse.com Tue Nov 1 08:57:37 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 1 Nov 2022 09:57:37 +0100 (CET) Subject: SUSE-CU-2022:2779-1: Security update of suse/sles12sp4 Message-ID: <20221101085737.92175F78D@maintenance.suse.de> SUSE Container Update Advisory: suse/sles12sp4 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2779-1 Container Tags : suse/sles12sp4:26.522 , suse/sles12sp4:latest Container Release : 26.522 Severity : critical Type : security References : 1204690 CVE-2021-46848 ----------------------------------------------------------------- The container suse/sles12sp4 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3817-1 Released: Mon Oct 31 12:05:29 2022 Summary: Security update for libtasn1 Type: security Severity: critical References: 1204690,CVE-2021-46848 This update for libtasn1 fixes the following issues: - CVE-2021-46848: Fixed off-by-one array size check that affects asn1_encode_simple_der (bsc#1204690). The following package changes have been done: - base-container-licenses-3.0-1.322 updated - libtasn1-6-4.9-3.13.1 updated - libtasn1-4.9-3.13.1 updated From sle-updates at lists.suse.com Tue Nov 1 09:05:36 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 1 Nov 2022 10:05:36 +0100 (CET) Subject: SUSE-CU-2022:2780-1: Security update of suse/sles12sp5 Message-ID: <20221101090536.3E6DBF78D@maintenance.suse.de> SUSE Container Update Advisory: suse/sles12sp5 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2780-1 Container Tags : suse/sles12sp5:6.5.394 , suse/sles12sp5:latest Container Release : 6.5.394 Severity : critical Type : security References : 1204690 CVE-2021-46848 ----------------------------------------------------------------- The container suse/sles12sp5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3817-1 Released: Mon Oct 31 12:05:29 2022 Summary: Security update for libtasn1 Type: security Severity: critical References: 1204690,CVE-2021-46848 This update for libtasn1 fixes the following issues: - CVE-2021-46848: Fixed off-by-one array size check that affects asn1_encode_simple_der (bsc#1204690). The following package changes have been done: - libtasn1-6-4.9-3.13.1 updated - libtasn1-4.9-3.13.1 updated From sle-updates at lists.suse.com Tue Nov 1 09:20:55 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 1 Nov 2022 10:20:55 +0100 (CET) Subject: SUSE-CU-2022:2785-1: Security update of bci/dotnet-aspnet Message-ID: <20221101092055.1614CF78D@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-aspnet ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2785-1 Container Tags : bci/dotnet-aspnet:5.0 , bci/dotnet-aspnet:5.0-27.28 , bci/dotnet-aspnet:5.0.17 , bci/dotnet-aspnet:5.0.17-27.28 Container Release : 27.28 Severity : important Type : security References : 1194047 1203911 1204383 1204386 CVE-2022-32221 CVE-2022-42916 ----------------------------------------------------------------- The container bci/dotnet-aspnet was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3785-1 Released: Wed Oct 26 20:20:19 2022 Summary: Security update for curl Type: security Severity: important References: 1204383,1204386,CVE-2022-32221,CVE-2022-42916 This update for curl fixes the following issues: - CVE-2022-32221: Fixed POST following PUT confusion (bsc#1204383). - CVE-2022-42916: Fixed HSTS bypass via IDN (bsc#1204386). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3787-1 Released: Thu Oct 27 04:41:09 2022 Summary: Recommended update for permissions Type: recommended Severity: important References: 1194047,1203911 This update for permissions fixes the following issues: - Fix regression introduced by backport of security fix (bsc#1203911) - Add permissions for enlightenment helper on 32bit arches (bsc#1194047) The following package changes have been done: - libcurl4-7.79.1-150400.5.9.1 updated - permissions-20201225-150400.5.16.1 updated - container:sles15-image-15.0.0-27.14.8 updated From sle-updates at lists.suse.com Tue Nov 1 09:29:06 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 1 Nov 2022 10:29:06 +0100 (CET) Subject: SUSE-CU-2022:2792-1: Security update of bci/golang Message-ID: <20221101092906.4112DF78D@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2792-1 Container Tags : bci/golang:1.19 , bci/golang:1.19-18.13 , bci/golang:latest Container Release : 18.13 Severity : important Type : security References : 1194047 1203911 1204383 1204386 CVE-2022-32221 CVE-2022-42916 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3785-1 Released: Wed Oct 26 20:20:19 2022 Summary: Security update for curl Type: security Severity: important References: 1204383,1204386,CVE-2022-32221,CVE-2022-42916 This update for curl fixes the following issues: - CVE-2022-32221: Fixed POST following PUT confusion (bsc#1204383). - CVE-2022-42916: Fixed HSTS bypass via IDN (bsc#1204386). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3787-1 Released: Thu Oct 27 04:41:09 2022 Summary: Recommended update for permissions Type: recommended Severity: important References: 1194047,1203911 This update for permissions fixes the following issues: - Fix regression introduced by backport of security fix (bsc#1203911) - Add permissions for enlightenment helper on 32bit arches (bsc#1194047) The following package changes have been done: - libcurl4-7.79.1-150400.5.9.1 updated - permissions-20201225-150400.5.16.1 updated - container:sles15-image-15.0.0-27.14.8 updated From sle-updates at lists.suse.com Tue Nov 1 09:33:33 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 1 Nov 2022 10:33:33 +0100 (CET) Subject: SUSE-CU-2022:2794-1: Security update of bci/openjdk Message-ID: <20221101093333.F0BE2F78D@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2794-1 Container Tags : bci/openjdk:11 , bci/openjdk:11-32.12 , bci/openjdk:latest Container Release : 32.12 Severity : critical Type : security References : 1194047 1203911 1204383 1204386 1204690 CVE-2021-46848 CVE-2022-32221 CVE-2022-42916 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3784-1 Released: Wed Oct 26 18:03:28 2022 Summary: Security update for libtasn1 Type: security Severity: critical References: 1204690,CVE-2021-46848 This update for libtasn1 fixes the following issues: - CVE-2021-46848: Fixed off-by-one array size check that affects asn1_encode_simple_der (bsc#1204690) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3785-1 Released: Wed Oct 26 20:20:19 2022 Summary: Security update for curl Type: security Severity: important References: 1204383,1204386,CVE-2022-32221,CVE-2022-42916 This update for curl fixes the following issues: - CVE-2022-32221: Fixed POST following PUT confusion (bsc#1204383). - CVE-2022-42916: Fixed HSTS bypass via IDN (bsc#1204386). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3787-1 Released: Thu Oct 27 04:41:09 2022 Summary: Recommended update for permissions Type: recommended Severity: important References: 1194047,1203911 This update for permissions fixes the following issues: - Fix regression introduced by backport of security fix (bsc#1203911) - Add permissions for enlightenment helper on 32bit arches (bsc#1194047) The following package changes have been done: - libcurl4-7.79.1-150400.5.9.1 updated - permissions-20201225-150400.5.16.1 updated - libtasn1-6-4.13-150000.4.8.1 updated - libtasn1-4.13-150000.4.8.1 updated - container:sles15-image-15.0.0-27.14.8 updated From sle-updates at lists.suse.com Tue Nov 1 14:18:52 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 1 Nov 2022 15:18:52 +0100 (CET) Subject: SUSE-SU-2022:3835-1: moderate: Security update for nodejs10 Message-ID: <20221101141852.6A617FDB8@maintenance.suse.de> SUSE Security Update: Security update for nodejs10 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3835-1 Rating: moderate References: #1201325 #1203832 Cross-References: CVE-2022-32213 CVE-2022-35256 CVSS scores: CVE-2022-32213 (NVD) : 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N CVE-2022-32213 (SUSE): 6.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:H CVE-2022-35256 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N Affected Products: openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for nodejs10 fixes the following issues: - CVE-2022-35256: Fixed incorrect parsing of header fields (bsc#1203832). - CVE-2022-32213: Fixed bypass via obs-fold mechanic (bsc#1201325). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-3835=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-3835=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): nodejs10-10.24.1-150000.1.50.1 nodejs10-debuginfo-10.24.1-150000.1.50.1 nodejs10-debugsource-10.24.1-150000.1.50.1 nodejs10-devel-10.24.1-150000.1.50.1 npm10-10.24.1-150000.1.50.1 - openSUSE Leap 15.4 (noarch): nodejs10-docs-10.24.1-150000.1.50.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): nodejs10-10.24.1-150000.1.50.1 nodejs10-debuginfo-10.24.1-150000.1.50.1 nodejs10-debugsource-10.24.1-150000.1.50.1 nodejs10-devel-10.24.1-150000.1.50.1 npm10-10.24.1-150000.1.50.1 - openSUSE Leap 15.3 (noarch): nodejs10-docs-10.24.1-150000.1.50.1 References: https://www.suse.com/security/cve/CVE-2022-32213.html https://www.suse.com/security/cve/CVE-2022-35256.html https://bugzilla.suse.com/1201325 https://bugzilla.suse.com/1203832 From sle-updates at lists.suse.com Tue Nov 1 14:19:32 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 1 Nov 2022 15:19:32 +0100 (CET) Subject: SUSE-SU-2022:3823-1: important: Security update for hsqldb Message-ID: <20221101141932.DAA6DFDB8@maintenance.suse.de> SUSE Security Update: Security update for hsqldb ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3823-1 Rating: important References: #1204521 Cross-References: CVE-2022-41853 CVSS scores: CVE-2022-41853 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-41853 (SUSE): 8 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H Affected Products: openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for hsqldb fixes the following issues: - CVE-2022-41853: Fixed insufficient input sanitization (bsc#1204521). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-3823=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-3823=1 Package List: - openSUSE Leap 15.4 (noarch): hsqldb-2.3.3-150000.7.3.1 hsqldb-demo-2.3.3-150000.7.3.1 hsqldb-javadoc-2.3.3-150000.7.3.1 hsqldb-manual-2.3.3-150000.7.3.1 - openSUSE Leap 15.3 (noarch): hsqldb-2.3.3-150000.7.3.1 hsqldb-demo-2.3.3-150000.7.3.1 hsqldb-javadoc-2.3.3-150000.7.3.1 hsqldb-manual-2.3.3-150000.7.3.1 References: https://www.suse.com/security/cve/CVE-2022-41853.html https://bugzilla.suse.com/1204521 From sle-updates at lists.suse.com Tue Nov 1 14:20:09 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 1 Nov 2022 15:20:09 +0100 (CET) Subject: SUSE-SU-2022:3824-1: important: Security update for hdf5 Message-ID: <20221101142009.2BA1BFDD6@maintenance.suse.de> SUSE Security Update: Security update for hdf5 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3824-1 Rating: important References: #1093663 #1101475 #1101906 #1107069 #1111598 #1125882 #1167400 #1194366 #1194375 #1195212 #1195215 Cross-References: CVE-2018-11205 CVE-2018-13867 CVE-2018-14031 CVE-2018-16438 CVE-2018-17439 CVE-2019-8396 CVE-2020-10812 CVE-2021-45830 CVE-2021-45833 CVE-2021-46242 CVE-2021-46244 CVSS scores: CVE-2018-11205 (NVD) : 8.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H CVE-2018-11205 (SUSE): 5.1 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L CVE-2018-13867 (NVD) : 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2018-13867 (SUSE): 5.3 CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:L CVE-2018-14031 (NVD) : 8.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2018-14031 (SUSE): 4 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2018-16438 (NVD) : 8.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2018-16438 (SUSE): 2.8 CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L CVE-2018-17439 (NVD) : 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2018-17439 (SUSE): 6.3 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L CVE-2019-8396 (NVD) : 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2019-8396 (SUSE): 3.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2020-10812 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2020-10812 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2021-45830 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2021-45830 (SUSE): 5.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L CVE-2021-45833 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2021-45833 (SUSE): 4.5 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L CVE-2021-46242 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-46242 (SUSE): 5.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L CVE-2021-46244 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2021-46244 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L Affected Products: SUSE Linux Enterprise Module for HPC 12 ______________________________________________________________________________ An update that fixes 11 vulnerabilities is now available. Description: This update for hdf5 fixes the following issues: - CVE-2021-46244: Fixed division by zero leading to DoS (bsc#1195215). - CVE-2018-13867: Fixed out of bounds read in the function H5F__accum_read in H5Faccum.c (bsc#1101906). - CVE-2018-16438: Fixed out of bounds read in H5L_extern_query at H5Lexternal.c (bsc#1107069). - CVE-2020-10812: Fixed NULL pointer dereference (bsc#1167400). - CVE-2021-45830: Fixed heap buffer overflow vulnerability in H5F_addr_decode_len in /hdf5/src/H5Fint.c (bsc#1194375). - CVE-2019-8396: Fixed buffer overflow in function H5O__layout_encode in H5Olayout.c (bsc#1125882). - CVE-2018-11205: Fixed out of bounds read was discovered in H5VM_memcpyvv in H5VM.c (bsc#1093663). - CVE-2021-46242: Fixed heap-use-after free via the component H5AC_unpin_entry (bsc#1195212). - CVE-2021-45833: Fixed stack buffer overflow vulnerability (bsc#1194366). - CVE-2018-14031: Fixed heap-based buffer over-read in the function H5T_copy in H5T.c (bsc#1101475). - CVE-2018-17439: Fixed out of bounds read in the function H5F__accum_read in H5Faccum.c (bsc#1111598). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for HPC 12: zypper in -t patch SUSE-SLE-Module-HPC-12-2022-3824=1 Package List: - SUSE Linux Enterprise Module for HPC 12 (aarch64 x86_64): hdf5_1_10_8-gnu-hpc-1.10.8-3.15.1 hdf5_1_10_8-gnu-hpc-debuginfo-1.10.8-3.15.1 hdf5_1_10_8-gnu-hpc-debugsource-1.10.8-3.15.1 hdf5_1_10_8-gnu-hpc-devel-1.10.8-3.15.1 hdf5_1_10_8-gnu-hpc-devel-static-1.10.8-3.15.1 hdf5_1_10_8-gnu-hpc-module-1.10.8-3.15.1 hdf5_1_10_8-gnu-mvapich2-hpc-1.10.8-3.15.1 hdf5_1_10_8-gnu-mvapich2-hpc-debuginfo-1.10.8-3.15.1 hdf5_1_10_8-gnu-mvapich2-hpc-debugsource-1.10.8-3.15.1 hdf5_1_10_8-gnu-mvapich2-hpc-devel-1.10.8-3.15.1 hdf5_1_10_8-gnu-mvapich2-hpc-devel-static-1.10.8-3.15.1 hdf5_1_10_8-gnu-mvapich2-hpc-module-1.10.8-3.15.1 hdf5_1_10_8-gnu-openmpi1-hpc-1.10.8-3.15.1 hdf5_1_10_8-gnu-openmpi1-hpc-debuginfo-1.10.8-3.15.1 hdf5_1_10_8-gnu-openmpi1-hpc-debugsource-1.10.8-3.15.1 hdf5_1_10_8-gnu-openmpi1-hpc-devel-1.10.8-3.15.1 hdf5_1_10_8-gnu-openmpi1-hpc-devel-static-1.10.8-3.15.1 hdf5_1_10_8-gnu-openmpi1-hpc-module-1.10.8-3.15.1 libhdf5-gnu-hpc-1.10.8-3.15.1 libhdf5-gnu-mvapich2-hpc-1.10.8-3.15.1 libhdf5-gnu-openmpi1-hpc-1.10.8-3.15.1 libhdf5_1_10_8-gnu-hpc-1.10.8-3.15.1 libhdf5_1_10_8-gnu-hpc-debuginfo-1.10.8-3.15.1 libhdf5_1_10_8-gnu-mvapich2-hpc-1.10.8-3.15.1 libhdf5_1_10_8-gnu-mvapich2-hpc-debuginfo-1.10.8-3.15.1 libhdf5_1_10_8-gnu-openmpi1-hpc-1.10.8-3.15.1 libhdf5_1_10_8-gnu-openmpi1-hpc-debuginfo-1.10.8-3.15.1 libhdf5_cpp-gnu-hpc-1.10.8-3.15.1 libhdf5_cpp_1_10_8-gnu-hpc-1.10.8-3.15.1 libhdf5_cpp_1_10_8-gnu-hpc-debuginfo-1.10.8-3.15.1 libhdf5_fortran-gnu-hpc-1.10.8-3.15.1 libhdf5_fortran-gnu-mvapich2-hpc-1.10.8-3.15.1 libhdf5_fortran-gnu-openmpi1-hpc-1.10.8-3.15.1 libhdf5_fortran_1_10_8-gnu-hpc-1.10.8-3.15.1 libhdf5_fortran_1_10_8-gnu-hpc-debuginfo-1.10.8-3.15.1 libhdf5_fortran_1_10_8-gnu-mvapich2-hpc-1.10.8-3.15.1 libhdf5_fortran_1_10_8-gnu-mvapich2-hpc-debuginfo-1.10.8-3.15.1 libhdf5_fortran_1_10_8-gnu-openmpi1-hpc-1.10.8-3.15.1 libhdf5_fortran_1_10_8-gnu-openmpi1-hpc-debuginfo-1.10.8-3.15.1 libhdf5_hl-gnu-hpc-1.10.8-3.15.1 libhdf5_hl-gnu-mvapich2-hpc-1.10.8-3.15.1 libhdf5_hl-gnu-openmpi1-hpc-1.10.8-3.15.1 libhdf5_hl_1_10_8-gnu-hpc-1.10.8-3.15.1 libhdf5_hl_1_10_8-gnu-hpc-debuginfo-1.10.8-3.15.1 libhdf5_hl_1_10_8-gnu-mvapich2-hpc-1.10.8-3.15.1 libhdf5_hl_1_10_8-gnu-mvapich2-hpc-debuginfo-1.10.8-3.15.1 libhdf5_hl_1_10_8-gnu-openmpi1-hpc-1.10.8-3.15.1 libhdf5_hl_1_10_8-gnu-openmpi1-hpc-debuginfo-1.10.8-3.15.1 libhdf5_hl_cpp-gnu-hpc-1.10.8-3.15.1 libhdf5_hl_cpp_1_10_8-gnu-hpc-1.10.8-3.15.1 libhdf5_hl_cpp_1_10_8-gnu-hpc-debuginfo-1.10.8-3.15.1 libhdf5_hl_fortran-gnu-hpc-1.10.8-3.15.1 libhdf5_hl_fortran-gnu-mvapich2-hpc-1.10.8-3.15.1 libhdf5_hl_fortran-gnu-openmpi1-hpc-1.10.8-3.15.1 libhdf5hl_fortran_1_10_8-gnu-hpc-1.10.8-3.15.1 libhdf5hl_fortran_1_10_8-gnu-hpc-debuginfo-1.10.8-3.15.1 libhdf5hl_fortran_1_10_8-gnu-mvapich2-hpc-1.10.8-3.15.1 libhdf5hl_fortran_1_10_8-gnu-mvapich2-hpc-debuginfo-1.10.8-3.15.1 libhdf5hl_fortran_1_10_8-gnu-openmpi1-hpc-1.10.8-3.15.1 libhdf5hl_fortran_1_10_8-gnu-openmpi1-hpc-debuginfo-1.10.8-3.15.1 - SUSE Linux Enterprise Module for HPC 12 (noarch): hdf5-gnu-hpc-devel-1.10.8-3.15.1 hdf5-gnu-mvapich2-hpc-devel-1.10.8-3.15.1 hdf5-gnu-openmpi1-hpc-devel-1.10.8-3.15.1 References: https://www.suse.com/security/cve/CVE-2018-11205.html https://www.suse.com/security/cve/CVE-2018-13867.html https://www.suse.com/security/cve/CVE-2018-14031.html https://www.suse.com/security/cve/CVE-2018-16438.html https://www.suse.com/security/cve/CVE-2018-17439.html https://www.suse.com/security/cve/CVE-2019-8396.html https://www.suse.com/security/cve/CVE-2020-10812.html https://www.suse.com/security/cve/CVE-2021-45830.html https://www.suse.com/security/cve/CVE-2021-45833.html https://www.suse.com/security/cve/CVE-2021-46242.html https://www.suse.com/security/cve/CVE-2021-46244.html https://bugzilla.suse.com/1093663 https://bugzilla.suse.com/1101475 https://bugzilla.suse.com/1101906 https://bugzilla.suse.com/1107069 https://bugzilla.suse.com/1111598 https://bugzilla.suse.com/1125882 https://bugzilla.suse.com/1167400 https://bugzilla.suse.com/1194366 https://bugzilla.suse.com/1194375 https://bugzilla.suse.com/1195212 https://bugzilla.suse.com/1195215 From sle-updates at lists.suse.com Tue Nov 1 14:21:33 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 1 Nov 2022 15:21:33 +0100 (CET) Subject: SUSE-RU-2022:3838-1: Recommended update for release-notes-sle_hpc Message-ID: <20221101142133.EDB55FDD6@maintenance.suse.de> SUSE Recommended Update: Recommended update for release-notes-sle_hpc ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:3838-1 Rating: low References: #1188305 #933411 Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for release-notes-sle_hpc fixes the following issue: Update the release notes to version 15.200000000.20220831 (bsc#933411) - Removed mention of SUSE Enterprise Storage (bsc#1188305) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-3838=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-3838=1 Package List: - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (noarch): release-notes-sle_hpc-15.200000000.20220831-150200.3.12.5 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (noarch): release-notes-sle_hpc-15.200000000.20220831-150200.3.12.5 References: https://bugzilla.suse.com/1188305 https://bugzilla.suse.com/933411 From sle-updates at lists.suse.com Tue Nov 1 14:22:16 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 1 Nov 2022 15:22:16 +0100 (CET) Subject: SUSE-SU-2022:3826-1: important: Security update for hdf5 Message-ID: <20221101142216.642C9FDD6@maintenance.suse.de> SUSE Security Update: Security update for hdf5 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3826-1 Rating: important References: #1093663 #1101475 #1101906 #1107069 #1111598 #1125882 #1167400 #1194366 #1194375 #1195212 #1195215 Cross-References: CVE-2018-11205 CVE-2018-13867 CVE-2018-14031 CVE-2018-16438 CVE-2018-17439 CVE-2019-8396 CVE-2020-10812 CVE-2021-45830 CVE-2021-45833 CVE-2021-46242 CVE-2021-46244 CVSS scores: CVE-2018-11205 (NVD) : 8.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H CVE-2018-11205 (SUSE): 5.1 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L CVE-2018-13867 (NVD) : 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2018-13867 (SUSE): 5.3 CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:L CVE-2018-14031 (NVD) : 8.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2018-14031 (SUSE): 4 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2018-16438 (NVD) : 8.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2018-16438 (SUSE): 2.8 CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L CVE-2018-17439 (NVD) : 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2018-17439 (SUSE): 6.3 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L CVE-2019-8396 (NVD) : 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2019-8396 (SUSE): 3.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2020-10812 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2020-10812 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2021-45830 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2021-45830 (SUSE): 5.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L CVE-2021-45833 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2021-45833 (SUSE): 4.5 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L CVE-2021-46242 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-46242 (SUSE): 5.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L CVE-2021-46244 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2021-46244 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS ______________________________________________________________________________ An update that fixes 11 vulnerabilities is now available. Description: This update for hdf5 fixes the following issues: - CVE-2021-46244: Fixed division by zero leading to DoS (bsc#1195215). - CVE-2018-13867: Fixed out of bounds read in the function H5F__accum_read in H5Faccum.c (bsc#1101906). - CVE-2018-16438: Fixed out of bounds read in H5L_extern_query at H5Lexternal.c (bsc#1107069). - CVE-2020-10812: Fixed NULL pointer dereference (bsc#1167400). - CVE-2021-45830: Fixed heap buffer overflow vulnerability in H5F_addr_decode_len in /hdf5/src/H5Fint.c (bsc#1194375). - CVE-2019-8396: Fixed buffer overflow in function H5O__layout_encode in H5Olayout.c (bsc#1125882). - CVE-2018-11205: Fixed out of bounds read was discovered in H5VM_memcpyvv in H5VM.c (bsc#1093663). - CVE-2021-46242: Fixed heap-use-after free via the component H5AC_unpin_entry (bsc#1195212). - CVE-2021-45833: Fixed stack buffer overflow vulnerability (bsc#1194366). - CVE-2018-14031: Fixed heap-based buffer over-read in the function H5T_copy in H5T.c (bsc#1101475). - CVE-2018-17439: Fixed out of bounds read in the function H5F__accum_read in H5Faccum.c (bsc#1111598). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-3826=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-3826=1 Package List: - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): hdf5_1_10_8-gnu-hpc-1.10.8-150200.8.7.1 hdf5_1_10_8-gnu-hpc-debuginfo-1.10.8-150200.8.7.1 hdf5_1_10_8-gnu-hpc-debugsource-1.10.8-150200.8.7.1 hdf5_1_10_8-gnu-hpc-devel-1.10.8-150200.8.7.1 hdf5_1_10_8-gnu-hpc-devel-static-1.10.8-150200.8.7.1 hdf5_1_10_8-gnu-hpc-module-1.10.8-150200.8.7.1 hdf5_1_10_8-gnu-mpich-hpc-1.10.8-150200.8.7.1 hdf5_1_10_8-gnu-mpich-hpc-debuginfo-1.10.8-150200.8.7.1 hdf5_1_10_8-gnu-mpich-hpc-debugsource-1.10.8-150200.8.7.1 hdf5_1_10_8-gnu-mpich-hpc-devel-1.10.8-150200.8.7.1 hdf5_1_10_8-gnu-mpich-hpc-devel-static-1.10.8-150200.8.7.1 hdf5_1_10_8-gnu-mpich-hpc-module-1.10.8-150200.8.7.1 hdf5_1_10_8-gnu-mvapich2-hpc-1.10.8-150200.8.7.1 hdf5_1_10_8-gnu-mvapich2-hpc-debuginfo-1.10.8-150200.8.7.1 hdf5_1_10_8-gnu-mvapich2-hpc-debugsource-1.10.8-150200.8.7.1 hdf5_1_10_8-gnu-mvapich2-hpc-devel-1.10.8-150200.8.7.1 hdf5_1_10_8-gnu-mvapich2-hpc-devel-static-1.10.8-150200.8.7.1 hdf5_1_10_8-gnu-mvapich2-hpc-module-1.10.8-150200.8.7.1 hdf5_1_10_8-gnu-openmpi2-hpc-1.10.8-150200.8.7.1 hdf5_1_10_8-gnu-openmpi2-hpc-debuginfo-1.10.8-150200.8.7.1 hdf5_1_10_8-gnu-openmpi2-hpc-debugsource-1.10.8-150200.8.7.1 hdf5_1_10_8-gnu-openmpi2-hpc-devel-1.10.8-150200.8.7.1 hdf5_1_10_8-gnu-openmpi2-hpc-devel-static-1.10.8-150200.8.7.1 hdf5_1_10_8-gnu-openmpi2-hpc-module-1.10.8-150200.8.7.1 hdf5_1_10_8-gnu-openmpi3-hpc-1.10.8-150200.8.7.1 hdf5_1_10_8-gnu-openmpi3-hpc-debuginfo-1.10.8-150200.8.7.1 hdf5_1_10_8-gnu-openmpi3-hpc-debugsource-1.10.8-150200.8.7.1 hdf5_1_10_8-gnu-openmpi3-hpc-devel-1.10.8-150200.8.7.1 hdf5_1_10_8-gnu-openmpi3-hpc-devel-static-1.10.8-150200.8.7.1 hdf5_1_10_8-gnu-openmpi3-hpc-module-1.10.8-150200.8.7.1 hdf5_1_10_8-hpc-examples-1.10.8-150200.8.7.1 libhdf5-gnu-hpc-1.10.8-150200.8.7.1 libhdf5-gnu-mpich-hpc-1.10.8-150200.8.7.1 libhdf5-gnu-mvapich2-hpc-1.10.8-150200.8.7.1 libhdf5-gnu-openmpi2-hpc-1.10.8-150200.8.7.1 libhdf5-gnu-openmpi3-hpc-1.10.8-150200.8.7.1 libhdf5_1_10_8-gnu-hpc-1.10.8-150200.8.7.1 libhdf5_1_10_8-gnu-hpc-debuginfo-1.10.8-150200.8.7.1 libhdf5_1_10_8-gnu-mpich-hpc-1.10.8-150200.8.7.1 libhdf5_1_10_8-gnu-mpich-hpc-debuginfo-1.10.8-150200.8.7.1 libhdf5_1_10_8-gnu-mvapich2-hpc-1.10.8-150200.8.7.1 libhdf5_1_10_8-gnu-mvapich2-hpc-debuginfo-1.10.8-150200.8.7.1 libhdf5_1_10_8-gnu-openmpi2-hpc-1.10.8-150200.8.7.1 libhdf5_1_10_8-gnu-openmpi2-hpc-debuginfo-1.10.8-150200.8.7.1 libhdf5_1_10_8-gnu-openmpi3-hpc-1.10.8-150200.8.7.1 libhdf5_1_10_8-gnu-openmpi3-hpc-debuginfo-1.10.8-150200.8.7.1 libhdf5_cpp-gnu-hpc-1.10.8-150200.8.7.1 libhdf5_cpp-gnu-mpich-hpc-1.10.8-150200.8.7.1 libhdf5_cpp-gnu-mvapich2-hpc-1.10.8-150200.8.7.1 libhdf5_cpp-gnu-openmpi2-hpc-1.10.8-150200.8.7.1 libhdf5_cpp-gnu-openmpi3-hpc-1.10.8-150200.8.7.1 libhdf5_cpp_1_10_8-gnu-hpc-1.10.8-150200.8.7.1 libhdf5_cpp_1_10_8-gnu-hpc-debuginfo-1.10.8-150200.8.7.1 libhdf5_cpp_1_10_8-gnu-mpich-hpc-1.10.8-150200.8.7.1 libhdf5_cpp_1_10_8-gnu-mpich-hpc-debuginfo-1.10.8-150200.8.7.1 libhdf5_cpp_1_10_8-gnu-mvapich2-hpc-1.10.8-150200.8.7.1 libhdf5_cpp_1_10_8-gnu-mvapich2-hpc-debuginfo-1.10.8-150200.8.7.1 libhdf5_cpp_1_10_8-gnu-openmpi2-hpc-1.10.8-150200.8.7.1 libhdf5_cpp_1_10_8-gnu-openmpi2-hpc-debuginfo-1.10.8-150200.8.7.1 libhdf5_cpp_1_10_8-gnu-openmpi3-hpc-1.10.8-150200.8.7.1 libhdf5_cpp_1_10_8-gnu-openmpi3-hpc-debuginfo-1.10.8-150200.8.7.1 libhdf5_fortran-gnu-hpc-1.10.8-150200.8.7.1 libhdf5_fortran-gnu-mpich-hpc-1.10.8-150200.8.7.1 libhdf5_fortran-gnu-mvapich2-hpc-1.10.8-150200.8.7.1 libhdf5_fortran-gnu-openmpi2-hpc-1.10.8-150200.8.7.1 libhdf5_fortran-gnu-openmpi3-hpc-1.10.8-150200.8.7.1 libhdf5_fortran_1_10_8-gnu-hpc-1.10.8-150200.8.7.1 libhdf5_fortran_1_10_8-gnu-hpc-debuginfo-1.10.8-150200.8.7.1 libhdf5_fortran_1_10_8-gnu-mpich-hpc-1.10.8-150200.8.7.1 libhdf5_fortran_1_10_8-gnu-mpich-hpc-debuginfo-1.10.8-150200.8.7.1 libhdf5_fortran_1_10_8-gnu-mvapich2-hpc-1.10.8-150200.8.7.1 libhdf5_fortran_1_10_8-gnu-mvapich2-hpc-debuginfo-1.10.8-150200.8.7.1 libhdf5_fortran_1_10_8-gnu-openmpi2-hpc-1.10.8-150200.8.7.1 libhdf5_fortran_1_10_8-gnu-openmpi2-hpc-debuginfo-1.10.8-150200.8.7.1 libhdf5_fortran_1_10_8-gnu-openmpi3-hpc-1.10.8-150200.8.7.1 libhdf5_fortran_1_10_8-gnu-openmpi3-hpc-debuginfo-1.10.8-150200.8.7.1 libhdf5_hl-gnu-hpc-1.10.8-150200.8.7.1 libhdf5_hl-gnu-mpich-hpc-1.10.8-150200.8.7.1 libhdf5_hl-gnu-mvapich2-hpc-1.10.8-150200.8.7.1 libhdf5_hl-gnu-openmpi2-hpc-1.10.8-150200.8.7.1 libhdf5_hl-gnu-openmpi3-hpc-1.10.8-150200.8.7.1 libhdf5_hl_1_10_8-gnu-hpc-1.10.8-150200.8.7.1 libhdf5_hl_1_10_8-gnu-hpc-debuginfo-1.10.8-150200.8.7.1 libhdf5_hl_1_10_8-gnu-mpich-hpc-1.10.8-150200.8.7.1 libhdf5_hl_1_10_8-gnu-mpich-hpc-debuginfo-1.10.8-150200.8.7.1 libhdf5_hl_1_10_8-gnu-mvapich2-hpc-1.10.8-150200.8.7.1 libhdf5_hl_1_10_8-gnu-mvapich2-hpc-debuginfo-1.10.8-150200.8.7.1 libhdf5_hl_1_10_8-gnu-openmpi2-hpc-1.10.8-150200.8.7.1 libhdf5_hl_1_10_8-gnu-openmpi2-hpc-debuginfo-1.10.8-150200.8.7.1 libhdf5_hl_1_10_8-gnu-openmpi3-hpc-1.10.8-150200.8.7.1 libhdf5_hl_1_10_8-gnu-openmpi3-hpc-debuginfo-1.10.8-150200.8.7.1 libhdf5_hl_cpp-gnu-hpc-1.10.8-150200.8.7.1 libhdf5_hl_cpp-gnu-mpich-hpc-1.10.8-150200.8.7.1 libhdf5_hl_cpp-gnu-mvapich2-hpc-1.10.8-150200.8.7.1 libhdf5_hl_cpp-gnu-openmpi2-hpc-1.10.8-150200.8.7.1 libhdf5_hl_cpp-gnu-openmpi3-hpc-1.10.8-150200.8.7.1 libhdf5_hl_cpp_1_10_8-gnu-hpc-1.10.8-150200.8.7.1 libhdf5_hl_cpp_1_10_8-gnu-hpc-debuginfo-1.10.8-150200.8.7.1 libhdf5_hl_cpp_1_10_8-gnu-mpich-hpc-1.10.8-150200.8.7.1 libhdf5_hl_cpp_1_10_8-gnu-mpich-hpc-debuginfo-1.10.8-150200.8.7.1 libhdf5_hl_cpp_1_10_8-gnu-mvapich2-hpc-1.10.8-150200.8.7.1 libhdf5_hl_cpp_1_10_8-gnu-mvapich2-hpc-debuginfo-1.10.8-150200.8.7.1 libhdf5_hl_cpp_1_10_8-gnu-openmpi2-hpc-1.10.8-150200.8.7.1 libhdf5_hl_cpp_1_10_8-gnu-openmpi2-hpc-debuginfo-1.10.8-150200.8.7.1 libhdf5_hl_cpp_1_10_8-gnu-openmpi3-hpc-1.10.8-150200.8.7.1 libhdf5_hl_cpp_1_10_8-gnu-openmpi3-hpc-debuginfo-1.10.8-150200.8.7.1 libhdf5_hl_fortran-gnu-hpc-1.10.8-150200.8.7.1 libhdf5_hl_fortran-gnu-mpich-hpc-1.10.8-150200.8.7.1 libhdf5_hl_fortran-gnu-mvapich2-hpc-1.10.8-150200.8.7.1 libhdf5_hl_fortran-gnu-openmpi2-hpc-1.10.8-150200.8.7.1 libhdf5_hl_fortran-gnu-openmpi3-hpc-1.10.8-150200.8.7.1 libhdf5hl_fortran_1_10_8-gnu-hpc-1.10.8-150200.8.7.1 libhdf5hl_fortran_1_10_8-gnu-hpc-debuginfo-1.10.8-150200.8.7.1 libhdf5hl_fortran_1_10_8-gnu-mpich-hpc-1.10.8-150200.8.7.1 libhdf5hl_fortran_1_10_8-gnu-mpich-hpc-debuginfo-1.10.8-150200.8.7.1 libhdf5hl_fortran_1_10_8-gnu-mvapich2-hpc-1.10.8-150200.8.7.1 libhdf5hl_fortran_1_10_8-gnu-mvapich2-hpc-debuginfo-1.10.8-150200.8.7.1 libhdf5hl_fortran_1_10_8-gnu-openmpi2-hpc-1.10.8-150200.8.7.1 libhdf5hl_fortran_1_10_8-gnu-openmpi2-hpc-debuginfo-1.10.8-150200.8.7.1 libhdf5hl_fortran_1_10_8-gnu-openmpi3-hpc-1.10.8-150200.8.7.1 libhdf5hl_fortran_1_10_8-gnu-openmpi3-hpc-debuginfo-1.10.8-150200.8.7.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (noarch): hdf5-gnu-hpc-1.10.8-150200.8.7.1 hdf5-gnu-hpc-devel-1.10.8-150200.8.7.1 hdf5-gnu-mpich-hpc-1.10.8-150200.8.7.1 hdf5-gnu-mpich-hpc-devel-1.10.8-150200.8.7.1 hdf5-gnu-mvapich2-hpc-1.10.8-150200.8.7.1 hdf5-gnu-mvapich2-hpc-devel-1.10.8-150200.8.7.1 hdf5-gnu-openmpi2-hpc-1.10.8-150200.8.7.1 hdf5-gnu-openmpi2-hpc-devel-1.10.8-150200.8.7.1 hdf5-gnu-openmpi3-hpc-1.10.8-150200.8.7.1 hdf5-gnu-openmpi3-hpc-devel-1.10.8-150200.8.7.1 hdf5-hpc-examples-1.10.8-150200.8.7.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): hdf5_1_10_8-gnu-hpc-1.10.8-150200.8.7.1 hdf5_1_10_8-gnu-hpc-debuginfo-1.10.8-150200.8.7.1 hdf5_1_10_8-gnu-hpc-debugsource-1.10.8-150200.8.7.1 hdf5_1_10_8-gnu-hpc-devel-1.10.8-150200.8.7.1 hdf5_1_10_8-gnu-hpc-devel-static-1.10.8-150200.8.7.1 hdf5_1_10_8-gnu-hpc-module-1.10.8-150200.8.7.1 hdf5_1_10_8-gnu-mpich-hpc-1.10.8-150200.8.7.1 hdf5_1_10_8-gnu-mpich-hpc-debuginfo-1.10.8-150200.8.7.1 hdf5_1_10_8-gnu-mpich-hpc-debugsource-1.10.8-150200.8.7.1 hdf5_1_10_8-gnu-mpich-hpc-devel-1.10.8-150200.8.7.1 hdf5_1_10_8-gnu-mpich-hpc-devel-static-1.10.8-150200.8.7.1 hdf5_1_10_8-gnu-mpich-hpc-module-1.10.8-150200.8.7.1 hdf5_1_10_8-gnu-mvapich2-hpc-1.10.8-150200.8.7.1 hdf5_1_10_8-gnu-mvapich2-hpc-debuginfo-1.10.8-150200.8.7.1 hdf5_1_10_8-gnu-mvapich2-hpc-debugsource-1.10.8-150200.8.7.1 hdf5_1_10_8-gnu-mvapich2-hpc-devel-1.10.8-150200.8.7.1 hdf5_1_10_8-gnu-mvapich2-hpc-devel-static-1.10.8-150200.8.7.1 hdf5_1_10_8-gnu-mvapich2-hpc-module-1.10.8-150200.8.7.1 hdf5_1_10_8-gnu-openmpi2-hpc-1.10.8-150200.8.7.1 hdf5_1_10_8-gnu-openmpi2-hpc-debuginfo-1.10.8-150200.8.7.1 hdf5_1_10_8-gnu-openmpi2-hpc-debugsource-1.10.8-150200.8.7.1 hdf5_1_10_8-gnu-openmpi2-hpc-devel-1.10.8-150200.8.7.1 hdf5_1_10_8-gnu-openmpi2-hpc-devel-static-1.10.8-150200.8.7.1 hdf5_1_10_8-gnu-openmpi2-hpc-module-1.10.8-150200.8.7.1 hdf5_1_10_8-gnu-openmpi3-hpc-1.10.8-150200.8.7.1 hdf5_1_10_8-gnu-openmpi3-hpc-debuginfo-1.10.8-150200.8.7.1 hdf5_1_10_8-gnu-openmpi3-hpc-debugsource-1.10.8-150200.8.7.1 hdf5_1_10_8-gnu-openmpi3-hpc-devel-1.10.8-150200.8.7.1 hdf5_1_10_8-gnu-openmpi3-hpc-devel-static-1.10.8-150200.8.7.1 hdf5_1_10_8-gnu-openmpi3-hpc-module-1.10.8-150200.8.7.1 hdf5_1_10_8-hpc-examples-1.10.8-150200.8.7.1 libhdf5-gnu-hpc-1.10.8-150200.8.7.1 libhdf5-gnu-mpich-hpc-1.10.8-150200.8.7.1 libhdf5-gnu-mvapich2-hpc-1.10.8-150200.8.7.1 libhdf5-gnu-openmpi2-hpc-1.10.8-150200.8.7.1 libhdf5-gnu-openmpi3-hpc-1.10.8-150200.8.7.1 libhdf5_1_10_8-gnu-hpc-1.10.8-150200.8.7.1 libhdf5_1_10_8-gnu-hpc-debuginfo-1.10.8-150200.8.7.1 libhdf5_1_10_8-gnu-mpich-hpc-1.10.8-150200.8.7.1 libhdf5_1_10_8-gnu-mpich-hpc-debuginfo-1.10.8-150200.8.7.1 libhdf5_1_10_8-gnu-mvapich2-hpc-1.10.8-150200.8.7.1 libhdf5_1_10_8-gnu-mvapich2-hpc-debuginfo-1.10.8-150200.8.7.1 libhdf5_1_10_8-gnu-openmpi2-hpc-1.10.8-150200.8.7.1 libhdf5_1_10_8-gnu-openmpi2-hpc-debuginfo-1.10.8-150200.8.7.1 libhdf5_1_10_8-gnu-openmpi3-hpc-1.10.8-150200.8.7.1 libhdf5_1_10_8-gnu-openmpi3-hpc-debuginfo-1.10.8-150200.8.7.1 libhdf5_cpp-gnu-hpc-1.10.8-150200.8.7.1 libhdf5_cpp-gnu-mpich-hpc-1.10.8-150200.8.7.1 libhdf5_cpp-gnu-mvapich2-hpc-1.10.8-150200.8.7.1 libhdf5_cpp-gnu-openmpi2-hpc-1.10.8-150200.8.7.1 libhdf5_cpp-gnu-openmpi3-hpc-1.10.8-150200.8.7.1 libhdf5_cpp_1_10_8-gnu-hpc-1.10.8-150200.8.7.1 libhdf5_cpp_1_10_8-gnu-hpc-debuginfo-1.10.8-150200.8.7.1 libhdf5_cpp_1_10_8-gnu-mpich-hpc-1.10.8-150200.8.7.1 libhdf5_cpp_1_10_8-gnu-mpich-hpc-debuginfo-1.10.8-150200.8.7.1 libhdf5_cpp_1_10_8-gnu-mvapich2-hpc-1.10.8-150200.8.7.1 libhdf5_cpp_1_10_8-gnu-mvapich2-hpc-debuginfo-1.10.8-150200.8.7.1 libhdf5_cpp_1_10_8-gnu-openmpi2-hpc-1.10.8-150200.8.7.1 libhdf5_cpp_1_10_8-gnu-openmpi2-hpc-debuginfo-1.10.8-150200.8.7.1 libhdf5_cpp_1_10_8-gnu-openmpi3-hpc-1.10.8-150200.8.7.1 libhdf5_cpp_1_10_8-gnu-openmpi3-hpc-debuginfo-1.10.8-150200.8.7.1 libhdf5_fortran-gnu-hpc-1.10.8-150200.8.7.1 libhdf5_fortran-gnu-mpich-hpc-1.10.8-150200.8.7.1 libhdf5_fortran-gnu-mvapich2-hpc-1.10.8-150200.8.7.1 libhdf5_fortran-gnu-openmpi2-hpc-1.10.8-150200.8.7.1 libhdf5_fortran-gnu-openmpi3-hpc-1.10.8-150200.8.7.1 libhdf5_fortran_1_10_8-gnu-hpc-1.10.8-150200.8.7.1 libhdf5_fortran_1_10_8-gnu-hpc-debuginfo-1.10.8-150200.8.7.1 libhdf5_fortran_1_10_8-gnu-mpich-hpc-1.10.8-150200.8.7.1 libhdf5_fortran_1_10_8-gnu-mpich-hpc-debuginfo-1.10.8-150200.8.7.1 libhdf5_fortran_1_10_8-gnu-mvapich2-hpc-1.10.8-150200.8.7.1 libhdf5_fortran_1_10_8-gnu-mvapich2-hpc-debuginfo-1.10.8-150200.8.7.1 libhdf5_fortran_1_10_8-gnu-openmpi2-hpc-1.10.8-150200.8.7.1 libhdf5_fortran_1_10_8-gnu-openmpi2-hpc-debuginfo-1.10.8-150200.8.7.1 libhdf5_fortran_1_10_8-gnu-openmpi3-hpc-1.10.8-150200.8.7.1 libhdf5_fortran_1_10_8-gnu-openmpi3-hpc-debuginfo-1.10.8-150200.8.7.1 libhdf5_hl-gnu-hpc-1.10.8-150200.8.7.1 libhdf5_hl-gnu-mpich-hpc-1.10.8-150200.8.7.1 libhdf5_hl-gnu-mvapich2-hpc-1.10.8-150200.8.7.1 libhdf5_hl-gnu-openmpi2-hpc-1.10.8-150200.8.7.1 libhdf5_hl-gnu-openmpi3-hpc-1.10.8-150200.8.7.1 libhdf5_hl_1_10_8-gnu-hpc-1.10.8-150200.8.7.1 libhdf5_hl_1_10_8-gnu-hpc-debuginfo-1.10.8-150200.8.7.1 libhdf5_hl_1_10_8-gnu-mpich-hpc-1.10.8-150200.8.7.1 libhdf5_hl_1_10_8-gnu-mpich-hpc-debuginfo-1.10.8-150200.8.7.1 libhdf5_hl_1_10_8-gnu-mvapich2-hpc-1.10.8-150200.8.7.1 libhdf5_hl_1_10_8-gnu-mvapich2-hpc-debuginfo-1.10.8-150200.8.7.1 libhdf5_hl_1_10_8-gnu-openmpi2-hpc-1.10.8-150200.8.7.1 libhdf5_hl_1_10_8-gnu-openmpi2-hpc-debuginfo-1.10.8-150200.8.7.1 libhdf5_hl_1_10_8-gnu-openmpi3-hpc-1.10.8-150200.8.7.1 libhdf5_hl_1_10_8-gnu-openmpi3-hpc-debuginfo-1.10.8-150200.8.7.1 libhdf5_hl_cpp-gnu-hpc-1.10.8-150200.8.7.1 libhdf5_hl_cpp-gnu-mpich-hpc-1.10.8-150200.8.7.1 libhdf5_hl_cpp-gnu-mvapich2-hpc-1.10.8-150200.8.7.1 libhdf5_hl_cpp-gnu-openmpi2-hpc-1.10.8-150200.8.7.1 libhdf5_hl_cpp-gnu-openmpi3-hpc-1.10.8-150200.8.7.1 libhdf5_hl_cpp_1_10_8-gnu-hpc-1.10.8-150200.8.7.1 libhdf5_hl_cpp_1_10_8-gnu-hpc-debuginfo-1.10.8-150200.8.7.1 libhdf5_hl_cpp_1_10_8-gnu-mpich-hpc-1.10.8-150200.8.7.1 libhdf5_hl_cpp_1_10_8-gnu-mpich-hpc-debuginfo-1.10.8-150200.8.7.1 libhdf5_hl_cpp_1_10_8-gnu-mvapich2-hpc-1.10.8-150200.8.7.1 libhdf5_hl_cpp_1_10_8-gnu-mvapich2-hpc-debuginfo-1.10.8-150200.8.7.1 libhdf5_hl_cpp_1_10_8-gnu-openmpi2-hpc-1.10.8-150200.8.7.1 libhdf5_hl_cpp_1_10_8-gnu-openmpi2-hpc-debuginfo-1.10.8-150200.8.7.1 libhdf5_hl_cpp_1_10_8-gnu-openmpi3-hpc-1.10.8-150200.8.7.1 libhdf5_hl_cpp_1_10_8-gnu-openmpi3-hpc-debuginfo-1.10.8-150200.8.7.1 libhdf5_hl_fortran-gnu-hpc-1.10.8-150200.8.7.1 libhdf5_hl_fortran-gnu-mpich-hpc-1.10.8-150200.8.7.1 libhdf5_hl_fortran-gnu-mvapich2-hpc-1.10.8-150200.8.7.1 libhdf5_hl_fortran-gnu-openmpi2-hpc-1.10.8-150200.8.7.1 libhdf5_hl_fortran-gnu-openmpi3-hpc-1.10.8-150200.8.7.1 libhdf5hl_fortran_1_10_8-gnu-hpc-1.10.8-150200.8.7.1 libhdf5hl_fortran_1_10_8-gnu-hpc-debuginfo-1.10.8-150200.8.7.1 libhdf5hl_fortran_1_10_8-gnu-mpich-hpc-1.10.8-150200.8.7.1 libhdf5hl_fortran_1_10_8-gnu-mpich-hpc-debuginfo-1.10.8-150200.8.7.1 libhdf5hl_fortran_1_10_8-gnu-mvapich2-hpc-1.10.8-150200.8.7.1 libhdf5hl_fortran_1_10_8-gnu-mvapich2-hpc-debuginfo-1.10.8-150200.8.7.1 libhdf5hl_fortran_1_10_8-gnu-openmpi2-hpc-1.10.8-150200.8.7.1 libhdf5hl_fortran_1_10_8-gnu-openmpi2-hpc-debuginfo-1.10.8-150200.8.7.1 libhdf5hl_fortran_1_10_8-gnu-openmpi3-hpc-1.10.8-150200.8.7.1 libhdf5hl_fortran_1_10_8-gnu-openmpi3-hpc-debuginfo-1.10.8-150200.8.7.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (noarch): hdf5-gnu-hpc-1.10.8-150200.8.7.1 hdf5-gnu-hpc-devel-1.10.8-150200.8.7.1 hdf5-gnu-mpich-hpc-1.10.8-150200.8.7.1 hdf5-gnu-mpich-hpc-devel-1.10.8-150200.8.7.1 hdf5-gnu-mvapich2-hpc-1.10.8-150200.8.7.1 hdf5-gnu-mvapich2-hpc-devel-1.10.8-150200.8.7.1 hdf5-gnu-openmpi2-hpc-1.10.8-150200.8.7.1 hdf5-gnu-openmpi2-hpc-devel-1.10.8-150200.8.7.1 hdf5-gnu-openmpi3-hpc-1.10.8-150200.8.7.1 hdf5-gnu-openmpi3-hpc-devel-1.10.8-150200.8.7.1 hdf5-hpc-examples-1.10.8-150200.8.7.1 References: https://www.suse.com/security/cve/CVE-2018-11205.html https://www.suse.com/security/cve/CVE-2018-13867.html https://www.suse.com/security/cve/CVE-2018-14031.html https://www.suse.com/security/cve/CVE-2018-16438.html https://www.suse.com/security/cve/CVE-2018-17439.html https://www.suse.com/security/cve/CVE-2019-8396.html https://www.suse.com/security/cve/CVE-2020-10812.html https://www.suse.com/security/cve/CVE-2021-45830.html https://www.suse.com/security/cve/CVE-2021-45833.html https://www.suse.com/security/cve/CVE-2021-46242.html https://www.suse.com/security/cve/CVE-2021-46244.html https://bugzilla.suse.com/1093663 https://bugzilla.suse.com/1101475 https://bugzilla.suse.com/1101906 https://bugzilla.suse.com/1107069 https://bugzilla.suse.com/1111598 https://bugzilla.suse.com/1125882 https://bugzilla.suse.com/1167400 https://bugzilla.suse.com/1194366 https://bugzilla.suse.com/1194375 https://bugzilla.suse.com/1195212 https://bugzilla.suse.com/1195215 From sle-updates at lists.suse.com Tue Nov 1 14:23:40 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 1 Nov 2022 15:23:40 +0100 (CET) Subject: SUSE-SU-2022:3833-1: moderate: Security update for podofo Message-ID: <20221101142340.E249BFDD6@maintenance.suse.de> SUSE Security Update: Security update for podofo ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3833-1 Rating: moderate References: #1099719 Cross-References: CVE-2018-12983 CVSS scores: CVE-2018-12983 (NVD) : 7.8 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2018-12983 (SUSE): 6.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L Affected Products: openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for podofo fixes the following issues: - CVE-2018-12983: Fixed a stack overrun (bsc#1099719). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-3833=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-3833=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): libpodofo-devel-0.9.6-150300.3.6.1 libpodofo0_9_6-0.9.6-150300.3.6.1 libpodofo0_9_6-debuginfo-0.9.6-150300.3.6.1 podofo-0.9.6-150300.3.6.1 podofo-debuginfo-0.9.6-150300.3.6.1 podofo-debugsource-0.9.6-150300.3.6.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): libpodofo-devel-0.9.6-150300.3.6.1 libpodofo0_9_6-0.9.6-150300.3.6.1 libpodofo0_9_6-debuginfo-0.9.6-150300.3.6.1 podofo-0.9.6-150300.3.6.1 podofo-debuginfo-0.9.6-150300.3.6.1 podofo-debugsource-0.9.6-150300.3.6.1 References: https://www.suse.com/security/cve/CVE-2018-12983.html https://bugzilla.suse.com/1099719 From sle-updates at lists.suse.com Tue Nov 1 14:24:20 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 1 Nov 2022 15:24:20 +0100 (CET) Subject: SUSE-OU-2022:3831-1: moderate: Optional update for raspberrypi-firmware, raspberrypi-firmware-config, raspberrypi-firmware-dt, bcm43xx-firmware, u-boot, wireless-tools Message-ID: <20221101142420.12286FDD6@maintenance.suse.de> SUSE Optional Update: Optional update for raspberrypi-firmware, raspberrypi-firmware-config, raspberrypi-firmware-dt, bcm43xx-firmware, u-boot, wireless-tools ______________________________________________________________________________ Announcement ID: SUSE-OU-2022:3831-1 Rating: moderate References: #1199084 Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Storage 7.1 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 ______________________________________________________________________________ An update that has one optional fix can now be installed. Description: This optional update includes the packages below in SLE Micro 5.2 (bsc#1199084, jsc#SMO-106): - raspberrypi-firmware - raspberrypi-firmware-config - raspberrypi-firmware-dt - bcm43xx-firmware - u-boot-rpiarm64 - wireless-tools Patch Instructions: To install this SUSE Optional Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-3831=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-3831=1 - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-3831=1 Package List: - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): libiw-devel-30.pre9-150000.4.2.1 libiw30-30.pre9-150000.4.2.1 libiw30-debuginfo-30.pre9-150000.4.2.1 u-boot-tools-2021.01-150300.7.21.1 u-boot-tools-debuginfo-2021.01-150300.7.21.1 wireless-tools-30.pre9-150000.4.2.1 wireless-tools-debuginfo-30.pre9-150000.4.2.1 wireless-tools-debugsource-30.pre9-150000.4.2.1 - openSUSE Leap 15.3 (aarch64): u-boot-avnetultra96rev1-2021.01-150300.7.21.1 u-boot-avnetultra96rev1-doc-2021.01-150300.7.21.1 u-boot-bananapim64-2021.01-150300.7.21.1 u-boot-bananapim64-doc-2021.01-150300.7.21.1 u-boot-dragonboard410c-2021.01-150300.7.21.1 u-boot-dragonboard410c-doc-2021.01-150300.7.21.1 u-boot-dragonboard820c-2021.01-150300.7.21.1 u-boot-dragonboard820c-doc-2021.01-150300.7.21.1 u-boot-evb-rk3399-2021.01-150300.7.21.1 u-boot-evb-rk3399-doc-2021.01-150300.7.21.1 u-boot-firefly-rk3399-2021.01-150300.7.21.1 u-boot-firefly-rk3399-doc-2021.01-150300.7.21.1 u-boot-geekbox-2021.01-150300.7.21.1 u-boot-geekbox-doc-2021.01-150300.7.21.1 u-boot-hikey-2021.01-150300.7.21.1 u-boot-hikey-doc-2021.01-150300.7.21.1 u-boot-khadas-vim-2021.01-150300.7.21.1 u-boot-khadas-vim-doc-2021.01-150300.7.21.1 u-boot-khadas-vim2-2021.01-150300.7.21.1 u-boot-khadas-vim2-doc-2021.01-150300.7.21.1 u-boot-libretech-ac-2021.01-150300.7.21.1 u-boot-libretech-ac-doc-2021.01-150300.7.21.1 u-boot-libretech-cc-2021.01-150300.7.21.1 u-boot-libretech-cc-doc-2021.01-150300.7.21.1 u-boot-ls1012afrdmqspi-2021.01-150300.7.21.1 u-boot-ls1012afrdmqspi-doc-2021.01-150300.7.21.1 u-boot-mvebudb-88f3720-2021.01-150300.7.21.1 u-boot-mvebudb-88f3720-doc-2021.01-150300.7.21.1 u-boot-mvebudbarmada8k-2021.01-150300.7.21.1 u-boot-mvebudbarmada8k-doc-2021.01-150300.7.21.1 u-boot-mvebuespressobin-88f3720-2021.01-150300.7.21.1 u-boot-mvebuespressobin-88f3720-doc-2021.01-150300.7.21.1 u-boot-mvebumcbin-88f8040-2021.01-150300.7.21.1 u-boot-mvebumcbin-88f8040-doc-2021.01-150300.7.21.1 u-boot-nanopia64-2021.01-150300.7.21.1 u-boot-nanopia64-doc-2021.01-150300.7.21.1 u-boot-odroid-c2-2021.01-150300.7.21.1 u-boot-odroid-c2-doc-2021.01-150300.7.21.1 u-boot-odroid-c4-2021.01-150300.7.21.1 u-boot-odroid-c4-doc-2021.01-150300.7.21.1 u-boot-odroid-n2-2021.01-150300.7.21.1 u-boot-odroid-n2-doc-2021.01-150300.7.21.1 u-boot-orangepipc2-2021.01-150300.7.21.1 u-boot-orangepipc2-doc-2021.01-150300.7.21.1 u-boot-p2371-2180-2021.01-150300.7.21.1 u-boot-p2371-2180-doc-2021.01-150300.7.21.1 u-boot-p2771-0000-500-2021.01-150300.7.21.1 u-boot-p2771-0000-500-doc-2021.01-150300.7.21.1 u-boot-p3450-0000-2021.01-150300.7.21.1 u-boot-p3450-0000-doc-2021.01-150300.7.21.1 u-boot-pine64plus-2021.01-150300.7.21.1 u-boot-pine64plus-doc-2021.01-150300.7.21.1 u-boot-pinebook-2021.01-150300.7.21.1 u-boot-pinebook-doc-2021.01-150300.7.21.1 u-boot-pinebook-pro-rk3399-2021.01-150300.7.21.1 u-boot-pinebook-pro-rk3399-doc-2021.01-150300.7.21.1 u-boot-pineh64-2021.01-150300.7.21.1 u-boot-pineh64-doc-2021.01-150300.7.21.1 u-boot-pinephone-2021.01-150300.7.21.1 u-boot-pinephone-doc-2021.01-150300.7.21.1 u-boot-poplar-2021.01-150300.7.21.1 u-boot-poplar-doc-2021.01-150300.7.21.1 u-boot-rock-pi-4-rk3399-2021.01-150300.7.21.1 u-boot-rock-pi-4-rk3399-doc-2021.01-150300.7.21.1 u-boot-rock64-rk3328-2021.01-150300.7.21.1 u-boot-rock64-rk3328-doc-2021.01-150300.7.21.1 u-boot-rock960-rk3399-2021.01-150300.7.21.1 u-boot-rock960-rk3399-doc-2021.01-150300.7.21.1 u-boot-rockpro64-rk3399-2021.01-150300.7.21.1 u-boot-rockpro64-rk3399-doc-2021.01-150300.7.21.1 u-boot-rpi3-2021.01-150300.7.21.1 u-boot-rpi3-doc-2021.01-150300.7.21.1 u-boot-rpi4-2021.01-150300.7.21.1 u-boot-rpi4-doc-2021.01-150300.7.21.1 u-boot-rpiarm64-2021.01-150300.7.21.1 u-boot-rpiarm64-doc-2021.01-150300.7.21.1 u-boot-xilinxzynqmpvirt-2021.01-150300.7.21.1 u-boot-xilinxzynqmpvirt-doc-2021.01-150300.7.21.1 u-boot-xilinxzynqmpzcu102rev10-2021.01-150300.7.21.1 u-boot-xilinxzynqmpzcu102rev10-doc-2021.01-150300.7.21.1 - openSUSE Leap 15.3 (noarch): bcm43xx-firmware-20180314-150300.23.7.1 raspberrypi-firmware-2021.03.10-150300.4.2.1 raspberrypi-firmware-config-2021.03.10-150300.4.2.1 raspberrypi-firmware-dt-2021.03.15-150300.4.2.1 raspberrypi-firmware-extra-2021.03.10-150300.4.2.1 raspberrypi-firmware-extra-pi4-2021.03.10-150300.4.2.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): libiw-devel-30.pre9-150000.4.2.1 libiw30-30.pre9-150000.4.2.1 libiw30-debuginfo-30.pre9-150000.4.2.1 u-boot-tools-2021.01-150300.7.21.1 u-boot-tools-debuginfo-2021.01-150300.7.21.1 wireless-tools-30.pre9-150000.4.2.1 wireless-tools-debuginfo-30.pre9-150000.4.2.1 wireless-tools-debugsource-30.pre9-150000.4.2.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64): u-boot-rpiarm64-2021.01-150300.7.21.1 u-boot-rpiarm64-doc-2021.01-150300.7.21.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch): bcm43xx-firmware-20180314-150300.23.7.1 raspberrypi-firmware-2021.03.10-150300.4.2.1 raspberrypi-firmware-config-2021.03.10-150300.4.2.1 raspberrypi-firmware-dt-2021.03.15-150300.4.2.1 - SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64): libiw30-30.pre9-150000.4.2.1 libiw30-debuginfo-30.pre9-150000.4.2.1 wireless-tools-30.pre9-150000.4.2.1 wireless-tools-debuginfo-30.pre9-150000.4.2.1 wireless-tools-debugsource-30.pre9-150000.4.2.1 - SUSE Linux Enterprise Micro 5.2 (aarch64): u-boot-rpiarm64-2021.01-150300.7.21.1 - SUSE Linux Enterprise Micro 5.2 (noarch): bcm43xx-firmware-20180314-150300.23.7.1 raspberrypi-firmware-2021.03.10-150300.4.2.1 raspberrypi-firmware-config-2021.03.10-150300.4.2.1 raspberrypi-firmware-dt-2021.03.15-150300.4.2.1 References: https://bugzilla.suse.com/1199084 From sle-updates at lists.suse.com Tue Nov 1 14:24:58 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 1 Nov 2022 15:24:58 +0100 (CET) Subject: SUSE-SU-2022:3834-1: moderate: Security update for python-Flask-Security Message-ID: <20221101142458.2B2FFFDD6@maintenance.suse.de> SUSE Security Update: Security update for python-Flask-Security ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3834-1 Rating: moderate References: #1202105 Cross-References: CVE-2021-23385 CVSS scores: CVE-2021-23385 (NVD) : 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVE-2021-23385 (SUSE): 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N Affected Products: openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for python-Flask-Security fixes the following issues: - CVE-2021-23385: Fixed open redirect (bsc#1202105). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-3834=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-3834=1 Package List: - openSUSE Leap 15.4 (noarch): python3-Flask-Security-3.0.0-150100.4.3.1 - openSUSE Leap 15.3 (noarch): python2-Flask-Security-3.0.0-150100.4.3.1 python3-Flask-Security-3.0.0-150100.4.3.1 References: https://www.suse.com/security/cve/CVE-2021-23385.html https://bugzilla.suse.com/1202105 From sle-updates at lists.suse.com Tue Nov 1 14:25:34 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 1 Nov 2022 15:25:34 +0100 (CET) Subject: SUSE-SU-2022:3825-1: important: Security update for hdf5 Message-ID: <20221101142534.947C4FDD6@maintenance.suse.de> SUSE Security Update: Security update for hdf5 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3825-1 Rating: important References: #1093663 #1101475 #1101906 #1107069 #1111598 #1125882 #1167400 #1194366 #1194375 #1195212 #1195215 Cross-References: CVE-2018-11205 CVE-2018-13867 CVE-2018-14031 CVE-2018-16438 CVE-2018-17439 CVE-2019-8396 CVE-2020-10812 CVE-2021-45830 CVE-2021-45833 CVE-2021-46242 CVE-2021-46244 CVSS scores: CVE-2018-11205 (NVD) : 8.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H CVE-2018-11205 (SUSE): 5.1 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L CVE-2018-13867 (NVD) : 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2018-13867 (SUSE): 5.3 CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:L CVE-2018-14031 (NVD) : 8.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2018-14031 (SUSE): 4 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2018-16438 (NVD) : 8.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2018-16438 (SUSE): 2.8 CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L CVE-2018-17439 (NVD) : 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2018-17439 (SUSE): 6.3 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L CVE-2019-8396 (NVD) : 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2019-8396 (SUSE): 3.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2020-10812 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2020-10812 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2021-45830 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2021-45830 (SUSE): 5.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L CVE-2021-45833 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2021-45833 (SUSE): 4.5 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L CVE-2021-46242 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-46242 (SUSE): 5.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L CVE-2021-46244 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2021-46244 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for HPC 15-SP4 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 ______________________________________________________________________________ An update that fixes 11 vulnerabilities is now available. Description: This update for hdf5 fixes the following issues: - CVE-2021-46244: Fixed division by zero leading to DoS (bsc#1195215). - CVE-2018-13867: Fixed out of bounds read in the function H5F__accum_read in H5Faccum.c (bsc#1101906). - CVE-2018-16438: Fixed out of bounds read in H5L_extern_query at H5Lexternal.c (bsc#1107069). - CVE-2020-10812: Fixed NULL pointer dereference (bsc#1167400). - CVE-2021-45830: Fixed heap buffer overflow vulnerability in H5F_addr_decode_len in /hdf5/src/H5Fint.c (bsc#1194375). - CVE-2019-8396: Fixed buffer overflow in function H5O__layout_encode in H5Olayout.c (bsc#1125882). - CVE-2018-11205: Fixed out of bounds read was discovered in H5VM_memcpyvv in H5VM.c (bsc#1093663). - CVE-2021-46242: Fixed heap-use-after free via the component H5AC_unpin_entry (bsc#1195212). - CVE-2021-45833: Fixed stack buffer overflow vulnerability (bsc#1194366). - CVE-2018-14031: Fixed heap-based buffer over-read in the function H5T_copy in H5T.c (bsc#1101475). - CVE-2018-17439: Fixed out of bounds read in the function H5F__accum_read in H5Faccum.c (bsc#1111598). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2022-3825=1 - SUSE Linux Enterprise Module for HPC 15-SP4: zypper in -t patch SUSE-SLE-Module-HPC-15-SP4-2022-3825=1 Package List: - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 (ppc64le s390x): hdf5_1_10_8-gnu-hpc-debuginfo-1.10.8-150400.3.3.1 hdf5_1_10_8-gnu-hpc-debugsource-1.10.8-150400.3.3.1 hdf5_1_10_8-gnu-mpich-hpc-debuginfo-1.10.8-150400.3.3.1 hdf5_1_10_8-gnu-mpich-hpc-debugsource-1.10.8-150400.3.3.1 hdf5_1_10_8-gnu-mvapich2-hpc-debuginfo-1.10.8-150400.3.3.1 hdf5_1_10_8-gnu-mvapich2-hpc-debugsource-1.10.8-150400.3.3.1 hdf5_1_10_8-gnu-openmpi3-hpc-debuginfo-1.10.8-150400.3.3.1 hdf5_1_10_8-gnu-openmpi3-hpc-debugsource-1.10.8-150400.3.3.1 hdf5_1_10_8-gnu-openmpi4-hpc-debuginfo-1.10.8-150400.3.3.1 hdf5_1_10_8-gnu-openmpi4-hpc-debugsource-1.10.8-150400.3.3.1 libhdf5-gnu-hpc-1.10.8-150400.3.3.1 libhdf5-gnu-mpich-hpc-1.10.8-150400.3.3.1 libhdf5-gnu-mvapich2-hpc-1.10.8-150400.3.3.1 libhdf5-gnu-openmpi3-hpc-1.10.8-150400.3.3.1 libhdf5-gnu-openmpi4-hpc-1.10.8-150400.3.3.1 libhdf5_cpp-gnu-hpc-1.10.8-150400.3.3.1 libhdf5_cpp-gnu-mpich-hpc-1.10.8-150400.3.3.1 libhdf5_cpp-gnu-mvapich2-hpc-1.10.8-150400.3.3.1 libhdf5_cpp-gnu-openmpi3-hpc-1.10.8-150400.3.3.1 libhdf5_cpp-gnu-openmpi4-hpc-1.10.8-150400.3.3.1 libhdf5_fortran-gnu-hpc-1.10.8-150400.3.3.1 libhdf5_fortran-gnu-mpich-hpc-1.10.8-150400.3.3.1 libhdf5_fortran-gnu-mvapich2-hpc-1.10.8-150400.3.3.1 libhdf5_fortran-gnu-openmpi3-hpc-1.10.8-150400.3.3.1 libhdf5_fortran-gnu-openmpi4-hpc-1.10.8-150400.3.3.1 libhdf5_hl-gnu-hpc-1.10.8-150400.3.3.1 libhdf5_hl-gnu-mpich-hpc-1.10.8-150400.3.3.1 libhdf5_hl-gnu-mvapich2-hpc-1.10.8-150400.3.3.1 libhdf5_hl-gnu-openmpi3-hpc-1.10.8-150400.3.3.1 libhdf5_hl-gnu-openmpi4-hpc-1.10.8-150400.3.3.1 libhdf5_hl_cpp-gnu-hpc-1.10.8-150400.3.3.1 libhdf5_hl_cpp-gnu-mpich-hpc-1.10.8-150400.3.3.1 libhdf5_hl_cpp-gnu-mvapich2-hpc-1.10.8-150400.3.3.1 libhdf5_hl_cpp-gnu-openmpi3-hpc-1.10.8-150400.3.3.1 libhdf5_hl_cpp-gnu-openmpi4-hpc-1.10.8-150400.3.3.1 libhdf5_hl_fortran-gnu-hpc-1.10.8-150400.3.3.1 libhdf5_hl_fortran-gnu-mpich-hpc-1.10.8-150400.3.3.1 libhdf5_hl_fortran-gnu-mvapich2-hpc-1.10.8-150400.3.3.1 libhdf5_hl_fortran-gnu-openmpi3-hpc-1.10.8-150400.3.3.1 libhdf5_hl_fortran-gnu-openmpi4-hpc-1.10.8-150400.3.3.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 (noarch): hdf5-gnu-hpc-1.10.8-150400.3.3.1 hdf5-gnu-hpc-devel-1.10.8-150400.3.3.1 hdf5-gnu-mpich-hpc-1.10.8-150400.3.3.1 hdf5-gnu-mpich-hpc-devel-1.10.8-150400.3.3.1 hdf5-gnu-mvapich2-hpc-1.10.8-150400.3.3.1 hdf5-gnu-mvapich2-hpc-devel-1.10.8-150400.3.3.1 hdf5-gnu-openmpi3-hpc-1.10.8-150400.3.3.1 hdf5-gnu-openmpi3-hpc-devel-1.10.8-150400.3.3.1 hdf5-gnu-openmpi4-hpc-1.10.8-150400.3.3.1 hdf5-gnu-openmpi4-hpc-devel-1.10.8-150400.3.3.1 hdf5-hpc-examples-1.10.8-150400.3.3.1 - SUSE Linux Enterprise Module for HPC 15-SP4 (aarch64 x86_64): hdf5_1_10_8-gnu-hpc-1.10.8-150400.3.3.1 hdf5_1_10_8-gnu-hpc-debuginfo-1.10.8-150400.3.3.1 hdf5_1_10_8-gnu-hpc-debugsource-1.10.8-150400.3.3.1 hdf5_1_10_8-gnu-hpc-devel-1.10.8-150400.3.3.1 hdf5_1_10_8-gnu-hpc-devel-static-1.10.8-150400.3.3.1 hdf5_1_10_8-gnu-hpc-module-1.10.8-150400.3.3.1 hdf5_1_10_8-gnu-mpich-hpc-1.10.8-150400.3.3.1 hdf5_1_10_8-gnu-mpich-hpc-debuginfo-1.10.8-150400.3.3.1 hdf5_1_10_8-gnu-mpich-hpc-debugsource-1.10.8-150400.3.3.1 hdf5_1_10_8-gnu-mpich-hpc-devel-1.10.8-150400.3.3.1 hdf5_1_10_8-gnu-mpich-hpc-devel-static-1.10.8-150400.3.3.1 hdf5_1_10_8-gnu-mpich-hpc-module-1.10.8-150400.3.3.1 hdf5_1_10_8-gnu-mvapich2-hpc-1.10.8-150400.3.3.1 hdf5_1_10_8-gnu-mvapich2-hpc-debuginfo-1.10.8-150400.3.3.1 hdf5_1_10_8-gnu-mvapich2-hpc-debugsource-1.10.8-150400.3.3.1 hdf5_1_10_8-gnu-mvapich2-hpc-devel-1.10.8-150400.3.3.1 hdf5_1_10_8-gnu-mvapich2-hpc-devel-static-1.10.8-150400.3.3.1 hdf5_1_10_8-gnu-mvapich2-hpc-module-1.10.8-150400.3.3.1 hdf5_1_10_8-gnu-openmpi3-hpc-1.10.8-150400.3.3.1 hdf5_1_10_8-gnu-openmpi3-hpc-debuginfo-1.10.8-150400.3.3.1 hdf5_1_10_8-gnu-openmpi3-hpc-debugsource-1.10.8-150400.3.3.1 hdf5_1_10_8-gnu-openmpi3-hpc-devel-1.10.8-150400.3.3.1 hdf5_1_10_8-gnu-openmpi3-hpc-devel-static-1.10.8-150400.3.3.1 hdf5_1_10_8-gnu-openmpi3-hpc-module-1.10.8-150400.3.3.1 hdf5_1_10_8-gnu-openmpi4-hpc-1.10.8-150400.3.3.1 hdf5_1_10_8-gnu-openmpi4-hpc-debuginfo-1.10.8-150400.3.3.1 hdf5_1_10_8-gnu-openmpi4-hpc-debugsource-1.10.8-150400.3.3.1 hdf5_1_10_8-gnu-openmpi4-hpc-devel-1.10.8-150400.3.3.1 hdf5_1_10_8-gnu-openmpi4-hpc-devel-static-1.10.8-150400.3.3.1 hdf5_1_10_8-gnu-openmpi4-hpc-module-1.10.8-150400.3.3.1 hdf5_1_10_8-hpc-examples-1.10.8-150400.3.3.1 libhdf5-gnu-hpc-1.10.8-150400.3.3.1 libhdf5-gnu-mpich-hpc-1.10.8-150400.3.3.1 libhdf5-gnu-mvapich2-hpc-1.10.8-150400.3.3.1 libhdf5-gnu-openmpi3-hpc-1.10.8-150400.3.3.1 libhdf5-gnu-openmpi4-hpc-1.10.8-150400.3.3.1 libhdf5_1_10_8-gnu-hpc-1.10.8-150400.3.3.1 libhdf5_1_10_8-gnu-hpc-debuginfo-1.10.8-150400.3.3.1 libhdf5_1_10_8-gnu-mpich-hpc-1.10.8-150400.3.3.1 libhdf5_1_10_8-gnu-mpich-hpc-debuginfo-1.10.8-150400.3.3.1 libhdf5_1_10_8-gnu-mvapich2-hpc-1.10.8-150400.3.3.1 libhdf5_1_10_8-gnu-mvapich2-hpc-debuginfo-1.10.8-150400.3.3.1 libhdf5_1_10_8-gnu-openmpi3-hpc-1.10.8-150400.3.3.1 libhdf5_1_10_8-gnu-openmpi3-hpc-debuginfo-1.10.8-150400.3.3.1 libhdf5_1_10_8-gnu-openmpi4-hpc-1.10.8-150400.3.3.1 libhdf5_1_10_8-gnu-openmpi4-hpc-debuginfo-1.10.8-150400.3.3.1 libhdf5_cpp-gnu-hpc-1.10.8-150400.3.3.1 libhdf5_cpp-gnu-mpich-hpc-1.10.8-150400.3.3.1 libhdf5_cpp-gnu-mvapich2-hpc-1.10.8-150400.3.3.1 libhdf5_cpp-gnu-openmpi3-hpc-1.10.8-150400.3.3.1 libhdf5_cpp-gnu-openmpi4-hpc-1.10.8-150400.3.3.1 libhdf5_cpp_1_10_8-gnu-hpc-1.10.8-150400.3.3.1 libhdf5_cpp_1_10_8-gnu-hpc-debuginfo-1.10.8-150400.3.3.1 libhdf5_cpp_1_10_8-gnu-mpich-hpc-1.10.8-150400.3.3.1 libhdf5_cpp_1_10_8-gnu-mpich-hpc-debuginfo-1.10.8-150400.3.3.1 libhdf5_cpp_1_10_8-gnu-mvapich2-hpc-1.10.8-150400.3.3.1 libhdf5_cpp_1_10_8-gnu-mvapich2-hpc-debuginfo-1.10.8-150400.3.3.1 libhdf5_cpp_1_10_8-gnu-openmpi3-hpc-1.10.8-150400.3.3.1 libhdf5_cpp_1_10_8-gnu-openmpi3-hpc-debuginfo-1.10.8-150400.3.3.1 libhdf5_cpp_1_10_8-gnu-openmpi4-hpc-1.10.8-150400.3.3.1 libhdf5_cpp_1_10_8-gnu-openmpi4-hpc-debuginfo-1.10.8-150400.3.3.1 libhdf5_fortran-gnu-hpc-1.10.8-150400.3.3.1 libhdf5_fortran-gnu-mpich-hpc-1.10.8-150400.3.3.1 libhdf5_fortran-gnu-mvapich2-hpc-1.10.8-150400.3.3.1 libhdf5_fortran-gnu-openmpi3-hpc-1.10.8-150400.3.3.1 libhdf5_fortran-gnu-openmpi4-hpc-1.10.8-150400.3.3.1 libhdf5_fortran_1_10_8-gnu-hpc-1.10.8-150400.3.3.1 libhdf5_fortran_1_10_8-gnu-hpc-debuginfo-1.10.8-150400.3.3.1 libhdf5_fortran_1_10_8-gnu-mpich-hpc-1.10.8-150400.3.3.1 libhdf5_fortran_1_10_8-gnu-mpich-hpc-debuginfo-1.10.8-150400.3.3.1 libhdf5_fortran_1_10_8-gnu-mvapich2-hpc-1.10.8-150400.3.3.1 libhdf5_fortran_1_10_8-gnu-mvapich2-hpc-debuginfo-1.10.8-150400.3.3.1 libhdf5_fortran_1_10_8-gnu-openmpi3-hpc-1.10.8-150400.3.3.1 libhdf5_fortran_1_10_8-gnu-openmpi3-hpc-debuginfo-1.10.8-150400.3.3.1 libhdf5_fortran_1_10_8-gnu-openmpi4-hpc-1.10.8-150400.3.3.1 libhdf5_fortran_1_10_8-gnu-openmpi4-hpc-debuginfo-1.10.8-150400.3.3.1 libhdf5_hl-gnu-hpc-1.10.8-150400.3.3.1 libhdf5_hl-gnu-mpich-hpc-1.10.8-150400.3.3.1 libhdf5_hl-gnu-mvapich2-hpc-1.10.8-150400.3.3.1 libhdf5_hl-gnu-openmpi3-hpc-1.10.8-150400.3.3.1 libhdf5_hl-gnu-openmpi4-hpc-1.10.8-150400.3.3.1 libhdf5_hl_1_10_8-gnu-hpc-1.10.8-150400.3.3.1 libhdf5_hl_1_10_8-gnu-hpc-debuginfo-1.10.8-150400.3.3.1 libhdf5_hl_1_10_8-gnu-mpich-hpc-1.10.8-150400.3.3.1 libhdf5_hl_1_10_8-gnu-mpich-hpc-debuginfo-1.10.8-150400.3.3.1 libhdf5_hl_1_10_8-gnu-mvapich2-hpc-1.10.8-150400.3.3.1 libhdf5_hl_1_10_8-gnu-mvapich2-hpc-debuginfo-1.10.8-150400.3.3.1 libhdf5_hl_1_10_8-gnu-openmpi3-hpc-1.10.8-150400.3.3.1 libhdf5_hl_1_10_8-gnu-openmpi3-hpc-debuginfo-1.10.8-150400.3.3.1 libhdf5_hl_1_10_8-gnu-openmpi4-hpc-1.10.8-150400.3.3.1 libhdf5_hl_1_10_8-gnu-openmpi4-hpc-debuginfo-1.10.8-150400.3.3.1 libhdf5_hl_cpp-gnu-hpc-1.10.8-150400.3.3.1 libhdf5_hl_cpp-gnu-mpich-hpc-1.10.8-150400.3.3.1 libhdf5_hl_cpp-gnu-mvapich2-hpc-1.10.8-150400.3.3.1 libhdf5_hl_cpp-gnu-openmpi3-hpc-1.10.8-150400.3.3.1 libhdf5_hl_cpp-gnu-openmpi4-hpc-1.10.8-150400.3.3.1 libhdf5_hl_cpp_1_10_8-gnu-hpc-1.10.8-150400.3.3.1 libhdf5_hl_cpp_1_10_8-gnu-hpc-debuginfo-1.10.8-150400.3.3.1 libhdf5_hl_cpp_1_10_8-gnu-mpich-hpc-1.10.8-150400.3.3.1 libhdf5_hl_cpp_1_10_8-gnu-mpich-hpc-debuginfo-1.10.8-150400.3.3.1 libhdf5_hl_cpp_1_10_8-gnu-mvapich2-hpc-1.10.8-150400.3.3.1 libhdf5_hl_cpp_1_10_8-gnu-mvapich2-hpc-debuginfo-1.10.8-150400.3.3.1 libhdf5_hl_cpp_1_10_8-gnu-openmpi3-hpc-1.10.8-150400.3.3.1 libhdf5_hl_cpp_1_10_8-gnu-openmpi3-hpc-debuginfo-1.10.8-150400.3.3.1 libhdf5_hl_cpp_1_10_8-gnu-openmpi4-hpc-1.10.8-150400.3.3.1 libhdf5_hl_cpp_1_10_8-gnu-openmpi4-hpc-debuginfo-1.10.8-150400.3.3.1 libhdf5_hl_fortran-gnu-hpc-1.10.8-150400.3.3.1 libhdf5_hl_fortran-gnu-mpich-hpc-1.10.8-150400.3.3.1 libhdf5_hl_fortran-gnu-mvapich2-hpc-1.10.8-150400.3.3.1 libhdf5_hl_fortran-gnu-openmpi3-hpc-1.10.8-150400.3.3.1 libhdf5_hl_fortran-gnu-openmpi4-hpc-1.10.8-150400.3.3.1 libhdf5hl_fortran_1_10_8-gnu-hpc-1.10.8-150400.3.3.1 libhdf5hl_fortran_1_10_8-gnu-hpc-debuginfo-1.10.8-150400.3.3.1 libhdf5hl_fortran_1_10_8-gnu-mpich-hpc-1.10.8-150400.3.3.1 libhdf5hl_fortran_1_10_8-gnu-mpich-hpc-debuginfo-1.10.8-150400.3.3.1 libhdf5hl_fortran_1_10_8-gnu-mvapich2-hpc-1.10.8-150400.3.3.1 libhdf5hl_fortran_1_10_8-gnu-mvapich2-hpc-debuginfo-1.10.8-150400.3.3.1 libhdf5hl_fortran_1_10_8-gnu-openmpi3-hpc-1.10.8-150400.3.3.1 libhdf5hl_fortran_1_10_8-gnu-openmpi3-hpc-debuginfo-1.10.8-150400.3.3.1 libhdf5hl_fortran_1_10_8-gnu-openmpi4-hpc-1.10.8-150400.3.3.1 libhdf5hl_fortran_1_10_8-gnu-openmpi4-hpc-debuginfo-1.10.8-150400.3.3.1 - SUSE Linux Enterprise Module for HPC 15-SP4 (noarch): hdf5-gnu-hpc-1.10.8-150400.3.3.1 hdf5-gnu-hpc-devel-1.10.8-150400.3.3.1 hdf5-gnu-mpich-hpc-1.10.8-150400.3.3.1 hdf5-gnu-mpich-hpc-devel-1.10.8-150400.3.3.1 hdf5-gnu-mvapich2-hpc-1.10.8-150400.3.3.1 hdf5-gnu-mvapich2-hpc-devel-1.10.8-150400.3.3.1 hdf5-gnu-openmpi3-hpc-1.10.8-150400.3.3.1 hdf5-gnu-openmpi3-hpc-devel-1.10.8-150400.3.3.1 hdf5-gnu-openmpi4-hpc-1.10.8-150400.3.3.1 hdf5-gnu-openmpi4-hpc-devel-1.10.8-150400.3.3.1 hdf5-hpc-examples-1.10.8-150400.3.3.1 References: https://www.suse.com/security/cve/CVE-2018-11205.html https://www.suse.com/security/cve/CVE-2018-13867.html https://www.suse.com/security/cve/CVE-2018-14031.html https://www.suse.com/security/cve/CVE-2018-16438.html https://www.suse.com/security/cve/CVE-2018-17439.html https://www.suse.com/security/cve/CVE-2019-8396.html https://www.suse.com/security/cve/CVE-2020-10812.html https://www.suse.com/security/cve/CVE-2021-45830.html https://www.suse.com/security/cve/CVE-2021-45833.html https://www.suse.com/security/cve/CVE-2021-46242.html https://www.suse.com/security/cve/CVE-2021-46244.html https://bugzilla.suse.com/1093663 https://bugzilla.suse.com/1101475 https://bugzilla.suse.com/1101906 https://bugzilla.suse.com/1107069 https://bugzilla.suse.com/1111598 https://bugzilla.suse.com/1125882 https://bugzilla.suse.com/1167400 https://bugzilla.suse.com/1194366 https://bugzilla.suse.com/1194375 https://bugzilla.suse.com/1195212 https://bugzilla.suse.com/1195215 From sle-updates at lists.suse.com Tue Nov 1 14:27:01 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 1 Nov 2022 15:27:01 +0100 (CET) Subject: SUSE-SU-2022:3837-1: moderate: Security update for gnome-desktop Message-ID: <20221101142701.2B62DFDD6@maintenance.suse.de> SUSE Security Update: Security update for gnome-desktop ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3837-1 Rating: moderate References: #1133043 Cross-References: CVE-2019-11460 CVSS scores: CVE-2019-11460 (NVD) : 9 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H CVE-2019-11460 (SUSE): 4.8 CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L Affected Products: openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for gnome-desktop fixes the following issues: - CVE-2019-11460: Fixed sandbox issue that allowed bypassing from a compromised thumbnailer (bsc#1133043). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-3837=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-3837=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): libgnome-desktop-3-12-3.26.2-150000.4.3.1 libgnome-desktop-3-12-debuginfo-3.26.2-150000.4.3.1 - openSUSE Leap 15.4 (x86_64): libgnome-desktop-3-12-32bit-3.26.2-150000.4.3.1 libgnome-desktop-3-12-32bit-debuginfo-3.26.2-150000.4.3.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): libgnome-desktop-3-12-3.26.2-150000.4.3.1 libgnome-desktop-3-12-debuginfo-3.26.2-150000.4.3.1 - openSUSE Leap 15.3 (x86_64): libgnome-desktop-3-12-32bit-3.26.2-150000.4.3.1 libgnome-desktop-3-12-32bit-debuginfo-3.26.2-150000.4.3.1 References: https://www.suse.com/security/cve/CVE-2019-11460.html https://bugzilla.suse.com/1133043 From sle-updates at lists.suse.com Tue Nov 1 14:27:40 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 1 Nov 2022 15:27:40 +0100 (CET) Subject: SUSE-RU-2022:3832-1: moderate: Recommended update for release-notes-sle_hpc Message-ID: <20221101142740.13978FDD6@maintenance.suse.de> SUSE Recommended Update: Recommended update for release-notes-sle_hpc ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:3832-1 Rating: moderate References: #933411 Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for release-notes-sle_hpc fixes the following issues: Update the release notes to version 15.100000000.20220831 (bsc#933411) - Sync Slurm sections with 15 SP2 Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-3832=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-3832=1 Package List: - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (noarch): release-notes-sle_hpc-15.100000000.20220831-150100.3.6.4 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (noarch): release-notes-sle_hpc-15.100000000.20220831-150100.3.6.4 References: https://bugzilla.suse.com/933411 From sle-updates at lists.suse.com Tue Nov 1 14:28:26 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 1 Nov 2022 15:28:26 +0100 (CET) Subject: SUSE-SU-2022:3827-1: important: Security update for hdf5 Message-ID: <20221101142826.1CB9FFDD6@maintenance.suse.de> SUSE Security Update: Security update for hdf5 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3827-1 Rating: important References: #1093663 #1101475 #1101906 #1107069 #1111598 #1125882 #1167400 #1194366 #1194375 #1195212 #1195215 Cross-References: CVE-2018-11205 CVE-2018-13867 CVE-2018-14031 CVE-2018-16438 CVE-2018-17439 CVE-2019-8396 CVE-2020-10812 CVE-2021-45830 CVE-2021-45833 CVE-2021-46242 CVE-2021-46244 CVSS scores: CVE-2018-11205 (NVD) : 8.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H CVE-2018-11205 (SUSE): 5.1 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L CVE-2018-13867 (NVD) : 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2018-13867 (SUSE): 5.3 CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:L CVE-2018-14031 (NVD) : 8.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2018-14031 (SUSE): 4 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2018-16438 (NVD) : 8.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2018-16438 (SUSE): 2.8 CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L CVE-2018-17439 (NVD) : 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2018-17439 (SUSE): 6.3 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L CVE-2019-8396 (NVD) : 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2019-8396 (SUSE): 3.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2020-10812 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2020-10812 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2021-45830 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2021-45830 (SUSE): 5.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L CVE-2021-45833 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2021-45833 (SUSE): 4.5 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L CVE-2021-46242 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-46242 (SUSE): 5.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L CVE-2021-46244 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2021-46244 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes 11 vulnerabilities is now available. Description: This update for hdf5 fixes the following issues: - CVE-2021-46244: Fixed division by zero leading to DoS (bsc#1195215). - CVE-2018-13867: Fixed out of bounds read in the function H5F__accum_read in H5Faccum.c (bsc#1101906). - CVE-2018-16438: Fixed out of bounds read in H5L_extern_query at H5Lexternal.c (bsc#1107069). - CVE-2020-10812: Fixed NULL pointer dereference (bsc#1167400). - CVE-2021-45830: Fixed heap buffer overflow vulnerability in H5F_addr_decode_len in /hdf5/src/H5Fint.c (bsc#1194375). - CVE-2019-8396: Fixed buffer overflow in function H5O__layout_encode in H5Olayout.c (bsc#1125882). - CVE-2018-11205: Fixed out of bounds read was discovered in H5VM_memcpyvv in H5VM.c (bsc#1093663). - CVE-2021-46242: Fixed heap-use-after free via the component H5AC_unpin_entry (bsc#1195212). - CVE-2021-45833: Fixed stack buffer overflow vulnerability (bsc#1194366). - CVE-2018-14031: Fixed heap-based buffer over-read in the function H5T_copy in H5T.c (bsc#1101475). - CVE-2018-17439: Fixed out of bounds read in the function H5F__accum_read in H5Faccum.c (bsc#1111598). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-3827=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-3827=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-3827=1 Package List: - openSUSE Leap 15.4 (ppc64le): hdf5_1_10_8-gnu-hpc-1.10.8-150100.7.7.1 hdf5_1_10_8-gnu-hpc-debuginfo-1.10.8-150100.7.7.1 hdf5_1_10_8-gnu-hpc-debugsource-1.10.8-150100.7.7.1 hdf5_1_10_8-gnu-hpc-devel-1.10.8-150100.7.7.1 hdf5_1_10_8-gnu-hpc-devel-static-1.10.8-150100.7.7.1 hdf5_1_10_8-gnu-hpc-module-1.10.8-150100.7.7.1 hdf5_1_10_8-gnu-mpich-hpc-1.10.8-150100.7.7.1 hdf5_1_10_8-gnu-mpich-hpc-debuginfo-1.10.8-150100.7.7.1 hdf5_1_10_8-gnu-mpich-hpc-debugsource-1.10.8-150100.7.7.1 hdf5_1_10_8-gnu-mpich-hpc-devel-1.10.8-150100.7.7.1 hdf5_1_10_8-gnu-mpich-hpc-devel-static-1.10.8-150100.7.7.1 hdf5_1_10_8-gnu-mpich-hpc-module-1.10.8-150100.7.7.1 hdf5_1_10_8-gnu-mvapich2-hpc-1.10.8-150100.7.7.1 hdf5_1_10_8-gnu-mvapich2-hpc-debuginfo-1.10.8-150100.7.7.1 hdf5_1_10_8-gnu-mvapich2-hpc-debugsource-1.10.8-150100.7.7.1 hdf5_1_10_8-gnu-mvapich2-hpc-devel-1.10.8-150100.7.7.1 hdf5_1_10_8-gnu-mvapich2-hpc-devel-static-1.10.8-150100.7.7.1 hdf5_1_10_8-gnu-mvapich2-hpc-module-1.10.8-150100.7.7.1 hdf5_1_10_8-gnu-openmpi2-hpc-1.10.8-150100.7.7.1 hdf5_1_10_8-gnu-openmpi2-hpc-debuginfo-1.10.8-150100.7.7.1 hdf5_1_10_8-gnu-openmpi2-hpc-debugsource-1.10.8-150100.7.7.1 hdf5_1_10_8-gnu-openmpi2-hpc-devel-1.10.8-150100.7.7.1 hdf5_1_10_8-gnu-openmpi2-hpc-devel-static-1.10.8-150100.7.7.1 hdf5_1_10_8-gnu-openmpi2-hpc-module-1.10.8-150100.7.7.1 hdf5_1_10_8-hpc-examples-1.10.8-150100.7.7.1 libhdf5_1_10_8-gnu-hpc-1.10.8-150100.7.7.1 libhdf5_1_10_8-gnu-hpc-debuginfo-1.10.8-150100.7.7.1 libhdf5_1_10_8-gnu-mpich-hpc-1.10.8-150100.7.7.1 libhdf5_1_10_8-gnu-mpich-hpc-debuginfo-1.10.8-150100.7.7.1 libhdf5_1_10_8-gnu-mvapich2-hpc-1.10.8-150100.7.7.1 libhdf5_1_10_8-gnu-mvapich2-hpc-debuginfo-1.10.8-150100.7.7.1 libhdf5_1_10_8-gnu-openmpi2-hpc-1.10.8-150100.7.7.1 libhdf5_1_10_8-gnu-openmpi2-hpc-debuginfo-1.10.8-150100.7.7.1 libhdf5_cpp_1_10_8-gnu-hpc-1.10.8-150100.7.7.1 libhdf5_cpp_1_10_8-gnu-hpc-debuginfo-1.10.8-150100.7.7.1 libhdf5_cpp_1_10_8-gnu-mpich-hpc-1.10.8-150100.7.7.1 libhdf5_cpp_1_10_8-gnu-mpich-hpc-debuginfo-1.10.8-150100.7.7.1 libhdf5_cpp_1_10_8-gnu-mvapich2-hpc-1.10.8-150100.7.7.1 libhdf5_cpp_1_10_8-gnu-mvapich2-hpc-debuginfo-1.10.8-150100.7.7.1 libhdf5_cpp_1_10_8-gnu-openmpi2-hpc-1.10.8-150100.7.7.1 libhdf5_cpp_1_10_8-gnu-openmpi2-hpc-debuginfo-1.10.8-150100.7.7.1 libhdf5_fortran_1_10_8-gnu-hpc-1.10.8-150100.7.7.1 libhdf5_fortran_1_10_8-gnu-hpc-debuginfo-1.10.8-150100.7.7.1 libhdf5_fortran_1_10_8-gnu-mpich-hpc-1.10.8-150100.7.7.1 libhdf5_fortran_1_10_8-gnu-mpich-hpc-debuginfo-1.10.8-150100.7.7.1 libhdf5_fortran_1_10_8-gnu-mvapich2-hpc-1.10.8-150100.7.7.1 libhdf5_fortran_1_10_8-gnu-mvapich2-hpc-debuginfo-1.10.8-150100.7.7.1 libhdf5_fortran_1_10_8-gnu-openmpi2-hpc-1.10.8-150100.7.7.1 libhdf5_fortran_1_10_8-gnu-openmpi2-hpc-debuginfo-1.10.8-150100.7.7.1 libhdf5_hl_1_10_8-gnu-hpc-1.10.8-150100.7.7.1 libhdf5_hl_1_10_8-gnu-hpc-debuginfo-1.10.8-150100.7.7.1 libhdf5_hl_1_10_8-gnu-mpich-hpc-1.10.8-150100.7.7.1 libhdf5_hl_1_10_8-gnu-mpich-hpc-debuginfo-1.10.8-150100.7.7.1 libhdf5_hl_1_10_8-gnu-mvapich2-hpc-1.10.8-150100.7.7.1 libhdf5_hl_1_10_8-gnu-mvapich2-hpc-debuginfo-1.10.8-150100.7.7.1 libhdf5_hl_1_10_8-gnu-openmpi2-hpc-1.10.8-150100.7.7.1 libhdf5_hl_1_10_8-gnu-openmpi2-hpc-debuginfo-1.10.8-150100.7.7.1 libhdf5_hl_cpp_1_10_8-gnu-hpc-1.10.8-150100.7.7.1 libhdf5_hl_cpp_1_10_8-gnu-hpc-debuginfo-1.10.8-150100.7.7.1 libhdf5_hl_cpp_1_10_8-gnu-mpich-hpc-1.10.8-150100.7.7.1 libhdf5_hl_cpp_1_10_8-gnu-mpich-hpc-debuginfo-1.10.8-150100.7.7.1 libhdf5_hl_cpp_1_10_8-gnu-mvapich2-hpc-1.10.8-150100.7.7.1 libhdf5_hl_cpp_1_10_8-gnu-mvapich2-hpc-debuginfo-1.10.8-150100.7.7.1 libhdf5_hl_cpp_1_10_8-gnu-openmpi2-hpc-1.10.8-150100.7.7.1 libhdf5_hl_cpp_1_10_8-gnu-openmpi2-hpc-debuginfo-1.10.8-150100.7.7.1 libhdf5hl_fortran_1_10_8-gnu-hpc-1.10.8-150100.7.7.1 libhdf5hl_fortran_1_10_8-gnu-hpc-debuginfo-1.10.8-150100.7.7.1 libhdf5hl_fortran_1_10_8-gnu-mpich-hpc-1.10.8-150100.7.7.1 libhdf5hl_fortran_1_10_8-gnu-mpich-hpc-debuginfo-1.10.8-150100.7.7.1 libhdf5hl_fortran_1_10_8-gnu-mvapich2-hpc-1.10.8-150100.7.7.1 libhdf5hl_fortran_1_10_8-gnu-mvapich2-hpc-debuginfo-1.10.8-150100.7.7.1 libhdf5hl_fortran_1_10_8-gnu-openmpi2-hpc-1.10.8-150100.7.7.1 libhdf5hl_fortran_1_10_8-gnu-openmpi2-hpc-debuginfo-1.10.8-150100.7.7.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): hdf5_1_10_8-gnu-hpc-1.10.8-150100.7.7.1 hdf5_1_10_8-gnu-hpc-debuginfo-1.10.8-150100.7.7.1 hdf5_1_10_8-gnu-hpc-debugsource-1.10.8-150100.7.7.1 hdf5_1_10_8-gnu-hpc-devel-1.10.8-150100.7.7.1 hdf5_1_10_8-gnu-hpc-devel-static-1.10.8-150100.7.7.1 hdf5_1_10_8-gnu-hpc-module-1.10.8-150100.7.7.1 hdf5_1_10_8-gnu-mpich-hpc-1.10.8-150100.7.7.1 hdf5_1_10_8-gnu-mpich-hpc-debuginfo-1.10.8-150100.7.7.1 hdf5_1_10_8-gnu-mpich-hpc-debugsource-1.10.8-150100.7.7.1 hdf5_1_10_8-gnu-mpich-hpc-devel-1.10.8-150100.7.7.1 hdf5_1_10_8-gnu-mpich-hpc-devel-static-1.10.8-150100.7.7.1 hdf5_1_10_8-gnu-mpich-hpc-module-1.10.8-150100.7.7.1 hdf5_1_10_8-gnu-mvapich2-hpc-1.10.8-150100.7.7.1 hdf5_1_10_8-gnu-mvapich2-hpc-debuginfo-1.10.8-150100.7.7.1 hdf5_1_10_8-gnu-mvapich2-hpc-debugsource-1.10.8-150100.7.7.1 hdf5_1_10_8-gnu-mvapich2-hpc-devel-1.10.8-150100.7.7.1 hdf5_1_10_8-gnu-mvapich2-hpc-devel-static-1.10.8-150100.7.7.1 hdf5_1_10_8-gnu-mvapich2-hpc-module-1.10.8-150100.7.7.1 hdf5_1_10_8-gnu-openmpi2-hpc-1.10.8-150100.7.7.1 hdf5_1_10_8-gnu-openmpi2-hpc-debuginfo-1.10.8-150100.7.7.1 hdf5_1_10_8-gnu-openmpi2-hpc-debugsource-1.10.8-150100.7.7.1 hdf5_1_10_8-gnu-openmpi2-hpc-devel-1.10.8-150100.7.7.1 hdf5_1_10_8-gnu-openmpi2-hpc-devel-static-1.10.8-150100.7.7.1 hdf5_1_10_8-gnu-openmpi2-hpc-module-1.10.8-150100.7.7.1 hdf5_1_10_8-hpc-examples-1.10.8-150100.7.7.1 libhdf5-gnu-hpc-1.10.8-150100.7.7.1 libhdf5-gnu-mpich-hpc-1.10.8-150100.7.7.1 libhdf5-gnu-mvapich2-hpc-1.10.8-150100.7.7.1 libhdf5-gnu-openmpi2-hpc-1.10.8-150100.7.7.1 libhdf5_1_10_8-gnu-hpc-1.10.8-150100.7.7.1 libhdf5_1_10_8-gnu-hpc-debuginfo-1.10.8-150100.7.7.1 libhdf5_1_10_8-gnu-mpich-hpc-1.10.8-150100.7.7.1 libhdf5_1_10_8-gnu-mpich-hpc-debuginfo-1.10.8-150100.7.7.1 libhdf5_1_10_8-gnu-mvapich2-hpc-1.10.8-150100.7.7.1 libhdf5_1_10_8-gnu-mvapich2-hpc-debuginfo-1.10.8-150100.7.7.1 libhdf5_1_10_8-gnu-openmpi2-hpc-1.10.8-150100.7.7.1 libhdf5_1_10_8-gnu-openmpi2-hpc-debuginfo-1.10.8-150100.7.7.1 libhdf5_cpp-gnu-hpc-1.10.8-150100.7.7.1 libhdf5_cpp-gnu-mpich-hpc-1.10.8-150100.7.7.1 libhdf5_cpp-gnu-mvapich2-hpc-1.10.8-150100.7.7.1 libhdf5_cpp-gnu-openmpi2-hpc-1.10.8-150100.7.7.1 libhdf5_cpp_1_10_8-gnu-hpc-1.10.8-150100.7.7.1 libhdf5_cpp_1_10_8-gnu-hpc-debuginfo-1.10.8-150100.7.7.1 libhdf5_cpp_1_10_8-gnu-mpich-hpc-1.10.8-150100.7.7.1 libhdf5_cpp_1_10_8-gnu-mpich-hpc-debuginfo-1.10.8-150100.7.7.1 libhdf5_cpp_1_10_8-gnu-mvapich2-hpc-1.10.8-150100.7.7.1 libhdf5_cpp_1_10_8-gnu-mvapich2-hpc-debuginfo-1.10.8-150100.7.7.1 libhdf5_cpp_1_10_8-gnu-openmpi2-hpc-1.10.8-150100.7.7.1 libhdf5_cpp_1_10_8-gnu-openmpi2-hpc-debuginfo-1.10.8-150100.7.7.1 libhdf5_fortran-gnu-hpc-1.10.8-150100.7.7.1 libhdf5_fortran-gnu-mpich-hpc-1.10.8-150100.7.7.1 libhdf5_fortran-gnu-mvapich2-hpc-1.10.8-150100.7.7.1 libhdf5_fortran-gnu-openmpi2-hpc-1.10.8-150100.7.7.1 libhdf5_fortran_1_10_8-gnu-hpc-1.10.8-150100.7.7.1 libhdf5_fortran_1_10_8-gnu-hpc-debuginfo-1.10.8-150100.7.7.1 libhdf5_fortran_1_10_8-gnu-mpich-hpc-1.10.8-150100.7.7.1 libhdf5_fortran_1_10_8-gnu-mpich-hpc-debuginfo-1.10.8-150100.7.7.1 libhdf5_fortran_1_10_8-gnu-mvapich2-hpc-1.10.8-150100.7.7.1 libhdf5_fortran_1_10_8-gnu-mvapich2-hpc-debuginfo-1.10.8-150100.7.7.1 libhdf5_fortran_1_10_8-gnu-openmpi2-hpc-1.10.8-150100.7.7.1 libhdf5_fortran_1_10_8-gnu-openmpi2-hpc-debuginfo-1.10.8-150100.7.7.1 libhdf5_hl-gnu-hpc-1.10.8-150100.7.7.1 libhdf5_hl-gnu-mpich-hpc-1.10.8-150100.7.7.1 libhdf5_hl-gnu-mvapich2-hpc-1.10.8-150100.7.7.1 libhdf5_hl-gnu-openmpi2-hpc-1.10.8-150100.7.7.1 libhdf5_hl_1_10_8-gnu-hpc-1.10.8-150100.7.7.1 libhdf5_hl_1_10_8-gnu-hpc-debuginfo-1.10.8-150100.7.7.1 libhdf5_hl_1_10_8-gnu-mpich-hpc-1.10.8-150100.7.7.1 libhdf5_hl_1_10_8-gnu-mpich-hpc-debuginfo-1.10.8-150100.7.7.1 libhdf5_hl_1_10_8-gnu-mvapich2-hpc-1.10.8-150100.7.7.1 libhdf5_hl_1_10_8-gnu-mvapich2-hpc-debuginfo-1.10.8-150100.7.7.1 libhdf5_hl_1_10_8-gnu-openmpi2-hpc-1.10.8-150100.7.7.1 libhdf5_hl_1_10_8-gnu-openmpi2-hpc-debuginfo-1.10.8-150100.7.7.1 libhdf5_hl_cpp-gnu-hpc-1.10.8-150100.7.7.1 libhdf5_hl_cpp-gnu-mpich-hpc-1.10.8-150100.7.7.1 libhdf5_hl_cpp-gnu-mvapich2-hpc-1.10.8-150100.7.7.1 libhdf5_hl_cpp-gnu-openmpi2-hpc-1.10.8-150100.7.7.1 libhdf5_hl_cpp_1_10_8-gnu-hpc-1.10.8-150100.7.7.1 libhdf5_hl_cpp_1_10_8-gnu-hpc-debuginfo-1.10.8-150100.7.7.1 libhdf5_hl_cpp_1_10_8-gnu-mpich-hpc-1.10.8-150100.7.7.1 libhdf5_hl_cpp_1_10_8-gnu-mpich-hpc-debuginfo-1.10.8-150100.7.7.1 libhdf5_hl_cpp_1_10_8-gnu-mvapich2-hpc-1.10.8-150100.7.7.1 libhdf5_hl_cpp_1_10_8-gnu-mvapich2-hpc-debuginfo-1.10.8-150100.7.7.1 libhdf5_hl_cpp_1_10_8-gnu-openmpi2-hpc-1.10.8-150100.7.7.1 libhdf5_hl_cpp_1_10_8-gnu-openmpi2-hpc-debuginfo-1.10.8-150100.7.7.1 libhdf5_hl_fortran-gnu-hpc-1.10.8-150100.7.7.1 libhdf5_hl_fortran-gnu-mpich-hpc-1.10.8-150100.7.7.1 libhdf5_hl_fortran-gnu-mvapich2-hpc-1.10.8-150100.7.7.1 libhdf5_hl_fortran-gnu-openmpi2-hpc-1.10.8-150100.7.7.1 libhdf5hl_fortran_1_10_8-gnu-hpc-1.10.8-150100.7.7.1 libhdf5hl_fortran_1_10_8-gnu-hpc-debuginfo-1.10.8-150100.7.7.1 libhdf5hl_fortran_1_10_8-gnu-mpich-hpc-1.10.8-150100.7.7.1 libhdf5hl_fortran_1_10_8-gnu-mpich-hpc-debuginfo-1.10.8-150100.7.7.1 libhdf5hl_fortran_1_10_8-gnu-mvapich2-hpc-1.10.8-150100.7.7.1 libhdf5hl_fortran_1_10_8-gnu-mvapich2-hpc-debuginfo-1.10.8-150100.7.7.1 libhdf5hl_fortran_1_10_8-gnu-openmpi2-hpc-1.10.8-150100.7.7.1 libhdf5hl_fortran_1_10_8-gnu-openmpi2-hpc-debuginfo-1.10.8-150100.7.7.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (noarch): hdf5-gnu-hpc-devel-1.10.8-150100.7.7.1 hdf5-gnu-mpich-hpc-devel-1.10.8-150100.7.7.1 hdf5-gnu-mvapich2-hpc-devel-1.10.8-150100.7.7.1 hdf5-gnu-openmpi2-hpc-devel-1.10.8-150100.7.7.1 hdf5-hpc-examples-1.10.8-150100.7.7.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): hdf5_1_10_8-gnu-hpc-1.10.8-150100.7.7.1 hdf5_1_10_8-gnu-hpc-debuginfo-1.10.8-150100.7.7.1 hdf5_1_10_8-gnu-hpc-debugsource-1.10.8-150100.7.7.1 hdf5_1_10_8-gnu-hpc-devel-1.10.8-150100.7.7.1 hdf5_1_10_8-gnu-hpc-devel-static-1.10.8-150100.7.7.1 hdf5_1_10_8-gnu-hpc-module-1.10.8-150100.7.7.1 hdf5_1_10_8-gnu-mpich-hpc-1.10.8-150100.7.7.1 hdf5_1_10_8-gnu-mpich-hpc-debuginfo-1.10.8-150100.7.7.1 hdf5_1_10_8-gnu-mpich-hpc-debugsource-1.10.8-150100.7.7.1 hdf5_1_10_8-gnu-mpich-hpc-devel-1.10.8-150100.7.7.1 hdf5_1_10_8-gnu-mpich-hpc-devel-static-1.10.8-150100.7.7.1 hdf5_1_10_8-gnu-mpich-hpc-module-1.10.8-150100.7.7.1 hdf5_1_10_8-gnu-mvapich2-hpc-1.10.8-150100.7.7.1 hdf5_1_10_8-gnu-mvapich2-hpc-debuginfo-1.10.8-150100.7.7.1 hdf5_1_10_8-gnu-mvapich2-hpc-debugsource-1.10.8-150100.7.7.1 hdf5_1_10_8-gnu-mvapich2-hpc-devel-1.10.8-150100.7.7.1 hdf5_1_10_8-gnu-mvapich2-hpc-devel-static-1.10.8-150100.7.7.1 hdf5_1_10_8-gnu-mvapich2-hpc-module-1.10.8-150100.7.7.1 hdf5_1_10_8-gnu-openmpi2-hpc-1.10.8-150100.7.7.1 hdf5_1_10_8-gnu-openmpi2-hpc-debuginfo-1.10.8-150100.7.7.1 hdf5_1_10_8-gnu-openmpi2-hpc-debugsource-1.10.8-150100.7.7.1 hdf5_1_10_8-gnu-openmpi2-hpc-devel-1.10.8-150100.7.7.1 hdf5_1_10_8-gnu-openmpi2-hpc-devel-static-1.10.8-150100.7.7.1 hdf5_1_10_8-gnu-openmpi2-hpc-module-1.10.8-150100.7.7.1 hdf5_1_10_8-hpc-examples-1.10.8-150100.7.7.1 libhdf5-gnu-hpc-1.10.8-150100.7.7.1 libhdf5-gnu-mpich-hpc-1.10.8-150100.7.7.1 libhdf5-gnu-mvapich2-hpc-1.10.8-150100.7.7.1 libhdf5-gnu-openmpi2-hpc-1.10.8-150100.7.7.1 libhdf5_1_10_8-gnu-hpc-1.10.8-150100.7.7.1 libhdf5_1_10_8-gnu-hpc-debuginfo-1.10.8-150100.7.7.1 libhdf5_1_10_8-gnu-mpich-hpc-1.10.8-150100.7.7.1 libhdf5_1_10_8-gnu-mpich-hpc-debuginfo-1.10.8-150100.7.7.1 libhdf5_1_10_8-gnu-mvapich2-hpc-1.10.8-150100.7.7.1 libhdf5_1_10_8-gnu-mvapich2-hpc-debuginfo-1.10.8-150100.7.7.1 libhdf5_1_10_8-gnu-openmpi2-hpc-1.10.8-150100.7.7.1 libhdf5_1_10_8-gnu-openmpi2-hpc-debuginfo-1.10.8-150100.7.7.1 libhdf5_cpp-gnu-hpc-1.10.8-150100.7.7.1 libhdf5_cpp-gnu-mpich-hpc-1.10.8-150100.7.7.1 libhdf5_cpp-gnu-mvapich2-hpc-1.10.8-150100.7.7.1 libhdf5_cpp-gnu-openmpi2-hpc-1.10.8-150100.7.7.1 libhdf5_cpp_1_10_8-gnu-hpc-1.10.8-150100.7.7.1 libhdf5_cpp_1_10_8-gnu-hpc-debuginfo-1.10.8-150100.7.7.1 libhdf5_cpp_1_10_8-gnu-mpich-hpc-1.10.8-150100.7.7.1 libhdf5_cpp_1_10_8-gnu-mpich-hpc-debuginfo-1.10.8-150100.7.7.1 libhdf5_cpp_1_10_8-gnu-mvapich2-hpc-1.10.8-150100.7.7.1 libhdf5_cpp_1_10_8-gnu-mvapich2-hpc-debuginfo-1.10.8-150100.7.7.1 libhdf5_cpp_1_10_8-gnu-openmpi2-hpc-1.10.8-150100.7.7.1 libhdf5_cpp_1_10_8-gnu-openmpi2-hpc-debuginfo-1.10.8-150100.7.7.1 libhdf5_fortran-gnu-hpc-1.10.8-150100.7.7.1 libhdf5_fortran-gnu-mpich-hpc-1.10.8-150100.7.7.1 libhdf5_fortran-gnu-mvapich2-hpc-1.10.8-150100.7.7.1 libhdf5_fortran-gnu-openmpi2-hpc-1.10.8-150100.7.7.1 libhdf5_fortran_1_10_8-gnu-hpc-1.10.8-150100.7.7.1 libhdf5_fortran_1_10_8-gnu-hpc-debuginfo-1.10.8-150100.7.7.1 libhdf5_fortran_1_10_8-gnu-mpich-hpc-1.10.8-150100.7.7.1 libhdf5_fortran_1_10_8-gnu-mpich-hpc-debuginfo-1.10.8-150100.7.7.1 libhdf5_fortran_1_10_8-gnu-mvapich2-hpc-1.10.8-150100.7.7.1 libhdf5_fortran_1_10_8-gnu-mvapich2-hpc-debuginfo-1.10.8-150100.7.7.1 libhdf5_fortran_1_10_8-gnu-openmpi2-hpc-1.10.8-150100.7.7.1 libhdf5_fortran_1_10_8-gnu-openmpi2-hpc-debuginfo-1.10.8-150100.7.7.1 libhdf5_hl-gnu-hpc-1.10.8-150100.7.7.1 libhdf5_hl-gnu-mpich-hpc-1.10.8-150100.7.7.1 libhdf5_hl-gnu-mvapich2-hpc-1.10.8-150100.7.7.1 libhdf5_hl-gnu-openmpi2-hpc-1.10.8-150100.7.7.1 libhdf5_hl_1_10_8-gnu-hpc-1.10.8-150100.7.7.1 libhdf5_hl_1_10_8-gnu-hpc-debuginfo-1.10.8-150100.7.7.1 libhdf5_hl_1_10_8-gnu-mpich-hpc-1.10.8-150100.7.7.1 libhdf5_hl_1_10_8-gnu-mpich-hpc-debuginfo-1.10.8-150100.7.7.1 libhdf5_hl_1_10_8-gnu-mvapich2-hpc-1.10.8-150100.7.7.1 libhdf5_hl_1_10_8-gnu-mvapich2-hpc-debuginfo-1.10.8-150100.7.7.1 libhdf5_hl_1_10_8-gnu-openmpi2-hpc-1.10.8-150100.7.7.1 libhdf5_hl_1_10_8-gnu-openmpi2-hpc-debuginfo-1.10.8-150100.7.7.1 libhdf5_hl_cpp-gnu-hpc-1.10.8-150100.7.7.1 libhdf5_hl_cpp-gnu-mpich-hpc-1.10.8-150100.7.7.1 libhdf5_hl_cpp-gnu-mvapich2-hpc-1.10.8-150100.7.7.1 libhdf5_hl_cpp-gnu-openmpi2-hpc-1.10.8-150100.7.7.1 libhdf5_hl_cpp_1_10_8-gnu-hpc-1.10.8-150100.7.7.1 libhdf5_hl_cpp_1_10_8-gnu-hpc-debuginfo-1.10.8-150100.7.7.1 libhdf5_hl_cpp_1_10_8-gnu-mpich-hpc-1.10.8-150100.7.7.1 libhdf5_hl_cpp_1_10_8-gnu-mpich-hpc-debuginfo-1.10.8-150100.7.7.1 libhdf5_hl_cpp_1_10_8-gnu-mvapich2-hpc-1.10.8-150100.7.7.1 libhdf5_hl_cpp_1_10_8-gnu-mvapich2-hpc-debuginfo-1.10.8-150100.7.7.1 libhdf5_hl_cpp_1_10_8-gnu-openmpi2-hpc-1.10.8-150100.7.7.1 libhdf5_hl_cpp_1_10_8-gnu-openmpi2-hpc-debuginfo-1.10.8-150100.7.7.1 libhdf5_hl_fortran-gnu-hpc-1.10.8-150100.7.7.1 libhdf5_hl_fortran-gnu-mpich-hpc-1.10.8-150100.7.7.1 libhdf5_hl_fortran-gnu-mvapich2-hpc-1.10.8-150100.7.7.1 libhdf5_hl_fortran-gnu-openmpi2-hpc-1.10.8-150100.7.7.1 libhdf5hl_fortran_1_10_8-gnu-hpc-1.10.8-150100.7.7.1 libhdf5hl_fortran_1_10_8-gnu-hpc-debuginfo-1.10.8-150100.7.7.1 libhdf5hl_fortran_1_10_8-gnu-mpich-hpc-1.10.8-150100.7.7.1 libhdf5hl_fortran_1_10_8-gnu-mpich-hpc-debuginfo-1.10.8-150100.7.7.1 libhdf5hl_fortran_1_10_8-gnu-mvapich2-hpc-1.10.8-150100.7.7.1 libhdf5hl_fortran_1_10_8-gnu-mvapich2-hpc-debuginfo-1.10.8-150100.7.7.1 libhdf5hl_fortran_1_10_8-gnu-openmpi2-hpc-1.10.8-150100.7.7.1 libhdf5hl_fortran_1_10_8-gnu-openmpi2-hpc-debuginfo-1.10.8-150100.7.7.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (noarch): hdf5-gnu-hpc-devel-1.10.8-150100.7.7.1 hdf5-gnu-mpich-hpc-devel-1.10.8-150100.7.7.1 hdf5-gnu-mvapich2-hpc-devel-1.10.8-150100.7.7.1 hdf5-gnu-openmpi2-hpc-devel-1.10.8-150100.7.7.1 hdf5-hpc-examples-1.10.8-150100.7.7.1 References: https://www.suse.com/security/cve/CVE-2018-11205.html https://www.suse.com/security/cve/CVE-2018-13867.html https://www.suse.com/security/cve/CVE-2018-14031.html https://www.suse.com/security/cve/CVE-2018-16438.html https://www.suse.com/security/cve/CVE-2018-17439.html https://www.suse.com/security/cve/CVE-2019-8396.html https://www.suse.com/security/cve/CVE-2020-10812.html https://www.suse.com/security/cve/CVE-2021-45830.html https://www.suse.com/security/cve/CVE-2021-45833.html https://www.suse.com/security/cve/CVE-2021-46242.html https://www.suse.com/security/cve/CVE-2021-46244.html https://bugzilla.suse.com/1093663 https://bugzilla.suse.com/1101475 https://bugzilla.suse.com/1101906 https://bugzilla.suse.com/1107069 https://bugzilla.suse.com/1111598 https://bugzilla.suse.com/1125882 https://bugzilla.suse.com/1167400 https://bugzilla.suse.com/1194366 https://bugzilla.suse.com/1194375 https://bugzilla.suse.com/1195212 https://bugzilla.suse.com/1195215 From sle-updates at lists.suse.com Tue Nov 1 14:29:53 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 1 Nov 2022 15:29:53 +0100 (CET) Subject: SUSE-SU-2022:3840-1: important: Security update for xorg-x11-server Message-ID: <20221101142953.64B98FDD6@maintenance.suse.de> SUSE Security Update: Security update for xorg-x11-server ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3840-1 Rating: important References: #1204412 #1204416 Cross-References: CVE-2022-3550 CVE-2022-3551 CVSS scores: CVE-2022-3550 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-3550 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3551 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-3551 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Server 12-SP3-BCL ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for xorg-x11-server fixes the following issues: - CVE-2022-3550: Fixed out of bounds read/write in _GetCountedString() (bsc#1204412). - CVE-2022-3551: Fixed various leaks of the return value of GetComponentSpec() (bsc#1204416). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2022-3840=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2022-3840=1 Package List: - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): xorg-x11-server-7.6_1.18.3-76.52.1 xorg-x11-server-debuginfo-7.6_1.18.3-76.52.1 xorg-x11-server-debugsource-7.6_1.18.3-76.52.1 xorg-x11-server-extra-7.6_1.18.3-76.52.1 xorg-x11-server-extra-debuginfo-7.6_1.18.3-76.52.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): xorg-x11-server-7.6_1.18.3-76.52.1 xorg-x11-server-debuginfo-7.6_1.18.3-76.52.1 xorg-x11-server-debugsource-7.6_1.18.3-76.52.1 xorg-x11-server-extra-7.6_1.18.3-76.52.1 xorg-x11-server-extra-debuginfo-7.6_1.18.3-76.52.1 References: https://www.suse.com/security/cve/CVE-2022-3550.html https://www.suse.com/security/cve/CVE-2022-3551.html https://bugzilla.suse.com/1204412 https://bugzilla.suse.com/1204416 From sle-updates at lists.suse.com Tue Nov 1 14:30:33 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 1 Nov 2022 15:30:33 +0100 (CET) Subject: SUSE-SU-2022:3830-1: moderate: Security update for php7 Message-ID: <20221101143033.871CFFDD6@maintenance.suse.de> SUSE Security Update: Security update for php7 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3830-1 Rating: moderate References: #1203867 #1203870 Cross-References: CVE-2022-31628 CVE-2022-31629 CVSS scores: CVE-2022-31628 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-31628 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CVE-2022-31629 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N Affected Products: openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for php7 fixes the following issues: - CVE-2022-31628: Fixed an uncontrolled recursion in the phar uncompressor while decompressing "quines" gzip files. (bsc#1203867) - CVE-2022-31629: Fixed a bug which could lead an attacker to set an insecure cookie that will treated as secure in the victim's browser. (bsc#1203870) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-3830=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): php7-wddx-7.2.5-150000.4.98.2 php7-wddx-debuginfo-7.2.5-150000.4.98.2 References: https://www.suse.com/security/cve/CVE-2022-31628.html https://www.suse.com/security/cve/CVE-2022-31629.html https://bugzilla.suse.com/1203867 https://bugzilla.suse.com/1203870 From sle-updates at lists.suse.com Tue Nov 1 14:31:13 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 1 Nov 2022 15:31:13 +0100 (CET) Subject: SUSE-SU-2022:3836-1: moderate: Security update for python-lxml Message-ID: <20221101143113.94294FDD6@maintenance.suse.de> SUSE Security Update: Security update for python-lxml ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3836-1 Rating: moderate References: #1179534 #1184177 Cross-References: CVE-2020-27783 CVE-2021-28957 CVSS scores: CVE-2020-27783 (NVD) : 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVE-2020-27783 (SUSE): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVE-2021-28957 (NVD) : 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVE-2021-28957 (SUSE): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Affected Products: openSUSE Leap 15.3 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for python-lxml fixes the following issues: - CVE-2021-28957: Fixed XSS due to missing input sanitization for HTML5 attributes (bsc#1184177). - CVE-2020-27783: Fixed XSS due to the use of improper parser (bsc#1179534). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-3836=1 Package List: - openSUSE Leap 15.3 (noarch): python2-lxml-doc-4.0.0-150000.4.3.1 python3-lxml-doc-4.0.0-150000.4.3.1 References: https://www.suse.com/security/cve/CVE-2020-27783.html https://www.suse.com/security/cve/CVE-2021-28957.html https://bugzilla.suse.com/1179534 https://bugzilla.suse.com/1184177 From sle-updates at lists.suse.com Tue Nov 1 14:32:05 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 1 Nov 2022 15:32:05 +0100 (CET) Subject: SUSE-SU-2022:3829-1: important: Security update for hdf5 Message-ID: <20221101143205.DF4B3FDD6@maintenance.suse.de> SUSE Security Update: Security update for hdf5 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3829-1 Rating: important References: #1093663 #1101475 #1101906 #1107069 #1111598 #1125882 #1167400 #1194366 #1194375 #1195212 #1195215 Cross-References: CVE-2018-11205 CVE-2018-13867 CVE-2018-14031 CVE-2018-16438 CVE-2018-17439 CVE-2019-8396 CVE-2020-10812 CVE-2021-45830 CVE-2021-45833 CVE-2021-46242 CVE-2021-46244 CVSS scores: CVE-2018-11205 (NVD) : 8.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H CVE-2018-11205 (SUSE): 5.1 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L CVE-2018-13867 (NVD) : 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2018-13867 (SUSE): 5.3 CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:L CVE-2018-14031 (NVD) : 8.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2018-14031 (SUSE): 4 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2018-16438 (NVD) : 8.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2018-16438 (SUSE): 2.8 CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L CVE-2018-17439 (NVD) : 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2018-17439 (SUSE): 6.3 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L CVE-2019-8396 (NVD) : 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2019-8396 (SUSE): 3.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2020-10812 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2020-10812 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2021-45830 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2021-45830 (SUSE): 5.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L CVE-2021-45833 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2021-45833 (SUSE): 4.5 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L CVE-2021-46242 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-46242 (SUSE): 5.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L CVE-2021-46244 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2021-46244 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Module for HPC 15-SP3 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Storage 7.1 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes 11 vulnerabilities is now available. Description: This update for hdf5 fixes the following issues: - CVE-2021-46244: Fixed division by zero leading to DoS (bsc#1195215). - CVE-2018-13867: Fixed out of bounds read in the function H5F__accum_read in H5Faccum.c (bsc#1101906). - CVE-2018-16438: Fixed out of bounds read in H5L_extern_query at H5Lexternal.c (bsc#1107069). - CVE-2020-10812: Fixed NULL pointer dereference (bsc#1167400). - CVE-2021-45830: Fixed heap buffer overflow vulnerability in H5F_addr_decode_len in /hdf5/src/H5Fint.c (bsc#1194375). - CVE-2019-8396: Fixed buffer overflow in function H5O__layout_encode in H5Olayout.c (bsc#1125882). - CVE-2018-11205: Fixed out of bounds read was discovered in H5VM_memcpyvv in H5VM.c (bsc#1093663). - CVE-2021-46242: Fixed heap-use-after free via the component H5AC_unpin_entry (bsc#1195212). - CVE-2021-45833: Fixed stack buffer overflow vulnerability (bsc#1194366). - CVE-2018-14031: Fixed heap-based buffer over-read in the function H5T_copy in H5T.c (bsc#1101475). - CVE-2018-17439: Fixed out of bounds read in the function H5F__accum_read in H5Faccum.c (bsc#1111598). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-3829=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-3829=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP3-2022-3829=1 - SUSE Linux Enterprise Module for HPC 15-SP3: zypper in -t patch SUSE-SLE-Module-HPC-15-SP3-2022-3829=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): hdf5_1_10_8-gnu-hpc-1.10.8-150300.4.6.1 hdf5_1_10_8-gnu-hpc-debuginfo-1.10.8-150300.4.6.1 hdf5_1_10_8-gnu-hpc-debugsource-1.10.8-150300.4.6.1 hdf5_1_10_8-gnu-hpc-devel-1.10.8-150300.4.6.1 hdf5_1_10_8-gnu-hpc-devel-static-1.10.8-150300.4.6.1 hdf5_1_10_8-gnu-hpc-module-1.10.8-150300.4.6.1 hdf5_1_10_8-gnu-mpich-hpc-1.10.8-150300.4.6.1 hdf5_1_10_8-gnu-mpich-hpc-debuginfo-1.10.8-150300.4.6.1 hdf5_1_10_8-gnu-mpich-hpc-debugsource-1.10.8-150300.4.6.1 hdf5_1_10_8-gnu-mpich-hpc-devel-1.10.8-150300.4.6.1 hdf5_1_10_8-gnu-mpich-hpc-devel-static-1.10.8-150300.4.6.1 hdf5_1_10_8-gnu-mpich-hpc-module-1.10.8-150300.4.6.1 hdf5_1_10_8-gnu-mvapich2-hpc-1.10.8-150300.4.6.1 hdf5_1_10_8-gnu-mvapich2-hpc-debuginfo-1.10.8-150300.4.6.1 hdf5_1_10_8-gnu-mvapich2-hpc-debugsource-1.10.8-150300.4.6.1 hdf5_1_10_8-gnu-mvapich2-hpc-devel-1.10.8-150300.4.6.1 hdf5_1_10_8-gnu-mvapich2-hpc-devel-static-1.10.8-150300.4.6.1 hdf5_1_10_8-gnu-mvapich2-hpc-module-1.10.8-150300.4.6.1 hdf5_1_10_8-gnu-openmpi3-hpc-1.10.8-150300.4.6.1 hdf5_1_10_8-gnu-openmpi3-hpc-debuginfo-1.10.8-150300.4.6.1 hdf5_1_10_8-gnu-openmpi3-hpc-debugsource-1.10.8-150300.4.6.1 hdf5_1_10_8-gnu-openmpi3-hpc-devel-1.10.8-150300.4.6.1 hdf5_1_10_8-gnu-openmpi3-hpc-devel-static-1.10.8-150300.4.6.1 hdf5_1_10_8-gnu-openmpi3-hpc-module-1.10.8-150300.4.6.1 hdf5_1_10_8-gnu-openmpi4-hpc-1.10.8-150300.4.6.1 hdf5_1_10_8-gnu-openmpi4-hpc-debuginfo-1.10.8-150300.4.6.1 hdf5_1_10_8-gnu-openmpi4-hpc-debugsource-1.10.8-150300.4.6.1 hdf5_1_10_8-gnu-openmpi4-hpc-devel-1.10.8-150300.4.6.1 hdf5_1_10_8-gnu-openmpi4-hpc-devel-static-1.10.8-150300.4.6.1 hdf5_1_10_8-gnu-openmpi4-hpc-module-1.10.8-150300.4.6.1 hdf5_1_10_8-hpc-examples-1.10.8-150300.4.6.1 libhdf5-gnu-hpc-1.10.8-150300.4.6.1 libhdf5-gnu-mpich-hpc-1.10.8-150300.4.6.1 libhdf5-gnu-mvapich2-hpc-1.10.8-150300.4.6.1 libhdf5-gnu-openmpi3-hpc-1.10.8-150300.4.6.1 libhdf5-gnu-openmpi4-hpc-1.10.8-150300.4.6.1 libhdf5_1_10_8-gnu-hpc-1.10.8-150300.4.6.1 libhdf5_1_10_8-gnu-hpc-debuginfo-1.10.8-150300.4.6.1 libhdf5_1_10_8-gnu-mpich-hpc-1.10.8-150300.4.6.1 libhdf5_1_10_8-gnu-mpich-hpc-debuginfo-1.10.8-150300.4.6.1 libhdf5_1_10_8-gnu-mvapich2-hpc-1.10.8-150300.4.6.1 libhdf5_1_10_8-gnu-mvapich2-hpc-debuginfo-1.10.8-150300.4.6.1 libhdf5_1_10_8-gnu-openmpi3-hpc-1.10.8-150300.4.6.1 libhdf5_1_10_8-gnu-openmpi3-hpc-debuginfo-1.10.8-150300.4.6.1 libhdf5_1_10_8-gnu-openmpi4-hpc-1.10.8-150300.4.6.1 libhdf5_1_10_8-gnu-openmpi4-hpc-debuginfo-1.10.8-150300.4.6.1 libhdf5_cpp-gnu-hpc-1.10.8-150300.4.6.1 libhdf5_cpp-gnu-mpich-hpc-1.10.8-150300.4.6.1 libhdf5_cpp-gnu-mvapich2-hpc-1.10.8-150300.4.6.1 libhdf5_cpp-gnu-openmpi3-hpc-1.10.8-150300.4.6.1 libhdf5_cpp-gnu-openmpi4-hpc-1.10.8-150300.4.6.1 libhdf5_cpp_1_10_8-gnu-hpc-1.10.8-150300.4.6.1 libhdf5_cpp_1_10_8-gnu-hpc-debuginfo-1.10.8-150300.4.6.1 libhdf5_cpp_1_10_8-gnu-mpich-hpc-1.10.8-150300.4.6.1 libhdf5_cpp_1_10_8-gnu-mpich-hpc-debuginfo-1.10.8-150300.4.6.1 libhdf5_cpp_1_10_8-gnu-mvapich2-hpc-1.10.8-150300.4.6.1 libhdf5_cpp_1_10_8-gnu-mvapich2-hpc-debuginfo-1.10.8-150300.4.6.1 libhdf5_cpp_1_10_8-gnu-openmpi3-hpc-1.10.8-150300.4.6.1 libhdf5_cpp_1_10_8-gnu-openmpi3-hpc-debuginfo-1.10.8-150300.4.6.1 libhdf5_cpp_1_10_8-gnu-openmpi4-hpc-1.10.8-150300.4.6.1 libhdf5_cpp_1_10_8-gnu-openmpi4-hpc-debuginfo-1.10.8-150300.4.6.1 libhdf5_fortran-gnu-hpc-1.10.8-150300.4.6.1 libhdf5_fortran-gnu-mpich-hpc-1.10.8-150300.4.6.1 libhdf5_fortran-gnu-mvapich2-hpc-1.10.8-150300.4.6.1 libhdf5_fortran-gnu-openmpi3-hpc-1.10.8-150300.4.6.1 libhdf5_fortran-gnu-openmpi4-hpc-1.10.8-150300.4.6.1 libhdf5_fortran_1_10_8-gnu-hpc-1.10.8-150300.4.6.1 libhdf5_fortran_1_10_8-gnu-hpc-debuginfo-1.10.8-150300.4.6.1 libhdf5_fortran_1_10_8-gnu-mpich-hpc-1.10.8-150300.4.6.1 libhdf5_fortran_1_10_8-gnu-mpich-hpc-debuginfo-1.10.8-150300.4.6.1 libhdf5_fortran_1_10_8-gnu-mvapich2-hpc-1.10.8-150300.4.6.1 libhdf5_fortran_1_10_8-gnu-mvapich2-hpc-debuginfo-1.10.8-150300.4.6.1 libhdf5_fortran_1_10_8-gnu-openmpi3-hpc-1.10.8-150300.4.6.1 libhdf5_fortran_1_10_8-gnu-openmpi3-hpc-debuginfo-1.10.8-150300.4.6.1 libhdf5_fortran_1_10_8-gnu-openmpi4-hpc-1.10.8-150300.4.6.1 libhdf5_fortran_1_10_8-gnu-openmpi4-hpc-debuginfo-1.10.8-150300.4.6.1 libhdf5_hl-gnu-hpc-1.10.8-150300.4.6.1 libhdf5_hl-gnu-mpich-hpc-1.10.8-150300.4.6.1 libhdf5_hl-gnu-mvapich2-hpc-1.10.8-150300.4.6.1 libhdf5_hl-gnu-openmpi3-hpc-1.10.8-150300.4.6.1 libhdf5_hl-gnu-openmpi4-hpc-1.10.8-150300.4.6.1 libhdf5_hl_1_10_8-gnu-hpc-1.10.8-150300.4.6.1 libhdf5_hl_1_10_8-gnu-hpc-debuginfo-1.10.8-150300.4.6.1 libhdf5_hl_1_10_8-gnu-mpich-hpc-1.10.8-150300.4.6.1 libhdf5_hl_1_10_8-gnu-mpich-hpc-debuginfo-1.10.8-150300.4.6.1 libhdf5_hl_1_10_8-gnu-mvapich2-hpc-1.10.8-150300.4.6.1 libhdf5_hl_1_10_8-gnu-mvapich2-hpc-debuginfo-1.10.8-150300.4.6.1 libhdf5_hl_1_10_8-gnu-openmpi3-hpc-1.10.8-150300.4.6.1 libhdf5_hl_1_10_8-gnu-openmpi3-hpc-debuginfo-1.10.8-150300.4.6.1 libhdf5_hl_1_10_8-gnu-openmpi4-hpc-1.10.8-150300.4.6.1 libhdf5_hl_1_10_8-gnu-openmpi4-hpc-debuginfo-1.10.8-150300.4.6.1 libhdf5_hl_cpp-gnu-hpc-1.10.8-150300.4.6.1 libhdf5_hl_cpp-gnu-mpich-hpc-1.10.8-150300.4.6.1 libhdf5_hl_cpp-gnu-mvapich2-hpc-1.10.8-150300.4.6.1 libhdf5_hl_cpp-gnu-openmpi3-hpc-1.10.8-150300.4.6.1 libhdf5_hl_cpp-gnu-openmpi4-hpc-1.10.8-150300.4.6.1 libhdf5_hl_cpp_1_10_8-gnu-hpc-1.10.8-150300.4.6.1 libhdf5_hl_cpp_1_10_8-gnu-hpc-debuginfo-1.10.8-150300.4.6.1 libhdf5_hl_cpp_1_10_8-gnu-mpich-hpc-1.10.8-150300.4.6.1 libhdf5_hl_cpp_1_10_8-gnu-mpich-hpc-debuginfo-1.10.8-150300.4.6.1 libhdf5_hl_cpp_1_10_8-gnu-mvapich2-hpc-1.10.8-150300.4.6.1 libhdf5_hl_cpp_1_10_8-gnu-mvapich2-hpc-debuginfo-1.10.8-150300.4.6.1 libhdf5_hl_cpp_1_10_8-gnu-openmpi3-hpc-1.10.8-150300.4.6.1 libhdf5_hl_cpp_1_10_8-gnu-openmpi3-hpc-debuginfo-1.10.8-150300.4.6.1 libhdf5_hl_cpp_1_10_8-gnu-openmpi4-hpc-1.10.8-150300.4.6.1 libhdf5_hl_cpp_1_10_8-gnu-openmpi4-hpc-debuginfo-1.10.8-150300.4.6.1 libhdf5_hl_fortran-gnu-hpc-1.10.8-150300.4.6.1 libhdf5_hl_fortran-gnu-mpich-hpc-1.10.8-150300.4.6.1 libhdf5_hl_fortran-gnu-mvapich2-hpc-1.10.8-150300.4.6.1 libhdf5_hl_fortran-gnu-openmpi3-hpc-1.10.8-150300.4.6.1 libhdf5_hl_fortran-gnu-openmpi4-hpc-1.10.8-150300.4.6.1 libhdf5hl_fortran_1_10_8-gnu-hpc-1.10.8-150300.4.6.1 libhdf5hl_fortran_1_10_8-gnu-hpc-debuginfo-1.10.8-150300.4.6.1 libhdf5hl_fortran_1_10_8-gnu-mpich-hpc-1.10.8-150300.4.6.1 libhdf5hl_fortran_1_10_8-gnu-mpich-hpc-debuginfo-1.10.8-150300.4.6.1 libhdf5hl_fortran_1_10_8-gnu-mvapich2-hpc-1.10.8-150300.4.6.1 libhdf5hl_fortran_1_10_8-gnu-mvapich2-hpc-debuginfo-1.10.8-150300.4.6.1 libhdf5hl_fortran_1_10_8-gnu-openmpi3-hpc-1.10.8-150300.4.6.1 libhdf5hl_fortran_1_10_8-gnu-openmpi3-hpc-debuginfo-1.10.8-150300.4.6.1 libhdf5hl_fortran_1_10_8-gnu-openmpi4-hpc-1.10.8-150300.4.6.1 libhdf5hl_fortran_1_10_8-gnu-openmpi4-hpc-debuginfo-1.10.8-150300.4.6.1 - openSUSE Leap 15.4 (noarch): hdf5-gnu-hpc-1.10.8-150300.4.6.1 hdf5-gnu-hpc-devel-1.10.8-150300.4.6.1 hdf5-gnu-mpich-hpc-1.10.8-150300.4.6.1 hdf5-gnu-mpich-hpc-devel-1.10.8-150300.4.6.1 hdf5-gnu-mvapich2-hpc-1.10.8-150300.4.6.1 hdf5-gnu-mvapich2-hpc-devel-1.10.8-150300.4.6.1 hdf5-gnu-openmpi3-hpc-1.10.8-150300.4.6.1 hdf5-gnu-openmpi3-hpc-devel-1.10.8-150300.4.6.1 hdf5-gnu-openmpi4-hpc-1.10.8-150300.4.6.1 hdf5-gnu-openmpi4-hpc-devel-1.10.8-150300.4.6.1 hdf5-hpc-examples-1.10.8-150300.4.6.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): hdf5_1_10_8-gnu-hpc-1.10.8-150300.4.6.1 hdf5_1_10_8-gnu-hpc-debuginfo-1.10.8-150300.4.6.1 hdf5_1_10_8-gnu-hpc-debugsource-1.10.8-150300.4.6.1 hdf5_1_10_8-gnu-hpc-devel-1.10.8-150300.4.6.1 hdf5_1_10_8-gnu-hpc-devel-static-1.10.8-150300.4.6.1 hdf5_1_10_8-gnu-hpc-module-1.10.8-150300.4.6.1 hdf5_1_10_8-gnu-mpich-hpc-1.10.8-150300.4.6.1 hdf5_1_10_8-gnu-mpich-hpc-debuginfo-1.10.8-150300.4.6.1 hdf5_1_10_8-gnu-mpich-hpc-debugsource-1.10.8-150300.4.6.1 hdf5_1_10_8-gnu-mpich-hpc-devel-1.10.8-150300.4.6.1 hdf5_1_10_8-gnu-mpich-hpc-devel-static-1.10.8-150300.4.6.1 hdf5_1_10_8-gnu-mpich-hpc-module-1.10.8-150300.4.6.1 hdf5_1_10_8-gnu-mvapich2-hpc-1.10.8-150300.4.6.1 hdf5_1_10_8-gnu-mvapich2-hpc-debuginfo-1.10.8-150300.4.6.1 hdf5_1_10_8-gnu-mvapich2-hpc-debugsource-1.10.8-150300.4.6.1 hdf5_1_10_8-gnu-mvapich2-hpc-devel-1.10.8-150300.4.6.1 hdf5_1_10_8-gnu-mvapich2-hpc-devel-static-1.10.8-150300.4.6.1 hdf5_1_10_8-gnu-mvapich2-hpc-module-1.10.8-150300.4.6.1 hdf5_1_10_8-gnu-openmpi3-hpc-1.10.8-150300.4.6.1 hdf5_1_10_8-gnu-openmpi3-hpc-debuginfo-1.10.8-150300.4.6.1 hdf5_1_10_8-gnu-openmpi3-hpc-debugsource-1.10.8-150300.4.6.1 hdf5_1_10_8-gnu-openmpi3-hpc-devel-1.10.8-150300.4.6.1 hdf5_1_10_8-gnu-openmpi3-hpc-devel-static-1.10.8-150300.4.6.1 hdf5_1_10_8-gnu-openmpi3-hpc-module-1.10.8-150300.4.6.1 hdf5_1_10_8-gnu-openmpi4-hpc-1.10.8-150300.4.6.1 hdf5_1_10_8-gnu-openmpi4-hpc-debuginfo-1.10.8-150300.4.6.1 hdf5_1_10_8-gnu-openmpi4-hpc-debugsource-1.10.8-150300.4.6.1 hdf5_1_10_8-gnu-openmpi4-hpc-devel-1.10.8-150300.4.6.1 hdf5_1_10_8-gnu-openmpi4-hpc-devel-static-1.10.8-150300.4.6.1 hdf5_1_10_8-gnu-openmpi4-hpc-module-1.10.8-150300.4.6.1 hdf5_1_10_8-hpc-examples-1.10.8-150300.4.6.1 libhdf5-gnu-hpc-1.10.8-150300.4.6.1 libhdf5-gnu-mpich-hpc-1.10.8-150300.4.6.1 libhdf5-gnu-mvapich2-hpc-1.10.8-150300.4.6.1 libhdf5-gnu-openmpi3-hpc-1.10.8-150300.4.6.1 libhdf5-gnu-openmpi4-hpc-1.10.8-150300.4.6.1 libhdf5_1_10_8-gnu-hpc-1.10.8-150300.4.6.1 libhdf5_1_10_8-gnu-hpc-debuginfo-1.10.8-150300.4.6.1 libhdf5_1_10_8-gnu-mpich-hpc-1.10.8-150300.4.6.1 libhdf5_1_10_8-gnu-mpich-hpc-debuginfo-1.10.8-150300.4.6.1 libhdf5_1_10_8-gnu-mvapich2-hpc-1.10.8-150300.4.6.1 libhdf5_1_10_8-gnu-mvapich2-hpc-debuginfo-1.10.8-150300.4.6.1 libhdf5_1_10_8-gnu-openmpi3-hpc-1.10.8-150300.4.6.1 libhdf5_1_10_8-gnu-openmpi3-hpc-debuginfo-1.10.8-150300.4.6.1 libhdf5_1_10_8-gnu-openmpi4-hpc-1.10.8-150300.4.6.1 libhdf5_1_10_8-gnu-openmpi4-hpc-debuginfo-1.10.8-150300.4.6.1 libhdf5_cpp-gnu-hpc-1.10.8-150300.4.6.1 libhdf5_cpp-gnu-mpich-hpc-1.10.8-150300.4.6.1 libhdf5_cpp-gnu-mvapich2-hpc-1.10.8-150300.4.6.1 libhdf5_cpp-gnu-openmpi3-hpc-1.10.8-150300.4.6.1 libhdf5_cpp-gnu-openmpi4-hpc-1.10.8-150300.4.6.1 libhdf5_cpp_1_10_8-gnu-hpc-1.10.8-150300.4.6.1 libhdf5_cpp_1_10_8-gnu-hpc-debuginfo-1.10.8-150300.4.6.1 libhdf5_cpp_1_10_8-gnu-mpich-hpc-1.10.8-150300.4.6.1 libhdf5_cpp_1_10_8-gnu-mpich-hpc-debuginfo-1.10.8-150300.4.6.1 libhdf5_cpp_1_10_8-gnu-mvapich2-hpc-1.10.8-150300.4.6.1 libhdf5_cpp_1_10_8-gnu-mvapich2-hpc-debuginfo-1.10.8-150300.4.6.1 libhdf5_cpp_1_10_8-gnu-openmpi3-hpc-1.10.8-150300.4.6.1 libhdf5_cpp_1_10_8-gnu-openmpi3-hpc-debuginfo-1.10.8-150300.4.6.1 libhdf5_cpp_1_10_8-gnu-openmpi4-hpc-1.10.8-150300.4.6.1 libhdf5_cpp_1_10_8-gnu-openmpi4-hpc-debuginfo-1.10.8-150300.4.6.1 libhdf5_fortran-gnu-hpc-1.10.8-150300.4.6.1 libhdf5_fortran-gnu-mpich-hpc-1.10.8-150300.4.6.1 libhdf5_fortran-gnu-mvapich2-hpc-1.10.8-150300.4.6.1 libhdf5_fortran-gnu-openmpi3-hpc-1.10.8-150300.4.6.1 libhdf5_fortran-gnu-openmpi4-hpc-1.10.8-150300.4.6.1 libhdf5_fortran_1_10_8-gnu-hpc-1.10.8-150300.4.6.1 libhdf5_fortran_1_10_8-gnu-hpc-debuginfo-1.10.8-150300.4.6.1 libhdf5_fortran_1_10_8-gnu-mpich-hpc-1.10.8-150300.4.6.1 libhdf5_fortran_1_10_8-gnu-mpich-hpc-debuginfo-1.10.8-150300.4.6.1 libhdf5_fortran_1_10_8-gnu-mvapich2-hpc-1.10.8-150300.4.6.1 libhdf5_fortran_1_10_8-gnu-mvapich2-hpc-debuginfo-1.10.8-150300.4.6.1 libhdf5_fortran_1_10_8-gnu-openmpi3-hpc-1.10.8-150300.4.6.1 libhdf5_fortran_1_10_8-gnu-openmpi3-hpc-debuginfo-1.10.8-150300.4.6.1 libhdf5_fortran_1_10_8-gnu-openmpi4-hpc-1.10.8-150300.4.6.1 libhdf5_fortran_1_10_8-gnu-openmpi4-hpc-debuginfo-1.10.8-150300.4.6.1 libhdf5_hl-gnu-hpc-1.10.8-150300.4.6.1 libhdf5_hl-gnu-mpich-hpc-1.10.8-150300.4.6.1 libhdf5_hl-gnu-mvapich2-hpc-1.10.8-150300.4.6.1 libhdf5_hl-gnu-openmpi3-hpc-1.10.8-150300.4.6.1 libhdf5_hl-gnu-openmpi4-hpc-1.10.8-150300.4.6.1 libhdf5_hl_1_10_8-gnu-hpc-1.10.8-150300.4.6.1 libhdf5_hl_1_10_8-gnu-hpc-debuginfo-1.10.8-150300.4.6.1 libhdf5_hl_1_10_8-gnu-mpich-hpc-1.10.8-150300.4.6.1 libhdf5_hl_1_10_8-gnu-mpich-hpc-debuginfo-1.10.8-150300.4.6.1 libhdf5_hl_1_10_8-gnu-mvapich2-hpc-1.10.8-150300.4.6.1 libhdf5_hl_1_10_8-gnu-mvapich2-hpc-debuginfo-1.10.8-150300.4.6.1 libhdf5_hl_1_10_8-gnu-openmpi3-hpc-1.10.8-150300.4.6.1 libhdf5_hl_1_10_8-gnu-openmpi3-hpc-debuginfo-1.10.8-150300.4.6.1 libhdf5_hl_1_10_8-gnu-openmpi4-hpc-1.10.8-150300.4.6.1 libhdf5_hl_1_10_8-gnu-openmpi4-hpc-debuginfo-1.10.8-150300.4.6.1 libhdf5_hl_cpp-gnu-hpc-1.10.8-150300.4.6.1 libhdf5_hl_cpp-gnu-mpich-hpc-1.10.8-150300.4.6.1 libhdf5_hl_cpp-gnu-mvapich2-hpc-1.10.8-150300.4.6.1 libhdf5_hl_cpp-gnu-openmpi3-hpc-1.10.8-150300.4.6.1 libhdf5_hl_cpp-gnu-openmpi4-hpc-1.10.8-150300.4.6.1 libhdf5_hl_cpp_1_10_8-gnu-hpc-1.10.8-150300.4.6.1 libhdf5_hl_cpp_1_10_8-gnu-hpc-debuginfo-1.10.8-150300.4.6.1 libhdf5_hl_cpp_1_10_8-gnu-mpich-hpc-1.10.8-150300.4.6.1 libhdf5_hl_cpp_1_10_8-gnu-mpich-hpc-debuginfo-1.10.8-150300.4.6.1 libhdf5_hl_cpp_1_10_8-gnu-mvapich2-hpc-1.10.8-150300.4.6.1 libhdf5_hl_cpp_1_10_8-gnu-mvapich2-hpc-debuginfo-1.10.8-150300.4.6.1 libhdf5_hl_cpp_1_10_8-gnu-openmpi3-hpc-1.10.8-150300.4.6.1 libhdf5_hl_cpp_1_10_8-gnu-openmpi3-hpc-debuginfo-1.10.8-150300.4.6.1 libhdf5_hl_cpp_1_10_8-gnu-openmpi4-hpc-1.10.8-150300.4.6.1 libhdf5_hl_cpp_1_10_8-gnu-openmpi4-hpc-debuginfo-1.10.8-150300.4.6.1 libhdf5_hl_fortran-gnu-hpc-1.10.8-150300.4.6.1 libhdf5_hl_fortran-gnu-mpich-hpc-1.10.8-150300.4.6.1 libhdf5_hl_fortran-gnu-mvapich2-hpc-1.10.8-150300.4.6.1 libhdf5_hl_fortran-gnu-openmpi3-hpc-1.10.8-150300.4.6.1 libhdf5_hl_fortran-gnu-openmpi4-hpc-1.10.8-150300.4.6.1 libhdf5hl_fortran_1_10_8-gnu-hpc-1.10.8-150300.4.6.1 libhdf5hl_fortran_1_10_8-gnu-hpc-debuginfo-1.10.8-150300.4.6.1 libhdf5hl_fortran_1_10_8-gnu-mpich-hpc-1.10.8-150300.4.6.1 libhdf5hl_fortran_1_10_8-gnu-mpich-hpc-debuginfo-1.10.8-150300.4.6.1 libhdf5hl_fortran_1_10_8-gnu-mvapich2-hpc-1.10.8-150300.4.6.1 libhdf5hl_fortran_1_10_8-gnu-mvapich2-hpc-debuginfo-1.10.8-150300.4.6.1 libhdf5hl_fortran_1_10_8-gnu-openmpi3-hpc-1.10.8-150300.4.6.1 libhdf5hl_fortran_1_10_8-gnu-openmpi3-hpc-debuginfo-1.10.8-150300.4.6.1 libhdf5hl_fortran_1_10_8-gnu-openmpi4-hpc-1.10.8-150300.4.6.1 libhdf5hl_fortran_1_10_8-gnu-openmpi4-hpc-debuginfo-1.10.8-150300.4.6.1 - openSUSE Leap 15.3 (noarch): hdf5-gnu-hpc-1.10.8-150300.4.6.1 hdf5-gnu-hpc-devel-1.10.8-150300.4.6.1 hdf5-gnu-mpich-hpc-1.10.8-150300.4.6.1 hdf5-gnu-mpich-hpc-devel-1.10.8-150300.4.6.1 hdf5-gnu-mvapich2-hpc-1.10.8-150300.4.6.1 hdf5-gnu-mvapich2-hpc-devel-1.10.8-150300.4.6.1 hdf5-gnu-openmpi3-hpc-1.10.8-150300.4.6.1 hdf5-gnu-openmpi3-hpc-devel-1.10.8-150300.4.6.1 hdf5-gnu-openmpi4-hpc-1.10.8-150300.4.6.1 hdf5-gnu-openmpi4-hpc-devel-1.10.8-150300.4.6.1 hdf5-hpc-examples-1.10.8-150300.4.6.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (ppc64le s390x): hdf5_1_10_8-gnu-hpc-1.10.8-150300.4.6.1 hdf5_1_10_8-gnu-hpc-debuginfo-1.10.8-150300.4.6.1 hdf5_1_10_8-gnu-hpc-debugsource-1.10.8-150300.4.6.1 hdf5_1_10_8-gnu-hpc-devel-1.10.8-150300.4.6.1 hdf5_1_10_8-gnu-hpc-devel-static-1.10.8-150300.4.6.1 hdf5_1_10_8-gnu-hpc-module-1.10.8-150300.4.6.1 hdf5_1_10_8-gnu-mpich-hpc-1.10.8-150300.4.6.1 hdf5_1_10_8-gnu-mpich-hpc-debuginfo-1.10.8-150300.4.6.1 hdf5_1_10_8-gnu-mpich-hpc-debugsource-1.10.8-150300.4.6.1 hdf5_1_10_8-gnu-mpich-hpc-devel-1.10.8-150300.4.6.1 hdf5_1_10_8-gnu-mpich-hpc-devel-static-1.10.8-150300.4.6.1 hdf5_1_10_8-gnu-mpich-hpc-module-1.10.8-150300.4.6.1 hdf5_1_10_8-gnu-mvapich2-hpc-1.10.8-150300.4.6.1 hdf5_1_10_8-gnu-mvapich2-hpc-debuginfo-1.10.8-150300.4.6.1 hdf5_1_10_8-gnu-mvapich2-hpc-debugsource-1.10.8-150300.4.6.1 hdf5_1_10_8-gnu-mvapich2-hpc-devel-1.10.8-150300.4.6.1 hdf5_1_10_8-gnu-mvapich2-hpc-devel-static-1.10.8-150300.4.6.1 hdf5_1_10_8-gnu-mvapich2-hpc-module-1.10.8-150300.4.6.1 hdf5_1_10_8-gnu-openmpi3-hpc-1.10.8-150300.4.6.1 hdf5_1_10_8-gnu-openmpi3-hpc-debuginfo-1.10.8-150300.4.6.1 hdf5_1_10_8-gnu-openmpi3-hpc-debugsource-1.10.8-150300.4.6.1 hdf5_1_10_8-gnu-openmpi3-hpc-devel-1.10.8-150300.4.6.1 hdf5_1_10_8-gnu-openmpi3-hpc-devel-static-1.10.8-150300.4.6.1 hdf5_1_10_8-gnu-openmpi3-hpc-module-1.10.8-150300.4.6.1 hdf5_1_10_8-gnu-openmpi4-hpc-1.10.8-150300.4.6.1 hdf5_1_10_8-gnu-openmpi4-hpc-debuginfo-1.10.8-150300.4.6.1 hdf5_1_10_8-gnu-openmpi4-hpc-debugsource-1.10.8-150300.4.6.1 hdf5_1_10_8-gnu-openmpi4-hpc-devel-1.10.8-150300.4.6.1 hdf5_1_10_8-gnu-openmpi4-hpc-devel-static-1.10.8-150300.4.6.1 hdf5_1_10_8-gnu-openmpi4-hpc-module-1.10.8-150300.4.6.1 hdf5_1_10_8-hpc-examples-1.10.8-150300.4.6.1 libhdf5-gnu-hpc-1.10.8-150300.4.6.1 libhdf5-gnu-mpich-hpc-1.10.8-150300.4.6.1 libhdf5-gnu-mvapich2-hpc-1.10.8-150300.4.6.1 libhdf5-gnu-openmpi3-hpc-1.10.8-150300.4.6.1 libhdf5-gnu-openmpi4-hpc-1.10.8-150300.4.6.1 libhdf5_1_10_8-gnu-hpc-1.10.8-150300.4.6.1 libhdf5_1_10_8-gnu-hpc-debuginfo-1.10.8-150300.4.6.1 libhdf5_1_10_8-gnu-mpich-hpc-1.10.8-150300.4.6.1 libhdf5_1_10_8-gnu-mpich-hpc-debuginfo-1.10.8-150300.4.6.1 libhdf5_1_10_8-gnu-mvapich2-hpc-1.10.8-150300.4.6.1 libhdf5_1_10_8-gnu-mvapich2-hpc-debuginfo-1.10.8-150300.4.6.1 libhdf5_1_10_8-gnu-openmpi3-hpc-1.10.8-150300.4.6.1 libhdf5_1_10_8-gnu-openmpi3-hpc-debuginfo-1.10.8-150300.4.6.1 libhdf5_1_10_8-gnu-openmpi4-hpc-1.10.8-150300.4.6.1 libhdf5_1_10_8-gnu-openmpi4-hpc-debuginfo-1.10.8-150300.4.6.1 libhdf5_cpp-gnu-hpc-1.10.8-150300.4.6.1 libhdf5_cpp-gnu-mpich-hpc-1.10.8-150300.4.6.1 libhdf5_cpp-gnu-mvapich2-hpc-1.10.8-150300.4.6.1 libhdf5_cpp-gnu-openmpi3-hpc-1.10.8-150300.4.6.1 libhdf5_cpp-gnu-openmpi4-hpc-1.10.8-150300.4.6.1 libhdf5_cpp_1_10_8-gnu-hpc-1.10.8-150300.4.6.1 libhdf5_cpp_1_10_8-gnu-hpc-debuginfo-1.10.8-150300.4.6.1 libhdf5_cpp_1_10_8-gnu-mpich-hpc-1.10.8-150300.4.6.1 libhdf5_cpp_1_10_8-gnu-mpich-hpc-debuginfo-1.10.8-150300.4.6.1 libhdf5_cpp_1_10_8-gnu-mvapich2-hpc-1.10.8-150300.4.6.1 libhdf5_cpp_1_10_8-gnu-mvapich2-hpc-debuginfo-1.10.8-150300.4.6.1 libhdf5_cpp_1_10_8-gnu-openmpi3-hpc-1.10.8-150300.4.6.1 libhdf5_cpp_1_10_8-gnu-openmpi3-hpc-debuginfo-1.10.8-150300.4.6.1 libhdf5_cpp_1_10_8-gnu-openmpi4-hpc-1.10.8-150300.4.6.1 libhdf5_cpp_1_10_8-gnu-openmpi4-hpc-debuginfo-1.10.8-150300.4.6.1 libhdf5_fortran-gnu-hpc-1.10.8-150300.4.6.1 libhdf5_fortran-gnu-mpich-hpc-1.10.8-150300.4.6.1 libhdf5_fortran-gnu-mvapich2-hpc-1.10.8-150300.4.6.1 libhdf5_fortran-gnu-openmpi3-hpc-1.10.8-150300.4.6.1 libhdf5_fortran-gnu-openmpi4-hpc-1.10.8-150300.4.6.1 libhdf5_fortran_1_10_8-gnu-hpc-1.10.8-150300.4.6.1 libhdf5_fortran_1_10_8-gnu-hpc-debuginfo-1.10.8-150300.4.6.1 libhdf5_fortran_1_10_8-gnu-mpich-hpc-1.10.8-150300.4.6.1 libhdf5_fortran_1_10_8-gnu-mpich-hpc-debuginfo-1.10.8-150300.4.6.1 libhdf5_fortran_1_10_8-gnu-mvapich2-hpc-1.10.8-150300.4.6.1 libhdf5_fortran_1_10_8-gnu-mvapich2-hpc-debuginfo-1.10.8-150300.4.6.1 libhdf5_fortran_1_10_8-gnu-openmpi3-hpc-1.10.8-150300.4.6.1 libhdf5_fortran_1_10_8-gnu-openmpi3-hpc-debuginfo-1.10.8-150300.4.6.1 libhdf5_fortran_1_10_8-gnu-openmpi4-hpc-1.10.8-150300.4.6.1 libhdf5_fortran_1_10_8-gnu-openmpi4-hpc-debuginfo-1.10.8-150300.4.6.1 libhdf5_hl-gnu-hpc-1.10.8-150300.4.6.1 libhdf5_hl-gnu-mpich-hpc-1.10.8-150300.4.6.1 libhdf5_hl-gnu-mvapich2-hpc-1.10.8-150300.4.6.1 libhdf5_hl-gnu-openmpi3-hpc-1.10.8-150300.4.6.1 libhdf5_hl-gnu-openmpi4-hpc-1.10.8-150300.4.6.1 libhdf5_hl_1_10_8-gnu-hpc-1.10.8-150300.4.6.1 libhdf5_hl_1_10_8-gnu-hpc-debuginfo-1.10.8-150300.4.6.1 libhdf5_hl_1_10_8-gnu-mpich-hpc-1.10.8-150300.4.6.1 libhdf5_hl_1_10_8-gnu-mpich-hpc-debuginfo-1.10.8-150300.4.6.1 libhdf5_hl_1_10_8-gnu-mvapich2-hpc-1.10.8-150300.4.6.1 libhdf5_hl_1_10_8-gnu-mvapich2-hpc-debuginfo-1.10.8-150300.4.6.1 libhdf5_hl_1_10_8-gnu-openmpi3-hpc-1.10.8-150300.4.6.1 libhdf5_hl_1_10_8-gnu-openmpi3-hpc-debuginfo-1.10.8-150300.4.6.1 libhdf5_hl_1_10_8-gnu-openmpi4-hpc-1.10.8-150300.4.6.1 libhdf5_hl_1_10_8-gnu-openmpi4-hpc-debuginfo-1.10.8-150300.4.6.1 libhdf5_hl_cpp-gnu-hpc-1.10.8-150300.4.6.1 libhdf5_hl_cpp-gnu-mpich-hpc-1.10.8-150300.4.6.1 libhdf5_hl_cpp-gnu-mvapich2-hpc-1.10.8-150300.4.6.1 libhdf5_hl_cpp-gnu-openmpi3-hpc-1.10.8-150300.4.6.1 libhdf5_hl_cpp-gnu-openmpi4-hpc-1.10.8-150300.4.6.1 libhdf5_hl_cpp_1_10_8-gnu-hpc-1.10.8-150300.4.6.1 libhdf5_hl_cpp_1_10_8-gnu-hpc-debuginfo-1.10.8-150300.4.6.1 libhdf5_hl_cpp_1_10_8-gnu-mpich-hpc-1.10.8-150300.4.6.1 libhdf5_hl_cpp_1_10_8-gnu-mpich-hpc-debuginfo-1.10.8-150300.4.6.1 libhdf5_hl_cpp_1_10_8-gnu-mvapich2-hpc-1.10.8-150300.4.6.1 libhdf5_hl_cpp_1_10_8-gnu-mvapich2-hpc-debuginfo-1.10.8-150300.4.6.1 libhdf5_hl_cpp_1_10_8-gnu-openmpi3-hpc-1.10.8-150300.4.6.1 libhdf5_hl_cpp_1_10_8-gnu-openmpi3-hpc-debuginfo-1.10.8-150300.4.6.1 libhdf5_hl_cpp_1_10_8-gnu-openmpi4-hpc-1.10.8-150300.4.6.1 libhdf5_hl_cpp_1_10_8-gnu-openmpi4-hpc-debuginfo-1.10.8-150300.4.6.1 libhdf5_hl_fortran-gnu-hpc-1.10.8-150300.4.6.1 libhdf5_hl_fortran-gnu-mpich-hpc-1.10.8-150300.4.6.1 libhdf5_hl_fortran-gnu-mvapich2-hpc-1.10.8-150300.4.6.1 libhdf5_hl_fortran-gnu-openmpi3-hpc-1.10.8-150300.4.6.1 libhdf5_hl_fortran-gnu-openmpi4-hpc-1.10.8-150300.4.6.1 libhdf5hl_fortran_1_10_8-gnu-hpc-1.10.8-150300.4.6.1 libhdf5hl_fortran_1_10_8-gnu-hpc-debuginfo-1.10.8-150300.4.6.1 libhdf5hl_fortran_1_10_8-gnu-mpich-hpc-1.10.8-150300.4.6.1 libhdf5hl_fortran_1_10_8-gnu-mpich-hpc-debuginfo-1.10.8-150300.4.6.1 libhdf5hl_fortran_1_10_8-gnu-mvapich2-hpc-1.10.8-150300.4.6.1 libhdf5hl_fortran_1_10_8-gnu-mvapich2-hpc-debuginfo-1.10.8-150300.4.6.1 libhdf5hl_fortran_1_10_8-gnu-openmpi3-hpc-1.10.8-150300.4.6.1 libhdf5hl_fortran_1_10_8-gnu-openmpi3-hpc-debuginfo-1.10.8-150300.4.6.1 libhdf5hl_fortran_1_10_8-gnu-openmpi4-hpc-1.10.8-150300.4.6.1 libhdf5hl_fortran_1_10_8-gnu-openmpi4-hpc-debuginfo-1.10.8-150300.4.6.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (noarch): hdf5-gnu-hpc-1.10.8-150300.4.6.1 hdf5-gnu-hpc-devel-1.10.8-150300.4.6.1 hdf5-gnu-mpich-hpc-1.10.8-150300.4.6.1 hdf5-gnu-mpich-hpc-devel-1.10.8-150300.4.6.1 hdf5-gnu-mvapich2-hpc-1.10.8-150300.4.6.1 hdf5-gnu-mvapich2-hpc-devel-1.10.8-150300.4.6.1 hdf5-gnu-openmpi3-hpc-1.10.8-150300.4.6.1 hdf5-gnu-openmpi3-hpc-devel-1.10.8-150300.4.6.1 hdf5-gnu-openmpi4-hpc-1.10.8-150300.4.6.1 hdf5-gnu-openmpi4-hpc-devel-1.10.8-150300.4.6.1 hdf5-hpc-examples-1.10.8-150300.4.6.1 - SUSE Linux Enterprise Module for HPC 15-SP3 (aarch64 x86_64): hdf5_1_10_8-gnu-hpc-1.10.8-150300.4.6.1 hdf5_1_10_8-gnu-hpc-debuginfo-1.10.8-150300.4.6.1 hdf5_1_10_8-gnu-hpc-debugsource-1.10.8-150300.4.6.1 hdf5_1_10_8-gnu-hpc-devel-1.10.8-150300.4.6.1 hdf5_1_10_8-gnu-hpc-devel-static-1.10.8-150300.4.6.1 hdf5_1_10_8-gnu-hpc-module-1.10.8-150300.4.6.1 hdf5_1_10_8-gnu-mpich-hpc-1.10.8-150300.4.6.1 hdf5_1_10_8-gnu-mpich-hpc-debuginfo-1.10.8-150300.4.6.1 hdf5_1_10_8-gnu-mpich-hpc-debugsource-1.10.8-150300.4.6.1 hdf5_1_10_8-gnu-mpich-hpc-devel-1.10.8-150300.4.6.1 hdf5_1_10_8-gnu-mpich-hpc-devel-static-1.10.8-150300.4.6.1 hdf5_1_10_8-gnu-mpich-hpc-module-1.10.8-150300.4.6.1 hdf5_1_10_8-gnu-mvapich2-hpc-1.10.8-150300.4.6.1 hdf5_1_10_8-gnu-mvapich2-hpc-debuginfo-1.10.8-150300.4.6.1 hdf5_1_10_8-gnu-mvapich2-hpc-debugsource-1.10.8-150300.4.6.1 hdf5_1_10_8-gnu-mvapich2-hpc-devel-1.10.8-150300.4.6.1 hdf5_1_10_8-gnu-mvapich2-hpc-devel-static-1.10.8-150300.4.6.1 hdf5_1_10_8-gnu-mvapich2-hpc-module-1.10.8-150300.4.6.1 hdf5_1_10_8-gnu-openmpi3-hpc-1.10.8-150300.4.6.1 hdf5_1_10_8-gnu-openmpi3-hpc-debuginfo-1.10.8-150300.4.6.1 hdf5_1_10_8-gnu-openmpi3-hpc-debugsource-1.10.8-150300.4.6.1 hdf5_1_10_8-gnu-openmpi3-hpc-devel-1.10.8-150300.4.6.1 hdf5_1_10_8-gnu-openmpi3-hpc-devel-static-1.10.8-150300.4.6.1 hdf5_1_10_8-gnu-openmpi3-hpc-module-1.10.8-150300.4.6.1 hdf5_1_10_8-gnu-openmpi4-hpc-1.10.8-150300.4.6.1 hdf5_1_10_8-gnu-openmpi4-hpc-debuginfo-1.10.8-150300.4.6.1 hdf5_1_10_8-gnu-openmpi4-hpc-debugsource-1.10.8-150300.4.6.1 hdf5_1_10_8-gnu-openmpi4-hpc-devel-1.10.8-150300.4.6.1 hdf5_1_10_8-gnu-openmpi4-hpc-devel-static-1.10.8-150300.4.6.1 hdf5_1_10_8-gnu-openmpi4-hpc-module-1.10.8-150300.4.6.1 hdf5_1_10_8-hpc-examples-1.10.8-150300.4.6.1 libhdf5-gnu-hpc-1.10.8-150300.4.6.1 libhdf5-gnu-mpich-hpc-1.10.8-150300.4.6.1 libhdf5-gnu-mvapich2-hpc-1.10.8-150300.4.6.1 libhdf5-gnu-openmpi3-hpc-1.10.8-150300.4.6.1 libhdf5-gnu-openmpi4-hpc-1.10.8-150300.4.6.1 libhdf5_1_10_8-gnu-hpc-1.10.8-150300.4.6.1 libhdf5_1_10_8-gnu-hpc-debuginfo-1.10.8-150300.4.6.1 libhdf5_1_10_8-gnu-mpich-hpc-1.10.8-150300.4.6.1 libhdf5_1_10_8-gnu-mpich-hpc-debuginfo-1.10.8-150300.4.6.1 libhdf5_1_10_8-gnu-mvapich2-hpc-1.10.8-150300.4.6.1 libhdf5_1_10_8-gnu-mvapich2-hpc-debuginfo-1.10.8-150300.4.6.1 libhdf5_1_10_8-gnu-openmpi3-hpc-1.10.8-150300.4.6.1 libhdf5_1_10_8-gnu-openmpi3-hpc-debuginfo-1.10.8-150300.4.6.1 libhdf5_1_10_8-gnu-openmpi4-hpc-1.10.8-150300.4.6.1 libhdf5_1_10_8-gnu-openmpi4-hpc-debuginfo-1.10.8-150300.4.6.1 libhdf5_cpp-gnu-hpc-1.10.8-150300.4.6.1 libhdf5_cpp-gnu-mpich-hpc-1.10.8-150300.4.6.1 libhdf5_cpp-gnu-mvapich2-hpc-1.10.8-150300.4.6.1 libhdf5_cpp-gnu-openmpi3-hpc-1.10.8-150300.4.6.1 libhdf5_cpp-gnu-openmpi4-hpc-1.10.8-150300.4.6.1 libhdf5_cpp_1_10_8-gnu-hpc-1.10.8-150300.4.6.1 libhdf5_cpp_1_10_8-gnu-hpc-debuginfo-1.10.8-150300.4.6.1 libhdf5_cpp_1_10_8-gnu-mpich-hpc-1.10.8-150300.4.6.1 libhdf5_cpp_1_10_8-gnu-mpich-hpc-debuginfo-1.10.8-150300.4.6.1 libhdf5_cpp_1_10_8-gnu-mvapich2-hpc-1.10.8-150300.4.6.1 libhdf5_cpp_1_10_8-gnu-mvapich2-hpc-debuginfo-1.10.8-150300.4.6.1 libhdf5_cpp_1_10_8-gnu-openmpi3-hpc-1.10.8-150300.4.6.1 libhdf5_cpp_1_10_8-gnu-openmpi3-hpc-debuginfo-1.10.8-150300.4.6.1 libhdf5_cpp_1_10_8-gnu-openmpi4-hpc-1.10.8-150300.4.6.1 libhdf5_cpp_1_10_8-gnu-openmpi4-hpc-debuginfo-1.10.8-150300.4.6.1 libhdf5_fortran-gnu-hpc-1.10.8-150300.4.6.1 libhdf5_fortran-gnu-mpich-hpc-1.10.8-150300.4.6.1 libhdf5_fortran-gnu-mvapich2-hpc-1.10.8-150300.4.6.1 libhdf5_fortran-gnu-openmpi3-hpc-1.10.8-150300.4.6.1 libhdf5_fortran-gnu-openmpi4-hpc-1.10.8-150300.4.6.1 libhdf5_fortran_1_10_8-gnu-hpc-1.10.8-150300.4.6.1 libhdf5_fortran_1_10_8-gnu-hpc-debuginfo-1.10.8-150300.4.6.1 libhdf5_fortran_1_10_8-gnu-mpich-hpc-1.10.8-150300.4.6.1 libhdf5_fortran_1_10_8-gnu-mpich-hpc-debuginfo-1.10.8-150300.4.6.1 libhdf5_fortran_1_10_8-gnu-mvapich2-hpc-1.10.8-150300.4.6.1 libhdf5_fortran_1_10_8-gnu-mvapich2-hpc-debuginfo-1.10.8-150300.4.6.1 libhdf5_fortran_1_10_8-gnu-openmpi3-hpc-1.10.8-150300.4.6.1 libhdf5_fortran_1_10_8-gnu-openmpi3-hpc-debuginfo-1.10.8-150300.4.6.1 libhdf5_fortran_1_10_8-gnu-openmpi4-hpc-1.10.8-150300.4.6.1 libhdf5_fortran_1_10_8-gnu-openmpi4-hpc-debuginfo-1.10.8-150300.4.6.1 libhdf5_hl-gnu-hpc-1.10.8-150300.4.6.1 libhdf5_hl-gnu-mpich-hpc-1.10.8-150300.4.6.1 libhdf5_hl-gnu-mvapich2-hpc-1.10.8-150300.4.6.1 libhdf5_hl-gnu-openmpi3-hpc-1.10.8-150300.4.6.1 libhdf5_hl-gnu-openmpi4-hpc-1.10.8-150300.4.6.1 libhdf5_hl_1_10_8-gnu-hpc-1.10.8-150300.4.6.1 libhdf5_hl_1_10_8-gnu-hpc-debuginfo-1.10.8-150300.4.6.1 libhdf5_hl_1_10_8-gnu-mpich-hpc-1.10.8-150300.4.6.1 libhdf5_hl_1_10_8-gnu-mpich-hpc-debuginfo-1.10.8-150300.4.6.1 libhdf5_hl_1_10_8-gnu-mvapich2-hpc-1.10.8-150300.4.6.1 libhdf5_hl_1_10_8-gnu-mvapich2-hpc-debuginfo-1.10.8-150300.4.6.1 libhdf5_hl_1_10_8-gnu-openmpi3-hpc-1.10.8-150300.4.6.1 libhdf5_hl_1_10_8-gnu-openmpi3-hpc-debuginfo-1.10.8-150300.4.6.1 libhdf5_hl_1_10_8-gnu-openmpi4-hpc-1.10.8-150300.4.6.1 libhdf5_hl_1_10_8-gnu-openmpi4-hpc-debuginfo-1.10.8-150300.4.6.1 libhdf5_hl_cpp-gnu-hpc-1.10.8-150300.4.6.1 libhdf5_hl_cpp-gnu-mpich-hpc-1.10.8-150300.4.6.1 libhdf5_hl_cpp-gnu-mvapich2-hpc-1.10.8-150300.4.6.1 libhdf5_hl_cpp-gnu-openmpi3-hpc-1.10.8-150300.4.6.1 libhdf5_hl_cpp-gnu-openmpi4-hpc-1.10.8-150300.4.6.1 libhdf5_hl_cpp_1_10_8-gnu-hpc-1.10.8-150300.4.6.1 libhdf5_hl_cpp_1_10_8-gnu-hpc-debuginfo-1.10.8-150300.4.6.1 libhdf5_hl_cpp_1_10_8-gnu-mpich-hpc-1.10.8-150300.4.6.1 libhdf5_hl_cpp_1_10_8-gnu-mpich-hpc-debuginfo-1.10.8-150300.4.6.1 libhdf5_hl_cpp_1_10_8-gnu-mvapich2-hpc-1.10.8-150300.4.6.1 libhdf5_hl_cpp_1_10_8-gnu-mvapich2-hpc-debuginfo-1.10.8-150300.4.6.1 libhdf5_hl_cpp_1_10_8-gnu-openmpi3-hpc-1.10.8-150300.4.6.1 libhdf5_hl_cpp_1_10_8-gnu-openmpi3-hpc-debuginfo-1.10.8-150300.4.6.1 libhdf5_hl_cpp_1_10_8-gnu-openmpi4-hpc-1.10.8-150300.4.6.1 libhdf5_hl_cpp_1_10_8-gnu-openmpi4-hpc-debuginfo-1.10.8-150300.4.6.1 libhdf5_hl_fortran-gnu-hpc-1.10.8-150300.4.6.1 libhdf5_hl_fortran-gnu-mpich-hpc-1.10.8-150300.4.6.1 libhdf5_hl_fortran-gnu-mvapich2-hpc-1.10.8-150300.4.6.1 libhdf5_hl_fortran-gnu-openmpi3-hpc-1.10.8-150300.4.6.1 libhdf5_hl_fortran-gnu-openmpi4-hpc-1.10.8-150300.4.6.1 libhdf5hl_fortran_1_10_8-gnu-hpc-1.10.8-150300.4.6.1 libhdf5hl_fortran_1_10_8-gnu-hpc-debuginfo-1.10.8-150300.4.6.1 libhdf5hl_fortran_1_10_8-gnu-mpich-hpc-1.10.8-150300.4.6.1 libhdf5hl_fortran_1_10_8-gnu-mpich-hpc-debuginfo-1.10.8-150300.4.6.1 libhdf5hl_fortran_1_10_8-gnu-mvapich2-hpc-1.10.8-150300.4.6.1 libhdf5hl_fortran_1_10_8-gnu-mvapich2-hpc-debuginfo-1.10.8-150300.4.6.1 libhdf5hl_fortran_1_10_8-gnu-openmpi3-hpc-1.10.8-150300.4.6.1 libhdf5hl_fortran_1_10_8-gnu-openmpi3-hpc-debuginfo-1.10.8-150300.4.6.1 libhdf5hl_fortran_1_10_8-gnu-openmpi4-hpc-1.10.8-150300.4.6.1 libhdf5hl_fortran_1_10_8-gnu-openmpi4-hpc-debuginfo-1.10.8-150300.4.6.1 - SUSE Linux Enterprise Module for HPC 15-SP3 (noarch): hdf5-gnu-hpc-1.10.8-150300.4.6.1 hdf5-gnu-hpc-devel-1.10.8-150300.4.6.1 hdf5-gnu-mpich-hpc-1.10.8-150300.4.6.1 hdf5-gnu-mpich-hpc-devel-1.10.8-150300.4.6.1 hdf5-gnu-mvapich2-hpc-1.10.8-150300.4.6.1 hdf5-gnu-mvapich2-hpc-devel-1.10.8-150300.4.6.1 hdf5-gnu-openmpi3-hpc-1.10.8-150300.4.6.1 hdf5-gnu-openmpi3-hpc-devel-1.10.8-150300.4.6.1 hdf5-gnu-openmpi4-hpc-1.10.8-150300.4.6.1 hdf5-gnu-openmpi4-hpc-devel-1.10.8-150300.4.6.1 hdf5-hpc-examples-1.10.8-150300.4.6.1 References: https://www.suse.com/security/cve/CVE-2018-11205.html https://www.suse.com/security/cve/CVE-2018-13867.html https://www.suse.com/security/cve/CVE-2018-14031.html https://www.suse.com/security/cve/CVE-2018-16438.html https://www.suse.com/security/cve/CVE-2018-17439.html https://www.suse.com/security/cve/CVE-2019-8396.html https://www.suse.com/security/cve/CVE-2020-10812.html https://www.suse.com/security/cve/CVE-2021-45830.html https://www.suse.com/security/cve/CVE-2021-45833.html https://www.suse.com/security/cve/CVE-2021-46242.html https://www.suse.com/security/cve/CVE-2021-46244.html https://bugzilla.suse.com/1093663 https://bugzilla.suse.com/1101475 https://bugzilla.suse.com/1101906 https://bugzilla.suse.com/1107069 https://bugzilla.suse.com/1111598 https://bugzilla.suse.com/1125882 https://bugzilla.suse.com/1167400 https://bugzilla.suse.com/1194366 https://bugzilla.suse.com/1194375 https://bugzilla.suse.com/1195212 https://bugzilla.suse.com/1195215 From sle-updates at lists.suse.com Tue Nov 1 14:33:36 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 1 Nov 2022 15:33:36 +0100 (CET) Subject: SUSE-SU-2022:3828-1: important: Security update for hdf5 Message-ID: <20221101143336.6B3FBFDD6@maintenance.suse.de> SUSE Security Update: Security update for hdf5 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3828-1 Rating: important References: #1093663 #1101475 #1101906 #1107069 #1111598 #1125882 #1167400 #1194366 #1194375 #1195212 #1195215 Cross-References: CVE-2018-11205 CVE-2018-13867 CVE-2018-14031 CVE-2018-16438 CVE-2018-17439 CVE-2019-8396 CVE-2020-10812 CVE-2021-45830 CVE-2021-45833 CVE-2021-46242 CVE-2021-46244 CVSS scores: CVE-2018-11205 (NVD) : 8.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H CVE-2018-11205 (SUSE): 5.1 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L CVE-2018-13867 (NVD) : 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2018-13867 (SUSE): 5.3 CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:L CVE-2018-14031 (NVD) : 8.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2018-14031 (SUSE): 4 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2018-16438 (NVD) : 8.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2018-16438 (SUSE): 2.8 CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L CVE-2018-17439 (NVD) : 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2018-17439 (SUSE): 6.3 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L CVE-2019-8396 (NVD) : 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2019-8396 (SUSE): 3.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2020-10812 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2020-10812 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2021-45830 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2021-45830 (SUSE): 5.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L CVE-2021-45833 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2021-45833 (SUSE): 4.5 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L CVE-2021-46242 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-46242 (SUSE): 5.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L CVE-2021-46244 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2021-46244 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L Affected Products: SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS ______________________________________________________________________________ An update that fixes 11 vulnerabilities is now available. Description: This update for hdf5 fixes the following issues: - CVE-2021-46244: Fixed division by zero leading to DoS (bsc#1195215). - CVE-2018-13867: Fixed out of bounds read in the function H5F__accum_read in H5Faccum.c (bsc#1101906). - CVE-2018-16438: Fixed out of bounds read in H5L_extern_query at H5Lexternal.c (bsc#1107069). - CVE-2020-10812: Fixed NULL pointer dereference (bsc#1167400). - CVE-2021-45830: Fixed heap buffer overflow vulnerability in H5F_addr_decode_len in /hdf5/src/H5Fint.c (bsc#1194375). - CVE-2019-8396: Fixed buffer overflow in function H5O__layout_encode in H5Olayout.c (bsc#1125882). - CVE-2018-11205: Fixed out of bounds read was discovered in H5VM_memcpyvv in H5VM.c (bsc#1093663). - CVE-2021-46242: Fixed heap-use-after free via the component H5AC_unpin_entry (bsc#1195212). - CVE-2021-45833: Fixed stack buffer overflow vulnerability (bsc#1194366). - CVE-2018-14031: Fixed heap-based buffer over-read in the function H5T_copy in H5T.c (bsc#1101475). - CVE-2018-17439: Fixed out of bounds read in the function H5F__accum_read in H5Faccum.c (bsc#1111598). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-3828=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-3828=1 Package List: - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): hdf5_1_10_8-gnu-hpc-1.10.8-150000.8.7.1 hdf5_1_10_8-gnu-hpc-debuginfo-1.10.8-150000.8.7.1 hdf5_1_10_8-gnu-hpc-debugsource-1.10.8-150000.8.7.1 hdf5_1_10_8-gnu-hpc-devel-1.10.8-150000.8.7.1 hdf5_1_10_8-gnu-hpc-devel-static-1.10.8-150000.8.7.1 hdf5_1_10_8-gnu-hpc-module-1.10.8-150000.8.7.1 hdf5_1_10_8-gnu-mpich-hpc-1.10.8-150000.8.7.1 hdf5_1_10_8-gnu-mpich-hpc-debuginfo-1.10.8-150000.8.7.1 hdf5_1_10_8-gnu-mpich-hpc-debugsource-1.10.8-150000.8.7.1 hdf5_1_10_8-gnu-mpich-hpc-devel-1.10.8-150000.8.7.1 hdf5_1_10_8-gnu-mpich-hpc-devel-static-1.10.8-150000.8.7.1 hdf5_1_10_8-gnu-mpich-hpc-module-1.10.8-150000.8.7.1 hdf5_1_10_8-gnu-mvapich2-hpc-1.10.8-150000.8.7.1 hdf5_1_10_8-gnu-mvapich2-hpc-debuginfo-1.10.8-150000.8.7.1 hdf5_1_10_8-gnu-mvapich2-hpc-debugsource-1.10.8-150000.8.7.1 hdf5_1_10_8-gnu-mvapich2-hpc-devel-1.10.8-150000.8.7.1 hdf5_1_10_8-gnu-mvapich2-hpc-devel-static-1.10.8-150000.8.7.1 hdf5_1_10_8-gnu-mvapich2-hpc-module-1.10.8-150000.8.7.1 hdf5_1_10_8-gnu-openmpi2-hpc-1.10.8-150000.8.7.1 hdf5_1_10_8-gnu-openmpi2-hpc-debuginfo-1.10.8-150000.8.7.1 hdf5_1_10_8-gnu-openmpi2-hpc-debugsource-1.10.8-150000.8.7.1 hdf5_1_10_8-gnu-openmpi2-hpc-devel-1.10.8-150000.8.7.1 hdf5_1_10_8-gnu-openmpi2-hpc-devel-static-1.10.8-150000.8.7.1 hdf5_1_10_8-gnu-openmpi2-hpc-module-1.10.8-150000.8.7.1 libhdf5-gnu-hpc-1.10.8-150000.8.7.1 libhdf5-gnu-mpich-hpc-1.10.8-150000.8.7.1 libhdf5-gnu-mvapich2-hpc-1.10.8-150000.8.7.1 libhdf5-gnu-openmpi2-hpc-1.10.8-150000.8.7.1 libhdf5_1_10_8-gnu-hpc-1.10.8-150000.8.7.1 libhdf5_1_10_8-gnu-hpc-debuginfo-1.10.8-150000.8.7.1 libhdf5_1_10_8-gnu-mpich-hpc-1.10.8-150000.8.7.1 libhdf5_1_10_8-gnu-mpich-hpc-debuginfo-1.10.8-150000.8.7.1 libhdf5_1_10_8-gnu-mvapich2-hpc-1.10.8-150000.8.7.1 libhdf5_1_10_8-gnu-mvapich2-hpc-debuginfo-1.10.8-150000.8.7.1 libhdf5_1_10_8-gnu-openmpi2-hpc-1.10.8-150000.8.7.1 libhdf5_1_10_8-gnu-openmpi2-hpc-debuginfo-1.10.8-150000.8.7.1 libhdf5_cpp-gnu-hpc-1.10.8-150000.8.7.1 libhdf5_cpp_1_10_8-gnu-hpc-1.10.8-150000.8.7.1 libhdf5_cpp_1_10_8-gnu-hpc-debuginfo-1.10.8-150000.8.7.1 libhdf5_fortran-gnu-hpc-1.10.8-150000.8.7.1 libhdf5_fortran-gnu-mpich-hpc-1.10.8-150000.8.7.1 libhdf5_fortran-gnu-mvapich2-hpc-1.10.8-150000.8.7.1 libhdf5_fortran-gnu-openmpi2-hpc-1.10.8-150000.8.7.1 libhdf5_fortran_1_10_8-gnu-hpc-1.10.8-150000.8.7.1 libhdf5_fortran_1_10_8-gnu-hpc-debuginfo-1.10.8-150000.8.7.1 libhdf5_fortran_1_10_8-gnu-mpich-hpc-1.10.8-150000.8.7.1 libhdf5_fortran_1_10_8-gnu-mpich-hpc-debuginfo-1.10.8-150000.8.7.1 libhdf5_fortran_1_10_8-gnu-mvapich2-hpc-1.10.8-150000.8.7.1 libhdf5_fortran_1_10_8-gnu-mvapich2-hpc-debuginfo-1.10.8-150000.8.7.1 libhdf5_fortran_1_10_8-gnu-openmpi2-hpc-1.10.8-150000.8.7.1 libhdf5_fortran_1_10_8-gnu-openmpi2-hpc-debuginfo-1.10.8-150000.8.7.1 libhdf5_hl-gnu-hpc-1.10.8-150000.8.7.1 libhdf5_hl-gnu-mpich-hpc-1.10.8-150000.8.7.1 libhdf5_hl-gnu-mvapich2-hpc-1.10.8-150000.8.7.1 libhdf5_hl-gnu-openmpi2-hpc-1.10.8-150000.8.7.1 libhdf5_hl_1_10_8-gnu-hpc-1.10.8-150000.8.7.1 libhdf5_hl_1_10_8-gnu-hpc-debuginfo-1.10.8-150000.8.7.1 libhdf5_hl_1_10_8-gnu-mpich-hpc-1.10.8-150000.8.7.1 libhdf5_hl_1_10_8-gnu-mpich-hpc-debuginfo-1.10.8-150000.8.7.1 libhdf5_hl_1_10_8-gnu-mvapich2-hpc-1.10.8-150000.8.7.1 libhdf5_hl_1_10_8-gnu-mvapich2-hpc-debuginfo-1.10.8-150000.8.7.1 libhdf5_hl_1_10_8-gnu-openmpi2-hpc-1.10.8-150000.8.7.1 libhdf5_hl_1_10_8-gnu-openmpi2-hpc-debuginfo-1.10.8-150000.8.7.1 libhdf5_hl_cpp-gnu-hpc-1.10.8-150000.8.7.1 libhdf5_hl_cpp_1_10_8-gnu-hpc-1.10.8-150000.8.7.1 libhdf5_hl_cpp_1_10_8-gnu-hpc-debuginfo-1.10.8-150000.8.7.1 libhdf5_hl_fortran-gnu-hpc-1.10.8-150000.8.7.1 libhdf5_hl_fortran-gnu-mpich-hpc-1.10.8-150000.8.7.1 libhdf5_hl_fortran-gnu-mvapich2-hpc-1.10.8-150000.8.7.1 libhdf5_hl_fortran-gnu-openmpi2-hpc-1.10.8-150000.8.7.1 libhdf5hl_fortran_1_10_8-gnu-hpc-1.10.8-150000.8.7.1 libhdf5hl_fortran_1_10_8-gnu-hpc-debuginfo-1.10.8-150000.8.7.1 libhdf5hl_fortran_1_10_8-gnu-mpich-hpc-1.10.8-150000.8.7.1 libhdf5hl_fortran_1_10_8-gnu-mpich-hpc-debuginfo-1.10.8-150000.8.7.1 libhdf5hl_fortran_1_10_8-gnu-mvapich2-hpc-1.10.8-150000.8.7.1 libhdf5hl_fortran_1_10_8-gnu-mvapich2-hpc-debuginfo-1.10.8-150000.8.7.1 libhdf5hl_fortran_1_10_8-gnu-openmpi2-hpc-1.10.8-150000.8.7.1 libhdf5hl_fortran_1_10_8-gnu-openmpi2-hpc-debuginfo-1.10.8-150000.8.7.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (noarch): hdf5-gnu-hpc-devel-1.10.8-150000.8.7.1 hdf5-gnu-mpich-hpc-devel-1.10.8-150000.8.7.1 hdf5-gnu-mvapich2-hpc-devel-1.10.8-150000.8.7.1 hdf5-gnu-openmpi2-hpc-devel-1.10.8-150000.8.7.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): hdf5_1_10_8-gnu-hpc-1.10.8-150000.8.7.1 hdf5_1_10_8-gnu-hpc-debuginfo-1.10.8-150000.8.7.1 hdf5_1_10_8-gnu-hpc-debugsource-1.10.8-150000.8.7.1 hdf5_1_10_8-gnu-hpc-devel-1.10.8-150000.8.7.1 hdf5_1_10_8-gnu-hpc-devel-static-1.10.8-150000.8.7.1 hdf5_1_10_8-gnu-hpc-module-1.10.8-150000.8.7.1 hdf5_1_10_8-gnu-mpich-hpc-1.10.8-150000.8.7.1 hdf5_1_10_8-gnu-mpich-hpc-debuginfo-1.10.8-150000.8.7.1 hdf5_1_10_8-gnu-mpich-hpc-debugsource-1.10.8-150000.8.7.1 hdf5_1_10_8-gnu-mpich-hpc-devel-1.10.8-150000.8.7.1 hdf5_1_10_8-gnu-mpich-hpc-devel-static-1.10.8-150000.8.7.1 hdf5_1_10_8-gnu-mpich-hpc-module-1.10.8-150000.8.7.1 hdf5_1_10_8-gnu-mvapich2-hpc-1.10.8-150000.8.7.1 hdf5_1_10_8-gnu-mvapich2-hpc-debuginfo-1.10.8-150000.8.7.1 hdf5_1_10_8-gnu-mvapich2-hpc-debugsource-1.10.8-150000.8.7.1 hdf5_1_10_8-gnu-mvapich2-hpc-devel-1.10.8-150000.8.7.1 hdf5_1_10_8-gnu-mvapich2-hpc-devel-static-1.10.8-150000.8.7.1 hdf5_1_10_8-gnu-mvapich2-hpc-module-1.10.8-150000.8.7.1 hdf5_1_10_8-gnu-openmpi2-hpc-1.10.8-150000.8.7.1 hdf5_1_10_8-gnu-openmpi2-hpc-debuginfo-1.10.8-150000.8.7.1 hdf5_1_10_8-gnu-openmpi2-hpc-debugsource-1.10.8-150000.8.7.1 hdf5_1_10_8-gnu-openmpi2-hpc-devel-1.10.8-150000.8.7.1 hdf5_1_10_8-gnu-openmpi2-hpc-devel-static-1.10.8-150000.8.7.1 hdf5_1_10_8-gnu-openmpi2-hpc-module-1.10.8-150000.8.7.1 libhdf5-gnu-hpc-1.10.8-150000.8.7.1 libhdf5-gnu-mpich-hpc-1.10.8-150000.8.7.1 libhdf5-gnu-mvapich2-hpc-1.10.8-150000.8.7.1 libhdf5-gnu-openmpi2-hpc-1.10.8-150000.8.7.1 libhdf5_1_10_8-gnu-hpc-1.10.8-150000.8.7.1 libhdf5_1_10_8-gnu-hpc-debuginfo-1.10.8-150000.8.7.1 libhdf5_1_10_8-gnu-mpich-hpc-1.10.8-150000.8.7.1 libhdf5_1_10_8-gnu-mpich-hpc-debuginfo-1.10.8-150000.8.7.1 libhdf5_1_10_8-gnu-mvapich2-hpc-1.10.8-150000.8.7.1 libhdf5_1_10_8-gnu-mvapich2-hpc-debuginfo-1.10.8-150000.8.7.1 libhdf5_1_10_8-gnu-openmpi2-hpc-1.10.8-150000.8.7.1 libhdf5_1_10_8-gnu-openmpi2-hpc-debuginfo-1.10.8-150000.8.7.1 libhdf5_cpp-gnu-hpc-1.10.8-150000.8.7.1 libhdf5_cpp_1_10_8-gnu-hpc-1.10.8-150000.8.7.1 libhdf5_cpp_1_10_8-gnu-hpc-debuginfo-1.10.8-150000.8.7.1 libhdf5_fortran-gnu-hpc-1.10.8-150000.8.7.1 libhdf5_fortran-gnu-mpich-hpc-1.10.8-150000.8.7.1 libhdf5_fortran-gnu-mvapich2-hpc-1.10.8-150000.8.7.1 libhdf5_fortran-gnu-openmpi2-hpc-1.10.8-150000.8.7.1 libhdf5_fortran_1_10_8-gnu-hpc-1.10.8-150000.8.7.1 libhdf5_fortran_1_10_8-gnu-hpc-debuginfo-1.10.8-150000.8.7.1 libhdf5_fortran_1_10_8-gnu-mpich-hpc-1.10.8-150000.8.7.1 libhdf5_fortran_1_10_8-gnu-mpich-hpc-debuginfo-1.10.8-150000.8.7.1 libhdf5_fortran_1_10_8-gnu-mvapich2-hpc-1.10.8-150000.8.7.1 libhdf5_fortran_1_10_8-gnu-mvapich2-hpc-debuginfo-1.10.8-150000.8.7.1 libhdf5_fortran_1_10_8-gnu-openmpi2-hpc-1.10.8-150000.8.7.1 libhdf5_fortran_1_10_8-gnu-openmpi2-hpc-debuginfo-1.10.8-150000.8.7.1 libhdf5_hl-gnu-hpc-1.10.8-150000.8.7.1 libhdf5_hl-gnu-mpich-hpc-1.10.8-150000.8.7.1 libhdf5_hl-gnu-mvapich2-hpc-1.10.8-150000.8.7.1 libhdf5_hl-gnu-openmpi2-hpc-1.10.8-150000.8.7.1 libhdf5_hl_1_10_8-gnu-hpc-1.10.8-150000.8.7.1 libhdf5_hl_1_10_8-gnu-hpc-debuginfo-1.10.8-150000.8.7.1 libhdf5_hl_1_10_8-gnu-mpich-hpc-1.10.8-150000.8.7.1 libhdf5_hl_1_10_8-gnu-mpich-hpc-debuginfo-1.10.8-150000.8.7.1 libhdf5_hl_1_10_8-gnu-mvapich2-hpc-1.10.8-150000.8.7.1 libhdf5_hl_1_10_8-gnu-mvapich2-hpc-debuginfo-1.10.8-150000.8.7.1 libhdf5_hl_1_10_8-gnu-openmpi2-hpc-1.10.8-150000.8.7.1 libhdf5_hl_1_10_8-gnu-openmpi2-hpc-debuginfo-1.10.8-150000.8.7.1 libhdf5_hl_cpp-gnu-hpc-1.10.8-150000.8.7.1 libhdf5_hl_cpp_1_10_8-gnu-hpc-1.10.8-150000.8.7.1 libhdf5_hl_cpp_1_10_8-gnu-hpc-debuginfo-1.10.8-150000.8.7.1 libhdf5_hl_fortran-gnu-hpc-1.10.8-150000.8.7.1 libhdf5_hl_fortran-gnu-mpich-hpc-1.10.8-150000.8.7.1 libhdf5_hl_fortran-gnu-mvapich2-hpc-1.10.8-150000.8.7.1 libhdf5_hl_fortran-gnu-openmpi2-hpc-1.10.8-150000.8.7.1 libhdf5hl_fortran_1_10_8-gnu-hpc-1.10.8-150000.8.7.1 libhdf5hl_fortran_1_10_8-gnu-hpc-debuginfo-1.10.8-150000.8.7.1 libhdf5hl_fortran_1_10_8-gnu-mpich-hpc-1.10.8-150000.8.7.1 libhdf5hl_fortran_1_10_8-gnu-mpich-hpc-debuginfo-1.10.8-150000.8.7.1 libhdf5hl_fortran_1_10_8-gnu-mvapich2-hpc-1.10.8-150000.8.7.1 libhdf5hl_fortran_1_10_8-gnu-mvapich2-hpc-debuginfo-1.10.8-150000.8.7.1 libhdf5hl_fortran_1_10_8-gnu-openmpi2-hpc-1.10.8-150000.8.7.1 libhdf5hl_fortran_1_10_8-gnu-openmpi2-hpc-debuginfo-1.10.8-150000.8.7.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (noarch): hdf5-gnu-hpc-devel-1.10.8-150000.8.7.1 hdf5-gnu-mpich-hpc-devel-1.10.8-150000.8.7.1 hdf5-gnu-mvapich2-hpc-devel-1.10.8-150000.8.7.1 hdf5-gnu-openmpi2-hpc-devel-1.10.8-150000.8.7.1 References: https://www.suse.com/security/cve/CVE-2018-11205.html https://www.suse.com/security/cve/CVE-2018-13867.html https://www.suse.com/security/cve/CVE-2018-14031.html https://www.suse.com/security/cve/CVE-2018-16438.html https://www.suse.com/security/cve/CVE-2018-17439.html https://www.suse.com/security/cve/CVE-2019-8396.html https://www.suse.com/security/cve/CVE-2020-10812.html https://www.suse.com/security/cve/CVE-2021-45830.html https://www.suse.com/security/cve/CVE-2021-45833.html https://www.suse.com/security/cve/CVE-2021-46242.html https://www.suse.com/security/cve/CVE-2021-46244.html https://bugzilla.suse.com/1093663 https://bugzilla.suse.com/1101475 https://bugzilla.suse.com/1101906 https://bugzilla.suse.com/1107069 https://bugzilla.suse.com/1111598 https://bugzilla.suse.com/1125882 https://bugzilla.suse.com/1167400 https://bugzilla.suse.com/1194366 https://bugzilla.suse.com/1194375 https://bugzilla.suse.com/1195212 https://bugzilla.suse.com/1195215 From sle-updates at lists.suse.com Tue Nov 1 17:18:26 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 1 Nov 2022 18:18:26 +0100 (CET) Subject: SUSE-SU-2022:3841-1: important: Security update for xorg-x11-server Message-ID: <20221101171826.E742BFDB8@maintenance.suse.de> SUSE Security Update: Security update for xorg-x11-server ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3841-1 Rating: important References: #1204412 #1204416 Cross-References: CVE-2022-3550 CVE-2022-3551 CVSS scores: CVE-2022-3550 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-3550 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3551 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-3551 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server for SAP 12-SP4 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 9 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for xorg-x11-server fixes the following issues: - CVE-2022-3550: Fixed out of bounds read/write in _GetCountedString() (bsc#1204412). - CVE-2022-3551: Fixed various leaks of the return value of GetComponentSpec() (bsc#1204416). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2022-3841=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2022-3841=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2022-3841=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2022-3841=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): xorg-x11-server-1.19.6-4.34.1 xorg-x11-server-debuginfo-1.19.6-4.34.1 xorg-x11-server-debugsource-1.19.6-4.34.1 xorg-x11-server-extra-1.19.6-4.34.1 xorg-x11-server-extra-debuginfo-1.19.6-4.34.1 - SUSE OpenStack Cloud 9 (x86_64): xorg-x11-server-1.19.6-4.34.1 xorg-x11-server-debuginfo-1.19.6-4.34.1 xorg-x11-server-debugsource-1.19.6-4.34.1 xorg-x11-server-extra-1.19.6-4.34.1 xorg-x11-server-extra-debuginfo-1.19.6-4.34.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): xorg-x11-server-1.19.6-4.34.1 xorg-x11-server-debuginfo-1.19.6-4.34.1 xorg-x11-server-debugsource-1.19.6-4.34.1 xorg-x11-server-extra-1.19.6-4.34.1 xorg-x11-server-extra-debuginfo-1.19.6-4.34.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): xorg-x11-server-1.19.6-4.34.1 xorg-x11-server-debuginfo-1.19.6-4.34.1 xorg-x11-server-debugsource-1.19.6-4.34.1 xorg-x11-server-extra-1.19.6-4.34.1 xorg-x11-server-extra-debuginfo-1.19.6-4.34.1 References: https://www.suse.com/security/cve/CVE-2022-3550.html https://www.suse.com/security/cve/CVE-2022-3551.html https://bugzilla.suse.com/1204412 https://bugzilla.suse.com/1204416 From sle-updates at lists.suse.com Tue Nov 1 20:18:16 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 1 Nov 2022 21:18:16 +0100 (CET) Subject: SUSE-SU-2022:3843-1: critical: Security update for openssl-3 Message-ID: <20221101201816.EAAD5FDB8@maintenance.suse.de> SUSE Security Update: Security update for openssl-3 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3843-1 Rating: critical References: #1204226 #1204714 Cross-References: CVE-2022-3358 CVE-2022-3602 CVE-2022-3786 CVSS scores: CVE-2022-3358 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2022-3358 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N CVE-2022-3602 (SUSE): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-3786 (SUSE): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for openssl-3 fixes the following issues: - CVE-2022-3358: Fixed vulnerability where a custom cipher passed to EVP_CipherInit() could lead into NULL encryption being unexpectedly used (bsc#1204226). - CVE-2022-3602: Fixed a buffer overflow in the X.509 email address. (bsc#1204714) - CVE-2022-3786: Fixed another buffer overflow related to X.509 email address. (bsc#1204714) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-3843=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-3843=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): libopenssl-3-devel-3.0.1-150400.4.11.1 libopenssl3-3.0.1-150400.4.11.1 libopenssl3-debuginfo-3.0.1-150400.4.11.1 openssl-3-3.0.1-150400.4.11.1 openssl-3-debuginfo-3.0.1-150400.4.11.1 openssl-3-debugsource-3.0.1-150400.4.11.1 - openSUSE Leap 15.4 (x86_64): libopenssl-3-devel-32bit-3.0.1-150400.4.11.1 libopenssl3-32bit-3.0.1-150400.4.11.1 libopenssl3-32bit-debuginfo-3.0.1-150400.4.11.1 - openSUSE Leap 15.4 (noarch): openssl-3-doc-3.0.1-150400.4.11.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): libopenssl-3-devel-3.0.1-150400.4.11.1 libopenssl3-3.0.1-150400.4.11.1 libopenssl3-debuginfo-3.0.1-150400.4.11.1 openssl-3-3.0.1-150400.4.11.1 openssl-3-debuginfo-3.0.1-150400.4.11.1 openssl-3-debugsource-3.0.1-150400.4.11.1 References: https://www.suse.com/security/cve/CVE-2022-3358.html https://www.suse.com/security/cve/CVE-2022-3602.html https://www.suse.com/security/cve/CVE-2022-3786.html https://bugzilla.suse.com/1204226 https://bugzilla.suse.com/1204714 From sle-updates at lists.suse.com Tue Nov 1 20:19:26 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 1 Nov 2022 21:19:26 +0100 (CET) Subject: SUSE-FU-2022:3842-1: important: Recommended update for yast2-firstboot Message-ID: <20221101201926.EB51BFDB8@maintenance.suse.de> SUSE Feature Update: Recommended update for yast2-firstboot ______________________________________________________________________________ Announcement ID: SUSE-FU-2022:3842-1 Rating: important References: MSC-484 PED-1380 PED-1670 PM-3439 Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has 0 feature fixes and contains four features can now be installed. Description: This update for yast2-firstboot fixes the following issues: - Compute properly dependencies of WSL GUI pattern (jsc#PM-3439) Patch Instructions: To install this SUSE Feature Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-3842=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-3842=1 Package List: - openSUSE Leap 15.4 (noarch): yast2-firstboot-4.4.11-150400.3.9.1 yast2-firstboot-wsl-4.4.11-150400.3.9.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (noarch): yast2-firstboot-4.4.11-150400.3.9.1 yast2-firstboot-wsl-4.4.11-150400.3.9.1 References: From sle-updates at lists.suse.com Tue Nov 1 23:20:56 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 2 Nov 2022 00:20:56 +0100 (CET) Subject: SUSE-SU-2022:3844-1: important: Security update for the Linux Kernel Message-ID: <20221101232056.817ECFDB8@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3844-1 Rating: important References: #1185032 #1190497 #1194023 #1194869 #1195917 #1196444 #1196869 #1197659 #1198189 #1200288 #1200622 #1201309 #1201310 #1201987 #1202095 #1202960 #1203039 #1203066 #1203101 #1203197 #1203263 #1203338 #1203360 #1203361 #1203389 #1203410 #1203505 #1203552 #1203664 #1203693 #1203699 #1203767 #1203769 #1203770 #1203794 #1203798 #1203893 #1203902 #1203906 #1203908 #1203935 #1203939 #1203987 #1203992 #1204051 #1204059 #1204060 #1204125 PED-387 PED-529 PED-652 PED-664 PED-682 PED-688 PED-720 PED-729 PED-755 PED-763 SLE-19924 SLE-24814 Cross-References: CVE-2022-1263 CVE-2022-2586 CVE-2022-3202 CVE-2022-32296 CVE-2022-3239 CVE-2022-3303 CVE-2022-39189 CVE-2022-41218 CVE-2022-41674 CVE-2022-41848 CVE-2022-41849 CVE-2022-42719 CVE-2022-42720 CVE-2022-42721 CVE-2022-42722 CVSS scores: CVE-2022-1263 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-1263 (SUSE): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-2586 (SUSE): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2022-3202 (NVD) : 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H CVE-2022-3202 (SUSE): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H CVE-2022-32296 (NVD) : 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVE-2022-32296 (SUSE): 5.3 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-3239 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3239 (SUSE): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2022-3303 (NVD) : 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3303 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CVE-2022-39189 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-39189 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-41218 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-41218 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-41674 (NVD) : 8.1 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H CVE-2022-41674 (SUSE): 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-41848 (NVD) : 4.2 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-41848 (SUSE): 6.4 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-41849 (NVD) : 4.2 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-41849 (SUSE): 6.3 CVSS:3.1/AV:P/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-42719 (NVD) : 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-42719 (SUSE): 7.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-42720 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-42720 (SUSE): 7.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-42721 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-42721 (SUSE): 7.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-42722 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-42722 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Availability 15-SP4 SUSE Linux Enterprise High Performance Computing SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Micro 5.3 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Module for Development Tools 15-SP4 SUSE Linux Enterprise Module for Legacy Software 15-SP4 SUSE Linux Enterprise Module for Live Patching 15-SP4 SUSE Linux Enterprise Server SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Linux Enterprise Workstation Extension 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that solves 15 vulnerabilities, contains 12 features and has 33 fixes is now available. Description: The SUSE Linux Enterprise 15 SP4 kernel was updated. The following security bugs were fixed: - CVE-2022-3303: Fixed a race condition in the sound subsystem due to improper locking (bnc#1203769). - CVE-2022-41218: Fixed an use-after-free caused by refcount races in drivers/media/dvb-core/dmxdev.c (bnc#1202960). - CVE-2022-3239: Fixed an use-after-free in the video4linux driver that could lead a local user to able to crash the system or escalate their privileges (bnc#1203552). - CVE-2022-41848: Fixed a race condition and resultant use-after-free if a physically proximate attacker removes a PCMCIA device while calling ioctl (bnc#1203987). - CVE-2022-41849: Fixed a race condition and resultant use-after-free if a physically proximate attacker removes a USB device while calling open (bnc#1203992). - CVE-2022-41674: Fixed a DoS issue where kernel can crash on the reception of specific WiFi Frames (bsc#1203770). - CVE-2022-1263: Fixed a NULL pointer dereference issue was found in KVM when releasing a vCPU with dirty ring support enabled. This flaw allowed an unprivileged local attacker on the host to issue specific ioctl calls, causing a kernel oops condition that results in a denial of service (bnc#1198189). - CVE-2022-32296: Fixed a bug which allowed TCP servers to identify clients by observing what source ports are used (bnc#1200288). - CVE-2022-3202: Fixed a NULL pointer dereference flaw in Journaled File System. This could allow a local attacker to crash the system or leak kernel internal information (bnc#1203389). - CVE-2022-39189: Fixed a bug in the x86 KVM subsystem which allows unprivileged guest users to compromise the guest kernel because TLB flush operations are mishandled (bnc#1203066). - CVE-2022-2586: Fixed a use-after-free which can be triggered when a nft table is deleted (bnc#1202095). - CVE-2022-42722: Fixed crash in beacon protection for P2P-device. (bsc#1204125) - CVE-2022-42719: Fixed MBSSID parsing use-after-free. (bsc#1204051) - CVE-2022-42721: Avoid nontransmitted BSS list corruption. (bsc#1204060) - CVE-2022-42720: Fixed BSS refcounting bugs. (bsc#1204059) The following non-security bugs were fixed: - ACPI / scan: Create platform device for CS35L41 (bsc#1203699). - ACPI: processor idle: Practically limit "Dummy wait" workaround to old Intel systems (bsc#1203767). - ACPI: resource: skip IRQ override on AMD Zen platforms (git-fixes). - ACPI: scan: Add CLSA0101 Laptop Support (bsc#1203699). - ACPI: utils: Add api to read _SUB from ACPI (bsc#1203699). - ALSA: aloop: Fix random zeros in capture data when using jiffies timer (git-fixes). - ALSA: core: Fix double-free at snd_card_new() (git-fixes). - ALSA: cs35l41: Check hw_config before using it (bsc#1203699). - ALSA: cs35l41: Enable Internal Boost in shared lib (bsc#1203699). - ALSA: cs35l41: Move cs35l41_gpio_config to shared lib (bsc#1203699). - ALSA: cs35l41: Unify hardware configuration (bsc#1203699). - ALSA: emu10k1: Fix out of bounds access in snd_emu10k1_pcm_channel_alloc() (git-fixes). - ALSA: hda: add Intel 5 Series / 3400 PCI DID (git-fixes). - ALSA: hda: cs35l41: Add Amp Name based on channel and index (bsc#1203699). - ALSA: hda: cs35l41: Add Boost type flag (bsc#1203699). - ALSA: hda: cs35l41: Add calls to newly added test key function (bsc#1203699). - ALSA: hda: cs35l41: Add defaulted values into dsp bypass config sequence (bsc#1203699). - ALSA: hda: cs35l41: Add initial DSP support and firmware loading (bsc#1203699). - ALSA: hda: cs35l41: Add missing default cases (bsc#1203699). - ALSA: hda: cs35l41: Add module parameter to control firmware load (bsc#1203699). - ALSA: hda: cs35l41: Add support for CS35L41 in HDA systems (bsc#1203699). - ALSA: hda: cs35l41: Add Support for Interrupts (bsc#1203699). - ALSA: hda: cs35l41: Allow compilation test on non-ACPI configurations (bsc#1203699). - ALSA: hda: cs35l41: Always configure the DAI (bsc#1203699). - ALSA: hda: cs35l41: Avoid overwriting register patch (bsc#1203699). - ALSA: hda: cs35l41: Clarify support for CSC3551 without _DSD Properties (bsc#1203699). - ALSA: hda: cs35l41: Consolidate selections under SND_HDA_SCODEC_CS35L41 (bsc#1203699). - ALSA: hda: cs35l41: Do not dereference fwnode handle (bsc#1203699). - ALSA: hda: cs35l41: Drop wrong use of ACPI_PTR() (bsc#1203699). - ALSA: hda: cs35l41: Enable GPIO2 Interrupt for CLSA0100 laptops (bsc#1203699). - ALSA: hda: cs35l41: Fix comments wrt serial-multi-instantiate reference (bsc#1203699). - ALSA: hda: cs35l41: fix double free on error in probe() (bsc#1203699). - ALSA: hda: cs35l41: Fix error in spi cs35l41 hda driver name (bsc#1203699). - ALSA: hda: cs35l41: Fix I2S params comments (bsc#1203699). - ALSA: hda: cs35l41: Handle all external boost setups the same way (bsc#1203699). - ALSA: hda: cs35l41: Improve dev_err_probe() messaging (bsc#1203699). - ALSA: hda: cs35l41: Make cs35l41_hda_remove() return void (bsc#1203699). - ALSA: hda: cs35l41: Make use of the helper function dev_err_probe() (bsc#1203699). - ALSA: hda: cs35l41: Move boost config to initialization code (bsc#1203699). - ALSA: hda: cs35l41: Move cs35l41* calls to its own symbol namespace (bsc#1203699). - ALSA: hda: cs35l41: Move external boost handling to lib for ASoC use (bsc#1203699). - ALSA: hda: cs35l41: Mute the device before shutdown (bsc#1203699). - ALSA: hda: cs35l41: Put the device into safe mode for external boost (bsc#1203699). - ALSA: hda: cs35l41: Read Speaker Calibration data from UEFI variables (bsc#1203699). - ALSA: hda: cs35l41: Remove cs35l41_hda_reg_sequence struct (bsc#1203699). - ALSA: hda: cs35l41: Remove Set Channel Map api from binding (bsc#1203699). - ALSA: hda: cs35l41: Reorganize log for playback actions (bsc#1203699). - ALSA: hda: cs35l41: Save codec object inside component struct (bsc#1203699). - ALSA: hda: cs35l41: Save Subsystem ID inside CS35L41 Driver (bsc#1203699). - ALSA: hda: cs35l41: Set Speaker Position for CLSA0100 Laptop (bsc#1203699). - ALSA: hda: cs35l41: Support CLSA0101 (bsc#1203699). - ALSA: hda: cs35l41: Support Firmware switching and reloading (bsc#1203699). - ALSA: hda: cs35l41: Support Hibernation during Suspend (bsc#1203699). - ALSA: hda: cs35l41: Support multiple load paths for firmware (bsc#1203699). - ALSA: hda: cs35l41: Support reading subsystem id from ACPI (bsc#1203699). - ALSA: hda: cs35l41: Support Speaker ID for laptops (bsc#1203699). - ALSA: hda: cs35l41: Tidyup code (bsc#1203699). - ALSA: hda: cs35l41: Use the CS35L41 HDA internal define (bsc#1203699). - ALSA: hda: Fix dependencies of CS35L41 on SPI/I2C buses (bsc#1203699). - ALSA: hda: Fix dependency on ASoC cs35l41 codec (bsc#1203699). - ALSA: hda: Fix hang at HD-audio codec unbinding due to refcount saturation (git-fixes). - ALSA: hda: Fix Nvidia dp infoframe (git-fixes). - ALSA: hda: hda_cs_dsp_ctl: Add apis to write the controls directly (bsc#1203699). - ALSA: hda: hda_cs_dsp_ctl: Add fw id strings (bsc#1203699). - ALSA: hda: hda_cs_dsp_ctl: Add Library to support CS_DSP ALSA controls (bsc#1203699). - ALSA: hda: intel-dsp-config: Add RaptorLake PCI IDs (jsc#PED-720). - ALSA: hda/cs8409: Add new Dolphin HW variants (bsc#1203699). - ALSA: hda/cs8409: Add Speaker Playback Switch for Cyborg (bsc#1203699). - ALSA: hda/cs8409: Add Speaker Playback Switch for Warlock (bsc#1203699). - ALSA: hda/cs8409: change cs8409_fixups v.pins initializers to static (bsc#1203699). - ALSA: hda/cs8409: Disable HSBIAS_SENSE_EN for Cyborg (bsc#1203699). - ALSA: hda/cs8409: Fix Full Scale Volume setting for all variants (bsc#1203699). - ALSA: hda/cs8409: Fix Warlock to use mono mic configuration (bsc#1203699). - ALSA: hda/cs8409: Re-order quirk table into ascending order (bsc#1203699). - ALSA: hda/cs8409: Support manual mode detection for CS42L42 (bsc#1203699). - ALSA: hda/cs8409: Support new Dolphin Variants (bsc#1203699). - ALSA: hda/cs8409: Support new Odin Variants (bsc#1203699). - ALSA: hda/cs8409: Support new Warlock MLK Variants (bsc#1203699). - ALSA: hda/cs8409: Use general cs42l42 include in cs8409 hda driver (bsc#1203699). - ALSA: hda/realtek: Add a quirk for HP OMEN 16 (8902) mute LED (git-fixes). - ALSA: hda/realtek: Add CS35L41 support for Thinkpad laptops (bsc#1203699). - ALSA: hda/realtek: Add mute and micmut LED support for Zbook Fury 17 G9 (bsc#1203699). - ALSA: hda/realtek: Add pincfg for ASUS G513 HP jack (git-fixes). - ALSA: hda/realtek: Add pincfg for ASUS G533Z HP jack (git-fixes). - ALSA: hda/realtek: Add quirk for ASUS GA503R laptop (git-fixes). - ALSA: hda/realtek: Add quirk for HP Zbook Firefly 14 G9 model (bsc#1203699). - ALSA: hda/realtek: Add quirk for Huawei WRT-WX9 (git-fixes). - ALSA: hda/realtek: Add quirk for Lenovo Yoga7 14IAL7 (bsc#1203699). - ALSA: hda/realtek: Add quirks for ASUS Zenbooks using CS35L41 (bsc#1203699). - ALSA: hda/realtek: Add support for HP Laptops (bsc#1203699). - ALSA: hda/realtek: Add support for Legion 7 16ACHg6 laptop (bsc#1203699). - ALSA: hda/realtek: Enable 4-speaker output Dell Precision 5530 laptop (git-fixes). - ALSA: hda/realtek: Enable 4-speaker output Dell Precision 5570 laptop (git-fixes). - ALSA: hda/realtek: Enable mute/micmute LEDs and limit mic boost on EliteBook 845/865 G9 (bsc#1203699). - ALSA: hda/realtek: Enable mute/micmute LEDs support for HP Laptops (bsc#1203699). - ALSA: hda/realtek: Enable speaker and mute LEDs for HP laptops (bsc#1203699). - ALSA: hda/realtek: Fix LED on Zbook Studio G9 (bsc#1203699). - ALSA: hda/realtek: Fix mute led issue on thinkpad with cs35l41 s-codec (bsc#1203699). - ALSA: hda/realtek: More robust component matching for CS35L41 (bsc#1203699). - ALSA: hda/realtek: Re-arrange quirk table entries (git-fixes). - ALSA: hda/sigmatel: Fix unused variable warning for beep power change (git-fixes). - ALSA: hda/tegra: Add Tegra234 hda driver support (git-fixes). - ALSA: hda/tegra: Align BDL entry to 4KB boundary (git-fixes). - ALSA: hda/tegra: set depop delay for tegra (git-fixes). - ALSA: hda/tegra: Update scratch reg. communication (git-fixes). - ALSA: pcm: oss: Fix race at SNDCTL_DSP_SYNC (git-fixes). - ALSA: usb-audio: Fix an out-of-bounds bug in __snd_usb_parse_audio_interface() (git-fixes). - ALSA: usb-audio: Inform the delayed registration more properly (git-fixes). - ALSA: usb-audio: Register card again for iface over delayed_register option (git-fixes). - ALSA: usb-audio: Split endpoint setups for hw_params and prepare (git-fixes). - ARM: dts: am33xx: Fix MMCHS0 dma properties (git-fixes). - ARM: dts: imx: align SPI NOR node name with dtschema (git-fixes). - ARM: dts: imx6qdl-kontron-samx6i: fix spi-flash compatible (git-fixes). - arm64: dts: qcom: sm8350: fix UFS PHY serdes size (git-fixes). - arm64: dts: rockchip: Fix typo in lisense text for PX30.Core (git-fixes). - arm64: dts: rockchip: Pull up wlan wake# on Gru-Bob (git-fixes). - arm64: dts: rockchip: Remove 'enable-active-low' from rk3399-puma (git-fixes). - arm64: dts: rockchip: Set RK3399-Gru PCLK_EDP to 24 MHz (git-fixes). - arm64: errata: Add Cortex-A510 to the repeat tlbi list (git-fixes) Enable this errata fix configuration option to arm64/default. - arm64: kexec_file: use more system keyrings to verify kernel image signature (bsc#1196444). - arm64: lib: Import latest version of Arm Optimized Routines' strcmp (git-fixes) - arm64: select TRACE_IRQFLAGS_NMI_SUPPORT (git-fixes) - arm64: topology: fix possible overflow in amu_fie_setup() (git-fixes). - ASoC: cs35l41: Add ASP TX3/4 source to register patch (bsc#1203699). - ASoC: cs35l41: Add bindings for CS35L41 (bsc#1203699). - ASoC: cs35l41: Add common cs35l41 enter hibernate function (bsc#1203699). - ASoC: cs35l41: Add cs35l51/53 IDs (bsc#1203699). - ASoC: cs35l41: Add endianness flag in snd_soc_component_driver (bsc#1203699). - ASoC: cs35l41: Add one more variable in the debug log (bsc#1203699). - ASoC: cs35l41: Add one more variable in the debug log (bsc#1203699). - ASoC: cs35l41: Add support for CLSA3541 ACPI device ID (bsc#1203699). - ASoC: cs35l41: Add support for hibernate memory retention mode (bsc#1203699). - ASoC: cs35l41: Binding fixes (bsc#1203699). - ASoC: cs35l41: Change monitor widgets to siggens (bsc#1203699). - ASoC: cs35l41: Combine adjacent register writes (bsc#1203699). - ASoC: cs35l41: Convert tables to shared source code (bsc#1203699). - ASoC: cs35l41: Correct DSP power down (bsc#1203699). - ASoC: cs35l41: Correct handling of some registers in the cache (bsc#1203699). - ASoC: cs35l41: Correct some control names (bsc#1203699). - ASoC: cs35l41: Create shared function for boost configuration (bsc#1203699). - ASoC: cs35l41: Create shared function for errata patches (bsc#1203699). - ASoC: cs35l41: Create shared function for setting channels (bsc#1203699). - ASoC: cs35l41: CS35L41 Boosted Smart Amplifier (bsc#1203699). - ASoC: cs35l41: Do not overwrite returned error code (bsc#1203699). - ASoC: cs35l41: Do not print error when waking from hibernation (bsc#1203699). - ASoC: cs35l41: Document CS35l41 External Boost (bsc#1203699). - ASoC: cs35l41: DSP Support (bsc#1203699). - ASoC: cs35l41: Fix a bunch of trivial code formating/style issues (bsc#1203699). - ASoC: cs35l41: Fix a shift-out-of-bounds warning found by UBSAN (bsc#1203699). - ASoC: cs35l41: Fix an out-of-bounds access in otp_packed_element_t (bsc#1203699). - ASoC: cs35l41: Fix DSP mbox start command and global enable order (bsc#1203699). - ASoC: cs35l41: Fix GPIO2 configuration (bsc#1203699). - ASoC: cs35l41: Fix link problem (bsc#1203699). - ASoC: cs35l41: Fix max number of TX channels (bsc#1203699). - ASoC: cs35l41: Fix undefined reference to core functions (bsc#1203699). - ASoC: cs35l41: Fix use of an uninitialised variable (bsc#1203699). - ASoC: cs35l41: Fixup the error messages (bsc#1203699). - ASoC: cs35l41: Make cs35l41_remove() return void (bsc#1203699). - ASoC: cs35l41: Move cs_dsp config struct into shared code (bsc#1203699). - ASoC: cs35l41: Move cs35l41 exit hibernate function into shared code (bsc#1203699). - ASoC: cs35l41: Move cs35l41 fs errata into shared code (bsc#1203699). - ASoC: cs35l41: Move cs35l41_otp_unpack to shared code (bsc#1203699). - ASoC: cs35l41: Move cs35l41_set_cspl_mbox_cmd to shared code (bsc#1203699). - ASoC: cs35l41: Move power initializations to reg_sequence (bsc#1203699). - ASoC: cs35l41: Read System Name from ACPI _SUB to identify firmware (bsc#1203699). - ASoC: cs35l41: Remove incorrect comment (bsc#1203699). - ASoC: cs35l41: Remove unnecessary param (bsc#1203699). - ASoC: cs35l41: Set the max SPI speed for the whole device (bsc#1203699). - ASoC: cs35l41: Support external boost (bsc#1203699). - ASoC: cs35l41: Update handling of test key registers (bsc#1203699). - ASoC: cs35l41: Use regmap_read_poll_timeout to wait for OTP boot (bsc#1203699). - ASoC: cs42l42: Add control for audio slow-start switch (bsc#1203699). - ASoC: cs42l42: Add warnings about DETECT_MODE and PLL_START (bsc#1203699). - ASoC: cs42l42: Allow time for HP/ADC to power-up after enable (bsc#1203699). - ASoC: cs42l42: Always enable TS_PLUG and TS_UNPLUG interrupts (bsc#1203699). - ASoC: cs42l42: Change jack_detect_mutex to a lock of all IRQ handling (bsc#1203699). - ASoC: cs42l42: Do not claim to support 192k (bsc#1203699). - ASoC: cs42l42: Do not reconfigure the PLL while it is running (bsc#1203699). - ASoC: cs42l42: Fix WARN in remove() if running without an interrupt (bsc#1203699). - ASoC: cs42l42: free_irq() before powering-down on probe() fail (bsc#1203699). - ASoC: cs42l42: Handle system suspend (bsc#1203699). - ASoC: cs42l42: Implement Manual Type detection as fallback (bsc#1203699). - ASoC: cs42l42: Mark OSC_SWITCH_STATUS register volatile (bsc#1203699). - ASoC: cs42l42: Minor fix all errors reported by checkpatch.pl script (bsc#1203699). - ASoC: cs42l42: Move CS42L42 register descriptions to general include (bsc#1203699). - ASoC: cs42l42: Only report button state if there was a button interrupt (git-fixes). - ASoC: cs42l42: Prevent NULL pointer deref in interrupt handler (bsc#1203699). - ASoC: cs42l42: Remove redundant pll_divout member (bsc#1203699). - ASoC: cs42l42: Remove redundant writes to DETECT_MODE (bsc#1203699). - ASoC: cs42l42: Remove redundant writes to RS_PLUG/RS_UNPLUG masks (bsc#1203699). - ASoC: cs42l42: Remove unused runtime_suspend/runtime_resume callbacks (bsc#1203699). - ASoC: cs42l42: Report full jack status when plug is detected (bsc#1203699). - ASoC: cs42l42: Report initial jack state (bsc#1203699). - ASoC: cs42l42: Reset and power-down on remove() and failed probe() (bsc#1203699). - ASoC: cs42l42: Set correct SRC MCLK (bsc#1203699). - ASoC: cs42l42: Simplify reporting of jack unplug (bsc#1203699). - ASoC: cs42l42: Use PLL for SCLK > 12.288MHz (bsc#1203699). - ASoC: cs42l42: Use two thresholds and increased wait time for manual type detection (bsc#1203699). - ASoC: dt-bindings: cs42l42: Convert binding to yaml (bsc#1203699). - ASoC: imx-card: Fix refcount issue with of_node_put (git-fixes). - ASoC: mchp-spdiftx: Fix clang -Wbitfield-constant-conversion (git-fixes). - ASoC: mchp-spdiftx: remove references to mchp_i2s_caps (git-fixes). - ASoC: nau8824: Fix semaphore unbalance at error paths (git-fixes). - ASoC: qcom: sm8250: add missing module owner (git-fixes). - ASoC: SOF: Intel: pci-tgl: add ADL-PS support (jsc#PED-720). - ASoC: SOF: Intel: pci-tgl: add RPL-P support (jsc#PED-720). - ASoC: SOF: Intel: pci-tgl: add RPL-S support (jsc#PED-652). - ASoC: tas2770: Reinit regcache on reset (git-fixes). - ASoC: wm_adsp: Add support for "toggle" preloaders (bsc#1203699). - ASoC: wm_adsp: Add trace caps to speaker protection FW (bsc#1203699). - ASoC: wm_adsp: Cancel ongoing work when removing controls (bsc#1203699). - ASoC: wm_adsp: Compressed stream DSP memory structs should be __packed (bsc#1203699). - ASoC: wm_adsp: Correct control read size when parsing compressed buffer (bsc#1203699). - ASoC: wm_adsp: Expand firmware loading search options (bsc#1203699). - ASoC: wm_adsp: Fix event for preloader (bsc#1203699). - ASoC: wm_adsp: Introduce cs_dsp logging macros (bsc#1203699). - ASoC: wm_adsp: Make compressed buffers optional (bsc#1203699). - ASoC: wm_adsp: Minor clean and redundant code removal (bsc#1203699). - ASoC: wm_adsp: Move check for control existence (bsc#1203699). - ASoC: wm_adsp: Move check of dsp->running to better place (bsc#1203699). - ASoC: wm_adsp: move firmware loading to client (bsc#1203699). - ASoC: wm_adsp: Move sys_config_size to wm_adsp (bsc#1203699). - ASoC: wm_adsp: Pass firmware names as parameters when starting DSP core (bsc#1203699). - ASoC: wm_adsp: remove a repeated including (bsc#1203699). - ASoC: wm_adsp: Remove pointless string comparison (bsc#1203699). - ASoC: wm_adsp: Remove the wmfw_add_ctl helper function (bsc#1203699). - ASoC: wm_adsp: Remove use of snd_ctl_elem_type_t (bsc#1203699). - ASoC: wm_adsp: Rename generic DSP support (bsc#1203699). - ASoC: wm_adsp: Separate generic cs_dsp_coeff_ctl handling (bsc#1203699). - ASoC: wm_adsp: Separate some ASoC and generic functions (bsc#1203699). - ASoC: wm_adsp: Separate wm_adsp specifics in cs_dsp_client_ops (bsc#1203699). - ASoC: wm_adsp: Split DSP power operations into helper functions (bsc#1203699). - ASoC: wm_adsp: Split out struct cs_dsp from struct wm_adsp (bsc#1203699). - ASoC: wm_adsp: Switch to using wm_coeff_read_ctrl for compressed buffers (bsc#1203699). - ASoC: wm_adsp: wm_adsp_control_add() error: uninitialized symbol 'ret' (bsc#1203699). - batman-adv: Fix hang up with small MTU hard-interface (git-fixes). - Bluetooth: btusb: mediatek: fix WMT failure during runtime suspend (git-fixes). - Bluetooth: hci_{ldisc,serdev}: check percpu_init_rwsem() failure (git-fixes). - Bluetooth: hci_core: Fix not handling link timeouts propertly (git-fixes). - bnx2x: fix built-in kernel driver load failure (git-fixes). - bnx2x: fix driver load from initrd (git-fixes). - btrfs: fix relocation crash due to premature return from btrfs_commit_transaction() (bsc#1203360). - btrfs: fix space cache corruption and potential double allocations (bsc#1203361). - can: gs_usb: gs_can_open(): fix race dev->can.state condition (git-fixes). - can: rx-offload: can_rx_offload_init_queue(): fix typo (git-fixes). - cgroup: Add missing cpus_read_lock() to cgroup_attach_task_all() (bsc#1196869). - cgroup: cgroup_get_from_id() must check the looked-up kn is a directory (bsc#1203906). - cgroup: Fix race condition at rebind_subsystems() (bsc#1203902). - cgroup: Fix threadgroup_rwsem cpus_read_lock() deadlock (bsc#1196869). - clk: bcm: rpi: Prevent out-of-bounds access (git-fixes). - clk: bcm: rpi: Use correct order for the parameters of devm_kcalloc() (git-fixes). - clk: imx: imx6sx: remove the SET_RATE_PARENT flag for QSPI clocks (git-fixes). - clk: ingenic-tcu: Properly enable registers before accessing timers (git-fixes). - clk: iproc: Do not rely on node name for correct PLL setup (git-fixes). - constraints: increase disk space for all architectures References: bsc#1203693 aarch64 is already suffering. SLE15-SP5 x86_64 stats show that it is very close to the limit. - crypto: arm64/gcm - Select AEAD for GHASH_ARM64_CE (git-fixes) - cs-dsp and serial-multi-instantiate enablement (bsc#1203699) - dmaengine: idxd: add helper for per interrupt handle drain (jsc#PED-682). - dmaengine: idxd: add knob for enqcmds retries (jsc#PED-755). - dmaengine: idxd: change MSIX allocation based on per wq activation (jsc#PED-664). - dmaengine: idxd: create locked version of idxd_quiesce() call (jsc#PED-682). - dmaengine: idxd: embed irq_entry in idxd_wq struct (jsc#PED-664). - dmaengine: idxd: fix descriptor flushing locking (jsc#PED-664). - dmaengine: idxd: fix retry value to be constant for duration of function call (git-fixes). - dmaengine: idxd: handle interrupt handle revoked event (jsc#PED-682). - dmaengine: idxd: handle invalid interrupt handle descriptors (jsc#PED-682). - dmaengine: idxd: int handle management refactoring (jsc#PED-682). - dmaengine: idxd: match type for retries var in idxd_enqcmds() (git-fixes). - dmaengine: idxd: move interrupt handle assignment (jsc#PED-682). - dmaengine: idxd: rework descriptor free path on failure (jsc#PED-682). - dmaengine: idxd: set defaults for wq configs (jsc#PED-688). - dmaengine: idxd: update IAA definitions for user header (jsc#PED-763). - dmaengine: ti: k3-udma-private: Fix refcount leak bug in of_xudma_dev_get() (git-fixes). - docs: i2c: i2c-topology: fix incorrect heading (git-fixes). - dpaa2-ptp: Fix refcount leak in dpaa2_ptp_probe (git-fixes). - drm/amd/amdgpu: fixing read wrong pf2vf data in SRIOV (git-fixes). - drm/amd/amdgpu: skip ucode loading if ucode_size == 0 (git-fixes). - drm/amd/display: Limit user regamma to a valid value (git-fixes). - drm/amd/display: Mark dml30's UseMinimumDCFCLK() as noinline for stack usage (git-fixes). - drm/amd/display: Reduce number of arguments of dml31's CalculateFlipSchedule() (git-fixes). - drm/amd/display: Reduce number of arguments of dml31's CalculateWatermarksAndDRAMSpeedChangeSupport() (git-fixes). - drm/amd/pm: disable BACO entry/exit completely on several sienna cichlid cards (git-fixes). - drm/amdgpu: Check num_gfx_rings for gfx v9_0 rb setup (git-fixes). - drm/amdgpu: do not register a dirty callback for non-atomic (git-fixes). - drm/amdgpu: make sure to init common IP before gmc (git-fixes). - drm/amdgpu: mmVM_L2_CNTL3 register not initialized correctly (git-fixes). - drm/amdgpu: move nbio ih_doorbell_range() into ih code for vega (git-fixes). - drm/amdgpu: move nbio sdma_doorbell_range() into sdma code for vega (git-fixes). - drm/amdgpu: Move psp_xgmi_terminate call from amdgpu_xgmi_remove_device to psp_hw_fini (git-fixes). - drm/amdgpu: Separate vf2pf work item init from virt data exchange (git-fixes). - drm/amdgpu: use dirty framebuffer helper (git-fixes). - drm/bridge: display-connector: implement bus fmts callbacks (git-fixes). - drm/bridge: lt8912b: add vsync hsync (git-fixes). - drm/bridge: lt8912b: fix corrupted image output (git-fixes). - drm/bridge: lt8912b: set hdmi or dvi mode (git-fixes). - drm/gem: Fix GEM handle release errors (git-fixes). - drm/gma500: Fix BUG: sleeping function called from invalid context errors (git-fixes). - drm/i915: Implement WaEdpLinkRateDataReload (git-fixes). - drm/i915: Skip wm/ddb readout for disabled pipes (git-fixes). - drm/i915/glk: ECS Liva Q2 needs GLK HDMI port timing quirk (git-fixes). - drm/i915/gt: Restrict forced preemption to the active context (git-fixes). - drm/mediatek: dsi: Add atomic {destroy,duplicate}_state, reset callbacks (git-fixes). - drm/mediatek: dsi: Move mtk_dsi_stop() call back to mtk_dsi_poweroff() (git-fixes). - drm/meson: Correct OSD1 global alpha value (git-fixes). - drm/meson: Fix OSD1 RGB to YCbCr coefficient (git-fixes). - drm/msm/rd: Fix FIFO-full deadlock (git-fixes). - drm/panel: simple: Fix innolux_g121i1_l01 bus_format (git-fixes). - drm/panfrost: devfreq: set opp to the recommended one to configure regulator (git-fixes). - drm/radeon: add a force flush to delay work when radeon (git-fixes). - drm/rockchip: Fix return type of cdn_dp_connector_mode_valid (git-fixes). - drm/tegra: vic: Fix build warning when CONFIG_PM=n (git-fixes). - dt-bindings: hwmon: (mr75203) fix "intel,vm-map" property to be optional (git-fixes). - EDAC/dmc520: Do not print an error for each unconfigured interrupt line (bsc#1190497). - efi: capsule-loader: Fix use-after-free in efi_capsule_write (git-fixes). - efi: libstub: Disable struct randomization (git-fixes). - eth: alx: take rtnl_lock on resume (git-fixes). - eth: sun: cassini: remove dead code (git-fixes). - fbcon: Add option to enable legacy hardware acceleration (bsc#1152472) Backporting changes: * context fixes in other patch * update config - fbcon: Fix accelerated fbdev scrolling while logo is still shown (bsc#1152472) - fbdev: chipsfb: Add missing pci_disable_device() in chipsfb_pci_init() (git-fixes). - firmware: arm_scmi: Fix the asynchronous reset requests (git-fixes). - firmware: arm_scmi: Harden accesses to the reset domains (git-fixes). - firmware: cs_dsp: add driver to support firmware loading on Cirrus Logic DSPs (bsc#1203699). - firmware: cs_dsp: Add lockdep asserts to interface functions (bsc#1203699). - firmware: cs_dsp: Add memory chunk helpers (bsc#1203699). - firmware: cs_dsp: Add offset to cs_dsp read/write (bsc#1203699). - firmware: cs_dsp: Add pre_run callback (bsc#1203699). - firmware: cs_dsp: Add pre_stop callback (bsc#1203699). - firmware: cs_dsp: Add support for rev 2 coefficient files (bsc#1203699). - firmware: cs_dsp: Add version checks on coefficient loading (bsc#1203699). - firmware: cs_dsp: Allow creation of event controls (bsc#1203699). - firmware: cs_dsp: Clarify some kernel doc comments (bsc#1203699). - firmware: cs_dsp: Clear core reset for cache (bsc#1203699). - firmware: cs_dsp: Fix overrun of unterminated control name string (bsc#1203699). - firmware: cs_dsp: Move lockdep asserts to avoid potential null pointer (bsc#1203699). - firmware: cs_dsp: Perform NULL check in cs_dsp_coeff_write/read_ctrl (bsc#1203699). - firmware: cs_dsp: Print messages from bin files (bsc#1203699). - firmware: cs_dsp: tidy includes in cs_dsp.c and cs_dsp.h (bsc#1203699). - ftrace: Fix NULL pointer dereference in is_ftrace_trampoline when ftrace is dead (git-fixes). - fuse: Remove the control interface for virtio-fs (bsc#1203798). - gpio: mockup: fix NULL pointer dereference when removing debugfs (git-fixes). - gpio: mockup: remove gpio debugfs when remove device (git-fixes). - gpio: mpc8xxx: Fix support for IRQ_TYPE_LEVEL_LOW flow_type in mpc85xx (git-fixes). - gpio: mvebu: Fix check for pwm support on non-A8K platforms (git-fixes). - gpiolib: cdev: Set lineevent_state::irq after IRQ register successfully (git-fixes). - gve: Fix GFP flags when allocing pages (git-fixes). - hid: intel-ish-hid: ishtp: Fix ishtp client sending disordered message (git-fixes). - HID: ishtp-hid-clientHID: ishtp-hid-client: Fix comment typo (git-fixes). - hwmon: (gsc-hwmon) Call of_node_get() before of_find_xxx API (git-fixes). - hwmon: (mr75203) enable polling for all VM channels (git-fixes). - hwmon: (mr75203) fix multi-channel voltage reading (git-fixes). - hwmon: (mr75203) fix VM sensor allocation when "intel,vm-map" not defined (git-fixes). - hwmon: (mr75203) fix voltage equation for negative source input (git-fixes). - hwmon: (mr75203) update pvt->v_num and vm_num to the actual number of used sensors (git-fixes). - hwmon: (pmbus/mp2888) Fix sensors readouts for MPS Multi-phase mp2888 controller (git-fixes). - hwmon: (tps23861) fix byte order in resistance register (git-fixes). - i2c: acpi: Add an i2c_acpi_client_count() helper function (bsc#1203699). - i2c: imx: If pm_runtime_get_sync() returned 1 device access is possible (git-fixes). - i2c: mlxbf: Fix frequency calculation (git-fixes). - i2c: mlxbf: incorrect base address passed during io write (git-fixes). - i2c: mlxbf: prevent stack overflow in mlxbf_i2c_smbus_start_transaction() (git-fixes). - i2c: mlxbf: support lock mechanism (git-fixes). - ice: Allow operation with reduced device MSI-X (bsc#1201987). - ice: arfs: fix use-after-free when freeing @rx_cpu_rmap (git-fixes). - ice: Do not skip not enabled queues in ice_vc_dis_qs_msg (git-fixes). - ice: fix crash when writing timestamp on RX rings (git-fixes). - ice: Fix KASAN error in LAG NETDEV_UNREGISTER handler (git-fixes). - ice: fix possible under reporting of ethtool Tx and Rx statistics (git-fixes). - ice: Fix race during aux device (un)plugging (git-fixes). - ice: Match on all profiles in slow-path (git-fixes). - ieee802154: cc2520: add rc code in cc2520_tx() (git-fixes). - igb: skip phy status check where unavailable (git-fixes). - Input: goodix - add compatible string for GT1158 (git-fixes). - Input: goodix - add support for GT1158 (git-fixes). - Input: iforce - add support for Boeder Force Feedback Wheel (git-fixes). - Input: iqs62x-keys - drop unused device node references (git-fixes). - Input: melfas_mip4 - fix return value check in mip4_probe() (git-fixes). - Input: snvs_pwrkey - fix SNVS_HPVIDR1 register address (git-fixes). - kABI workaround for spi changes (bsc#1203699). - kABI: Add back removed struct paca member (bsc#1203664 ltc#199236). - kABI: fix adding another field to scsi_device (bsc#1203039). - kABI: Fix kABI after SNP-Guest backport (jsc#SLE-19924, jsc#SLE-24814). - kbuild: disable header exports for UML in a straightforward way (git-fixes). - kexec, KEYS, s390: Make use of built-in and secondary keyring for signature verification (bsc#1196444). - kexec, KEYS: make the code in bzImage64_verify_sig generic (bsc#1196444). - kexec: clean up arch_kexec_kernel_verify_sig (bsc#1196444). - kexec: drop weak attribute from functions (bsc#1196444). - KVM: SVM: Create a separate mapping for the GHCB save area (jsc#SLE-19924, jsc#SLE-24814). - KVM: SVM: Create a separate mapping for the SEV-ES save area (jsc#SLE-19924, jsc#SLE-24814). - KVM: SVM: Define sev_features and VMPL field in the VMSA (jsc#SLE-19924, jsc#SLE-24814). - KVM: SVM: fix tsc scaling cache logic (bsc#1203263). - KVM: SVM: Update the SEV-ES save area mapping (jsc#SLE-19924, jsc#SLE-24814). - KVM: VMX: Heed the 'msr' argument in msr_write_intercepted() (git-fixes). - KVM: X86: Fix when shadow_root_level=5 and guest root_level 4 (git-fixes). - KVM: x86: hyper-v: Drop redundant 'ex' parameter from kvm_hv_send_ipi() (git-fixes). - KVM: x86: hyper-v: HVCALL_SEND_IPI_EX is an XMM fast hypercall (git-fixes). - KVM: x86: Move lookup of indexed CPUID leafs to helper (jsc#SLE-19924, jsc#SLE-24814). - libata: add ATA_HORKAGE_NOLPM for Pioneer BDR-207M and BDR-205 (git-fixes). - lockd: detect and reject lock arguments that overflow (git-fixes). - md-raid10: fix KASAN warning (git-fixes). - md: call __md_stop_writes in md_stop (git-fixes). - md: unlock mddev before reap sync_thread in action_store (bsc#1197659). - media: aspeed: Fix an error handling path in aspeed_video_probe() (git-fixes). - media: coda: Add more H264 levels for CODA960 (git-fixes). - media: coda: Fix reported H264 profile (git-fixes). - media: dvb_vb2: fix possible out of bound access (git-fixes). - media: exynos4-is: Change clk_disable to clk_disable_unprepare (git-fixes). - media: exynos4-is: Fix PM disable depth imbalance in fimc_is_probe (git-fixes). - media: flexcop-usb: fix endpoint type check (git-fixes). - media: imx-jpeg: Add pm-sleep support for imx-jpeg (git-fixes). - media: imx-jpeg: Correct some definition according specification (git-fixes). - media: imx-jpeg: Disable slot interrupt when frame done (git-fixes). - media: imx-jpeg: Fix potential array out of bounds in queue_setup (git-fixes). - media: imx-jpeg: Leave a blank space before the configuration data (git-fixes). - media: imx-jpeg: Refactor function mxc_jpeg_parse (git-fixes). - media: mceusb: Use new usb_control_msg_*() routines (git-fixes). - media: platform: mtk-mdp: Fix mdp_ipi_comm structure alignment. - media: rkvdec: Disable H.264 error detection (git-fixes). - media: st-delta: Fix PM disable depth imbalance in delta_probe (git-fixes). - media: vsp1: Fix offset calculation for plane cropping. - misc: cs35l41: Remove unused pdn variable (bsc#1203699). - mISDN: fix use-after-free bugs in l1oip timer handlers (git-fixes). - mlxsw: i2c: Fix initialization error flow (git-fixes). - mm: Fix PASID use-after-free issue (bsc#1203908). - mmc: core: Fix inconsistent sd3_bus_mode at UHS-I SD voltage switch failure (git-fixes). - mmc: hsq: Fix data stomping during mmc recovery (git-fixes). - mmc: moxart: fix 4-bit bus width and remove 8-bit bus width (git-fixes). - mwifiex: fix sleep in atomic context bugs caused by dev_coredumpv (git-fixes). - net: axienet: fix RX ring refill allocation failure handling (git-fixes). - net: axienet: reset core on initialization prior to MDIO access (git-fixes). - net: bcmgenet: hide status block before TX timestamping (git-fixes). - net: bcmgenet: Revert "Use stronger register read/writes to assure ordering" (git-fixes). - net: cpsw: add missing of_node_put() in cpsw_probe_dt() (git-fixes). - net: dsa: bcm_sf2_cfp: fix an incorrect NULL check on list iterator (git-fixes). - net: dsa: bcm_sf2: Fix Wake-on-LAN with mac_link_down() (git-fixes). - net: dsa: felix: fix tagging protocol changes with multiple CPU ports (git-fixes). - net: dsa: felix: suppress -EPROBE_DEFER errors (git-fixes). - net: dsa: introduce helpers for iterating through ports using dp (git-fixes). - net: dsa: lantiq_gswip: Do not set GSWIP_MII_CFG_RMII_CLK (git-fixes). - net: dsa: lantiq_gswip: fix use after free in gswip_remove() (git-fixes). - net: dsa: microchip: fix bridging with more than two member ports (git-fixes). - net: dsa: mt7530: 1G can also support 1000BASE-X link mode (git-fixes). - net: dsa: mt7530: add missing of_node_put() in mt7530_setup() (git-fixes). - net: dsa: mv88e6xxx: Fix port_hidden_wait to account for port_base_addr (git-fixes). - net: dsa: mv88e6xxx: Fix refcount leak in mv88e6xxx_mdios_register (git-fixes). - net: dsa: restrict SMSC_LAN9303_I2C kconfig (git-fixes). - net: emaclite: Add error handling for of_address_to_resource() (git-fixes). - net: enetc: Use pci_release_region() to release some resources (git-fixes). - net: ethernet: mediatek: ppe: fix wrong size passed to memset() (git-fixes). - net: ethernet: mv643xx: Fix over zealous checking of_get_mac_address() (git-fixes). - net: ethernet: stmmac: fix altr_tse_pcs function when using a fixed-link (git-fixes). - net: ethernet: stmmac: fix write to sgmii_adapter_base (git-fixes). - net: fec: add missing of_node_put() in fec_enet_init_stop_mode() (git-fixes). - net: ftgmac100: access hardware register after clock ready (git-fixes). - net: hns3: add netdev reset check for hns3_set_tunable() (git-fixes). - net: hns3: fix the concurrency between functions reading debugfs (git-fixes). - net: ipa: get rid of a duplicate initialization (git-fixes). - net: ipa: kill ipa_cmd_pipeline_clear() (git-fixes). - net: ipa: record proper RX transaction count (git-fixes). - net: macb: Fix PTP one step sync support (git-fixes). - net: macb: Increment rx bd head after allocating skb and buffer (git-fixes). - net: mana: Add rmb after checking owner bits (git-fixes). - net: mana: Add support of XDP_REDIRECT action (bug#1201310, jsc#PED-529). - net: mana: Add the Linux MANA PF driver (bug#1201309, jsc#PED-529). - net: mdio: Fix ENOMEM return value in BCM6368 mux bus controller (git-fixes). - net: mscc: ocelot: avoid corrupting hardware counters when moving VCAP filters (git-fixes). - net: mscc: ocelot: fix all IP traffic getting trapped to CPU with PTP over IP (git-fixes). - net: mscc: ocelot: fix broken IP multicast flooding (git-fixes). - net: mscc: ocelot: fix last VCAP IS1/IS2 filter persisting in hardware when deleted (git-fixes). - net: mscc: ocelot: fix missing unlock on error in ocelot_hwstamp_set() (git-fixes). - net: mscc: ocelot: fix VCAP IS2 filters matching on both lookups (git-fixes). - net: mscc: ocelot: restrict tc-trap actions to VCAP IS2 lookup 0 (git-fixes). - net: phy: aquantia: wait for the suspend/resume operations to finish (git-fixes). - net: phy: at803x: move page selection fix to config_init (git-fixes). - net: phy: Do not WARN for PHY_UP state in mdio_bus_phy_resume() (git-fixes). - net: sparx5: depends on PTP_1588_CLOCK_OPTIONAL (git-fixes). - net: sparx5: uses, depends on BRIDGE or !BRIDGE (git-fixes). - net: stmmac: dwmac-qcom-ethqos: add platform level clocks management (git-fixes). - net: stmmac: dwmac-qcom-ethqos: Enable RGMII functional clock on resume (git-fixes). - net: stmmac: dwmac-sun8i: add missing of_node_put() in sun8i_dwmac_register_mdio_mux() (git-fixes). - net: stmmac: enhance XDP ZC driver level switching performance (git-fixes). - net: stmmac: fix out-of-bounds access in a selftest (git-fixes). - net: stmmac: Fix unset max_speed difference between DT and non-DT platforms (git-fixes). - net: stmmac: only enable DMA interrupts when ready (git-fixes). - net: stmmac: perserve TX and RX coalesce value during XDP setup (git-fixes). - net: stmmac: remove unused get_addr() callback (git-fixes). - net: stmmac: Use readl_poll_timeout_atomic() in atomic state (git-fixes). - net: systemport: Fix an error handling path in bcm_sysport_probe() (git-fixes). - net: thunderbolt: Enable DMA paths only after rings are enabled (git-fixes). - net: usb: qmi_wwan: add Quectel RM520N (git-fixes). - net: wwan: iosm: Call mutex_init before locking it (git-fixes). - net: wwan: iosm: remove pointless null check (git-fixes). - net/mlx5: CT: Fix header-rewrite re-use for tupels (git-fixes). - net/mlx5: Drain fw_reset when removing device (git-fixes). - net/mlx5e: Block rx-gro-hw feature in switchdev mode (git-fixes). - net/mlx5e: Properly block HW GRO when XDP is enabled (git-fixes). - net/mlx5e: Properly block LRO when XDP is enabled (git-fixes). - net/mlx5e: Remove HW-GRO from reported features (git-fixes). - net/mlx5e: TC NIC mode, fix tc chains miss table (git-fixes). - net/qla3xxx: Fix a test in ql_reset_work() (git-fixes). - net/sunrpc: fix potential memory leaks in rpc_sysfs_xprt_state_change() (git-fixes). - NFS: Do not decrease the value of seq_nr_highest_sent (git-fixes). - NFS: fix problems with __nfs42_ssc_open (git-fixes). - NFS: Fix races in the legacy idmapper upcall (git-fixes). - NFS: Fix WARN_ON due to unionization of nfs_inode.nrequests (git-fixes). - NFS: Handle NFS4ERR_DELAY replies to OP_SEQUENCE correctly (git-fixes). - NFS: LOOKUP_DIRECTORY is also ok with symlinks (git-fixes). - NFS: RECLAIM_COMPLETE must handle EACCES (git-fixes). - NFS: Turn off open-by-filehandle and NFS re-export for NFSv4.0 (git-fixes). - NFS: Update mode bits after ALLOCATE and DEALLOCATE (git-fixes). - NFSD: Clean up the show_nf_flags() macro (git-fixes). - NFSD: eliminate the NFSD_FILE_BREAK_* flags (git-fixes). - NFSD: Fix offset type in I/O trace points (git-fixes). - NFSD: Report RDMA connection errors to the server (git-fixes). - NFSD: restore EINVAL error translation in nfsd_commit() (git-fixes). - of/device: Fix up of_dma_configure_id() stub (git-fixes). - of/fdt: fix off-by-one error in unflatten_dt_nodes() (git-fixes). - parisc/sticon: fix reverse colors (bsc#1152489) - parisc/stifb: Fix fb_is_primary_device() only available with (bsc#1152489) - parisc/stifb: Implement fb_is_primary_device() (bsc#1152489) - parisc/stifb: Keep track of hardware path of graphics card (bsc#1152489) - PCI: Correct misspelled words (git-fixes). - PCI: Disable MSI for Tegra234 Root Ports (git-fixes). - PCI: Prefer 'unsigned int' over bare 'unsigned' (git-fixes). - PCI/ASPM: Make Intel DG2 L1 acceptable latency unlimited (jsc#PED-387). - pinctrl: qcom: sc8180x: Fix gpio_wakeirq_map (git-fixes). - pinctrl: qcom: sc8180x: Fix wrong pin numbers (git-fixes). - pinctrl: sunxi: Fix name for A100 R_PIO (git-fixes). - platform/surface: aggregator_registry: Add support for Surface Laptop Go 2 (git-fixes). - platform/x86: acer-wmi: Acer Aspire One AOD270/Packard Bell Dot keymap fixes (git-fixes). - platform/x86: i2c-multi-instantiate: Rename it for a generic serial driver name (bsc#1203699). - platform/x86: serial-multi-instantiate: Add CLSA0101 Laptop (bsc#1203699). - platform/x86: serial-multi-instantiate: Add SPI support (bsc#1203699). - platform/x86: serial-multi-instantiate: Reorganize I2C functions (bsc#1203699). - powerpc/pseries/vas: Pass hw_cpu_id to node associativity HCALL (bsc#1194869). - ppc64/kdump: Limit kdump base to 512MB (bsc#1203410 ltc#199904). - regulator: core: Clean up on enable failure (git-fixes). - regulator: pfuze100: Fix the global-out-of-bounds access in pfuze100_regulator_probe() (git-fixes). - regulator: qcom_rpm: Fix circular deferral regression (git-fixes). - reset: imx7: Fix the iMX8MP PCIe PHY PERST support (git-fixes). - s390: fix double free of GS and RI CBs on fork() failure (bsc#1203197 LTC#199895). - s390/boot: fix absolute zero lowcore corruption on boot (git-fixes). - scsi: core: Add BLIST_NO_ASK_VPD_SIZE for some VDASD (bsc#1203039). - scsi: lpfc: Add missing destroy_workqueue() in error path (bsc#1203939). - scsi: lpfc: Add missing free iocb and nlp kref put for early return VMID cases (bsc#1203939). - scsi: lpfc: Add reporting capability for Link Degrade Signaling (bsc#1203939). - scsi: lpfc: Fix FLOGI ACC with wrong SID in PT2PT topology (bsc#1203939). - scsi: lpfc: Fix mbuf pool resource detected as busy at driver unload (bsc#1203939). - scsi: lpfc: Fix multiple NVMe remoteport registration calls for the same NPort ID (bsc#1203939). - scsi: lpfc: Fix prli_fc4_req checks in PRLI handling (bsc#1203939). - scsi: lpfc: Fix various issues reported by tools (bsc#1203939). - scsi: lpfc: Move scsi_host_template outside dynamically allocated/freed phba (bsc#1185032 bsc#1203939). - scsi: lpfc: Remove the unneeded result variable (bsc#1203939). - scsi: lpfc: Remove unneeded result variable (bsc#1203939). - scsi: lpfc: Rename mp/bmp dma buffers to rq/rsp in lpfc_fdmi_cmd (bsc#1203939). - scsi: lpfc: Return DID_TRANSPORT_DISRUPTED instead of DID_REQUEUE (bsc#1203939). - scsi: lpfc: Rework FDMI attribute registration for unintential padding (bsc#1203939). - scsi: lpfc: Rework lpfc_fdmi_cmd() routine for cleanup and consistency (bsc#1203939). - scsi: lpfc: Update congestion mode logging for Emulex SAN Manager application (bsc#1203939). - scsi: lpfc: Update lpfc version to 14.2.0.7 (bsc#1203939). - scsi: mpt3sas: Fix use-after-free warning (git-fixes). - scsi: qla2xxx: Add debugfs create/delete helpers (bsc#1203935). - scsi: qla2xxx: Add NVMe parameters support in Auxiliary Image Status (bsc#1203935). - scsi: qla2xxx: Always wait for qlt_sess_work_fn() from qlt_stop_phase1() (bsc#1203935). - scsi: qla2xxx: Avoid flush_scheduled_work() usage (bsc#1203935). - scsi: qla2xxx: Define static symbols (bsc#1203935). - scsi: qla2xxx: Disable ATIO interrupt coalesce for quad port ISP27XX (bsc#1203935). - scsi: qla2xxx: Drop DID_TARGET_FAILURE use (bsc#1203935). - scsi: qla2xxx: Enhance driver tracing with separate tunable and more (bsc#1203935). - scsi: qla2xxx: Fix disk failure to rediscover (git-fixes). - scsi: qla2xxx: Fix memory leak in __qlt_24xx_handle_abts() (bsc#1203935). - scsi: qla2xxx: Fix response queue handler reading stale packets (bsc#1203935). - scsi: qla2xxx: Fix spelling mistake "definiton" "definition" (bsc#1203935). - scsi: qla2xxx: Log message "skipping scsi_scan_host()" as informational (bsc#1203935). - scsi: qla2xxx: Remove unused declarations for qla2xxx (bsc#1203935). - scsi: qla2xxx: Remove unused del_sess_list field (bsc#1203935). - scsi: qla2xxx: Remove unused qlt_tmr_work() (bsc#1203935). - scsi: qla2xxx: Revert "scsi: qla2xxx: Fix response queue handler reading stale packets" (bsc#1203935). - scsi: qla2xxx: Update version to 10.02.07.900-k (bsc#1203935). - scsi: Revert "scsi: qla2xxx: Fix disk failure to rediscover" (git-fixes). - scsi: smartpqi: Add module param to disable managed ints (bsc#1203893). - scsi: smartpqi: Shorten drive visibility after removal (bsc#1200622). - selftests: Fix the if conditions of in test_extra_filter() (git-fixes). - selftests: forwarding: add shebang for sch_red.sh (git-fixes). - selftests: forwarding: Fix failing tests with old libnet (git-fixes). - serial: atmel: remove redundant assignment in rs485_config (git-fixes). - serial: Create uart_xmit_advance() (git-fixes). - serial: fsl_lpuart: Reset prior to registration (git-fixes). - serial: tegra-tcu: Use uart_xmit_advance(), fixes icount.tx accounting (git-fixes). - serial: tegra: Use uart_xmit_advance(), fixes icount.tx accounting (git-fixes). - soc: sunxi: sram: Actually claim SRAM regions (git-fixes). - soc: sunxi: sram: Fix debugfs info for A64 SRAM C (git-fixes). - soc: sunxi: sram: Prevent the driver from being unbound (git-fixes). - spi: Add API to count spi acpi resources (bsc#1203699). - spi: Create helper API to lookup ACPI info for spi device (bsc#1203699). - spi: dw: Fix PM disable depth imbalance in dw_spi_bt1_probe (git-fixes). - spi: meson-spicc: do not rely on busy flag in pow2 clk ops (git-fixes). - spi: mt7621: Fix an error message in mt7621_spi_probe() (git-fixes). - spi: propagate error code to the caller of acpi_spi_device_alloc() (bsc#1203699). - spi: qup: add missing clk_disable_unprepare on error in spi_qup_pm_resume_runtime() (git-fixes). - spi: qup: add missing clk_disable_unprepare on error in spi_qup_resume() (git-fixes). - spi: Return deferred probe error when controller isn't yet available (bsc#1203699). - spi: s3c64xx: Fix large transfers with DMA (git-fixes). - spi: Support selection of the index of the ACPI Spi Resource before alloc (bsc#1203699). - spi/omap100k:Fix PM disable depth imbalance in omap1_spi100k_probe (git-fixes). - struct ehci_hcd: hide new element going into a hole (git-fixes). - struct xhci_hcd: restore member now dynamically allocated (git-fixes). - SUNRPC: Do not call connect() more than once on a TCP socket (git-fixes). - SUNRPC: Do not leak sockets in xs_local_connect() (git-fixes). - SUNRPC: fix expiry of auth creds (git-fixes). - SUNRPC: Fix xdr_encode_bool() (git-fixes). - SUNRPC: Reinitialise the backchannel request buffers before reuse (git-fixes). - SUNRPC: RPC level errors should set task->tk_rpc_status (git-fixes). - thunderbolt: Add support for Intel Maple Ridge single port controller (git-fixes). - tracing: hold caller_addr to hardirq_{enable,disable}_ip (git-fixes). - tty: serial: atmel: Preserve previous USART mode if RS485 disabled (git-fixes). - USB: Add ignore-residue quirk for NXP PN7462AU (git-fixes). - USB: add quirks for Lenovo OneLink+ Dock (git-fixes). - USB: cdc-acm: Add Icom PMR F3400 support (0c26:0020) (git-fixes). - USB: core: Fix RST error in hub.c (git-fixes). - USB: core: Prevent nested device-reset calls (git-fixes). - USB: Drop commas after SoC match table sentinels (git-fixes). - USB: dwc3: core: leave default DMA if the controller does not support 64-bit DMA (git-fixes). - USB: dwc3: disable USB core PHY management (git-fixes). - USB: dwc3: gadget: Avoid starting DWC3 gadget during UDC unbind (git-fixes). - USB: dwc3: gadget: Do not modify GEVNTCOUNT in pullup() (git-fixes). - USB: dwc3: gadget: Refactor pullup() (git-fixes). - USB: dwc3: pci: Add support for Intel Raptor Lake (git-fixes). - USB: Fix ehci infinite suspend-resume loop issue in zhaoxin (git-fixes). - USB: Fix memory leak in usbnet_disconnect() (git-fixes). - USB: host: xhci: fix a comment typo in xhci_mem_init() (git-fixes). - USB: host: xhci: use ffs() in xhci_mem_init() (git-fixes). - USB: hub: avoid warm port reset during USB3 disconnect (git-fixes). - USB: serial: cp210x: add Decagon UCA device id (git-fixes). - USB: serial: ftdi_sio: add Omron CS1W-CIF31 device id (git-fixes). - USB: serial: option: add Quectel BG95 0x0203 composition (git-fixes). - USB: serial: option: add Quectel EM060K modem (git-fixes). - USB: serial: option: add Quectel RM520N (git-fixes). - USB: serial: option: add support for Cinterion MV32-WA/WB RmNet mode (git-fixes). - USB: serial: option: add support for OPPO R11 diag port (git-fixes). - USB: storage: Add ASUS 0x0b05:0x1932 to IGNORE_UAS (git-fixes). - USB: struct usb_device: hide new member (git-fixes). - USB: typec: intel_pmc_mux: Add new ACPI ID for Meteor Lake IOM device (git-fixes). - USB: typec: tipd: Add an additional overflow check (git-fixes). - USB: typec: tipd: Do not read/write more bytes than required (git-fixes). - USB: typec: ucsi: Remove incorrect warning (git-fixes). - USB: xhci-mtk: relax TT periodic bandwidth allocation (git-fixes). - vfio/type1: Unpin zero pages (git-fixes). - vhost/vsock: Use kvmalloc/kvfree for larger packets (git-fixes). - video: fbdev: i740fb: Error out if 'pixclock' equals zero (git-fixes). - video: fbdev: pxa3xx-gcu: Fix integer overflow in pxa3xx_gcu_write (git-fixes). - virt: Add SEV-SNP guest driver (jsc#SLE-19924, jsc#SLE-24814). - virt: sevguest: Add documentation for SEV-SNP CPUID Enforcement (jsc#SLE-19924, jsc#SLE-24814). - virt: sevguest: Add support to derive key (jsc#SLE-19924, jsc#SLE-24814). - virt: sevguest: Add support to get extended report (jsc#SLE-19924, jsc#SLE-24814). - virt: sevguest: Fix bool function returning negative value (jsc#SLE-19924, jsc#SLE-24814). - virt: sevguest: Fix return value check in alloc_shared_pages() (jsc#SLE-19924, jsc#SLE-24814). - vrf: fix packet sniffing for traffic originating from ip tunnels (git-fixes). - vt: Clear selection before changing the font (git-fixes). - watchdog: wdat_wdt: Set the min and max timeout values properly (bsc#1194023). - wifi: ath10k: add peer map clean up for peer delete in ath10k_sta_state() (git-fixes). - wifi: ath11k: fix number of VHT beamformee spatial streams (git-fixes). - wifi: iwlegacy: 4965: corrected fix for potential off-by-one overflow in il4965_rs_fill_link_cmd() (git-fixes). - wifi: mac80211_hwsim: check length for virtio packets (git-fixes). - wifi: mac80211: allow bw change during channel switch in mesh (git-fixes). - wifi: mac80211: fix regression with non-QoS drivers (git-fixes). - wifi: mac80211: Fix UAF in ieee80211_scan_rx() (git-fixes). - wifi: mt76: fix reading current per-tid starting sequence number for aggregation (git-fixes). - wifi: mt76: mt7615: add mt7615_mutex_acquire/release in mt7615_sta_set_decap_offload (git-fixes). - wifi: mt76: mt7915: do not check state before configuring implicit beamform (git-fixes). - wifi: mt76: sdio: fix transmitting packet hangs (git-fixes). - wifi: rtl8xxxu: Fix AIFS written to REG_EDCA_*_PARAM (git-fixes). - wifi: rtl8xxxu: Fix skb misuse in TX queue selection (git-fixes). - wifi: rtl8xxxu: gen2: Fix mistake in path B IQ calibration (git-fixes). - wifi: rtl8xxxu: Improve rtl8xxxu_queue_select (git-fixes). - wifi: rtl8xxxu: Remove copy-paste leftover in gen2_update_rate_mask (git-fixes). - wifi: rtl8xxxu: tighten bounds checking in rtl8xxxu_read_efuse() (git-fixes). - wifi: rtlwifi: 8192de: correct checking of IQK reload (git-fixes). - wifi: rtw88: add missing destroy_workqueue() on error path in rtw_core_init() (git-fixes). - workqueue: do not skip lockdep work dependency in cancel_work_sync() (git-fixes). - x86/boot: Add a pointer to Confidential Computing blob in bootparams (jsc#SLE-19924, jsc#SLE-24814). - x86/boot: Add Confidential Computing type to setup_data (jsc#SLE-19924, jsc#SLE-24814). - x86/boot: Introduce helpers for MSR reads/writes (jsc#SLE-19924, jsc#SLE-24814). - x86/boot: Put globals that are accessed early into the .data section (jsc#SLE-19924, jsc#SLE-24814). - x86/boot: Use MSR read/write helpers instead of inline assembly (jsc#SLE-19924, jsc#SLE-24814). - x86/compressed: Add helper for validating pages in the decompression stage (jsc#SLE-19924, jsc#SLE-24814). - x86/compressed: Add SEV-SNP feature detection/setup (jsc#SLE-19924, jsc#SLE-24814). - x86/compressed: Export and rename add_identity_map() (jsc#SLE-19924, jsc#SLE-24814). - x86/compressed: Register GHCB memory when SEV-SNP is active (jsc#SLE-19924, jsc#SLE-24814). - x86/compressed: Use firmware-validated CPUID leaves for SEV-SNP guests (jsc#SLE-19924, jsc#SLE-24814). - x86/compressed/64: Add identity mapping for Confidential Computing blob (jsc#SLE-19924, jsc#SLE-24814). - x86/compressed/64: Add support for SEV-SNP CPUID table in #VC handlers (jsc#SLE-19924, jsc#SLE-24814). - x86/compressed/64: Detect/setup SEV/SME features earlier during boot (jsc#SLE-19924, jsc#SLE-24814). - x86/compressed/acpi: Move EFI config table lookup to helper (jsc#SLE-19924, jsc#SLE-24814). - x86/compressed/acpi: Move EFI detection to helper (jsc#SLE-19924, jsc#SLE-24814). - x86/compressed/acpi: Move EFI kexec handling into common code (jsc#SLE-19924, jsc#SLE-24814). - x86/compressed/acpi: Move EFI system table lookup to helper (jsc#SLE-19924, jsc#SLE-24814). - x86/compressed/acpi: Move EFI vendor table lookup to helper (jsc#SLE-19924, jsc#SLE-24814). - x86/head/64: Re-enable stack protection (jsc#SLE-19924, jsc#SLE-24814). - x86/ibt,ftrace: Make function-graph play nice (bsc#1203969). - x86/kernel: Mark the .bss..decrypted section as shared in the RMP table (jsc#SLE-19924, jsc#SLE-24814). - x86/kernel: Validate ROM memory before accessing when SEV-SNP is active (jsc#SLE-19924, jsc#SLE-24814). - x86/kexec: fix memory leak of elf header buffer (bsc#1196444). - x86/mm: Extend cc_attr to include AMD SEV-SNP (jsc#SLE-19924, jsc#SLE-24814). - x86/mm: Validate memory when changing the C-bit (jsc#SLE-19924, jsc#SLE-24814). - x86/sev: Add a helper for the PVALIDATE instruction (jsc#SLE-19924, jsc#SLE-24814). - x86/sev: Add a sev= cmdline option (jsc#SLE-19924, jsc#SLE-24814). - x86/sev: Add helper for validating pages in early enc attribute changes (jsc#SLE-19924, jsc#SLE-24814). - x86/sev: Add missing __init annotations to SEV init routines (jsc#SLE-19924 jsc#SLE-24814). - x86/sev: Add SEV-SNP feature detection/setup (jsc#SLE-19924, jsc#SLE-24814). - x86/sev: Check SEV-SNP features support (jsc#SLE-19924, jsc#SLE-24814). - x86/sev: Check the VMPL level (jsc#SLE-19924, jsc#SLE-24814). - x86/sev: Detect/setup SEV/SME features earlier in boot (jsc#SLE-19924, jsc#SLE-24814). - x86/sev: Get the AP jump table address from secrets page (jsc#SLE-19924, jsc#SLE-24814). - x86/sev: Move MSR-based VMGEXITs for CPUID to helper (jsc#SLE-19924, jsc#SLE-24814). - x86/sev: Provide support for SNP guest request NAEs (jsc#SLE-19924, jsc#SLE-24814). - x86/sev: Register GHCB memory when SEV-SNP is active (jsc#SLE-19924, jsc#SLE-24814). - x86/sev: Register SEV-SNP guest request platform device (jsc#SLE-19924, jsc#SLE-24814). - x86/sev: Use firmware-validated CPUID for SEV-SNP guests (jsc#SLE-19924, jsc#SLE-24814). - x86/sev: Use SEV-SNP AP creation to start secondary CPUs (jsc#SLE-19924, jsc#SLE-24814). - x86/xen: Remove undefined behavior in setup_features() (git-fixes). - xen-blkback: Advertise feature-persistent as user requested (git-fixes). - xen-blkback: Apply 'feature_persistent' parameter when connect (git-fixes). - xen-blkback: fix persistent grants negotiation (git-fixes). - xen-blkfront: Advertise feature-persistent as user requested (git-fixes). - xen-blkfront: Apply 'feature_persistent' parameter when connect (git-fixes). - xen-blkfront: Cache feature_persistent value before advertisement (git-fixes). - xen-blkfront: Handle NULL gendisk (git-fixes). - xen-netback: only remove 'hotplug-status' when the vif is actually destroyed (git-fixes). - xen/gntdev: Avoid blocking in unmap_grant_pages() (git-fixes). - xen/gntdev: Ignore failure to unmap INVALID_GRANT_HANDLE (git-fixes). - xen/grants: prevent integer overflow in gnttab_dma_alloc_pages() (git-fixes). - xen/usb: do not use arbitrary_virt_to_machine() (git-fixes). - xhci: Allocate separate command structures for each LPM command (git-fixes). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-3844=1 - SUSE Linux Enterprise Workstation Extension 15-SP4: zypper in -t patch SUSE-SLE-Product-WE-15-SP4-2022-3844=1 - SUSE Linux Enterprise Module for Live Patching 15-SP4: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2022-3844=1 Please note that this is the initial kernel livepatch without fixes itself, this livepatch package is later updated by seperate standalone livepatch updates. - SUSE Linux Enterprise Module for Legacy Software 15-SP4: zypper in -t patch SUSE-SLE-Module-Legacy-15-SP4-2022-3844=1 - SUSE Linux Enterprise Module for Development Tools 15-SP4: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2022-3844=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-3844=1 - SUSE Linux Enterprise Micro 5.3: zypper in -t patch SUSE-SLE-Micro-5.3-2022-3844=1 - SUSE Linux Enterprise High Availability 15-SP4: zypper in -t patch SUSE-SLE-Product-HA-15-SP4-2022-3844=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): cluster-md-kmp-default-5.14.21-150400.24.28.1 cluster-md-kmp-default-debuginfo-5.14.21-150400.24.28.1 dlm-kmp-default-5.14.21-150400.24.28.1 dlm-kmp-default-debuginfo-5.14.21-150400.24.28.1 gfs2-kmp-default-5.14.21-150400.24.28.1 gfs2-kmp-default-debuginfo-5.14.21-150400.24.28.1 kernel-default-5.14.21-150400.24.28.1 kernel-default-base-5.14.21-150400.24.28.1.150400.24.9.5 kernel-default-base-rebuild-5.14.21-150400.24.28.1.150400.24.9.5 kernel-default-debuginfo-5.14.21-150400.24.28.1 kernel-default-debugsource-5.14.21-150400.24.28.1 kernel-default-devel-5.14.21-150400.24.28.1 kernel-default-devel-debuginfo-5.14.21-150400.24.28.1 kernel-default-extra-5.14.21-150400.24.28.1 kernel-default-extra-debuginfo-5.14.21-150400.24.28.1 kernel-default-livepatch-5.14.21-150400.24.28.1 kernel-default-livepatch-devel-5.14.21-150400.24.28.1 kernel-default-optional-5.14.21-150400.24.28.1 kernel-default-optional-debuginfo-5.14.21-150400.24.28.1 kernel-obs-build-5.14.21-150400.24.28.1 kernel-obs-build-debugsource-5.14.21-150400.24.28.1 kernel-obs-qa-5.14.21-150400.24.28.1 kernel-syms-5.14.21-150400.24.28.1 kselftests-kmp-default-5.14.21-150400.24.28.1 kselftests-kmp-default-debuginfo-5.14.21-150400.24.28.1 ocfs2-kmp-default-5.14.21-150400.24.28.1 ocfs2-kmp-default-debuginfo-5.14.21-150400.24.28.1 reiserfs-kmp-default-5.14.21-150400.24.28.1 reiserfs-kmp-default-debuginfo-5.14.21-150400.24.28.1 - openSUSE Leap 15.4 (aarch64 ppc64le x86_64): kernel-kvmsmall-5.14.21-150400.24.28.1 kernel-kvmsmall-debuginfo-5.14.21-150400.24.28.1 kernel-kvmsmall-debugsource-5.14.21-150400.24.28.1 kernel-kvmsmall-devel-5.14.21-150400.24.28.1 kernel-kvmsmall-devel-debuginfo-5.14.21-150400.24.28.1 kernel-kvmsmall-livepatch-devel-5.14.21-150400.24.28.1 - openSUSE Leap 15.4 (ppc64le x86_64): kernel-debug-5.14.21-150400.24.28.1 kernel-debug-debuginfo-5.14.21-150400.24.28.1 kernel-debug-debugsource-5.14.21-150400.24.28.1 kernel-debug-devel-5.14.21-150400.24.28.1 kernel-debug-devel-debuginfo-5.14.21-150400.24.28.1 kernel-debug-livepatch-devel-5.14.21-150400.24.28.1 - openSUSE Leap 15.4 (aarch64): cluster-md-kmp-64kb-5.14.21-150400.24.28.1 cluster-md-kmp-64kb-debuginfo-5.14.21-150400.24.28.1 dlm-kmp-64kb-5.14.21-150400.24.28.1 dlm-kmp-64kb-debuginfo-5.14.21-150400.24.28.1 dtb-allwinner-5.14.21-150400.24.28.1 dtb-altera-5.14.21-150400.24.28.1 dtb-amazon-5.14.21-150400.24.28.1 dtb-amd-5.14.21-150400.24.28.1 dtb-amlogic-5.14.21-150400.24.28.1 dtb-apm-5.14.21-150400.24.28.1 dtb-apple-5.14.21-150400.24.28.1 dtb-arm-5.14.21-150400.24.28.1 dtb-broadcom-5.14.21-150400.24.28.1 dtb-cavium-5.14.21-150400.24.28.1 dtb-exynos-5.14.21-150400.24.28.1 dtb-freescale-5.14.21-150400.24.28.1 dtb-hisilicon-5.14.21-150400.24.28.1 dtb-lg-5.14.21-150400.24.28.1 dtb-marvell-5.14.21-150400.24.28.1 dtb-mediatek-5.14.21-150400.24.28.1 dtb-nvidia-5.14.21-150400.24.28.1 dtb-qcom-5.14.21-150400.24.28.1 dtb-renesas-5.14.21-150400.24.28.1 dtb-rockchip-5.14.21-150400.24.28.1 dtb-socionext-5.14.21-150400.24.28.1 dtb-sprd-5.14.21-150400.24.28.1 dtb-xilinx-5.14.21-150400.24.28.1 gfs2-kmp-64kb-5.14.21-150400.24.28.1 gfs2-kmp-64kb-debuginfo-5.14.21-150400.24.28.1 kernel-64kb-5.14.21-150400.24.28.1 kernel-64kb-debuginfo-5.14.21-150400.24.28.1 kernel-64kb-debugsource-5.14.21-150400.24.28.1 kernel-64kb-devel-5.14.21-150400.24.28.1 kernel-64kb-devel-debuginfo-5.14.21-150400.24.28.1 kernel-64kb-extra-5.14.21-150400.24.28.1 kernel-64kb-extra-debuginfo-5.14.21-150400.24.28.1 kernel-64kb-livepatch-devel-5.14.21-150400.24.28.1 kernel-64kb-optional-5.14.21-150400.24.28.1 kernel-64kb-optional-debuginfo-5.14.21-150400.24.28.1 kselftests-kmp-64kb-5.14.21-150400.24.28.1 kselftests-kmp-64kb-debuginfo-5.14.21-150400.24.28.1 ocfs2-kmp-64kb-5.14.21-150400.24.28.1 ocfs2-kmp-64kb-debuginfo-5.14.21-150400.24.28.1 reiserfs-kmp-64kb-5.14.21-150400.24.28.1 reiserfs-kmp-64kb-debuginfo-5.14.21-150400.24.28.1 - openSUSE Leap 15.4 (noarch): kernel-devel-5.14.21-150400.24.28.1 kernel-docs-5.14.21-150400.24.28.1 kernel-docs-html-5.14.21-150400.24.28.1 kernel-macros-5.14.21-150400.24.28.1 kernel-source-5.14.21-150400.24.28.1 kernel-source-vanilla-5.14.21-150400.24.28.1 - openSUSE Leap 15.4 (s390x): kernel-zfcpdump-5.14.21-150400.24.28.1 kernel-zfcpdump-debuginfo-5.14.21-150400.24.28.1 kernel-zfcpdump-debugsource-5.14.21-150400.24.28.1 - SUSE Linux Enterprise Workstation Extension 15-SP4 (x86_64): kernel-default-debuginfo-5.14.21-150400.24.28.1 kernel-default-debugsource-5.14.21-150400.24.28.1 kernel-default-extra-5.14.21-150400.24.28.1 kernel-default-extra-debuginfo-5.14.21-150400.24.28.1 - SUSE Linux Enterprise Module for Live Patching 15-SP4 (ppc64le s390x x86_64): kernel-default-debuginfo-5.14.21-150400.24.28.1 kernel-default-debugsource-5.14.21-150400.24.28.1 kernel-default-livepatch-5.14.21-150400.24.28.1 kernel-default-livepatch-devel-5.14.21-150400.24.28.1 kernel-livepatch-5_14_21-150400_24_28-default-1-150400.9.3.5 kernel-livepatch-5_14_21-150400_24_28-default-debuginfo-1-150400.9.3.5 kernel-livepatch-SLE15-SP4_Update_4-debugsource-1-150400.9.3.5 - SUSE Linux Enterprise Module for Legacy Software 15-SP4 (aarch64 ppc64le s390x x86_64): kernel-default-debuginfo-5.14.21-150400.24.28.1 kernel-default-debugsource-5.14.21-150400.24.28.1 reiserfs-kmp-default-5.14.21-150400.24.28.1 reiserfs-kmp-default-debuginfo-5.14.21-150400.24.28.1 - SUSE Linux Enterprise Module for Development Tools 15-SP4 (aarch64 ppc64le s390x x86_64): kernel-obs-build-5.14.21-150400.24.28.1 kernel-obs-build-debugsource-5.14.21-150400.24.28.1 kernel-syms-5.14.21-150400.24.28.1 - SUSE Linux Enterprise Module for Development Tools 15-SP4 (noarch): kernel-docs-5.14.21-150400.24.28.1 kernel-source-5.14.21-150400.24.28.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): kernel-default-5.14.21-150400.24.28.1 kernel-default-base-5.14.21-150400.24.28.1.150400.24.9.5 kernel-default-debuginfo-5.14.21-150400.24.28.1 kernel-default-debugsource-5.14.21-150400.24.28.1 kernel-default-devel-5.14.21-150400.24.28.1 kernel-default-devel-debuginfo-5.14.21-150400.24.28.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64): kernel-64kb-5.14.21-150400.24.28.1 kernel-64kb-debuginfo-5.14.21-150400.24.28.1 kernel-64kb-debugsource-5.14.21-150400.24.28.1 kernel-64kb-devel-5.14.21-150400.24.28.1 kernel-64kb-devel-debuginfo-5.14.21-150400.24.28.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (noarch): kernel-devel-5.14.21-150400.24.28.1 kernel-macros-5.14.21-150400.24.28.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (s390x): kernel-zfcpdump-5.14.21-150400.24.28.1 kernel-zfcpdump-debuginfo-5.14.21-150400.24.28.1 kernel-zfcpdump-debugsource-5.14.21-150400.24.28.1 - SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64): kernel-default-5.14.21-150400.24.28.1 kernel-default-base-5.14.21-150400.24.28.1.150400.24.9.5 kernel-default-debuginfo-5.14.21-150400.24.28.1 kernel-default-debugsource-5.14.21-150400.24.28.1 - SUSE Linux Enterprise High Availability 15-SP4 (aarch64 ppc64le s390x x86_64): cluster-md-kmp-default-5.14.21-150400.24.28.1 cluster-md-kmp-default-debuginfo-5.14.21-150400.24.28.1 dlm-kmp-default-5.14.21-150400.24.28.1 dlm-kmp-default-debuginfo-5.14.21-150400.24.28.1 gfs2-kmp-default-5.14.21-150400.24.28.1 gfs2-kmp-default-debuginfo-5.14.21-150400.24.28.1 kernel-default-debuginfo-5.14.21-150400.24.28.1 kernel-default-debugsource-5.14.21-150400.24.28.1 ocfs2-kmp-default-5.14.21-150400.24.28.1 ocfs2-kmp-default-debuginfo-5.14.21-150400.24.28.1 References: https://www.suse.com/security/cve/CVE-2022-1263.html https://www.suse.com/security/cve/CVE-2022-2586.html https://www.suse.com/security/cve/CVE-2022-3202.html https://www.suse.com/security/cve/CVE-2022-32296.html https://www.suse.com/security/cve/CVE-2022-3239.html https://www.suse.com/security/cve/CVE-2022-3303.html https://www.suse.com/security/cve/CVE-2022-39189.html https://www.suse.com/security/cve/CVE-2022-41218.html https://www.suse.com/security/cve/CVE-2022-41674.html https://www.suse.com/security/cve/CVE-2022-41848.html https://www.suse.com/security/cve/CVE-2022-41849.html https://www.suse.com/security/cve/CVE-2022-42719.html https://www.suse.com/security/cve/CVE-2022-42720.html https://www.suse.com/security/cve/CVE-2022-42721.html https://www.suse.com/security/cve/CVE-2022-42722.html https://bugzilla.suse.com/1185032 https://bugzilla.suse.com/1190497 https://bugzilla.suse.com/1194023 https://bugzilla.suse.com/1194869 https://bugzilla.suse.com/1195917 https://bugzilla.suse.com/1196444 https://bugzilla.suse.com/1196869 https://bugzilla.suse.com/1197659 https://bugzilla.suse.com/1198189 https://bugzilla.suse.com/1200288 https://bugzilla.suse.com/1200622 https://bugzilla.suse.com/1201309 https://bugzilla.suse.com/1201310 https://bugzilla.suse.com/1201987 https://bugzilla.suse.com/1202095 https://bugzilla.suse.com/1202960 https://bugzilla.suse.com/1203039 https://bugzilla.suse.com/1203066 https://bugzilla.suse.com/1203101 https://bugzilla.suse.com/1203197 https://bugzilla.suse.com/1203263 https://bugzilla.suse.com/1203338 https://bugzilla.suse.com/1203360 https://bugzilla.suse.com/1203361 https://bugzilla.suse.com/1203389 https://bugzilla.suse.com/1203410 https://bugzilla.suse.com/1203505 https://bugzilla.suse.com/1203552 https://bugzilla.suse.com/1203664 https://bugzilla.suse.com/1203693 https://bugzilla.suse.com/1203699 https://bugzilla.suse.com/1203767 https://bugzilla.suse.com/1203769 https://bugzilla.suse.com/1203770 https://bugzilla.suse.com/1203794 https://bugzilla.suse.com/1203798 https://bugzilla.suse.com/1203893 https://bugzilla.suse.com/1203902 https://bugzilla.suse.com/1203906 https://bugzilla.suse.com/1203908 https://bugzilla.suse.com/1203935 https://bugzilla.suse.com/1203939 https://bugzilla.suse.com/1203987 https://bugzilla.suse.com/1203992 https://bugzilla.suse.com/1204051 https://bugzilla.suse.com/1204059 https://bugzilla.suse.com/1204060 https://bugzilla.suse.com/1204125 From sle-updates at lists.suse.com Wed Nov 2 08:30:59 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 2 Nov 2022 09:30:59 +0100 (CET) Subject: SUSE-CU-2022:2800-1: Security update of bci/bci-init Message-ID: <20221102083059.15A1BF78D@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-init ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2800-1 Container Tags : bci/bci-init:15.3 , bci/bci-init:15.3.21.22 Container Release : 21.22 Severity : critical Type : security References : 1087072 1167864 1181961 1202812 1203911 1204111 1204112 1204113 1204137 1204357 1204383 CVE-2020-10696 CVE-2021-20206 CVE-2022-2990 CVE-2022-32221 CVE-2022-3515 CVE-2022-42010 CVE-2022-42011 CVE-2022-42012 ----------------------------------------------------------------- The container bci/bci-init was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3683-1 Released: Fri Oct 21 11:48:39 2022 Summary: Security update for libksba Type: security Severity: critical References: 1204357,CVE-2022-3515 This update for libksba fixes the following issues: - CVE-2022-3515: Fixed a possible overflow in the TLV parser (bsc#1204357). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3766-1 Released: Wed Oct 26 11:38:01 2022 Summary: Security update for buildah Type: security Severity: important References: 1167864,1181961,1202812,CVE-2020-10696,CVE-2021-20206,CVE-2022-2990 This update for buildah fixes the following issues: - CVE-2021-20206: Fixed an issue in libcni that could allow an attacker to execute arbitrary binaries on the host (bsc#1181961). - CVE-2020-10696: Fixed an issue that could lead to files being overwritten during the image building process (bsc#1167864). - CVE-2022-2990: Fixed possible information disclosure and modification / bsc#1202812 Buildah was updated to version 1.27.1: * run: add container gid to additional groups - Add fix for CVE-2022-2990 / bsc#1202812 Update to version 1.27.0: * Don't try to call runLabelStdioPipes if spec.Linux is not set * build: support filtering cache by duration using --cache-ttl * build: support building from commit when using git repo as build context * build: clean up git repos correctly when using subdirs * integration tests: quote '?' in shell scripts * test: manifest inspect should have OCIv1 annotation * vendor: bump to c/common at 87fab4b7019a * Failure to determine a file or directory should print an error * refactor: remove unused CommitOptions from generateBuildOutput * stage_executor: generate output for cases with no commit * stage_executor, commit: output only if last stage in build * Use errors.Is() instead of os.Is{Not,}Exist * Minor test tweak for podman-remote compatibility * Cirrus: Use the latest imgts container * imagebuildah: complain about the right Dockerfile * tests: don't try to wrap `nil` errors * cmd/buildah.commitCmd: don't shadow 'err' * cmd/buildah.pullCmd: complain about DecryptConfig/EncryptConfig * Fix a copy/paste error message * Fix a typo in an error message * build,cache: support pulling/pushing cache layers to/from remote sources * Update vendor of containers/(common, storage, image) * Rename chroot/run.go to chroot/run_linux.go * Don't bother telling codespell to skip files that don't exist * Set user namespace defaults correctly for the library * imagebuildah: optimize cache hits for COPY and ADD instructions * Cirrus: Update VM images w/ updated bats * docs, run: show SELinux label flag for cache and bind mounts * imagebuildah, build: remove undefined concurrent writes * bump github.com/opencontainers/runtime-tools * Add FreeBSD support for 'buildah info' * Vendor in latest containers/(storage, common, image) * Add freebsd cross build targets * Make the jail package build on 32bit platforms * Cirrus: Ensure the build-push VM image is labeled * GHA: Fix dynamic script filename * Vendor in containers/(common, storage, image) * Run codespell * Remove import of github.com/pkg/errors * Avoid using cgo in pkg/jail * Rename footypes to fooTypes for naming consistency * Move cleanupTempVolumes and cleanupRunMounts to run_common.go * Make the various run mounts work for FreeBSD * Move get{Bind,Tmpfs,Secret,SSH}Mount to run_common.go * Move runSetupRunMounts to run_common.go * Move cleanableDestinationListFromMounts to run_common.go * Make setupMounts and runSetupBuiltinVolumes work on FreeBSD * Move setupMounts and runSetupBuiltinVolumes to run_common.go * Tidy up - runMakeStdioPipe can't be shared with linux * Move runAcceptTerminal to run_common.go * Move stdio copying utilities to run_common.go * Move runUsingRuntime and runCollectOutput to run_common.go * Move fileCloser, waitForSync and contains to run_common.go * Move checkAndOverrideIsolationOptions to run_common.go * Move DefaultNamespaceOptions to run_common.go * Move getNetworkInterface to run_common.go * Move configureEnvironment to run_common.go * Don't crash in configureUIDGID if Process.Capabilities is nil * Move configureUIDGID to run_common.go * Move runLookupPath to run_common.go * Move setupTerminal to run_common.go * Move etc file generation utilities to run_common.go * Add run support for FreeBSD * Add a simple FreeBSD jail library * Add FreeBSD support to pkg/chrootuser * Sync call signature for RunUsingChroot with chroot/run.go * test: verify feature to resolve basename with args * vendor: bump openshift/imagebuilder to master at 4151e43 * GHA: Remove required reserved-name use * buildah: set XDG_RUNTIME_DIR before setting default runroot * imagebuildah: honor build output even if build container is not commited * chroot: honor DefaultErrnoRet * [CI:DOCS] improve pull-policy documentation * tests: retrofit test since --file does not supports dir * Switch to golang native error wrapping * BuildDockerfiles: error out if path to containerfile is a directory * define.downloadToDirectory: fail early if bad HTTP response * GHA: Allow re-use of Cirrus-Cron fail-mail workflow * add: fail on bad http response instead of writing to container * [CI:DOCS] Update buildahimage comment * lint: inspectable is never nil * vendor: c/common to common at 7e1563b * build: support OCI hooks for ephemeral build containers * [CI:BUILD] Install latest buildah instead of compiling * Add subid support with BuildRequires and BUILDTAG [NO NEW TESTS NEEDED] * Make sure cpp is installed in buildah images * demo: use unshare for rootless invocations * buildah.spec.rpkg: initial addition * build: fix test for subid 4 * build, userns: add support for --userns=auto * Fix building upstream buildah image * Remove redundant buildahimages-are-sane validation * Docs: Update multi-arch buildah images readme * Cirrus: Migrate multiarch build off github actions * retrofit-tests: we skip unused stages so use stages * stage_executor: dont rely on stage while looking for additional-context * buildkit, multistage: skip computing unwanted stages * More test cleanup * copier: work around freebsd bug for 'mkdir /' * Replace $BUILDAH_BINARY with buildah() function * Fix up buildah images * Make util and copier build on FreeBSD * Vendor in latest github.com/sirupsen/logrus * Makefile: allow building without .git * run_unix: don't return an error from getNetworkInterface * run_unix: return a valid DefaultNamespaceOptions * Update vendor of containers/storage * chroot: use ActKillThread instead of ActKill * use resolvconf package from c/common/libnetwork * update c/common to latest main * copier: add `NoOverwriteNonDirDir` option * Sort buildoptions and move cli/build functions to internal * Fix TODO: de-spaghettify run mounts * Move options parsing out of build.go and into pkg/cli * [CI:DOCS] Tutorial 04 - Include Debian/Ubuntu deps * build, multiarch: support splitting build logs for --platform * [CI:BUILD] WIP Cleanup Image Dockerfiles * cli remove stutter * docker-parity: ignore sanity check if baseImage history is null * build, commit: allow disabling image history with --omit-history * Fix use generic/ambiguous DEBUG name * Cirrus: use Ubuntu 22.04 LTS * Fix codespell errors * Remove util.StringInSlice because it is defined in containers/common * buildah: add support for renaming a device in rootless setups * squash: never use build cache when computing last step of last stage * Update vendor of containers/(common, storage, image) * buildkit: supports additionalBuildContext in builds via --build-context * buildah source pull/push: show progress bar * run: allow resuing secret twice in different RUN steps * test helpers: default to being rootless-aware * Add --cpp-flag flag to buildah build * build: accept branch and subdirectory when context is git repo * Vendor in latest containers/common * vendor: update c/storage and c/image * Fix gentoo install docs * copier: move NSS load to new process * Add test for prevention of reusing encrypted layers * Make `buildah build --label foo` create an empty 'foo' label again Update to version 1.26.4: * build, multiarch: support splitting build logs for --platform * copier: add `NoOverwriteNonDirDir` option * docker-parity: ignore sanity check if baseImage history is null * build, commit: allow disabling image history with --omit-history * buildkit: supports additionalBuildContext in builds via --build-context * Add --cpp-flag flag to buildah build Update to version 1.26.3: * define.downloadToDirectory: fail early if bad HTTP response * add: fail on bad http response instead of writing to container * squash: never use build cache when computing last step of last stage * run: allow resuing secret twice in different RUN steps * integration tests: update expected error messages * integration tests: quote '?' in shell scripts * Use errors.Is() to check for storage errors * lint: inspectable is never nil * chroot: use ActKillThread instead of ActKill * chroot: honor DefaultErrnoRet * Set user namespace defaults correctly for the library * contrib/rpm/buildah.spec: fix `rpm` parser warnings Drop requires on apparmor pattern, should be moved elsewhere for systems which want AppArmor instead of SELinux. - Update BuildRequires to libassuan-devel >= 2.5.2, pkgconfig file is required to build. Update to version 1.26.2: * buildah: add support for renaming a device in rootless setups Update to version 1.26.1: * Make `buildah build --label foo` create an empty 'foo' label again * imagebuildah,build: move deepcopy of args before we spawn goroutine * Vendor in containers/storage v1.40.2 * buildah.BuilderOptions.DefaultEnv is ignored, so mark it as deprecated * help output: get more consistent about option usage text * Handle OS version and features flags * buildah build: --annotation and --label should remove values * buildah build: add a --env * buildah: deep copy options.Args before performing concurrent build/stage * test: inline platform and builtinargs behaviour * vendor: bump imagebuilder to master/009dbc6 * build: automatically set correct TARGETPLATFORM where expected * Vendor in containers/(common, storage, image) * imagebuildah, executor: process arg variables while populating baseMap * buildkit: add support for custom build output with --output * Cirrus: Update CI VMs to F36 * fix staticcheck linter warning for deprecated function * Fix docs build on FreeBSD * copier.unwrapError(): update for Go 1.16 * copier.PutOptions: add StripSetuidBit/StripSetgidBit/StripStickyBit * copier.Put(): write to read-only directories * Ed's periodic test cleanup * using consistent lowercase 'invalid' word in returned err msg * use etchosts package from c/common * run: set actual hostname in /etc/hostname to match docker parity * Update vendor of containers/(common,storage,image) * manifest-create: allow creating manifest list from local image * Update vendor of storage,common,image * Initialize network backend before first pull * oci spec: change special mount points for namespaces * tests/helpers.bash: assert handle corner cases correctly * buildah: actually use containers.conf settings * integration tests: learn to start a dummy registry * Fix error check to work on Podman * buildah build should accept at most one arg * tests: reduce concurrency for flaky bud-multiple-platform-no-run * vendor in latest containers/common,image,storage * manifest-add: allow override arch,variant while adding image * Remove a stray `\` from .containerenv * Vendor in latest opencontainers/selinux v1.10.1 * build, commit: allow removing default identity labels * Create shorter names for containers based on image IDs * test: skip rootless on cgroupv2 in root env * fix hang when oci runtime fails * Set permissions for GitHub actions * copier test: use correct UID/GID in test archives * run: set parent-death signals and forward SIGHUP/SIGINT/SIGTERM ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3773-1 Released: Wed Oct 26 12:19:29 2022 Summary: Security update for curl Type: security Severity: important References: 1204383,CVE-2022-32221 This update for curl fixes the following issues: - CVE-2022-32221: Fixed POST following PUT confusion (bsc#1204383). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3776-1 Released: Wed Oct 26 14:06:43 2022 Summary: Recommended update for permissions Type: recommended Severity: important References: 1203911,1204137 This update for permissions fixes the following issues: - Revert changes that replaced ping capabilities with ICMP_PROTO sockets. Older SUSE Linux Enterprise versions don't properly support ICMP_PROTO sockets feature yet (bsc#1204137) - Fix regression introduced by backport of security fix (bsc#1203911) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3805-1 Released: Thu Oct 27 17:19:46 2022 Summary: Security update for dbus-1 Type: security Severity: important References: 1087072,1204111,1204112,1204113,CVE-2022-42010,CVE-2022-42011,CVE-2022-42012 This update for dbus-1 fixes the following issues: - CVE-2022-42010: Fixed potential crash that could be triggered by an invalid signature (bsc#1204111). - CVE-2022-42011: Fixed an out of bounds read caused by a fixed length array (bsc#1204112). - CVE-2022-42012: Fixed a use-after-free that could be trigged by a message in non-native endianness with out-of-band Unix file descriptor (bsc#1204113). Bugfixes: - Disable asserts (bsc#1087072). The following package changes have been done: - dbus-1-1.12.2-150100.8.14.1 updated - libcurl4-7.66.0-150200.4.42.1 updated - libdbus-1-3-1.12.2-150100.8.14.1 updated - libgpg-error0-1.42-150300.9.3.1 updated - libksba8-1.3.5-150000.4.3.1 updated - permissions-20181225-150200.23.20.1 updated - container:sles15-image-15.0.0-17.20.58 updated From sle-updates at lists.suse.com Wed Nov 2 11:19:30 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 2 Nov 2022 12:19:30 +0100 (CET) Subject: SUSE-RU-2022:3846-1: moderate: Recommended update for grub2 Message-ID: <20221102111930.A2CCBFDB8@maintenance.suse.de> SUSE Recommended Update: Recommended update for grub2 ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:3846-1 Rating: moderate References: #1203387 Affected Products: SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for grub2 fixes the following issues: - Add bigtime incompat feature support for xfs file system (bsc#1203387) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-3846=1 Package List: - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): grub2-2.02-146.1 grub2-debuginfo-2.02-146.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 s390x x86_64): grub2-debugsource-2.02-146.1 - SUSE Linux Enterprise Server 12-SP5 (ppc64le): grub2-powerpc-ieee1275-2.02-146.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64): grub2-arm64-efi-2.02-146.1 - SUSE Linux Enterprise Server 12-SP5 (noarch): grub2-snapper-plugin-2.02-146.1 grub2-systemd-sleep-plugin-2.02-146.1 grub2-x86_64-xen-2.02-146.1 - SUSE Linux Enterprise Server 12-SP5 (x86_64): grub2-i386-pc-2.02-146.1 grub2-x86_64-efi-2.02-146.1 - SUSE Linux Enterprise Server 12-SP5 (s390x): grub2-s390x-emu-2.02-146.1 References: https://bugzilla.suse.com/1203387 From sle-updates at lists.suse.com Wed Nov 2 11:20:16 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 2 Nov 2022 12:20:16 +0100 (CET) Subject: SUSE-FU-2022:3845-1: important: Feature update for grub2 Message-ID: <20221102112016.DC7E1FDB8@maintenance.suse.de> SUSE Feature Update: Feature update for grub2 ______________________________________________________________________________ Announcement ID: SUSE-FU-2022:3845-1 Rating: important References: #1196668 #1201361 PED-1091 PED-1423 PED-2150 PED-2151 Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Micro 5.3 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Module for SUSE Manager Proxy 4.3 SUSE Linux Enterprise Module for Server Applications 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has two feature fixes and contains four features can now be installed. Description: This feature update for grub2 fixes the following issues: - Include loopback into signed grub2 image (jsc#PED-2151, jsc#PED-2150) - Enable "Automatic TPM Disk Unlock" mechanism (jsc#PED-1423, jsc#PED-1091, bsc#1196668) - Fix installation failure due to unavailable nvram device on ppc64le (bsc#1201361) Patch Instructions: To install this SUSE Feature Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-3845=1 - SUSE Linux Enterprise Module for Server Applications 15-SP4: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP4-2022-3845=1 - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.3: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Proxy-4.3-2022-3845=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-3845=1 - SUSE Linux Enterprise Micro 5.3: zypper in -t patch SUSE-SLE-Micro-5.3-2022-3845=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): grub2-2.06-150400.11.12.1 grub2-branding-upstream-2.06-150400.11.12.1 grub2-debuginfo-2.06-150400.11.12.1 - openSUSE Leap 15.4 (aarch64 s390x x86_64): grub2-debugsource-2.06-150400.11.12.1 - openSUSE Leap 15.4 (noarch): grub2-arm64-efi-2.06-150400.11.12.1 grub2-arm64-efi-debug-2.06-150400.11.12.1 grub2-i386-pc-2.06-150400.11.12.1 grub2-i386-pc-debug-2.06-150400.11.12.1 grub2-powerpc-ieee1275-2.06-150400.11.12.1 grub2-powerpc-ieee1275-debug-2.06-150400.11.12.1 grub2-snapper-plugin-2.06-150400.11.12.1 grub2-systemd-sleep-plugin-2.06-150400.11.12.1 grub2-x86_64-efi-2.06-150400.11.12.1 grub2-x86_64-efi-debug-2.06-150400.11.12.1 grub2-x86_64-xen-2.06-150400.11.12.1 - openSUSE Leap 15.4 (s390x): grub2-s390x-emu-2.06-150400.11.12.1 grub2-s390x-emu-debug-2.06-150400.11.12.1 - SUSE Linux Enterprise Module for Server Applications 15-SP4 (noarch): grub2-x86_64-xen-2.06-150400.11.12.1 - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.3 (noarch): grub2-arm64-efi-2.06-150400.11.12.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): grub2-2.06-150400.11.12.1 grub2-debuginfo-2.06-150400.11.12.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 s390x x86_64): grub2-debugsource-2.06-150400.11.12.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (noarch): grub2-arm64-efi-2.06-150400.11.12.1 grub2-i386-pc-2.06-150400.11.12.1 grub2-powerpc-ieee1275-2.06-150400.11.12.1 grub2-snapper-plugin-2.06-150400.11.12.1 grub2-systemd-sleep-plugin-2.06-150400.11.12.1 grub2-x86_64-efi-2.06-150400.11.12.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (s390x): grub2-s390x-emu-2.06-150400.11.12.1 - SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64): grub2-2.06-150400.11.12.1 grub2-debuginfo-2.06-150400.11.12.1 grub2-debugsource-2.06-150400.11.12.1 - SUSE Linux Enterprise Micro 5.3 (noarch): grub2-arm64-efi-2.06-150400.11.12.1 grub2-i386-pc-2.06-150400.11.12.1 grub2-snapper-plugin-2.06-150400.11.12.1 grub2-x86_64-efi-2.06-150400.11.12.1 grub2-x86_64-xen-2.06-150400.11.12.1 - SUSE Linux Enterprise Micro 5.3 (s390x): grub2-s390x-emu-2.06-150400.11.12.1 References: https://bugzilla.suse.com/1196668 https://bugzilla.suse.com/1201361 From sle-updates at lists.suse.com Wed Nov 2 17:20:55 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 2 Nov 2022 18:20:55 +0100 (CET) Subject: SUSE-RU-2022:3852-1: important: Recommended update for rsync Message-ID: <20221102172055.6EDA1FDB8@maintenance.suse.de> SUSE Recommended Update: Recommended update for rsync ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:3852-1 Rating: important References: #1202970 Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Storage 7.1 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 openSUSE Leap Micro 5.2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for rsync fixes the following issues: - Add support for `--trust-sender` parameter (bsc#1202970) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap Micro 5.2: zypper in -t patch openSUSE-Leap-Micro-5.2-2022-3852=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-3852=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-3852=1 - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-3852=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-3852=1 Package List: - openSUSE Leap Micro 5.2 (aarch64 x86_64): rsync-3.1.3-150000.4.18.1 rsync-debuginfo-3.1.3-150000.4.18.1 rsync-debugsource-3.1.3-150000.4.18.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): rsync-3.1.3-150000.4.18.1 rsync-debuginfo-3.1.3-150000.4.18.1 rsync-debugsource-3.1.3-150000.4.18.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): rsync-3.1.3-150000.4.18.1 rsync-debuginfo-3.1.3-150000.4.18.1 rsync-debugsource-3.1.3-150000.4.18.1 - SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64): rsync-3.1.3-150000.4.18.1 rsync-debuginfo-3.1.3-150000.4.18.1 rsync-debugsource-3.1.3-150000.4.18.1 - SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64): rsync-3.1.3-150000.4.18.1 rsync-debuginfo-3.1.3-150000.4.18.1 rsync-debugsource-3.1.3-150000.4.18.1 References: https://bugzilla.suse.com/1202970 From sle-updates at lists.suse.com Wed Nov 2 17:22:05 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 2 Nov 2022 18:22:05 +0100 (CET) Subject: SUSE-SU-2022:3857-1: important: Security update for xorg-x11-server Message-ID: <20221102172205.3A439FDB8@maintenance.suse.de> SUSE Security Update: Security update for xorg-x11-server ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3857-1 Rating: important References: #1204412 #1204416 Cross-References: CVE-2022-3550 CVE-2022-3551 CVSS scores: CVE-2022-3550 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-3550 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3551 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-3551 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE Enterprise Storage 7 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Development Tools 15-SP3 SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Linux Enterprise Storage 7.1 SUSE Linux Enterprise Workstation Extension 15-SP3 SUSE Linux Enterprise Workstation Extension 15-SP4 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.1 SUSE Manager Retail Branch Server 4.2 SUSE Manager Server 4.1 SUSE Manager Server 4.2 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for xorg-x11-server fixes the following issues: - CVE-2022-3550: Fixed out of bounds read/write in _GetCountedString() (bsc#1204412). - CVE-2022-3551: Fixed various leaks of the return value of GetComponentSpec() (bsc#1204416). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-3857=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-3857=1 - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-3857=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-3857=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-3857=1 - SUSE Linux Enterprise Workstation Extension 15-SP4: zypper in -t patch SUSE-SLE-Product-WE-15-SP4-2022-3857=1 - SUSE Linux Enterprise Workstation Extension 15-SP3: zypper in -t patch SUSE-SLE-Product-WE-15-SP3-2022-3857=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-3857=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-3857=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-3857=1 - SUSE Linux Enterprise Module for Development Tools 15-SP3: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2022-3857=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-3857=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-3857=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-3857=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-3857=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): xorg-x11-server-wayland-1.20.3-150200.22.5.58.1 xorg-x11-server-wayland-debuginfo-1.20.3-150200.22.5.58.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): xorg-x11-server-1.20.3-150200.22.5.58.1 xorg-x11-server-debuginfo-1.20.3-150200.22.5.58.1 xorg-x11-server-debugsource-1.20.3-150200.22.5.58.1 xorg-x11-server-extra-1.20.3-150200.22.5.58.1 xorg-x11-server-extra-debuginfo-1.20.3-150200.22.5.58.1 xorg-x11-server-sdk-1.20.3-150200.22.5.58.1 xorg-x11-server-source-1.20.3-150200.22.5.58.1 xorg-x11-server-wayland-1.20.3-150200.22.5.58.1 xorg-x11-server-wayland-debuginfo-1.20.3-150200.22.5.58.1 - SUSE Manager Server 4.1 (ppc64le s390x x86_64): xorg-x11-server-1.20.3-150200.22.5.58.1 xorg-x11-server-debuginfo-1.20.3-150200.22.5.58.1 xorg-x11-server-debugsource-1.20.3-150200.22.5.58.1 xorg-x11-server-extra-1.20.3-150200.22.5.58.1 xorg-x11-server-extra-debuginfo-1.20.3-150200.22.5.58.1 xorg-x11-server-sdk-1.20.3-150200.22.5.58.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): xorg-x11-server-1.20.3-150200.22.5.58.1 xorg-x11-server-debuginfo-1.20.3-150200.22.5.58.1 xorg-x11-server-debugsource-1.20.3-150200.22.5.58.1 xorg-x11-server-extra-1.20.3-150200.22.5.58.1 xorg-x11-server-extra-debuginfo-1.20.3-150200.22.5.58.1 xorg-x11-server-sdk-1.20.3-150200.22.5.58.1 - SUSE Manager Proxy 4.1 (x86_64): xorg-x11-server-1.20.3-150200.22.5.58.1 xorg-x11-server-debuginfo-1.20.3-150200.22.5.58.1 xorg-x11-server-debugsource-1.20.3-150200.22.5.58.1 xorg-x11-server-extra-1.20.3-150200.22.5.58.1 xorg-x11-server-extra-debuginfo-1.20.3-150200.22.5.58.1 xorg-x11-server-sdk-1.20.3-150200.22.5.58.1 - SUSE Linux Enterprise Workstation Extension 15-SP4 (x86_64): xorg-x11-server-debuginfo-1.20.3-150200.22.5.58.1 xorg-x11-server-debugsource-1.20.3-150200.22.5.58.1 xorg-x11-server-wayland-1.20.3-150200.22.5.58.1 xorg-x11-server-wayland-debuginfo-1.20.3-150200.22.5.58.1 - SUSE Linux Enterprise Workstation Extension 15-SP3 (x86_64): xorg-x11-server-debuginfo-1.20.3-150200.22.5.58.1 xorg-x11-server-debugsource-1.20.3-150200.22.5.58.1 xorg-x11-server-wayland-1.20.3-150200.22.5.58.1 xorg-x11-server-wayland-debuginfo-1.20.3-150200.22.5.58.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): xorg-x11-server-1.20.3-150200.22.5.58.1 xorg-x11-server-debuginfo-1.20.3-150200.22.5.58.1 xorg-x11-server-debugsource-1.20.3-150200.22.5.58.1 xorg-x11-server-extra-1.20.3-150200.22.5.58.1 xorg-x11-server-extra-debuginfo-1.20.3-150200.22.5.58.1 xorg-x11-server-sdk-1.20.3-150200.22.5.58.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): xorg-x11-server-1.20.3-150200.22.5.58.1 xorg-x11-server-debuginfo-1.20.3-150200.22.5.58.1 xorg-x11-server-debugsource-1.20.3-150200.22.5.58.1 xorg-x11-server-extra-1.20.3-150200.22.5.58.1 xorg-x11-server-extra-debuginfo-1.20.3-150200.22.5.58.1 xorg-x11-server-sdk-1.20.3-150200.22.5.58.1 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): xorg-x11-server-1.20.3-150200.22.5.58.1 xorg-x11-server-debuginfo-1.20.3-150200.22.5.58.1 xorg-x11-server-debugsource-1.20.3-150200.22.5.58.1 xorg-x11-server-extra-1.20.3-150200.22.5.58.1 xorg-x11-server-extra-debuginfo-1.20.3-150200.22.5.58.1 xorg-x11-server-sdk-1.20.3-150200.22.5.58.1 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 ppc64le s390x x86_64): xorg-x11-server-debuginfo-1.20.3-150200.22.5.58.1 xorg-x11-server-debugsource-1.20.3-150200.22.5.58.1 xorg-x11-server-sdk-1.20.3-150200.22.5.58.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): xorg-x11-server-1.20.3-150200.22.5.58.1 xorg-x11-server-debuginfo-1.20.3-150200.22.5.58.1 xorg-x11-server-debugsource-1.20.3-150200.22.5.58.1 xorg-x11-server-extra-1.20.3-150200.22.5.58.1 xorg-x11-server-extra-debuginfo-1.20.3-150200.22.5.58.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): xorg-x11-server-1.20.3-150200.22.5.58.1 xorg-x11-server-debuginfo-1.20.3-150200.22.5.58.1 xorg-x11-server-debugsource-1.20.3-150200.22.5.58.1 xorg-x11-server-extra-1.20.3-150200.22.5.58.1 xorg-x11-server-extra-debuginfo-1.20.3-150200.22.5.58.1 xorg-x11-server-sdk-1.20.3-150200.22.5.58.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): xorg-x11-server-1.20.3-150200.22.5.58.1 xorg-x11-server-debuginfo-1.20.3-150200.22.5.58.1 xorg-x11-server-debugsource-1.20.3-150200.22.5.58.1 xorg-x11-server-extra-1.20.3-150200.22.5.58.1 xorg-x11-server-extra-debuginfo-1.20.3-150200.22.5.58.1 xorg-x11-server-sdk-1.20.3-150200.22.5.58.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): xorg-x11-server-1.20.3-150200.22.5.58.1 xorg-x11-server-debuginfo-1.20.3-150200.22.5.58.1 xorg-x11-server-debugsource-1.20.3-150200.22.5.58.1 xorg-x11-server-extra-1.20.3-150200.22.5.58.1 xorg-x11-server-extra-debuginfo-1.20.3-150200.22.5.58.1 xorg-x11-server-sdk-1.20.3-150200.22.5.58.1 References: https://www.suse.com/security/cve/CVE-2022-3550.html https://www.suse.com/security/cve/CVE-2022-3551.html https://bugzilla.suse.com/1204412 https://bugzilla.suse.com/1204416 From sle-updates at lists.suse.com Wed Nov 2 17:23:12 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 2 Nov 2022 18:23:12 +0100 (CET) Subject: SUSE-RU-2022:3848-1: important: Recommended update for powerpc-utils Message-ID: <20221102172312.2EDB9FDB8@maintenance.suse.de> SUSE Recommended Update: Recommended update for powerpc-utils ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:3848-1 Rating: important References: #1202777 Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for powerpc-utils fixes the following issues: - Fix `lsslot -c mem` output when LMB size is set to 4GB (bsc#1202777) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-3848=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-3848=1 Package List: - openSUSE Leap 15.4 (ppc64le): powerpc-utils-1.3.10-150400.19.6.1 powerpc-utils-debuginfo-1.3.10-150400.19.6.1 powerpc-utils-debugsource-1.3.10-150400.19.6.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (ppc64le): powerpc-utils-1.3.10-150400.19.6.1 powerpc-utils-debuginfo-1.3.10-150400.19.6.1 powerpc-utils-debugsource-1.3.10-150400.19.6.1 References: https://bugzilla.suse.com/1202777 From sle-updates at lists.suse.com Wed Nov 2 17:23:44 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 2 Nov 2022 18:23:44 +0100 (CET) Subject: SUSE-RU-2022:3849-1: important: Recommended update for powerpc-utils Message-ID: <20221102172344.D7B31FDB8@maintenance.suse.de> SUSE Recommended Update: Recommended update for powerpc-utils ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:3849-1 Rating: important References: #1202777 Affected Products: SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for powerpc-utils fixes the following issues: - Fix `lsslot -c mem` output when LMB size is set to 4GB (bsc#1202777) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-3849=1 Package List: - SUSE Linux Enterprise Server 12-SP5 (ppc64le): powerpc-utils-1.3.9-8.14.1 powerpc-utils-debuginfo-1.3.9-8.14.1 powerpc-utils-debugsource-1.3.9-8.14.1 References: https://bugzilla.suse.com/1202777 From sle-updates at lists.suse.com Wed Nov 2 17:25:38 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 2 Nov 2022 18:25:38 +0100 (CET) Subject: SUSE-RU-2022:3855-1: important: Recommended update for mariadb Message-ID: <20221102172538.C92FAFDB8@maintenance.suse.de> SUSE Recommended Update: Recommended update for mariadb ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:3855-1 Rating: important References: #1202863 Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Server Applications 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for mariadb fixes the following issues: Update version from 10.6.9 to 10.6.10: - Fix regression causing full text index corruption if shutdown before changes are fully flushed - Fix regression causing frequent "Data structure corruption" in InnoDB after OOM - Fix incorrect recovery or backup of instant ALTER TABLE - Fix issue with InnoDB Temporary Tablespace (ibtmp1) causing it to continuously grow in size until the disk is full - For full list of changes please check https://mariadb.com/kb/en/library/mariadb-10610-release-notes and https://mariadb.com/kb/en/library/mariadb-10610-changelog Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-3855=1 - SUSE Linux Enterprise Module for Server Applications 15-SP4: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP4-2022-3855=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): libmariadbd-devel-10.6.10-150400.3.17.1 libmariadbd19-10.6.10-150400.3.17.1 libmariadbd19-debuginfo-10.6.10-150400.3.17.1 mariadb-10.6.10-150400.3.17.1 mariadb-bench-10.6.10-150400.3.17.1 mariadb-bench-debuginfo-10.6.10-150400.3.17.1 mariadb-client-10.6.10-150400.3.17.1 mariadb-client-debuginfo-10.6.10-150400.3.17.1 mariadb-debuginfo-10.6.10-150400.3.17.1 mariadb-debugsource-10.6.10-150400.3.17.1 mariadb-galera-10.6.10-150400.3.17.1 mariadb-rpm-macros-10.6.10-150400.3.17.1 mariadb-test-10.6.10-150400.3.17.1 mariadb-test-debuginfo-10.6.10-150400.3.17.1 mariadb-tools-10.6.10-150400.3.17.1 mariadb-tools-debuginfo-10.6.10-150400.3.17.1 - openSUSE Leap 15.4 (noarch): mariadb-errormessages-10.6.10-150400.3.17.1 - SUSE Linux Enterprise Module for Server Applications 15-SP4 (aarch64 ppc64le s390x x86_64): libmariadbd-devel-10.6.10-150400.3.17.1 libmariadbd19-10.6.10-150400.3.17.1 libmariadbd19-debuginfo-10.6.10-150400.3.17.1 mariadb-10.6.10-150400.3.17.1 mariadb-client-10.6.10-150400.3.17.1 mariadb-client-debuginfo-10.6.10-150400.3.17.1 mariadb-debuginfo-10.6.10-150400.3.17.1 mariadb-debugsource-10.6.10-150400.3.17.1 mariadb-tools-10.6.10-150400.3.17.1 mariadb-tools-debuginfo-10.6.10-150400.3.17.1 - SUSE Linux Enterprise Module for Server Applications 15-SP4 (noarch): mariadb-errormessages-10.6.10-150400.3.17.1 References: https://www.suse.com/security/cve/CVE-2022-38791.html https://bugzilla.suse.com/1202863 From sle-updates at lists.suse.com Wed Nov 2 17:26:26 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 2 Nov 2022 18:26:26 +0100 (CET) Subject: SUSE-SU-2022:3856-1: important: Security update for xorg-x11-server Message-ID: <20221102172626.38FA5FDB8@maintenance.suse.de> SUSE Security Update: Security update for xorg-x11-server ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3856-1 Rating: important References: #1204412 #1204416 Cross-References: CVE-2022-3550 CVE-2022-3551 CVSS scores: CVE-2022-3550 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-3550 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3551 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-3551 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server for SAP 15-SP1 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for xorg-x11-server fixes the following issues: - CVE-2022-3550: Fixed out of bounds read/write in _GetCountedString() (bsc#1204412). - CVE-2022-3551: Fixed various leaks of the return value of GetComponentSpec() (bsc#1204416). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-3856=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-3856=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-3856=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-3856=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-3856=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-3856=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): xorg-x11-server-1.20.3-150100.14.5.28.1 xorg-x11-server-debuginfo-1.20.3-150100.14.5.28.1 xorg-x11-server-debugsource-1.20.3-150100.14.5.28.1 xorg-x11-server-extra-1.20.3-150100.14.5.28.1 xorg-x11-server-extra-debuginfo-1.20.3-150100.14.5.28.1 xorg-x11-server-sdk-1.20.3-150100.14.5.28.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): xorg-x11-server-1.20.3-150100.14.5.28.1 xorg-x11-server-debuginfo-1.20.3-150100.14.5.28.1 xorg-x11-server-debugsource-1.20.3-150100.14.5.28.1 xorg-x11-server-extra-1.20.3-150100.14.5.28.1 xorg-x11-server-extra-debuginfo-1.20.3-150100.14.5.28.1 xorg-x11-server-sdk-1.20.3-150100.14.5.28.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): xorg-x11-server-1.20.3-150100.14.5.28.1 xorg-x11-server-debuginfo-1.20.3-150100.14.5.28.1 xorg-x11-server-debugsource-1.20.3-150100.14.5.28.1 xorg-x11-server-extra-1.20.3-150100.14.5.28.1 xorg-x11-server-extra-debuginfo-1.20.3-150100.14.5.28.1 xorg-x11-server-sdk-1.20.3-150100.14.5.28.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): xorg-x11-server-1.20.3-150100.14.5.28.1 xorg-x11-server-debuginfo-1.20.3-150100.14.5.28.1 xorg-x11-server-debugsource-1.20.3-150100.14.5.28.1 xorg-x11-server-extra-1.20.3-150100.14.5.28.1 xorg-x11-server-extra-debuginfo-1.20.3-150100.14.5.28.1 xorg-x11-server-sdk-1.20.3-150100.14.5.28.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): xorg-x11-server-1.20.3-150100.14.5.28.1 xorg-x11-server-debuginfo-1.20.3-150100.14.5.28.1 xorg-x11-server-debugsource-1.20.3-150100.14.5.28.1 xorg-x11-server-extra-1.20.3-150100.14.5.28.1 xorg-x11-server-extra-debuginfo-1.20.3-150100.14.5.28.1 xorg-x11-server-sdk-1.20.3-150100.14.5.28.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): xorg-x11-server-1.20.3-150100.14.5.28.1 xorg-x11-server-debuginfo-1.20.3-150100.14.5.28.1 xorg-x11-server-debugsource-1.20.3-150100.14.5.28.1 xorg-x11-server-extra-1.20.3-150100.14.5.28.1 xorg-x11-server-extra-debuginfo-1.20.3-150100.14.5.28.1 xorg-x11-server-sdk-1.20.3-150100.14.5.28.1 - SUSE CaaS Platform 4.0 (x86_64): xorg-x11-server-1.20.3-150100.14.5.28.1 xorg-x11-server-debuginfo-1.20.3-150100.14.5.28.1 xorg-x11-server-debugsource-1.20.3-150100.14.5.28.1 xorg-x11-server-extra-1.20.3-150100.14.5.28.1 xorg-x11-server-extra-debuginfo-1.20.3-150100.14.5.28.1 xorg-x11-server-sdk-1.20.3-150100.14.5.28.1 References: https://www.suse.com/security/cve/CVE-2022-3550.html https://www.suse.com/security/cve/CVE-2022-3551.html https://bugzilla.suse.com/1204412 https://bugzilla.suse.com/1204416 From sle-updates at lists.suse.com Wed Nov 2 17:27:22 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 2 Nov 2022 18:27:22 +0100 (CET) Subject: SUSE-RU-2022:3851-1: important: Recommended update for rsync Message-ID: <20221102172722.72992FDB8@maintenance.suse.de> SUSE Recommended Update: Recommended update for rsync ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:3851-1 Rating: important References: #1202970 #1204538 Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Micro 5.3 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for rsync fixes the following issues: - Fix regression with `--delay-updates` where files never update after interruption (bsc#1204538) - Add support for `--trust-sender` parameter (bsc#1202970) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-3851=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-3851=1 - SUSE Linux Enterprise Micro 5.3: zypper in -t patch SUSE-SLE-Micro-5.3-2022-3851=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): rsync-3.2.3-150400.3.8.1 rsync-debuginfo-3.2.3-150400.3.8.1 rsync-debugsource-3.2.3-150400.3.8.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): rsync-3.2.3-150400.3.8.1 rsync-debuginfo-3.2.3-150400.3.8.1 rsync-debugsource-3.2.3-150400.3.8.1 - SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64): rsync-3.2.3-150400.3.8.1 rsync-debuginfo-3.2.3-150400.3.8.1 rsync-debugsource-3.2.3-150400.3.8.1 References: https://bugzilla.suse.com/1202970 https://bugzilla.suse.com/1204538 From sle-updates at lists.suse.com Wed Nov 2 17:28:10 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 2 Nov 2022 18:28:10 +0100 (CET) Subject: SUSE-RU-2022:3853-1: important: Recommended update for rsync Message-ID: <20221102172810.98329FDB8@maintenance.suse.de> SUSE Recommended Update: Recommended update for rsync ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:3853-1 Rating: important References: #1202970 Affected Products: SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for rsync fixes the following issues: - Add support for `--trust-sender` parameter (bsc#1202970) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-3853=1 Package List: - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): rsync-3.1.3-3.14.1 rsync-debuginfo-3.1.3-3.14.1 rsync-debugsource-3.1.3-3.14.1 References: https://bugzilla.suse.com/1202970 From sle-updates at lists.suse.com Wed Nov 2 17:29:43 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 2 Nov 2022 18:29:43 +0100 (CET) Subject: SUSE-SU-2022:3850-1: important: Security update for xorg-x11-server Message-ID: <20221102172943.1EBDBFDB8@maintenance.suse.de> SUSE Security Update: Security update for xorg-x11-server ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3850-1 Rating: important References: #1204412 #1204416 Cross-References: CVE-2022-3550 CVE-2022-3551 CVSS scores: CVE-2022-3550 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-3550 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3551 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-3551 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server for SAP 15 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for xorg-x11-server fixes the following issues: - CVE-2022-3550: Fixed out of bounds read/write in _GetCountedString() (bsc#1204412). - CVE-2022-3551: Fixed various leaks of the return value of GetComponentSpec() (bsc#1204416). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-3850=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2022-3850=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-3850=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-3850=1 Package List: - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): xorg-x11-server-1.19.6-150000.8.42.1 xorg-x11-server-debuginfo-1.19.6-150000.8.42.1 xorg-x11-server-debugsource-1.19.6-150000.8.42.1 xorg-x11-server-extra-1.19.6-150000.8.42.1 xorg-x11-server-extra-debuginfo-1.19.6-150000.8.42.1 xorg-x11-server-sdk-1.19.6-150000.8.42.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): xorg-x11-server-1.19.6-150000.8.42.1 xorg-x11-server-debuginfo-1.19.6-150000.8.42.1 xorg-x11-server-debugsource-1.19.6-150000.8.42.1 xorg-x11-server-extra-1.19.6-150000.8.42.1 xorg-x11-server-extra-debuginfo-1.19.6-150000.8.42.1 xorg-x11-server-sdk-1.19.6-150000.8.42.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): xorg-x11-server-1.19.6-150000.8.42.1 xorg-x11-server-debuginfo-1.19.6-150000.8.42.1 xorg-x11-server-debugsource-1.19.6-150000.8.42.1 xorg-x11-server-extra-1.19.6-150000.8.42.1 xorg-x11-server-extra-debuginfo-1.19.6-150000.8.42.1 xorg-x11-server-sdk-1.19.6-150000.8.42.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): xorg-x11-server-1.19.6-150000.8.42.1 xorg-x11-server-debuginfo-1.19.6-150000.8.42.1 xorg-x11-server-debugsource-1.19.6-150000.8.42.1 xorg-x11-server-extra-1.19.6-150000.8.42.1 xorg-x11-server-extra-debuginfo-1.19.6-150000.8.42.1 xorg-x11-server-sdk-1.19.6-150000.8.42.1 References: https://www.suse.com/security/cve/CVE-2022-3550.html https://www.suse.com/security/cve/CVE-2022-3551.html https://bugzilla.suse.com/1204412 https://bugzilla.suse.com/1204416 From sle-updates at lists.suse.com Wed Nov 2 17:30:30 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 2 Nov 2022 18:30:30 +0100 (CET) Subject: SUSE-FU-2022:3847-1: important: Feature update for powerpc-utils Message-ID: <20221102173030.2982DFDB8@maintenance.suse.de> SUSE Feature Update: Feature update for powerpc-utils ______________________________________________________________________________ Announcement ID: SUSE-FU-2022:3847-1 Rating: important References: #1198956 #1200465 #1202777 PED-1946 SLE-18129 SLE-18644 Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Storage 7.1 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 ______________________________________________________________________________ An update that has three feature fixes and contains three features can now be installed. Description: This feature update for powerpc-utils fixes the following issues: Version update from 1.3.9 to 1.3.10 (jsc#PED-1946): - Fix `lsslot -c mem` output when LMB size is set to 4GB (bsc#1202777) - ppc64_cpu: Add support to parse PAPR information for energy and frequency (bsc#1200465, jsc#SLE-18129, jsc#PED-519) - powerpc-utils: Enhance error message when `lparstat -E` fails on max config systems (bsc#1198956) - drmgr: Add support for 'acc' command (jsc#SLE-18644) - hcn-init.service: Add 'RemainAfterExit=yes' - man/drmgr: fix multiple typos - hcnmgr: Add new feature "wicked" in HNV FEATURE list - hcnmgr: Update Makefile and powerpc-utils spec file to support HNV and wicked - hcnmgr: Fix NM HNV setting primary slave - hcnmgr: Add hcn-init.service.suse - hcnmgr: Maintain hcnid state for later cleanup - hcnmgr: Support wicked HNV using new wicked functions for bonding - hcnmgr: Add new wicked functions for SUSE to manage bonding - hcnmgr: Factor out NetworkManager `nmcli` code - hcnmgr: Validate connection manager and add tracing option - bootlist: Fix invalid hex number message - bootlist: Fix passing `-l` flag to `kpartx` as `-p` delimiter value - lsslot: Fix memory leak when listing IO slots - lsslot: Add new DRC type description strings for latest PCIe slot types - lparstat: Report LPAR name from lparcfg - errinjct: Sanitize devspec output of a newline if one is present - lparstat: Fix reported online memory in legacy format - ofpathname: Add support for NVMf devices - ofpathname: Fix nvme support in ANA mode - hcnmgr: Support vNIC as backup device - hcnmgr: Avoid hexdump squeezing consecutive identical bytes - lsdevinfo: Optimize criteria filtering Patch Instructions: To install this SUSE Feature Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-3847=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-3847=1 Package List: - openSUSE Leap 15.3 (ppc64le): powerpc-utils-1.3.10-150300.9.26.1 powerpc-utils-debuginfo-1.3.10-150300.9.26.1 powerpc-utils-debugsource-1.3.10-150300.9.26.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (ppc64le): powerpc-utils-1.3.10-150300.9.26.1 powerpc-utils-debuginfo-1.3.10-150300.9.26.1 powerpc-utils-debugsource-1.3.10-150300.9.26.1 References: https://bugzilla.suse.com/1198956 https://bugzilla.suse.com/1200465 https://bugzilla.suse.com/1202777 From sle-updates at lists.suse.com Wed Nov 2 20:19:39 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 2 Nov 2022 21:19:39 +0100 (CET) Subject: SUSE-SU-2022:3307-2: moderate: Security update for sqlite3 Message-ID: <20221102201939.57165FDB8@maintenance.suse.de> SUSE Security Update: Security update for sqlite3 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3307-2 Rating: moderate References: #1189802 #1195773 #1201783 Cross-References: CVE-2021-36690 CVE-2022-35737 CVSS scores: CVE-2021-36690 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-36690 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-35737 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-35737 (SUSE): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Enterprise Storage 7 SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise Micro 5.3 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Manager Proxy 4.1 SUSE Manager Retail Branch Server 4.1 SUSE Manager Server 4.1 ______________________________________________________________________________ An update that solves two vulnerabilities and has one errata is now available. Description: This update for sqlite3 fixes the following issues: Security issues fixed: - CVE-2022-35737: Fixed an array-bounds overflow if billions of bytes are used in a string argument to a C API (bnc#1201783). - CVE-2021-36690: Fixed an issue with the SQLite Expert extension when a column has no collating sequence (bsc#1189802). - Package the Tcl bindings here again so that we only ship one copy of SQLite (bsc#1195773). sqlite was updated to 3.39.3: * Use a statement journal on DML statement affecting two or more database rows if the statement makes use of a SQL functions that might abort. * Use a mutex to protect the PRAGMA temp_store_directory and PRAGMA data_store_directory statements, even though they are decremented and documented as not being threadsafe. Update to 3.39.2: * Fix a performance regression in the query planner associated with rearranging the order of FROM clause terms in the presences of a LEFT JOIN. * Apply fixes for CVE-2022-35737, Chromium bugs 1343348 and 1345947, forum post 3607259d3c, and other minor problems discovered by internal testing. [boo#1201783] Update to 3.39.1: * Fix an incorrect result from a query that uses a view that contains a compound SELECT in which only one arm contains a RIGHT JOIN and where the view is not the first FROM clause term of the query that contains the view * Fix a long-standing problem with ALTER TABLE RENAME that can only arise if the sqlite3_limit(SQLITE_LIMIT_SQL_LENGTH) is set to a very small value. * Fix a long-standing problem in FTS3 that can only arise when compiled with the SQLITE_ENABLE_FTS3_PARENTHESIS compile-time option. * Fix the initial-prefix optimization for the REGEXP extension so that it works correctly even if the prefix contains characters that require a 3-byte UTF8 encoding. * Enhance the sqlite_stmt virtual table so that it buffers all of its output. Update to 3.39.0: * Add (long overdue) support for RIGHT and FULL OUTER JOIN * Add new binary comparison operators IS NOT DISTINCT FROM and IS DISTINCT FROM that are equivalent to IS and IS NOT, respective, for compatibility with PostgreSQL and SQL standards * Add a new return code (value "3") from the sqlite3_vtab_distinct() interface that indicates a query that has both DISTINCT and ORDER BY clauses * Added the sqlite3_db_name() interface * The unix os interface resolves all symbolic links in database filenames to create a canonical name for the database before the file is opened * Defer materializing views until the materialization is actually needed, thus avoiding unnecessary work if the materialization turns out to never be used * The HAVING clause of a SELECT statement is now allowed on any aggregate query, even queries that do not have a GROUP BY clause * Many microoptimizations collectively reduce CPU cycles by about 2.3%. Update to 3.38.5: * Fix a blunder in the CLI of the 3.38.4 release Update to 3.38.4: * fix a byte-code problem in the Bloom filter pull-down optimization added by release 3.38.0 in which an error in the byte code causes the byte code engine to enter an infinite loop when the pull-down optimization encounters a NULL key Update to 3.38.3: * Fix a case of the query planner be overly aggressive with optimizing automatic-index and Bloom-filter construction, using inappropriate ON clause terms to restrict the size of the automatic-index or Bloom filter, and resulting in missing rows in the output. * Other minor patches. See the timeline for details. Update to 3.38.2: * Fix a problem with the Bloom filter optimization that might cause an incorrect answer when doing a LEFT JOIN with a WHERE clause constraint that says that one of the columns on the right table of the LEFT JOIN is NULL. * Other minor patches. - Package the Tcl bindings here again so that we only ship one copy of SQLite (bsc#1195773). Update to 3.38.1: * Fix problems with the new Bloom filter optimization that might cause some obscure queries to get an incorrect answer. * Fix the localtime modifier of the date and time functions so that it preserves fractional seconds. * Fix the sqlite_offset SQL function so that it works correctly even in corner cases such as when the argument is a virtual column or the column of a view. * Fix row value IN operator constraints on virtual tables so that they work correctly even if the virtual table implementation relies on bytecode to filter rows that do not satisfy the constraint. * Other minor fixes to assert() statements, test cases, and documentation. See the source code timeline for details. Update to 3.38.0 * Add the -> and ->> operators for easier processing of JSON * The JSON functions are now built-ins * Enhancements to date and time functions * Rename the printf() SQL function to format() for better compatibility, with alias for backwards compatibility. * Add the sqlite3_error_offset() interface for helping localize an SQL error to a specific character in the input SQL text * Enhance the interface to virtual tables * CLI columnar output modes are enhanced to correctly handle tabs and newlines embedded in text, and add options like "--wrap N", "--wordwrap on", and "--quote" to the columnar output modes. * Query planner enhancements using a Bloom filter to speed up large analytic queries, and a balanced merge tree to evaluate UNION or UNION ALL compound SELECT statements that have an ORDER BY clause. * The ALTER TABLE statement is changed to silently ignores entries in the sqlite_schema table that do not parse when PRAGMA writable_schema=ON Update to 3.37.2: * Fix a bug introduced in version 3.35.0 (2021-03-12) that can cause database corruption if a SAVEPOINT is rolled back while in PRAGMA temp_store=MEMORY mode, and other changes are made, and then the outer transaction commits * Fix a long-standing problem with ON DELETE CASCADE and ON UPDATE CASCADE in which a cache of the bytecode used to implement the cascading change was not being reset following a local DDL change Update to 3.37.1: * Fix a bug introduced by the UPSERT enhancements of version 3.35.0 that can cause incorrect byte-code to be generated for some obscure but valid SQL, possibly resulting in a NULL- pointer dereference. * Fix an OOB read that can occur in FTS5 when reading corrupt database files. * Improved robustness of the --safe option in the CLI. * Other minor fixes to assert() statements and test cases. Updated to 3.37.0: * STRICT tables provide a prescriptive style of data type management, for developers who prefer that kind of thing. * When adding columns that contain a CHECK constraint or a generated column containing a NOT NULL constraint, the ALTER TABLE ADD COLUMN now checks new constraints against preexisting rows in the database and will only proceed if no constraints are violated. * Added the PRAGMA table_list statement. * Add the .connection command, allowing the CLI to keep multiple database connections open at the same time. * Add the --safe command-line option that disables dot-commands and SQL statements that might cause side-effects that extend beyond the single database file named on the command-line. * CLI: Performance improvements when reading SQL statements that span many lines. * Added the sqlite3_autovacuum_pages() interface. * The sqlite3_deserialize() does not and has never worked for the TEMP database. That limitation is now noted in the documentation. * The query planner now omits ORDER BY clauses on subqueries and views if removing those clauses does not change the semantics of the query. * The generate_series table-valued function extension is modified so that the first parameter ("START") is now required. This is done as a way to demonstrate how to write table-valued functions with required parameters. The legacy behavior is available using the -DZERO_ARGUMENT_GENERATE_SERIES compile-time option. * Added new sqlite3_changes64() and sqlite3_total_changes64() interfaces. * Added the SQLITE_OPEN_EXRESCODE flag option to sqlite3_open_v2(). * Use less memory to hold the database schema. * bsc#1189802, CVE-2021-36690: Fix an issue with the SQLite Expert extension when a column has no collating sequence. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-3307=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-3307=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-3307=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-3307=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-3307=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-3307=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-3307=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-3307=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-3307=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-3307=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2022-3307=1 - SUSE Linux Enterprise Micro 5.3: zypper in -t patch SUSE-SLE-Micro-5.3-2022-3307=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-3307=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-3307=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-3307=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-3307=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-3307=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-3307=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-3307=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-3307=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Manager Server 4.1 (ppc64le s390x x86_64): libsqlite3-0-3.39.3-150000.3.17.1 libsqlite3-0-debuginfo-3.39.3-150000.3.17.1 sqlite3-3.39.3-150000.3.17.1 sqlite3-debuginfo-3.39.3-150000.3.17.1 sqlite3-debugsource-3.39.3-150000.3.17.1 sqlite3-devel-3.39.3-150000.3.17.1 sqlite3-tcl-3.39.3-150000.3.17.1 - SUSE Manager Server 4.1 (x86_64): libsqlite3-0-32bit-3.39.3-150000.3.17.1 libsqlite3-0-32bit-debuginfo-3.39.3-150000.3.17.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): libsqlite3-0-3.39.3-150000.3.17.1 libsqlite3-0-32bit-3.39.3-150000.3.17.1 libsqlite3-0-32bit-debuginfo-3.39.3-150000.3.17.1 libsqlite3-0-debuginfo-3.39.3-150000.3.17.1 sqlite3-3.39.3-150000.3.17.1 sqlite3-debuginfo-3.39.3-150000.3.17.1 sqlite3-debugsource-3.39.3-150000.3.17.1 sqlite3-devel-3.39.3-150000.3.17.1 sqlite3-tcl-3.39.3-150000.3.17.1 - SUSE Manager Proxy 4.1 (x86_64): libsqlite3-0-3.39.3-150000.3.17.1 libsqlite3-0-32bit-3.39.3-150000.3.17.1 libsqlite3-0-32bit-debuginfo-3.39.3-150000.3.17.1 libsqlite3-0-debuginfo-3.39.3-150000.3.17.1 sqlite3-3.39.3-150000.3.17.1 sqlite3-debuginfo-3.39.3-150000.3.17.1 sqlite3-debugsource-3.39.3-150000.3.17.1 sqlite3-devel-3.39.3-150000.3.17.1 sqlite3-tcl-3.39.3-150000.3.17.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): libsqlite3-0-3.39.3-150000.3.17.1 libsqlite3-0-debuginfo-3.39.3-150000.3.17.1 sqlite3-3.39.3-150000.3.17.1 sqlite3-debuginfo-3.39.3-150000.3.17.1 sqlite3-debugsource-3.39.3-150000.3.17.1 sqlite3-devel-3.39.3-150000.3.17.1 sqlite3-tcl-3.39.3-150000.3.17.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (x86_64): libsqlite3-0-32bit-3.39.3-150000.3.17.1 libsqlite3-0-32bit-debuginfo-3.39.3-150000.3.17.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): libsqlite3-0-3.39.3-150000.3.17.1 libsqlite3-0-debuginfo-3.39.3-150000.3.17.1 sqlite3-3.39.3-150000.3.17.1 sqlite3-debuginfo-3.39.3-150000.3.17.1 sqlite3-debugsource-3.39.3-150000.3.17.1 sqlite3-devel-3.39.3-150000.3.17.1 sqlite3-tcl-3.39.3-150000.3.17.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (x86_64): libsqlite3-0-32bit-3.39.3-150000.3.17.1 libsqlite3-0-32bit-debuginfo-3.39.3-150000.3.17.1 - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): libsqlite3-0-3.39.3-150000.3.17.1 libsqlite3-0-debuginfo-3.39.3-150000.3.17.1 sqlite3-3.39.3-150000.3.17.1 sqlite3-debuginfo-3.39.3-150000.3.17.1 sqlite3-debugsource-3.39.3-150000.3.17.1 sqlite3-devel-3.39.3-150000.3.17.1 sqlite3-tcl-3.39.3-150000.3.17.1 - SUSE Linux Enterprise Server for SAP 15 (x86_64): libsqlite3-0-32bit-3.39.3-150000.3.17.1 libsqlite3-0-32bit-debuginfo-3.39.3-150000.3.17.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): libsqlite3-0-3.39.3-150000.3.17.1 libsqlite3-0-debuginfo-3.39.3-150000.3.17.1 sqlite3-3.39.3-150000.3.17.1 sqlite3-debuginfo-3.39.3-150000.3.17.1 sqlite3-debugsource-3.39.3-150000.3.17.1 sqlite3-devel-3.39.3-150000.3.17.1 sqlite3-tcl-3.39.3-150000.3.17.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (x86_64): libsqlite3-0-32bit-3.39.3-150000.3.17.1 libsqlite3-0-32bit-debuginfo-3.39.3-150000.3.17.1 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): libsqlite3-0-3.39.3-150000.3.17.1 libsqlite3-0-32bit-3.39.3-150000.3.17.1 libsqlite3-0-32bit-debuginfo-3.39.3-150000.3.17.1 libsqlite3-0-debuginfo-3.39.3-150000.3.17.1 sqlite3-3.39.3-150000.3.17.1 sqlite3-debuginfo-3.39.3-150000.3.17.1 sqlite3-debugsource-3.39.3-150000.3.17.1 sqlite3-devel-3.39.3-150000.3.17.1 sqlite3-tcl-3.39.3-150000.3.17.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): libsqlite3-0-3.39.3-150000.3.17.1 libsqlite3-0-debuginfo-3.39.3-150000.3.17.1 sqlite3-3.39.3-150000.3.17.1 sqlite3-debuginfo-3.39.3-150000.3.17.1 sqlite3-debugsource-3.39.3-150000.3.17.1 sqlite3-devel-3.39.3-150000.3.17.1 sqlite3-tcl-3.39.3-150000.3.17.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (x86_64): libsqlite3-0-32bit-3.39.3-150000.3.17.1 libsqlite3-0-32bit-debuginfo-3.39.3-150000.3.17.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): libsqlite3-0-3.39.3-150000.3.17.1 libsqlite3-0-32bit-3.39.3-150000.3.17.1 libsqlite3-0-32bit-debuginfo-3.39.3-150000.3.17.1 libsqlite3-0-debuginfo-3.39.3-150000.3.17.1 sqlite3-3.39.3-150000.3.17.1 sqlite3-debuginfo-3.39.3-150000.3.17.1 sqlite3-debugsource-3.39.3-150000.3.17.1 sqlite3-devel-3.39.3-150000.3.17.1 sqlite3-tcl-3.39.3-150000.3.17.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): libsqlite3-0-3.39.3-150000.3.17.1 libsqlite3-0-debuginfo-3.39.3-150000.3.17.1 sqlite3-3.39.3-150000.3.17.1 sqlite3-debuginfo-3.39.3-150000.3.17.1 sqlite3-debugsource-3.39.3-150000.3.17.1 sqlite3-devel-3.39.3-150000.3.17.1 sqlite3-tcl-3.39.3-150000.3.17.1 - SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64): libsqlite3-0-3.39.3-150000.3.17.1 libsqlite3-0-debuginfo-3.39.3-150000.3.17.1 sqlite3-debuginfo-3.39.3-150000.3.17.1 sqlite3-debugsource-3.39.3-150000.3.17.1 sqlite3-tcl-3.39.3-150000.3.17.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): libsqlite3-0-3.39.3-150000.3.17.1 libsqlite3-0-debuginfo-3.39.3-150000.3.17.1 sqlite3-3.39.3-150000.3.17.1 sqlite3-debuginfo-3.39.3-150000.3.17.1 sqlite3-debugsource-3.39.3-150000.3.17.1 sqlite3-devel-3.39.3-150000.3.17.1 sqlite3-tcl-3.39.3-150000.3.17.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (x86_64): libsqlite3-0-32bit-3.39.3-150000.3.17.1 libsqlite3-0-32bit-debuginfo-3.39.3-150000.3.17.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): libsqlite3-0-3.39.3-150000.3.17.1 libsqlite3-0-debuginfo-3.39.3-150000.3.17.1 sqlite3-3.39.3-150000.3.17.1 sqlite3-debuginfo-3.39.3-150000.3.17.1 sqlite3-debugsource-3.39.3-150000.3.17.1 sqlite3-devel-3.39.3-150000.3.17.1 sqlite3-tcl-3.39.3-150000.3.17.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (x86_64): libsqlite3-0-32bit-3.39.3-150000.3.17.1 libsqlite3-0-32bit-debuginfo-3.39.3-150000.3.17.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): libsqlite3-0-3.39.3-150000.3.17.1 libsqlite3-0-debuginfo-3.39.3-150000.3.17.1 sqlite3-3.39.3-150000.3.17.1 sqlite3-debuginfo-3.39.3-150000.3.17.1 sqlite3-debugsource-3.39.3-150000.3.17.1 sqlite3-devel-3.39.3-150000.3.17.1 sqlite3-tcl-3.39.3-150000.3.17.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (x86_64): libsqlite3-0-32bit-3.39.3-150000.3.17.1 libsqlite3-0-32bit-debuginfo-3.39.3-150000.3.17.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): libsqlite3-0-3.39.3-150000.3.17.1 libsqlite3-0-debuginfo-3.39.3-150000.3.17.1 sqlite3-3.39.3-150000.3.17.1 sqlite3-debuginfo-3.39.3-150000.3.17.1 sqlite3-debugsource-3.39.3-150000.3.17.1 sqlite3-devel-3.39.3-150000.3.17.1 sqlite3-tcl-3.39.3-150000.3.17.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (x86_64): libsqlite3-0-32bit-3.39.3-150000.3.17.1 libsqlite3-0-32bit-debuginfo-3.39.3-150000.3.17.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): libsqlite3-0-3.39.3-150000.3.17.1 libsqlite3-0-debuginfo-3.39.3-150000.3.17.1 sqlite3-3.39.3-150000.3.17.1 sqlite3-debuginfo-3.39.3-150000.3.17.1 sqlite3-debugsource-3.39.3-150000.3.17.1 sqlite3-devel-3.39.3-150000.3.17.1 sqlite3-tcl-3.39.3-150000.3.17.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (x86_64): libsqlite3-0-32bit-3.39.3-150000.3.17.1 libsqlite3-0-32bit-debuginfo-3.39.3-150000.3.17.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): libsqlite3-0-3.39.3-150000.3.17.1 libsqlite3-0-debuginfo-3.39.3-150000.3.17.1 sqlite3-3.39.3-150000.3.17.1 sqlite3-debuginfo-3.39.3-150000.3.17.1 sqlite3-debugsource-3.39.3-150000.3.17.1 sqlite3-devel-3.39.3-150000.3.17.1 sqlite3-tcl-3.39.3-150000.3.17.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (x86_64): libsqlite3-0-32bit-3.39.3-150000.3.17.1 libsqlite3-0-32bit-debuginfo-3.39.3-150000.3.17.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): libsqlite3-0-3.39.3-150000.3.17.1 libsqlite3-0-debuginfo-3.39.3-150000.3.17.1 sqlite3-3.39.3-150000.3.17.1 sqlite3-debuginfo-3.39.3-150000.3.17.1 sqlite3-debugsource-3.39.3-150000.3.17.1 sqlite3-devel-3.39.3-150000.3.17.1 sqlite3-tcl-3.39.3-150000.3.17.1 - SUSE Enterprise Storage 7 (x86_64): libsqlite3-0-32bit-3.39.3-150000.3.17.1 libsqlite3-0-32bit-debuginfo-3.39.3-150000.3.17.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): libsqlite3-0-3.39.3-150000.3.17.1 libsqlite3-0-debuginfo-3.39.3-150000.3.17.1 sqlite3-3.39.3-150000.3.17.1 sqlite3-debuginfo-3.39.3-150000.3.17.1 sqlite3-debugsource-3.39.3-150000.3.17.1 sqlite3-devel-3.39.3-150000.3.17.1 sqlite3-tcl-3.39.3-150000.3.17.1 - SUSE Enterprise Storage 6 (x86_64): libsqlite3-0-32bit-3.39.3-150000.3.17.1 libsqlite3-0-32bit-debuginfo-3.39.3-150000.3.17.1 - SUSE CaaS Platform 4.0 (x86_64): libsqlite3-0-3.39.3-150000.3.17.1 libsqlite3-0-32bit-3.39.3-150000.3.17.1 libsqlite3-0-32bit-debuginfo-3.39.3-150000.3.17.1 libsqlite3-0-debuginfo-3.39.3-150000.3.17.1 sqlite3-3.39.3-150000.3.17.1 sqlite3-debuginfo-3.39.3-150000.3.17.1 sqlite3-debugsource-3.39.3-150000.3.17.1 sqlite3-devel-3.39.3-150000.3.17.1 sqlite3-tcl-3.39.3-150000.3.17.1 References: https://www.suse.com/security/cve/CVE-2021-36690.html https://www.suse.com/security/cve/CVE-2022-35737.html https://bugzilla.suse.com/1189802 https://bugzilla.suse.com/1195773 https://bugzilla.suse.com/1201783 From sle-updates at lists.suse.com Thu Nov 3 11:20:53 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 3 Nov 2022 12:20:53 +0100 (CET) Subject: SUSE-SU-2022:3860-1: moderate: Security update for rubygem-actionview-4_2 Message-ID: <20221103112053.93128FDD6@maintenance.suse.de> SUSE Security Update: Security update for rubygem-actionview-4_2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3860-1 Rating: moderate References: #1199060 Cross-References: CVE-2022-27777 CVSS scores: CVE-2022-27777 (NVD) : 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVE-2022-27777 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N Affected Products: SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud Crowbar 9 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for rubygem-actionview-4_2 fixes the following issues: - CVE-2022-27777: Fixed cross-site scripting vulnerability in Action View tag helpers (bsc#1199060). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2022-3860=1 - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2022-3860=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): ruby2.1-rubygem-actionview-4_2-4.2.9-9.15.1 ruby2.1-rubygem-activesupport-4_2-4.2.9-7.12.1 - SUSE OpenStack Cloud Crowbar 8 (x86_64): ruby2.1-rubygem-actionview-4_2-4.2.9-9.15.1 ruby2.1-rubygem-activesupport-4_2-4.2.9-7.12.1 References: https://www.suse.com/security/cve/CVE-2022-27777.html https://bugzilla.suse.com/1199060 From sle-updates at lists.suse.com Thu Nov 3 14:19:06 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 3 Nov 2022 15:19:06 +0100 (CET) Subject: SUSE-SU-2022:3864-1: important: Security update for hsqldb Message-ID: <20221103141906.125ADFDD6@maintenance.suse.de> SUSE Security Update: Security update for hsqldb ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3864-1 Rating: important References: #1204521 Cross-References: CVE-2022-41853 CVSS scores: CVE-2022-41853 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-41853 (SUSE): 8 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for hsqldb fixes the following issues: - CVE-2022-41853: Fixed insufficient input sanitization (bsc#1204521). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-3864=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (noarch): hsqldb-2.2.9-5.3.1 References: https://www.suse.com/security/cve/CVE-2022-41853.html https://bugzilla.suse.com/1204521 From sle-updates at lists.suse.com Thu Nov 3 14:19:50 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 3 Nov 2022 15:19:50 +0100 (CET) Subject: SUSE-SU-2022:3862-1: important: Security update for xorg-x11-server Message-ID: <20221103141950.857BDFDD6@maintenance.suse.de> SUSE Security Update: Security update for xorg-x11-server ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3862-1 Rating: important References: #1204412 #1204416 Cross-References: CVE-2022-3550 CVE-2022-3551 CVSS scores: CVE-2022-3550 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-3550 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3551 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-3551 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Module for Development Tools 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for xorg-x11-server fixes the following issues: - CVE-2022-3550: Fixed out of bounds read/write in _GetCountedString() (bsc#1204412). - CVE-2022-3551: Fixed various leaks of the return value of GetComponentSpec() (bsc#1204416). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-3862=1 - SUSE Linux Enterprise Module for Development Tools 15-SP4: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2022-3862=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-3862=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): xorg-x11-server-1.20.3-150400.38.8.1 xorg-x11-server-debuginfo-1.20.3-150400.38.8.1 xorg-x11-server-debugsource-1.20.3-150400.38.8.1 xorg-x11-server-extra-1.20.3-150400.38.8.1 xorg-x11-server-extra-debuginfo-1.20.3-150400.38.8.1 xorg-x11-server-sdk-1.20.3-150400.38.8.1 xorg-x11-server-source-1.20.3-150400.38.8.1 - SUSE Linux Enterprise Module for Development Tools 15-SP4 (aarch64 ppc64le s390x x86_64): xorg-x11-server-debuginfo-1.20.3-150400.38.8.1 xorg-x11-server-debugsource-1.20.3-150400.38.8.1 xorg-x11-server-sdk-1.20.3-150400.38.8.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): xorg-x11-server-1.20.3-150400.38.8.1 xorg-x11-server-debuginfo-1.20.3-150400.38.8.1 xorg-x11-server-debugsource-1.20.3-150400.38.8.1 xorg-x11-server-extra-1.20.3-150400.38.8.1 xorg-x11-server-extra-debuginfo-1.20.3-150400.38.8.1 References: https://www.suse.com/security/cve/CVE-2022-3550.html https://www.suse.com/security/cve/CVE-2022-3551.html https://bugzilla.suse.com/1204412 https://bugzilla.suse.com/1204416 From sle-updates at lists.suse.com Thu Nov 3 14:20:43 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 3 Nov 2022 15:20:43 +0100 (CET) Subject: SUSE-SU-2022:3863-1: important: Security update for xorg-x11-server Message-ID: <20221103142043.B6E95FDD6@maintenance.suse.de> SUSE Security Update: Security update for xorg-x11-server ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3863-1 Rating: important References: #1204412 #1204416 Cross-References: CVE-2022-3550 CVE-2022-3551 CVSS scores: CVE-2022-3550 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-3550 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3551 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-3551 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for xorg-x11-server fixes the following issues: - CVE-2022-3550: Fixed out of bounds read/write in _GetCountedString() (bsc#1204412). - CVE-2022-3551: Fixed various leaks of the return value of GetComponentSpec() (bsc#1204416). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-3863=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-3863=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): xorg-x11-server-debuginfo-1.19.6-10.35.1 xorg-x11-server-debugsource-1.19.6-10.35.1 xorg-x11-server-sdk-1.19.6-10.35.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): xorg-x11-server-1.19.6-10.35.1 xorg-x11-server-debuginfo-1.19.6-10.35.1 xorg-x11-server-debugsource-1.19.6-10.35.1 xorg-x11-server-extra-1.19.6-10.35.1 xorg-x11-server-extra-debuginfo-1.19.6-10.35.1 References: https://www.suse.com/security/cve/CVE-2022-3550.html https://www.suse.com/security/cve/CVE-2022-3551.html https://bugzilla.suse.com/1204412 https://bugzilla.suse.com/1204416 From sle-updates at lists.suse.com Thu Nov 3 17:19:07 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 3 Nov 2022 18:19:07 +0100 (CET) Subject: SUSE-SU-2022:3865-1: important: Security update for ntfs-3g_ntfsprogs Message-ID: <20221103171907.7E8B6FDD6@maintenance.suse.de> SUSE Security Update: Security update for ntfs-3g_ntfsprogs ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3865-1 Rating: important References: #1204734 Cross-References: CVE-2022-40284 CVSS scores: CVE-2022-40284 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Desktop 12-SP5 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Workstation Extension 12-SP5 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for ntfs-3g_ntfsprogs fixes the following issues: - CVE-2022-40284: Fixed incorrect validation of some of the NTFS metadata that could cause buffer overflow (bsc#1204734). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP5: zypper in -t patch SUSE-SLE-WE-12-SP5-2022-3865=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-3865=1 Package List: - SUSE Linux Enterprise Workstation Extension 12-SP5 (x86_64): libntfs-3g84-2022.5.17-5.17.1 libntfs-3g84-debuginfo-2022.5.17-5.17.1 ntfs-3g-2022.5.17-5.17.1 ntfs-3g-debuginfo-2022.5.17-5.17.1 ntfs-3g_ntfsprogs-debugsource-2022.5.17-5.17.1 ntfsprogs-2022.5.17-5.17.1 ntfsprogs-debuginfo-2022.5.17-5.17.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): libntfs-3g-devel-2022.5.17-5.17.1 libntfs-3g84-2022.5.17-5.17.1 libntfs-3g84-debuginfo-2022.5.17-5.17.1 ntfs-3g_ntfsprogs-debugsource-2022.5.17-5.17.1 References: https://www.suse.com/security/cve/CVE-2022-40284.html https://bugzilla.suse.com/1204734 From sle-updates at lists.suse.com Thu Nov 3 17:19:45 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 3 Nov 2022 18:19:45 +0100 (CET) Subject: SUSE-SU-2022:3866-1: important: Security update for ntfs-3g_ntfsprogs Message-ID: <20221103171945.A8B3DFDD6@maintenance.suse.de> SUSE Security Update: Security update for ntfs-3g_ntfsprogs ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3866-1 Rating: important References: #1204734 Cross-References: CVE-2022-40284 CVSS scores: CVE-2022-40284 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Linux Enterprise Workstation Extension 15-SP3 SUSE Linux Enterprise Workstation Extension 15-SP4 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for ntfs-3g_ntfsprogs fixes the following issues: - CVE-2022-40284: Fixed incorrect validation of some of the NTFS metadata that could cause buffer overflow (bsc#1204734). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-3866=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-3866=1 - SUSE Linux Enterprise Workstation Extension 15-SP4: zypper in -t patch SUSE-SLE-Product-WE-15-SP4-2022-3866=1 - SUSE Linux Enterprise Workstation Extension 15-SP3: zypper in -t patch SUSE-SLE-Product-WE-15-SP3-2022-3866=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): libntfs-3g-devel-2022.5.17-150000.3.16.1 libntfs-3g87-2022.5.17-150000.3.16.1 libntfs-3g87-debuginfo-2022.5.17-150000.3.16.1 ntfs-3g-2022.5.17-150000.3.16.1 ntfs-3g-debuginfo-2022.5.17-150000.3.16.1 ntfs-3g_ntfsprogs-debuginfo-2022.5.17-150000.3.16.1 ntfs-3g_ntfsprogs-debugsource-2022.5.17-150000.3.16.1 ntfsprogs-2022.5.17-150000.3.16.1 ntfsprogs-debuginfo-2022.5.17-150000.3.16.1 ntfsprogs-extra-2022.5.17-150000.3.16.1 ntfsprogs-extra-debuginfo-2022.5.17-150000.3.16.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): libntfs-3g-devel-2022.5.17-150000.3.16.1 libntfs-3g87-2022.5.17-150000.3.16.1 libntfs-3g87-debuginfo-2022.5.17-150000.3.16.1 ntfs-3g-2022.5.17-150000.3.16.1 ntfs-3g-debuginfo-2022.5.17-150000.3.16.1 ntfs-3g_ntfsprogs-debuginfo-2022.5.17-150000.3.16.1 ntfs-3g_ntfsprogs-debugsource-2022.5.17-150000.3.16.1 ntfsprogs-2022.5.17-150000.3.16.1 ntfsprogs-debuginfo-2022.5.17-150000.3.16.1 ntfsprogs-extra-2022.5.17-150000.3.16.1 ntfsprogs-extra-debuginfo-2022.5.17-150000.3.16.1 - SUSE Linux Enterprise Workstation Extension 15-SP4 (x86_64): libntfs-3g-devel-2022.5.17-150000.3.16.1 libntfs-3g87-2022.5.17-150000.3.16.1 libntfs-3g87-debuginfo-2022.5.17-150000.3.16.1 ntfs-3g-2022.5.17-150000.3.16.1 ntfs-3g-debuginfo-2022.5.17-150000.3.16.1 ntfs-3g_ntfsprogs-debuginfo-2022.5.17-150000.3.16.1 ntfs-3g_ntfsprogs-debugsource-2022.5.17-150000.3.16.1 ntfsprogs-2022.5.17-150000.3.16.1 ntfsprogs-debuginfo-2022.5.17-150000.3.16.1 - SUSE Linux Enterprise Workstation Extension 15-SP3 (x86_64): libntfs-3g-devel-2022.5.17-150000.3.16.1 libntfs-3g87-2022.5.17-150000.3.16.1 libntfs-3g87-debuginfo-2022.5.17-150000.3.16.1 ntfs-3g-2022.5.17-150000.3.16.1 ntfs-3g-debuginfo-2022.5.17-150000.3.16.1 ntfs-3g_ntfsprogs-debuginfo-2022.5.17-150000.3.16.1 ntfs-3g_ntfsprogs-debugsource-2022.5.17-150000.3.16.1 ntfsprogs-2022.5.17-150000.3.16.1 ntfsprogs-debuginfo-2022.5.17-150000.3.16.1 References: https://www.suse.com/security/cve/CVE-2022-40284.html https://bugzilla.suse.com/1204734 From sle-updates at lists.suse.com Thu Nov 3 20:18:30 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 3 Nov 2022 21:18:30 +0100 (CET) Subject: SUSE-SU-2022:3867-1: moderate: Security update for python-Flask-Security-Too Message-ID: <20221103201830.981C6FDD6@maintenance.suse.de> SUSE Security Update: Security update for python-Flask-Security-Too ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3867-1 Rating: moderate References: #1202105 Cross-References: CVE-2021-23385 CVSS scores: CVE-2021-23385 (NVD) : 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVE-2021-23385 (SUSE): 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Linux Enterprise Storage 7.1 SUSE Manager Proxy 4.2 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.2 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.2 SUSE Manager Server 4.3 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for python-Flask-Security-Too fixes the following issues: - CVE-2021-23385: Fixed open redirect (bsc#1202105). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-3867=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-3867=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-3867=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-3867=1 Package List: - openSUSE Leap 15.4 (noarch): python3-Flask-Security-Too-3.4.2-150200.3.6.1 - openSUSE Leap 15.3 (noarch): python3-Flask-Security-Too-3.4.2-150200.3.6.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (noarch): python3-Flask-Security-Too-3.4.2-150200.3.6.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch): python3-Flask-Security-Too-3.4.2-150200.3.6.1 References: https://www.suse.com/security/cve/CVE-2021-23385.html https://bugzilla.suse.com/1202105 From sle-updates at lists.suse.com Fri Nov 4 14:25:06 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 4 Nov 2022 15:25:06 +0100 (CET) Subject: SUSE-RU-2022:3869-1: moderate: Recommended update for openssl-1_0_0 Message-ID: <20221104142506.4A6FFFDD6@maintenance.suse.de> SUSE Recommended Update: Recommended update for openssl-1_0_0 ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:3869-1 Rating: moderate References: #1180995 Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Enterprise Storage 7 SUSE Linux Enterprise High Performance Computing SUSE Linux Enterprise Module for Legacy Software 15-SP3 SUSE Linux Enterprise Module for Legacy Software 15-SP4 SUSE Linux Enterprise Server SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP Applications SUSE Linux Enterprise Storage 7.1 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.1 SUSE Manager Retail Branch Server 4.2 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.1 SUSE Manager Server 4.2 SUSE Manager Server 4.3 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for openssl-1_0_0 fixes the following issues: - Default to RFC7919 groups when generating ECDH parameters using 'genpkey' or 'dhparam' in FIPS mode (bsc#1180995) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-3869=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-3869=1 - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-3869=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-3869=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-3869=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-3869=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-3869=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-3869=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-3869=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-3869=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-3869=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2022-3869=1 - SUSE Linux Enterprise Module for Legacy Software 15-SP4: zypper in -t patch SUSE-SLE-Module-Legacy-15-SP4-2022-3869=1 - SUSE Linux Enterprise Module for Legacy Software 15-SP3: zypper in -t patch SUSE-SLE-Module-Legacy-15-SP3-2022-3869=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-3869=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-3869=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): libopenssl-1_0_0-devel-1.0.2p-150000.3.59.1 libopenssl10-1.0.2p-150000.3.59.1 libopenssl10-debuginfo-1.0.2p-150000.3.59.1 libopenssl1_0_0-1.0.2p-150000.3.59.1 libopenssl1_0_0-debuginfo-1.0.2p-150000.3.59.1 libopenssl1_0_0-hmac-1.0.2p-150000.3.59.1 libopenssl1_0_0-steam-1.0.2p-150000.3.59.1 libopenssl1_0_0-steam-debuginfo-1.0.2p-150000.3.59.1 openssl-1_0_0-1.0.2p-150000.3.59.1 openssl-1_0_0-cavs-1.0.2p-150000.3.59.1 openssl-1_0_0-cavs-debuginfo-1.0.2p-150000.3.59.1 openssl-1_0_0-debuginfo-1.0.2p-150000.3.59.1 openssl-1_0_0-debugsource-1.0.2p-150000.3.59.1 - openSUSE Leap 15.4 (x86_64): libopenssl-1_0_0-devel-32bit-1.0.2p-150000.3.59.1 libopenssl1_0_0-32bit-1.0.2p-150000.3.59.1 libopenssl1_0_0-32bit-debuginfo-1.0.2p-150000.3.59.1 libopenssl1_0_0-hmac-32bit-1.0.2p-150000.3.59.1 libopenssl1_0_0-steam-32bit-1.0.2p-150000.3.59.1 libopenssl1_0_0-steam-32bit-debuginfo-1.0.2p-150000.3.59.1 - openSUSE Leap 15.4 (noarch): openssl-1_0_0-doc-1.0.2p-150000.3.59.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): libopenssl-1_0_0-devel-1.0.2p-150000.3.59.1 libopenssl10-1.0.2p-150000.3.59.1 libopenssl10-debuginfo-1.0.2p-150000.3.59.1 libopenssl1_0_0-1.0.2p-150000.3.59.1 libopenssl1_0_0-debuginfo-1.0.2p-150000.3.59.1 libopenssl1_0_0-hmac-1.0.2p-150000.3.59.1 libopenssl1_0_0-steam-1.0.2p-150000.3.59.1 libopenssl1_0_0-steam-debuginfo-1.0.2p-150000.3.59.1 openssl-1_0_0-1.0.2p-150000.3.59.1 openssl-1_0_0-cavs-1.0.2p-150000.3.59.1 openssl-1_0_0-cavs-debuginfo-1.0.2p-150000.3.59.1 openssl-1_0_0-debuginfo-1.0.2p-150000.3.59.1 openssl-1_0_0-debugsource-1.0.2p-150000.3.59.1 - openSUSE Leap 15.3 (x86_64): libopenssl-1_0_0-devel-32bit-1.0.2p-150000.3.59.1 libopenssl1_0_0-32bit-1.0.2p-150000.3.59.1 libopenssl1_0_0-32bit-debuginfo-1.0.2p-150000.3.59.1 libopenssl1_0_0-hmac-32bit-1.0.2p-150000.3.59.1 libopenssl1_0_0-steam-32bit-1.0.2p-150000.3.59.1 libopenssl1_0_0-steam-32bit-debuginfo-1.0.2p-150000.3.59.1 - openSUSE Leap 15.3 (noarch): openssl-1_0_0-doc-1.0.2p-150000.3.59.1 - SUSE Manager Server 4.1 (ppc64le s390x x86_64): libopenssl-1_0_0-devel-1.0.2p-150000.3.59.1 libopenssl1_0_0-1.0.2p-150000.3.59.1 libopenssl1_0_0-debuginfo-1.0.2p-150000.3.59.1 openssl-1_0_0-1.0.2p-150000.3.59.1 openssl-1_0_0-debuginfo-1.0.2p-150000.3.59.1 openssl-1_0_0-debugsource-1.0.2p-150000.3.59.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): libopenssl-1_0_0-devel-1.0.2p-150000.3.59.1 libopenssl1_0_0-1.0.2p-150000.3.59.1 libopenssl1_0_0-debuginfo-1.0.2p-150000.3.59.1 openssl-1_0_0-1.0.2p-150000.3.59.1 openssl-1_0_0-debuginfo-1.0.2p-150000.3.59.1 openssl-1_0_0-debugsource-1.0.2p-150000.3.59.1 - SUSE Manager Proxy 4.1 (x86_64): libopenssl-1_0_0-devel-1.0.2p-150000.3.59.1 libopenssl1_0_0-1.0.2p-150000.3.59.1 libopenssl1_0_0-debuginfo-1.0.2p-150000.3.59.1 openssl-1_0_0-1.0.2p-150000.3.59.1 openssl-1_0_0-debuginfo-1.0.2p-150000.3.59.1 openssl-1_0_0-debugsource-1.0.2p-150000.3.59.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): libopenssl-1_0_0-devel-1.0.2p-150000.3.59.1 libopenssl1_0_0-1.0.2p-150000.3.59.1 libopenssl1_0_0-debuginfo-1.0.2p-150000.3.59.1 openssl-1_0_0-1.0.2p-150000.3.59.1 openssl-1_0_0-debuginfo-1.0.2p-150000.3.59.1 openssl-1_0_0-debugsource-1.0.2p-150000.3.59.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): libopenssl-1_0_0-devel-1.0.2p-150000.3.59.1 libopenssl1_0_0-1.0.2p-150000.3.59.1 libopenssl1_0_0-debuginfo-1.0.2p-150000.3.59.1 openssl-1_0_0-1.0.2p-150000.3.59.1 openssl-1_0_0-debuginfo-1.0.2p-150000.3.59.1 openssl-1_0_0-debugsource-1.0.2p-150000.3.59.1 - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): libopenssl-1_0_0-devel-1.0.2p-150000.3.59.1 libopenssl1_0_0-1.0.2p-150000.3.59.1 libopenssl1_0_0-debuginfo-1.0.2p-150000.3.59.1 openssl-1_0_0-1.0.2p-150000.3.59.1 openssl-1_0_0-debuginfo-1.0.2p-150000.3.59.1 openssl-1_0_0-debugsource-1.0.2p-150000.3.59.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): libopenssl-1_0_0-devel-1.0.2p-150000.3.59.1 libopenssl1_0_0-1.0.2p-150000.3.59.1 libopenssl1_0_0-debuginfo-1.0.2p-150000.3.59.1 openssl-1_0_0-1.0.2p-150000.3.59.1 openssl-1_0_0-debuginfo-1.0.2p-150000.3.59.1 openssl-1_0_0-debugsource-1.0.2p-150000.3.59.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): libopenssl-1_0_0-devel-1.0.2p-150000.3.59.1 libopenssl1_0_0-1.0.2p-150000.3.59.1 libopenssl1_0_0-debuginfo-1.0.2p-150000.3.59.1 openssl-1_0_0-1.0.2p-150000.3.59.1 openssl-1_0_0-debuginfo-1.0.2p-150000.3.59.1 openssl-1_0_0-debugsource-1.0.2p-150000.3.59.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): libopenssl-1_0_0-devel-1.0.2p-150000.3.59.1 libopenssl1_0_0-1.0.2p-150000.3.59.1 libopenssl1_0_0-debuginfo-1.0.2p-150000.3.59.1 openssl-1_0_0-1.0.2p-150000.3.59.1 openssl-1_0_0-debuginfo-1.0.2p-150000.3.59.1 openssl-1_0_0-debugsource-1.0.2p-150000.3.59.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): libopenssl-1_0_0-devel-1.0.2p-150000.3.59.1 libopenssl1_0_0-1.0.2p-150000.3.59.1 libopenssl1_0_0-debuginfo-1.0.2p-150000.3.59.1 openssl-1_0_0-1.0.2p-150000.3.59.1 openssl-1_0_0-debuginfo-1.0.2p-150000.3.59.1 openssl-1_0_0-debugsource-1.0.2p-150000.3.59.1 - SUSE Linux Enterprise Module for Legacy Software 15-SP4 (aarch64 ppc64le s390x x86_64): libopenssl-1_0_0-devel-1.0.2p-150000.3.59.1 libopenssl10-1.0.2p-150000.3.59.1 libopenssl10-debuginfo-1.0.2p-150000.3.59.1 libopenssl1_0_0-1.0.2p-150000.3.59.1 libopenssl1_0_0-debuginfo-1.0.2p-150000.3.59.1 openssl-1_0_0-1.0.2p-150000.3.59.1 openssl-1_0_0-debuginfo-1.0.2p-150000.3.59.1 openssl-1_0_0-debugsource-1.0.2p-150000.3.59.1 - SUSE Linux Enterprise Module for Legacy Software 15-SP3 (aarch64 ppc64le s390x x86_64): libopenssl-1_0_0-devel-1.0.2p-150000.3.59.1 libopenssl10-1.0.2p-150000.3.59.1 libopenssl10-debuginfo-1.0.2p-150000.3.59.1 libopenssl1_0_0-1.0.2p-150000.3.59.1 libopenssl1_0_0-debuginfo-1.0.2p-150000.3.59.1 openssl-1_0_0-1.0.2p-150000.3.59.1 openssl-1_0_0-debuginfo-1.0.2p-150000.3.59.1 openssl-1_0_0-debugsource-1.0.2p-150000.3.59.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): libopenssl-1_0_0-devel-1.0.2p-150000.3.59.1 libopenssl1_0_0-1.0.2p-150000.3.59.1 libopenssl1_0_0-debuginfo-1.0.2p-150000.3.59.1 openssl-1_0_0-1.0.2p-150000.3.59.1 openssl-1_0_0-debuginfo-1.0.2p-150000.3.59.1 openssl-1_0_0-debugsource-1.0.2p-150000.3.59.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): libopenssl-1_0_0-devel-1.0.2p-150000.3.59.1 libopenssl1_0_0-1.0.2p-150000.3.59.1 libopenssl1_0_0-debuginfo-1.0.2p-150000.3.59.1 openssl-1_0_0-1.0.2p-150000.3.59.1 openssl-1_0_0-debuginfo-1.0.2p-150000.3.59.1 openssl-1_0_0-debugsource-1.0.2p-150000.3.59.1 - SUSE CaaS Platform 4.0 (x86_64): libopenssl-1_0_0-devel-1.0.2p-150000.3.59.1 libopenssl1_0_0-1.0.2p-150000.3.59.1 libopenssl1_0_0-debuginfo-1.0.2p-150000.3.59.1 openssl-1_0_0-1.0.2p-150000.3.59.1 openssl-1_0_0-debuginfo-1.0.2p-150000.3.59.1 openssl-1_0_0-debugsource-1.0.2p-150000.3.59.1 References: https://bugzilla.suse.com/1180995 From sle-updates at lists.suse.com Fri Nov 4 14:26:36 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 4 Nov 2022 15:26:36 +0100 (CET) Subject: SUSE-SU-2022:3868-1: moderate: Security update for rubygem-loofah Message-ID: <20221104142636.AD0C3FDD6@maintenance.suse.de> SUSE Security Update: Security update for rubygem-loofah ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3868-1 Rating: moderate References: #1154751 Cross-References: CVE-2019-15587 CVSS scores: CVE-2019-15587 (NVD) : 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2019-15587 (SUSE): 6.3 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L Affected Products: SUSE Linux Enterprise High Availability 15 SUSE Linux Enterprise High Availability 15-SP1 SUSE Linux Enterprise High Availability 15-SP2 SUSE Linux Enterprise High Availability 15-SP3 SUSE Linux Enterprise High Availability 15-SP4 SUSE Linux Enterprise High Performance Computing 15 SUSE Linux Enterprise High Performance Computing 15-SP1 SUSE Linux Enterprise High Performance Computing 15-SP2 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Server 15 SUSE Linux Enterprise Server 15-SP1 SUSE Linux Enterprise Server 15-SP2 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15 SUSE Linux Enterprise Server for SAP Applications 15-SP1 SUSE Linux Enterprise Server for SAP Applications 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Linux Enterprise Storage 6 SUSE Linux Enterprise Storage 7 SUSE Linux Enterprise Storage 7.1 SUSE Manager Proxy 4.0 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.0 SUSE Manager Retail Branch Server 4.1 SUSE Manager Retail Branch Server 4.2 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.0 SUSE Manager Server 4.1 SUSE Manager Server 4.2 SUSE Manager Server 4.3 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for rubygem-loofah fixes the following issues: - CVE-2019-15587: Fixed issue in sanitization of crafted SVG elements (bsc#1154751). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-3868=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-3868=1 - SUSE Linux Enterprise High Availability 15-SP4: zypper in -t patch SUSE-SLE-Product-HA-15-SP4-2022-3868=1 - SUSE Linux Enterprise High Availability 15-SP3: zypper in -t patch SUSE-SLE-Product-HA-15-SP3-2022-3868=1 - SUSE Linux Enterprise High Availability 15-SP2: zypper in -t patch SUSE-SLE-Product-HA-15-SP2-2022-3868=1 - SUSE Linux Enterprise High Availability 15-SP1: zypper in -t patch SUSE-SLE-Product-HA-15-SP1-2022-3868=1 - SUSE Linux Enterprise High Availability 15: zypper in -t patch SUSE-SLE-Product-HA-15-2022-3868=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): ruby2.5-rubygem-loofah-2.2.2-150000.4.6.1 ruby2.5-rubygem-loofah-doc-2.2.2-150000.4.6.1 ruby2.5-rubygem-loofah-testsuite-2.2.2-150000.4.6.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): ruby2.5-rubygem-loofah-2.2.2-150000.4.6.1 ruby2.5-rubygem-loofah-doc-2.2.2-150000.4.6.1 ruby2.5-rubygem-loofah-testsuite-2.2.2-150000.4.6.1 - SUSE Linux Enterprise High Availability 15-SP4 (aarch64 ppc64le s390x x86_64): ruby2.5-rubygem-loofah-2.2.2-150000.4.6.1 - SUSE Linux Enterprise High Availability 15-SP3 (aarch64 ppc64le s390x x86_64): ruby2.5-rubygem-loofah-2.2.2-150000.4.6.1 - SUSE Linux Enterprise High Availability 15-SP2 (aarch64 ppc64le s390x x86_64): ruby2.5-rubygem-loofah-2.2.2-150000.4.6.1 - SUSE Linux Enterprise High Availability 15-SP1 (aarch64 ppc64le s390x x86_64): ruby2.5-rubygem-loofah-2.2.2-150000.4.6.1 - SUSE Linux Enterprise High Availability 15 (aarch64 ppc64le s390x x86_64): ruby2.5-rubygem-loofah-2.2.2-150000.4.6.1 References: https://www.suse.com/security/cve/CVE-2019-15587.html https://bugzilla.suse.com/1154751 From sle-updates at lists.suse.com Fri Nov 4 14:27:41 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 4 Nov 2022 15:27:41 +0100 (CET) Subject: SUSE-RU-2022:3870-1: moderate: Recommended update for openssl-1_1 Message-ID: <20221104142741.35433FDD6@maintenance.suse.de> SUSE Recommended Update: Recommended update for openssl-1_1 ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:3870-1 Rating: moderate References: #1190651 #1202148 Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Micro 5.3 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for openssl-1_1 fixes the following issues: - FIPS: Add a missing dependency on jitterentropy-devel for libopenssl-1_1-devel (bsc#1202148) - FIPS: OpenSSL service-level indicator: Allow AES XTS 256 (bsc#1190651) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-3870=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-3870=1 - SUSE Linux Enterprise Micro 5.3: zypper in -t patch SUSE-SLE-Micro-5.3-2022-3870=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): libopenssl-1_1-devel-1.1.1l-150400.7.13.1 libopenssl1_1-1.1.1l-150400.7.13.1 libopenssl1_1-debuginfo-1.1.1l-150400.7.13.1 libopenssl1_1-hmac-1.1.1l-150400.7.13.1 openssl-1_1-1.1.1l-150400.7.13.1 openssl-1_1-debuginfo-1.1.1l-150400.7.13.1 openssl-1_1-debugsource-1.1.1l-150400.7.13.1 - openSUSE Leap 15.4 (noarch): openssl-1_1-doc-1.1.1l-150400.7.13.1 - openSUSE Leap 15.4 (x86_64): libopenssl-1_1-devel-32bit-1.1.1l-150400.7.13.1 libopenssl1_1-32bit-1.1.1l-150400.7.13.1 libopenssl1_1-32bit-debuginfo-1.1.1l-150400.7.13.1 libopenssl1_1-hmac-32bit-1.1.1l-150400.7.13.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): libopenssl-1_1-devel-1.1.1l-150400.7.13.1 libopenssl1_1-1.1.1l-150400.7.13.1 libopenssl1_1-debuginfo-1.1.1l-150400.7.13.1 libopenssl1_1-hmac-1.1.1l-150400.7.13.1 openssl-1_1-1.1.1l-150400.7.13.1 openssl-1_1-debuginfo-1.1.1l-150400.7.13.1 openssl-1_1-debugsource-1.1.1l-150400.7.13.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (x86_64): libopenssl-1_1-devel-32bit-1.1.1l-150400.7.13.1 libopenssl1_1-32bit-1.1.1l-150400.7.13.1 libopenssl1_1-32bit-debuginfo-1.1.1l-150400.7.13.1 libopenssl1_1-hmac-32bit-1.1.1l-150400.7.13.1 - SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64): libopenssl-1_1-devel-1.1.1l-150400.7.13.1 libopenssl1_1-1.1.1l-150400.7.13.1 libopenssl1_1-debuginfo-1.1.1l-150400.7.13.1 libopenssl1_1-hmac-1.1.1l-150400.7.13.1 openssl-1_1-1.1.1l-150400.7.13.1 openssl-1_1-debuginfo-1.1.1l-150400.7.13.1 openssl-1_1-debugsource-1.1.1l-150400.7.13.1 References: https://bugzilla.suse.com/1190651 https://bugzilla.suse.com/1202148 From sle-updates at lists.suse.com Fri Nov 4 17:24:15 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 4 Nov 2022 18:24:15 +0100 (CET) Subject: SUSE-SU-2022:3874-1: important: Security update for expat Message-ID: <20221104172415.74480FDD7@maintenance.suse.de> SUSE Security Update: Security update for expat ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3874-1 Rating: important References: #1204708 Cross-References: CVE-2022-43680 CVSS scores: CVE-2022-43680 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-43680 (SUSE): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 9 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for expat fixes the following issues: - CVE-2022-43680: Fixed use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate (bsc#1204708). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2022-3874=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2022-3874=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-3874=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2022-3874=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-3874=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2022-3874=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2022-3874=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2022-3874=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): expat-2.1.0-21.28.1 expat-debuginfo-2.1.0-21.28.1 expat-debuginfo-32bit-2.1.0-21.28.1 expat-debugsource-2.1.0-21.28.1 libexpat1-2.1.0-21.28.1 libexpat1-32bit-2.1.0-21.28.1 libexpat1-debuginfo-2.1.0-21.28.1 libexpat1-debuginfo-32bit-2.1.0-21.28.1 - SUSE OpenStack Cloud 9 (x86_64): expat-2.1.0-21.28.1 expat-debuginfo-2.1.0-21.28.1 expat-debuginfo-32bit-2.1.0-21.28.1 expat-debugsource-2.1.0-21.28.1 libexpat1-2.1.0-21.28.1 libexpat1-32bit-2.1.0-21.28.1 libexpat1-debuginfo-2.1.0-21.28.1 libexpat1-debuginfo-32bit-2.1.0-21.28.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): expat-debuginfo-2.1.0-21.28.1 expat-debugsource-2.1.0-21.28.1 libexpat-devel-2.1.0-21.28.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): expat-2.1.0-21.28.1 expat-debuginfo-2.1.0-21.28.1 expat-debugsource-2.1.0-21.28.1 libexpat1-2.1.0-21.28.1 libexpat1-debuginfo-2.1.0-21.28.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (x86_64): expat-debuginfo-32bit-2.1.0-21.28.1 libexpat1-32bit-2.1.0-21.28.1 libexpat1-debuginfo-32bit-2.1.0-21.28.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): expat-2.1.0-21.28.1 expat-debuginfo-2.1.0-21.28.1 expat-debugsource-2.1.0-21.28.1 libexpat1-2.1.0-21.28.1 libexpat1-debuginfo-2.1.0-21.28.1 - SUSE Linux Enterprise Server 12-SP5 (s390x x86_64): expat-debuginfo-32bit-2.1.0-21.28.1 libexpat1-32bit-2.1.0-21.28.1 libexpat1-debuginfo-32bit-2.1.0-21.28.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): expat-2.1.0-21.28.1 expat-debuginfo-2.1.0-21.28.1 expat-debugsource-2.1.0-21.28.1 libexpat1-2.1.0-21.28.1 libexpat1-debuginfo-2.1.0-21.28.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (s390x x86_64): expat-debuginfo-32bit-2.1.0-21.28.1 libexpat1-32bit-2.1.0-21.28.1 libexpat1-debuginfo-32bit-2.1.0-21.28.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): expat-2.1.0-21.28.1 expat-debuginfo-2.1.0-21.28.1 expat-debuginfo-32bit-2.1.0-21.28.1 expat-debugsource-2.1.0-21.28.1 libexpat1-2.1.0-21.28.1 libexpat1-32bit-2.1.0-21.28.1 libexpat1-debuginfo-2.1.0-21.28.1 libexpat1-debuginfo-32bit-2.1.0-21.28.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): expat-2.1.0-21.28.1 expat-debuginfo-2.1.0-21.28.1 expat-debuginfo-32bit-2.1.0-21.28.1 expat-debugsource-2.1.0-21.28.1 libexpat1-2.1.0-21.28.1 libexpat1-32bit-2.1.0-21.28.1 libexpat1-debuginfo-2.1.0-21.28.1 libexpat1-debuginfo-32bit-2.1.0-21.28.1 References: https://www.suse.com/security/cve/CVE-2022-43680.html https://bugzilla.suse.com/1204708 From sle-updates at lists.suse.com Fri Nov 4 17:25:33 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 4 Nov 2022 18:25:33 +0100 (CET) Subject: SUSE-SU-2022:3875-1: important: Security update for xmlbeans Message-ID: <20221104172533.A4A9EFDD7@maintenance.suse.de> SUSE Security Update: Security update for xmlbeans ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3875-1 Rating: important References: #1180915 Cross-References: CVE-2021-23926 CVSS scores: CVE-2021-23926 (NVD) : 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H CVE-2021-23926 (SUSE): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L Affected Products: SUSE Enterprise Storage 7 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Linux Enterprise Storage 7.1 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.1 SUSE Manager Retail Branch Server 4.2 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.1 SUSE Manager Server 4.2 SUSE Manager Server 4.3 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for xmlbeans fixes the following issues: - CVE-2021-23926: Fixed XML parsers not protecting from malicious XML input (bsc#1180915). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-3875=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-3875=1 - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-3875=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-3875=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-3875=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-3875=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-3875=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-3875=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-3875=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-3875=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-3875=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-3875=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-3875=1 Package List: - openSUSE Leap 15.4 (noarch): xmlbeans-2.6.0-150000.5.3.1 xmlbeans-scripts-2.6.0-150000.5.3.1 - openSUSE Leap 15.3 (noarch): xmlbeans-2.6.0-150000.5.3.1 xmlbeans-scripts-2.6.0-150000.5.3.1 - SUSE Manager Server 4.1 (noarch): xmlbeans-2.6.0-150000.5.3.1 - SUSE Manager Retail Branch Server 4.1 (noarch): xmlbeans-2.6.0-150000.5.3.1 - SUSE Manager Proxy 4.1 (noarch): xmlbeans-2.6.0-150000.5.3.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (noarch): xmlbeans-2.6.0-150000.5.3.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (noarch): xmlbeans-2.6.0-150000.5.3.1 - SUSE Linux Enterprise Server 15-SP2-BCL (noarch): xmlbeans-2.6.0-150000.5.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (noarch): xmlbeans-2.6.0-150000.5.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch): xmlbeans-2.6.0-150000.5.3.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (noarch): xmlbeans-2.6.0-150000.5.3.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (noarch): xmlbeans-2.6.0-150000.5.3.1 - SUSE Enterprise Storage 7 (noarch): xmlbeans-2.6.0-150000.5.3.1 References: https://www.suse.com/security/cve/CVE-2021-23926.html https://bugzilla.suse.com/1180915 From sle-updates at lists.suse.com Fri Nov 4 17:27:29 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 4 Nov 2022 18:27:29 +0100 (CET) Subject: SUSE-SU-2022:3871-1: important: Security update for libxml2 Message-ID: <20221104172729.A91FAFDD7@maintenance.suse.de> SUSE Security Update: Security update for libxml2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3871-1 Rating: important References: #1201978 #1204366 #1204367 Cross-References: CVE-2016-3709 CVE-2022-40303 CVE-2022-40304 CVSS scores: CVE-2016-3709 (NVD) : 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVE-2016-3709 (SUSE): 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N CVE-2022-40303 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-40304 (SUSE): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Enterprise Storage 7 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Python2 15-SP3 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Storage 7.1 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.1 SUSE Manager Retail Branch Server 4.2 SUSE Manager Server 4.1 SUSE Manager Server 4.2 openSUSE Leap 15.3 openSUSE Leap 15.4 openSUSE Leap Micro 5.2 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for libxml2 fixes the following issues: - CVE-2016-3709: Fixed possible XSS vulnerability (bsc#1201978). - CVE-2022-40303: Fixed integer overflows with XML_PARSE_HUGE (bsc#1204366). - CVE-2022-40304: Fixed dict corruption caused by entity reference cycles (bsc#1204367). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap Micro 5.2: zypper in -t patch openSUSE-Leap-Micro-5.2-2022-3871=1 - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-3871=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-3871=1 - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-3871=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-3871=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-3871=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-3871=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-3871=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-3871=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-3871=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-3871=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-3871=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-3871=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2022-3871=1 - SUSE Linux Enterprise Module for Python2 15-SP3: zypper in -t patch SUSE-SLE-Module-Python2-15-SP3-2022-3871=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-3871=1 - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-3871=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-3871=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-3871=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-3871=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-3871=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-3871=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-3871=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-3871=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-3871=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-3871=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - openSUSE Leap Micro 5.2 (aarch64 x86_64): libxml2-2-2.9.7-150000.3.51.1 libxml2-2-debuginfo-2.9.7-150000.3.51.1 libxml2-debugsource-2.9.7-150000.3.51.1 libxml2-tools-2.9.7-150000.3.51.1 libxml2-tools-debuginfo-2.9.7-150000.3.51.1 python-libxml2-python-debugsource-2.9.7-150000.3.51.1 python3-libxml2-python-2.9.7-150000.3.51.1 python3-libxml2-python-debuginfo-2.9.7-150000.3.51.1 - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): python-libxml2-python-debugsource-2.9.7-150000.3.51.1 python3-libxml2-python-2.9.7-150000.3.51.1 python3-libxml2-python-debuginfo-2.9.7-150000.3.51.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): libxml2-2-2.9.7-150000.3.51.1 libxml2-2-debuginfo-2.9.7-150000.3.51.1 libxml2-debugsource-2.9.7-150000.3.51.1 libxml2-devel-2.9.7-150000.3.51.1 libxml2-tools-2.9.7-150000.3.51.1 libxml2-tools-debuginfo-2.9.7-150000.3.51.1 python-libxml2-python-debugsource-2.9.7-150000.3.51.1 python2-libxml2-python-2.9.7-150000.3.51.1 python2-libxml2-python-debuginfo-2.9.7-150000.3.51.1 python3-libxml2-python-2.9.7-150000.3.51.1 python3-libxml2-python-debuginfo-2.9.7-150000.3.51.1 - openSUSE Leap 15.3 (x86_64): libxml2-2-32bit-2.9.7-150000.3.51.1 libxml2-2-32bit-debuginfo-2.9.7-150000.3.51.1 libxml2-devel-32bit-2.9.7-150000.3.51.1 - openSUSE Leap 15.3 (noarch): libxml2-doc-2.9.7-150000.3.51.1 - SUSE Manager Server 4.1 (ppc64le s390x x86_64): libxml2-2-2.9.7-150000.3.51.1 libxml2-2-debuginfo-2.9.7-150000.3.51.1 libxml2-debugsource-2.9.7-150000.3.51.1 libxml2-devel-2.9.7-150000.3.51.1 libxml2-tools-2.9.7-150000.3.51.1 libxml2-tools-debuginfo-2.9.7-150000.3.51.1 python-libxml2-python-debugsource-2.9.7-150000.3.51.1 python2-libxml2-python-2.9.7-150000.3.51.1 python2-libxml2-python-debuginfo-2.9.7-150000.3.51.1 python3-libxml2-python-2.9.7-150000.3.51.1 python3-libxml2-python-debuginfo-2.9.7-150000.3.51.1 - SUSE Manager Server 4.1 (x86_64): libxml2-2-32bit-2.9.7-150000.3.51.1 libxml2-2-32bit-debuginfo-2.9.7-150000.3.51.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): libxml2-2-2.9.7-150000.3.51.1 libxml2-2-32bit-2.9.7-150000.3.51.1 libxml2-2-32bit-debuginfo-2.9.7-150000.3.51.1 libxml2-2-debuginfo-2.9.7-150000.3.51.1 libxml2-debugsource-2.9.7-150000.3.51.1 libxml2-devel-2.9.7-150000.3.51.1 libxml2-tools-2.9.7-150000.3.51.1 libxml2-tools-debuginfo-2.9.7-150000.3.51.1 python-libxml2-python-debugsource-2.9.7-150000.3.51.1 python2-libxml2-python-2.9.7-150000.3.51.1 python2-libxml2-python-debuginfo-2.9.7-150000.3.51.1 python3-libxml2-python-2.9.7-150000.3.51.1 python3-libxml2-python-debuginfo-2.9.7-150000.3.51.1 - SUSE Manager Proxy 4.1 (x86_64): libxml2-2-2.9.7-150000.3.51.1 libxml2-2-32bit-2.9.7-150000.3.51.1 libxml2-2-32bit-debuginfo-2.9.7-150000.3.51.1 libxml2-2-debuginfo-2.9.7-150000.3.51.1 libxml2-debugsource-2.9.7-150000.3.51.1 libxml2-devel-2.9.7-150000.3.51.1 libxml2-tools-2.9.7-150000.3.51.1 libxml2-tools-debuginfo-2.9.7-150000.3.51.1 python-libxml2-python-debugsource-2.9.7-150000.3.51.1 python2-libxml2-python-2.9.7-150000.3.51.1 python2-libxml2-python-debuginfo-2.9.7-150000.3.51.1 python3-libxml2-python-2.9.7-150000.3.51.1 python3-libxml2-python-debuginfo-2.9.7-150000.3.51.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): libxml2-2-2.9.7-150000.3.51.1 libxml2-2-debuginfo-2.9.7-150000.3.51.1 libxml2-debugsource-2.9.7-150000.3.51.1 libxml2-devel-2.9.7-150000.3.51.1 libxml2-tools-2.9.7-150000.3.51.1 libxml2-tools-debuginfo-2.9.7-150000.3.51.1 python-libxml2-python-debugsource-2.9.7-150000.3.51.1 python2-libxml2-python-2.9.7-150000.3.51.1 python2-libxml2-python-debuginfo-2.9.7-150000.3.51.1 python3-libxml2-python-2.9.7-150000.3.51.1 python3-libxml2-python-debuginfo-2.9.7-150000.3.51.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (x86_64): libxml2-2-32bit-2.9.7-150000.3.51.1 libxml2-2-32bit-debuginfo-2.9.7-150000.3.51.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): libxml2-2-2.9.7-150000.3.51.1 libxml2-2-debuginfo-2.9.7-150000.3.51.1 libxml2-debugsource-2.9.7-150000.3.51.1 libxml2-devel-2.9.7-150000.3.51.1 libxml2-tools-2.9.7-150000.3.51.1 libxml2-tools-debuginfo-2.9.7-150000.3.51.1 python-libxml2-python-debugsource-2.9.7-150000.3.51.1 python2-libxml2-python-2.9.7-150000.3.51.1 python2-libxml2-python-debuginfo-2.9.7-150000.3.51.1 python3-libxml2-python-2.9.7-150000.3.51.1 python3-libxml2-python-debuginfo-2.9.7-150000.3.51.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (x86_64): libxml2-2-32bit-2.9.7-150000.3.51.1 libxml2-2-32bit-debuginfo-2.9.7-150000.3.51.1 - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): libxml2-2-2.9.7-150000.3.51.1 libxml2-2-debuginfo-2.9.7-150000.3.51.1 libxml2-debugsource-2.9.7-150000.3.51.1 libxml2-devel-2.9.7-150000.3.51.1 libxml2-tools-2.9.7-150000.3.51.1 libxml2-tools-debuginfo-2.9.7-150000.3.51.1 python-libxml2-python-debugsource-2.9.7-150000.3.51.1 python2-libxml2-python-2.9.7-150000.3.51.1 python2-libxml2-python-debuginfo-2.9.7-150000.3.51.1 python3-libxml2-python-2.9.7-150000.3.51.1 python3-libxml2-python-debuginfo-2.9.7-150000.3.51.1 - SUSE Linux Enterprise Server for SAP 15 (x86_64): libxml2-2-32bit-2.9.7-150000.3.51.1 libxml2-2-32bit-debuginfo-2.9.7-150000.3.51.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): libxml2-2-2.9.7-150000.3.51.1 libxml2-2-debuginfo-2.9.7-150000.3.51.1 libxml2-debugsource-2.9.7-150000.3.51.1 libxml2-devel-2.9.7-150000.3.51.1 libxml2-tools-2.9.7-150000.3.51.1 libxml2-tools-debuginfo-2.9.7-150000.3.51.1 python-libxml2-python-debugsource-2.9.7-150000.3.51.1 python2-libxml2-python-2.9.7-150000.3.51.1 python2-libxml2-python-debuginfo-2.9.7-150000.3.51.1 python3-libxml2-python-2.9.7-150000.3.51.1 python3-libxml2-python-debuginfo-2.9.7-150000.3.51.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (x86_64): libxml2-2-32bit-2.9.7-150000.3.51.1 libxml2-2-32bit-debuginfo-2.9.7-150000.3.51.1 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): libxml2-2-2.9.7-150000.3.51.1 libxml2-2-32bit-2.9.7-150000.3.51.1 libxml2-2-32bit-debuginfo-2.9.7-150000.3.51.1 libxml2-2-debuginfo-2.9.7-150000.3.51.1 libxml2-debugsource-2.9.7-150000.3.51.1 libxml2-devel-2.9.7-150000.3.51.1 libxml2-tools-2.9.7-150000.3.51.1 libxml2-tools-debuginfo-2.9.7-150000.3.51.1 python-libxml2-python-debugsource-2.9.7-150000.3.51.1 python3-libxml2-python-2.9.7-150000.3.51.1 python3-libxml2-python-debuginfo-2.9.7-150000.3.51.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): libxml2-2-2.9.7-150000.3.51.1 libxml2-2-debuginfo-2.9.7-150000.3.51.1 libxml2-debugsource-2.9.7-150000.3.51.1 libxml2-devel-2.9.7-150000.3.51.1 libxml2-tools-2.9.7-150000.3.51.1 libxml2-tools-debuginfo-2.9.7-150000.3.51.1 python-libxml2-python-debugsource-2.9.7-150000.3.51.1 python2-libxml2-python-2.9.7-150000.3.51.1 python2-libxml2-python-debuginfo-2.9.7-150000.3.51.1 python3-libxml2-python-2.9.7-150000.3.51.1 python3-libxml2-python-debuginfo-2.9.7-150000.3.51.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (x86_64): libxml2-2-32bit-2.9.7-150000.3.51.1 libxml2-2-32bit-debuginfo-2.9.7-150000.3.51.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): libxml2-2-2.9.7-150000.3.51.1 libxml2-2-32bit-2.9.7-150000.3.51.1 libxml2-2-32bit-debuginfo-2.9.7-150000.3.51.1 libxml2-2-debuginfo-2.9.7-150000.3.51.1 libxml2-debugsource-2.9.7-150000.3.51.1 libxml2-devel-2.9.7-150000.3.51.1 libxml2-tools-2.9.7-150000.3.51.1 libxml2-tools-debuginfo-2.9.7-150000.3.51.1 python-libxml2-python-debugsource-2.9.7-150000.3.51.1 python2-libxml2-python-2.9.7-150000.3.51.1 python2-libxml2-python-debuginfo-2.9.7-150000.3.51.1 python3-libxml2-python-2.9.7-150000.3.51.1 python3-libxml2-python-debuginfo-2.9.7-150000.3.51.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): libxml2-2-2.9.7-150000.3.51.1 libxml2-2-debuginfo-2.9.7-150000.3.51.1 libxml2-debugsource-2.9.7-150000.3.51.1 libxml2-devel-2.9.7-150000.3.51.1 libxml2-tools-2.9.7-150000.3.51.1 libxml2-tools-debuginfo-2.9.7-150000.3.51.1 python-libxml2-python-debugsource-2.9.7-150000.3.51.1 python2-libxml2-python-2.9.7-150000.3.51.1 python2-libxml2-python-debuginfo-2.9.7-150000.3.51.1 python3-libxml2-python-2.9.7-150000.3.51.1 python3-libxml2-python-debuginfo-2.9.7-150000.3.51.1 - SUSE Linux Enterprise Module for Python2 15-SP3 (aarch64 ppc64le s390x x86_64): python-libxml2-python-debugsource-2.9.7-150000.3.51.1 python2-libxml2-python-2.9.7-150000.3.51.1 python2-libxml2-python-debuginfo-2.9.7-150000.3.51.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): libxml2-2-2.9.7-150000.3.51.1 libxml2-2-debuginfo-2.9.7-150000.3.51.1 libxml2-debugsource-2.9.7-150000.3.51.1 libxml2-devel-2.9.7-150000.3.51.1 libxml2-tools-2.9.7-150000.3.51.1 libxml2-tools-debuginfo-2.9.7-150000.3.51.1 python-libxml2-python-debugsource-2.9.7-150000.3.51.1 python3-libxml2-python-2.9.7-150000.3.51.1 python3-libxml2-python-debuginfo-2.9.7-150000.3.51.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (x86_64): libxml2-2-32bit-2.9.7-150000.3.51.1 libxml2-2-32bit-debuginfo-2.9.7-150000.3.51.1 - SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64): libxml2-2-2.9.7-150000.3.51.1 libxml2-2-debuginfo-2.9.7-150000.3.51.1 libxml2-debugsource-2.9.7-150000.3.51.1 libxml2-tools-2.9.7-150000.3.51.1 libxml2-tools-debuginfo-2.9.7-150000.3.51.1 python-libxml2-python-debugsource-2.9.7-150000.3.51.1 python3-libxml2-python-2.9.7-150000.3.51.1 python3-libxml2-python-debuginfo-2.9.7-150000.3.51.1 - SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64): libxml2-2-2.9.7-150000.3.51.1 libxml2-2-debuginfo-2.9.7-150000.3.51.1 libxml2-debugsource-2.9.7-150000.3.51.1 libxml2-tools-2.9.7-150000.3.51.1 libxml2-tools-debuginfo-2.9.7-150000.3.51.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): libxml2-2-2.9.7-150000.3.51.1 libxml2-2-debuginfo-2.9.7-150000.3.51.1 libxml2-debugsource-2.9.7-150000.3.51.1 libxml2-devel-2.9.7-150000.3.51.1 libxml2-tools-2.9.7-150000.3.51.1 libxml2-tools-debuginfo-2.9.7-150000.3.51.1 python-libxml2-python-debugsource-2.9.7-150000.3.51.1 python2-libxml2-python-2.9.7-150000.3.51.1 python2-libxml2-python-debuginfo-2.9.7-150000.3.51.1 python3-libxml2-python-2.9.7-150000.3.51.1 python3-libxml2-python-debuginfo-2.9.7-150000.3.51.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (x86_64): libxml2-2-32bit-2.9.7-150000.3.51.1 libxml2-2-32bit-debuginfo-2.9.7-150000.3.51.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): libxml2-2-2.9.7-150000.3.51.1 libxml2-2-debuginfo-2.9.7-150000.3.51.1 libxml2-debugsource-2.9.7-150000.3.51.1 libxml2-devel-2.9.7-150000.3.51.1 libxml2-tools-2.9.7-150000.3.51.1 libxml2-tools-debuginfo-2.9.7-150000.3.51.1 python-libxml2-python-debugsource-2.9.7-150000.3.51.1 python2-libxml2-python-2.9.7-150000.3.51.1 python2-libxml2-python-debuginfo-2.9.7-150000.3.51.1 python3-libxml2-python-2.9.7-150000.3.51.1 python3-libxml2-python-debuginfo-2.9.7-150000.3.51.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (x86_64): libxml2-2-32bit-2.9.7-150000.3.51.1 libxml2-2-32bit-debuginfo-2.9.7-150000.3.51.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): libxml2-2-2.9.7-150000.3.51.1 libxml2-2-debuginfo-2.9.7-150000.3.51.1 libxml2-debugsource-2.9.7-150000.3.51.1 libxml2-devel-2.9.7-150000.3.51.1 libxml2-tools-2.9.7-150000.3.51.1 libxml2-tools-debuginfo-2.9.7-150000.3.51.1 python-libxml2-python-debugsource-2.9.7-150000.3.51.1 python2-libxml2-python-2.9.7-150000.3.51.1 python2-libxml2-python-debuginfo-2.9.7-150000.3.51.1 python3-libxml2-python-2.9.7-150000.3.51.1 python3-libxml2-python-debuginfo-2.9.7-150000.3.51.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (x86_64): libxml2-2-32bit-2.9.7-150000.3.51.1 libxml2-2-32bit-debuginfo-2.9.7-150000.3.51.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): libxml2-2-2.9.7-150000.3.51.1 libxml2-2-debuginfo-2.9.7-150000.3.51.1 libxml2-debugsource-2.9.7-150000.3.51.1 libxml2-devel-2.9.7-150000.3.51.1 libxml2-tools-2.9.7-150000.3.51.1 libxml2-tools-debuginfo-2.9.7-150000.3.51.1 python-libxml2-python-debugsource-2.9.7-150000.3.51.1 python2-libxml2-python-2.9.7-150000.3.51.1 python2-libxml2-python-debuginfo-2.9.7-150000.3.51.1 python3-libxml2-python-2.9.7-150000.3.51.1 python3-libxml2-python-debuginfo-2.9.7-150000.3.51.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (x86_64): libxml2-2-32bit-2.9.7-150000.3.51.1 libxml2-2-32bit-debuginfo-2.9.7-150000.3.51.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): libxml2-2-2.9.7-150000.3.51.1 libxml2-2-debuginfo-2.9.7-150000.3.51.1 libxml2-debugsource-2.9.7-150000.3.51.1 libxml2-devel-2.9.7-150000.3.51.1 libxml2-tools-2.9.7-150000.3.51.1 libxml2-tools-debuginfo-2.9.7-150000.3.51.1 python-libxml2-python-debugsource-2.9.7-150000.3.51.1 python2-libxml2-python-2.9.7-150000.3.51.1 python2-libxml2-python-debuginfo-2.9.7-150000.3.51.1 python3-libxml2-python-2.9.7-150000.3.51.1 python3-libxml2-python-debuginfo-2.9.7-150000.3.51.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (x86_64): libxml2-2-32bit-2.9.7-150000.3.51.1 libxml2-2-32bit-debuginfo-2.9.7-150000.3.51.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): libxml2-2-2.9.7-150000.3.51.1 libxml2-2-debuginfo-2.9.7-150000.3.51.1 libxml2-debugsource-2.9.7-150000.3.51.1 libxml2-devel-2.9.7-150000.3.51.1 libxml2-tools-2.9.7-150000.3.51.1 libxml2-tools-debuginfo-2.9.7-150000.3.51.1 python-libxml2-python-debugsource-2.9.7-150000.3.51.1 python2-libxml2-python-2.9.7-150000.3.51.1 python2-libxml2-python-debuginfo-2.9.7-150000.3.51.1 python3-libxml2-python-2.9.7-150000.3.51.1 python3-libxml2-python-debuginfo-2.9.7-150000.3.51.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (x86_64): libxml2-2-32bit-2.9.7-150000.3.51.1 libxml2-2-32bit-debuginfo-2.9.7-150000.3.51.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): libxml2-2-2.9.7-150000.3.51.1 libxml2-2-debuginfo-2.9.7-150000.3.51.1 libxml2-debugsource-2.9.7-150000.3.51.1 libxml2-devel-2.9.7-150000.3.51.1 libxml2-tools-2.9.7-150000.3.51.1 libxml2-tools-debuginfo-2.9.7-150000.3.51.1 python-libxml2-python-debugsource-2.9.7-150000.3.51.1 python2-libxml2-python-2.9.7-150000.3.51.1 python2-libxml2-python-debuginfo-2.9.7-150000.3.51.1 python3-libxml2-python-2.9.7-150000.3.51.1 python3-libxml2-python-debuginfo-2.9.7-150000.3.51.1 - SUSE Enterprise Storage 7 (x86_64): libxml2-2-32bit-2.9.7-150000.3.51.1 libxml2-2-32bit-debuginfo-2.9.7-150000.3.51.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): libxml2-2-2.9.7-150000.3.51.1 libxml2-2-debuginfo-2.9.7-150000.3.51.1 libxml2-debugsource-2.9.7-150000.3.51.1 libxml2-devel-2.9.7-150000.3.51.1 libxml2-tools-2.9.7-150000.3.51.1 libxml2-tools-debuginfo-2.9.7-150000.3.51.1 python-libxml2-python-debugsource-2.9.7-150000.3.51.1 python2-libxml2-python-2.9.7-150000.3.51.1 python2-libxml2-python-debuginfo-2.9.7-150000.3.51.1 python3-libxml2-python-2.9.7-150000.3.51.1 python3-libxml2-python-debuginfo-2.9.7-150000.3.51.1 - SUSE Enterprise Storage 6 (x86_64): libxml2-2-32bit-2.9.7-150000.3.51.1 libxml2-2-32bit-debuginfo-2.9.7-150000.3.51.1 - SUSE CaaS Platform 4.0 (x86_64): libxml2-2-2.9.7-150000.3.51.1 libxml2-2-32bit-2.9.7-150000.3.51.1 libxml2-2-32bit-debuginfo-2.9.7-150000.3.51.1 libxml2-2-debuginfo-2.9.7-150000.3.51.1 libxml2-debugsource-2.9.7-150000.3.51.1 libxml2-devel-2.9.7-150000.3.51.1 libxml2-tools-2.9.7-150000.3.51.1 libxml2-tools-debuginfo-2.9.7-150000.3.51.1 python-libxml2-python-debugsource-2.9.7-150000.3.51.1 python2-libxml2-python-2.9.7-150000.3.51.1 python2-libxml2-python-debuginfo-2.9.7-150000.3.51.1 python3-libxml2-python-2.9.7-150000.3.51.1 python3-libxml2-python-debuginfo-2.9.7-150000.3.51.1 References: https://www.suse.com/security/cve/CVE-2016-3709.html https://www.suse.com/security/cve/CVE-2022-40303.html https://www.suse.com/security/cve/CVE-2022-40304.html https://bugzilla.suse.com/1201978 https://bugzilla.suse.com/1204366 https://bugzilla.suse.com/1204367 From sle-updates at lists.suse.com Fri Nov 4 17:29:09 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 4 Nov 2022 18:29:09 +0100 (CET) Subject: SUSE-RU-2022:3878-1: moderate: Recommended update for SUSE Manager Proxy 4.2 Message-ID: <20221104172909.3561EFDD7@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSE Manager Proxy 4.2 ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:3878-1 Rating: moderate References: #1201059 #1201788 #1203283 Affected Products: SUSE Linux Enterprise Module for SUSE Manager Proxy 4.2 SUSE Manager Proxy 4.2 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update fixes the following issues: spacecmd: - Version 4.2.20-1 * Remove "Undefined return code" from debug messages (bsc#1203283) spacewalk-backend: - Version 4.2.25-1 * Enhance passwords cleanup and add extra files in spacewalk-debug (bsc#1201059) * Prevent mixing credentials for proxy and repository server while using basic authentication and avoid hiding errors i.e. timeouts while having proxy settings issues with extra logging in verbose mode (bsc#1201788) spacewalk-client-tools: - Version 4.2.21-1 * Update translation strings spacewalk-web: - Version 4.2.30-1 * Upgrade moment-timezone How to apply this update: 1. Log in as root user to the SUSE Manager proxy. 2. Stop the proxy service: spacewalk-proxy stop 3. Apply the patch using either zypper patch or YaST Online Update. 4. Start the Spacewalk service: spacewalk-proxy start Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.2: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Proxy-4.2-2022-3878=1 Package List: - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.2 (noarch): python3-spacewalk-check-4.2.21-150300.4.27.3 python3-spacewalk-client-setup-4.2.21-150300.4.27.3 python3-spacewalk-client-tools-4.2.21-150300.4.27.3 spacecmd-4.2.20-150300.4.30.2 spacewalk-backend-4.2.25-150300.4.32.4 spacewalk-base-minimal-4.2.30-150300.3.30.3 spacewalk-base-minimal-config-4.2.30-150300.3.30.3 spacewalk-check-4.2.21-150300.4.27.3 spacewalk-client-setup-4.2.21-150300.4.27.3 spacewalk-client-tools-4.2.21-150300.4.27.3 References: https://bugzilla.suse.com/1201059 https://bugzilla.suse.com/1201788 https://bugzilla.suse.com/1203283 From sle-updates at lists.suse.com Fri Nov 4 17:30:00 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 4 Nov 2022 18:30:00 +0100 (CET) Subject: SUSE-SU-2022:3880-1: critical: Security update for spacewalk-java Message-ID: <20221104173000.69CEBFDD7@maintenance.suse.de> SUSE Security Update: Security update for spacewalk-java ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3880-1 Rating: critical References: #1204543 #1204716 #1204741 Cross-References: CVE-2022-31255 CVE-2022-43753 CVE-2022-43754 CVSS scores: CVE-2022-43753 (SUSE): 5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N CVE-2022-43754 (SUSE): 3 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:N/A:N Affected Products: SUSE Linux Enterprise Module for SUSE Manager Server 4.3 SUSE Manager Server 4.3 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for spacewalk-java fixes the following issues: - CVE-2022-31255: Fix directory path traversal vulnerability (bsc#1204543) - CVE-2022-43754: Fix reflected cross site scripting vulnerability (bsc#1204741) - CVE-2022-43753: Fix arbitrary file disclosure vulnerability (bsc#1204716) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for SUSE Manager Server 4.3: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.3-2022-3880=1 Package List: - SUSE Linux Enterprise Module for SUSE Manager Server 4.3 (noarch): spacewalk-java-4.3.39-150400.3.11.1 spacewalk-java-config-4.3.39-150400.3.11.1 spacewalk-java-lib-4.3.39-150400.3.11.1 spacewalk-java-postgresql-4.3.39-150400.3.11.1 spacewalk-taskomatic-4.3.39-150400.3.11.1 References: https://www.suse.com/security/cve/CVE-2022-31255.html https://www.suse.com/security/cve/CVE-2022-43753.html https://www.suse.com/security/cve/CVE-2022-43754.html https://bugzilla.suse.com/1204543 https://bugzilla.suse.com/1204716 https://bugzilla.suse.com/1204741 From sle-updates at lists.suse.com Fri Nov 4 17:30:57 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 4 Nov 2022 18:30:57 +0100 (CET) Subject: SUSE-SU-2022:3878-1: critical: Security update for SUSE Manager Server 4.2 Message-ID: <20221104173057.F0EE3FDD7@maintenance.suse.de> SUSE Security Update: Security update for SUSE Manager Server 4.2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3878-1 Rating: critical References: #1195624 #1197724 #1199726 #1200596 #1201059 #1201788 #1202167 #1202729 #1202785 #1203283 #1203406 #1203422 #1203564 #1203599 #1203611 #1203898 #1204146 #1204203 #1204543 #1204716 #1204741 Cross-References: CVE-2022-31255 CVE-2022-43753 CVE-2022-43754 CVSS scores: CVE-2022-43753 (SUSE): 5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N CVE-2022-43754 (SUSE): 3 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:N/A:N Affected Products: SUSE Linux Enterprise Module for SUSE Manager Server 4.2 SUSE Manager Server 4.2 ______________________________________________________________________________ An update that solves three vulnerabilities and has 18 fixes is now available. Description: This update fixes the following issues: hub-xmlrpc-api: - Use golang(API) = 1.18 for building on SUSE (bsc#1203599) This source fails to build with the current go1.19 on SUSE and we need to use go1.18 instead. inter-server-sync: - Version 0.2.4 * Improve memory usage and log information #17193 * Conditional insert check for FK reference exists (bsc#1202785) * Correct navigation path for table rhnerratafilechannel (bsc#1202785) locale-formula: - Update to version 0.3 * Remove .map.gz from kb_map dictionary (bsc#1203406) py27-compat-salt: - Fix state.apply in test mode with file state module on user/group checking (bsc#1202167) - Make zypperpkg to retry if RPM lock is temporarily unavailable (bsc#1200596) python-urlgrabber: - Fix wrong logic on find_proxy method causing proxy not being used (bsc#1201788) spacecmd: - Version 4.2.20-1 * Remove "Undefined return code" from debug messages (bsc#1203283) spacewalk-backend: - Version 4.2.25-1 * Enhance passwords cleanup and add extra files in spacewalk-debug (bsc#1201059) * Prevent mixing credentials for proxy and repository server while using basic authentication and avoid hiding errors i.e. timeouts while having proxy settings issues with extra logging in verbose mode (bsc#1201788) spacewalk-client-tools: - Version 4.2.21-1 * Update translation strings spacewalk-java: - Version 4.2.43-1 * CVE-2022-31255: Fix directory path traversal vulnerability (bsc#1204543) * CVE-2022-43754: Fix reflected cross site scripting vulnerability (bsc#1204741) * CVE-2022-43753: Fix arbitrary file disclosure vulnerability (bsc#1204716) - Version 4.2.42-1 * Properly pass allow vendor change to salt state (bsc#1204203) * add ongres requirements to spec file (bsc#1203898) * Refresh pillar data (bsc#1197724) * Fix hardware update where there is no DNS FQDN changes (bsc#1203611) * Use mgrnet.dns_fqdns module to improve FQDN detection (bsc#1199726) * Support Pay-as-you-go new CA location for SLES15SP4 and higher (bsc#1202729) * Detect the clients running on Amazon EC2 (bsc#1195624) spacewalk-utils: - Version 4.2.18-1 * Make spacewalk-hostname-rename working with settings.yaml cobbler config file (bsc#1203564) spacewalk-web: - Version 4.2.30-1 * Upgrade moment-timezone susemanager: - Version 4.2.38-1 * add venv-salt-minion to bootstrap repo (bsc#1204146) susemanager-doc-indexes: - Documented that only SUSE clients are supported as monitoring servers in the Administration Guide - Fixed description of default notification settings (bsc#1203422) - Added missing Debian 11 references - Removed references to Debian 9, as it is EoL, and therefore unsupported by SUSE Manager - Document Helm deployment of the proxy on k3s and MetalLB in Installation and Upgrade Guide - Added secure mail communication settings in Administration Guide - Fixed the incorrect path to state and pillar files in Salt Guide - Documented how pxeboot works with Secure Boot enabled in Client Configuration Guide - Added SLE Micro 5.2 and 5.3 as available as a technology preview in the Client Configuration Guide, and the IBM Z architecture for 5.1, 5.2, and 5.3 susemanager-docs_en: - Documented that only SUSE clients are supported as monitoring servers in the Administration Guide - Fixed description of default notification settings (bsc#1203422) - Added missing Debian 11 references - Removed references to Debian 9, as it is EoL, and therefore unsupported by SUSE Manager - Document Helm deployment of the proxy on k3s and MetalLB in Installation and Upgrade Guide - Added secure mail communication settings in Administration Guide - Fixed the incorrect path to state and pillar files in Salt Guide - Documented how pxeboot works with Secure Boot enabled in Client Configuration Guide - Added SLE Micro 5.2 and 5.3 as available as a technology preview in the Client Configuration Guide, and the IBM Z architecture for 5.1, 5.2, and 5.3 susemanager-schema: - Version 4.2.25-1 * Add subtypes for Amazon EC2 virtual instances (bsc#1195624) susemanager-sls: - Version 4.2.28-1 * Fix mgrnet availability check * Remove dependence on Kiwi libraries * Use mgrnet.dns_fqdns module to improve FQDN detection (bsc#1199726) * Add mgrnet salt module with mgrnet.dns_fqnd function implementation allowing to get all possible FQDNs from DNS (bsc#1199726) How to apply this update: 1. Log in as root user to the SUSE Manager server. 2. Stop the Spacewalk service: `spacewalk-service stop` 3. Apply the patch using either zypper patch or YaST Online Update. 4. Start the Spacewalk service: `spacewalk-service start` Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for SUSE Manager Server 4.2: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.2-2022-3878=1 Package List: - SUSE Linux Enterprise Module for SUSE Manager Server 4.2 (ppc64le s390x x86_64): hub-xmlrpc-api-0.7-150300.3.9.2 inter-server-sync-0.2.4-150300.8.25.2 inter-server-sync-debuginfo-0.2.4-150300.8.25.2 susemanager-4.2.38-150300.3.44.3 susemanager-tools-4.2.38-150300.3.44.3 - SUSE Linux Enterprise Module for SUSE Manager Server 4.2 (noarch): locale-formula-0.3-150300.3.3.2 py27-compat-salt-3000.3-150300.7.7.26.2 python3-spacewalk-client-tools-4.2.21-150300.4.27.3 python3-urlgrabber-3.10.2.1py2_3-150300.3.3.2 spacecmd-4.2.20-150300.4.30.2 spacewalk-backend-4.2.25-150300.4.32.4 spacewalk-backend-app-4.2.25-150300.4.32.4 spacewalk-backend-applet-4.2.25-150300.4.32.4 spacewalk-backend-config-files-4.2.25-150300.4.32.4 spacewalk-backend-config-files-common-4.2.25-150300.4.32.4 spacewalk-backend-config-files-tool-4.2.25-150300.4.32.4 spacewalk-backend-iss-4.2.25-150300.4.32.4 spacewalk-backend-iss-export-4.2.25-150300.4.32.4 spacewalk-backend-package-push-server-4.2.25-150300.4.32.4 spacewalk-backend-server-4.2.25-150300.4.32.4 spacewalk-backend-sql-4.2.25-150300.4.32.4 spacewalk-backend-sql-postgresql-4.2.25-150300.4.32.4 spacewalk-backend-tools-4.2.25-150300.4.32.4 spacewalk-backend-xml-export-libs-4.2.25-150300.4.32.4 spacewalk-backend-xmlrpc-4.2.25-150300.4.32.4 spacewalk-base-4.2.30-150300.3.30.3 spacewalk-base-minimal-4.2.30-150300.3.30.3 spacewalk-base-minimal-config-4.2.30-150300.3.30.3 spacewalk-client-tools-4.2.21-150300.4.27.3 spacewalk-html-4.2.30-150300.3.30.3 spacewalk-java-4.2.43-150300.3.48.2 spacewalk-java-config-4.2.43-150300.3.48.2 spacewalk-java-lib-4.2.43-150300.3.48.2 spacewalk-java-postgresql-4.2.43-150300.3.48.2 spacewalk-taskomatic-4.2.43-150300.3.48.2 spacewalk-utils-4.2.18-150300.3.21.2 spacewalk-utils-extras-4.2.18-150300.3.21.2 susemanager-doc-indexes-4.2-150300.12.36.3 susemanager-docs_en-4.2-150300.12.36.2 susemanager-docs_en-pdf-4.2-150300.12.36.2 susemanager-schema-4.2.25-150300.3.30.3 susemanager-sls-4.2.28-150300.3.36.2 uyuni-config-modules-4.2.28-150300.3.36.2 References: https://www.suse.com/security/cve/CVE-2022-31255.html https://www.suse.com/security/cve/CVE-2022-43753.html https://www.suse.com/security/cve/CVE-2022-43754.html https://bugzilla.suse.com/1195624 https://bugzilla.suse.com/1197724 https://bugzilla.suse.com/1199726 https://bugzilla.suse.com/1200596 https://bugzilla.suse.com/1201059 https://bugzilla.suse.com/1201788 https://bugzilla.suse.com/1202167 https://bugzilla.suse.com/1202729 https://bugzilla.suse.com/1202785 https://bugzilla.suse.com/1203283 https://bugzilla.suse.com/1203406 https://bugzilla.suse.com/1203422 https://bugzilla.suse.com/1203564 https://bugzilla.suse.com/1203599 https://bugzilla.suse.com/1203611 https://bugzilla.suse.com/1203898 https://bugzilla.suse.com/1204146 https://bugzilla.suse.com/1204203 https://bugzilla.suse.com/1204543 https://bugzilla.suse.com/1204716 https://bugzilla.suse.com/1204741 From sle-updates at lists.suse.com Fri Nov 4 17:33:18 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 4 Nov 2022 18:33:18 +0100 (CET) Subject: SUSE-RU-2022:3872-1: important: Recommended update for cepces Message-ID: <20221104173318.A9D48FDD7@maintenance.suse.de> SUSE Recommended Update: Recommended update for cepces ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:3872-1 Rating: important References: #1203273 Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for cepces fixes the following issues: - Fix cepces won't compile on SLE15SP5. (bsc#1203273) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-3872=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-3872=1 Package List: - openSUSE Leap 15.4 (noarch): cepces-0.3.4-150400.3.3.1 cepces-certmonger-0.3.4-150400.3.3.1 python3-cepces-0.3.4-150400.3.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (noarch): cepces-0.3.4-150400.3.3.1 cepces-certmonger-0.3.4-150400.3.3.1 python3-cepces-0.3.4-150400.3.3.1 References: https://bugzilla.suse.com/1203273 From sle-updates at lists.suse.com Fri Nov 4 17:34:03 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 4 Nov 2022 18:34:03 +0100 (CET) Subject: SUSE-SU-2022:3876-1: important: Security update for xmlbeans Message-ID: <20221104173403.19BB4FDD7@maintenance.suse.de> SUSE Security Update: Security update for xmlbeans ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3876-1 Rating: important References: #1180915 Cross-References: CVE-2021-23926 CVSS scores: CVE-2021-23926 (NVD) : 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H CVE-2021-23926 (SUSE): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L Affected Products: SUSE Linux Enterprise Desktop 12-SP5 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Workstation Extension 12-SP5 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for xmlbeans fixes the following issues: - CVE-2021-23926: Fixed XML parsers not protecting from malicious XML input (bsc#1180915). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP5: zypper in -t patch SUSE-SLE-WE-12-SP5-2022-3876=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-3876=1 Package List: - SUSE Linux Enterprise Workstation Extension 12-SP5 (noarch): xmlbeans-2.6.0-3.3.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (noarch): xmlbeans-2.6.0-3.3.1 References: https://www.suse.com/security/cve/CVE-2021-23926.html https://bugzilla.suse.com/1180915 From sle-updates at lists.suse.com Fri Nov 4 17:35:45 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 4 Nov 2022 18:35:45 +0100 (CET) Subject: SUSE-RU-2022:3873-1: moderate: Recommended update for mozilla-nspr, mozilla-nss Message-ID: <20221104173545.E6CC6FDD7@maintenance.suse.de> SUSE Recommended Update: Recommended update for mozilla-nspr, mozilla-nss ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:3873-1 Rating: moderate References: #1191546 #1198980 #1201298 #1202870 #1204729 Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Enterprise Storage 7 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Micro 5.3 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Module for Server Applications 15-SP3 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Linux Enterprise Storage 7.1 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.1 SUSE Manager Retail Branch Server 4.2 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.1 SUSE Manager Server 4.2 SUSE Manager Server 4.3 openSUSE Leap 15.3 openSUSE Leap 15.4 openSUSE Leap Micro 5.2 ______________________________________________________________________________ An update that has 5 recommended fixes can now be installed. Description: This update for mozilla-nspr, mozilla-nss fixes the following issues: mozilla-nspr was updated to version 4.34.1: * add file descriptor sanity checks in the NSPR poll function. mozilla-nss was updated to NSS 3.79.2 (bsc#1204729): * Bump minimum NSPR version to 4.34.1. * Gracefully handle null nickname in CERT_GetCertNicknameWithValidity. Other fixes that were applied: - FIPS: Allow the use of DSA keys (verification only) (bsc#1201298). - FIPS: Add sftk_FIPSRepeatIntegrityCheck() to softoken's .def file (bsc#1198980). - FIPS: Allow the use of longer symmetric keys via the service level indicator (bsc#1191546). - FIPS: Prevent TLS sessions from getting flagged as non-FIPS (bsc#1191546). - FIPS: Mark DSA keygen unapproved (bsc#1191546, bsc#1201298). - FIPS: Use libjitterentropy for entropy (bsc#1202870). - FIPS: Fixed an abort() when both NSS_FIPS and /proc FIPS mode are enabled. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap Micro 5.2: zypper in -t patch openSUSE-Leap-Micro-5.2-2022-3873=1 - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-3873=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-3873=1 - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-3873=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-3873=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-3873=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-3873=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-3873=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-3873=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-3873=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-3873=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-3873=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-3873=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2022-3873=1 - SUSE Linux Enterprise Module for Server Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP3-2022-3873=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-3873=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-3873=1 - SUSE Linux Enterprise Micro 5.3: zypper in -t patch SUSE-SLE-Micro-5.3-2022-3873=1 - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-3873=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-3873=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-3873=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-3873=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-3873=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-3873=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-3873=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-3873=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-3873=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-3873=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - openSUSE Leap Micro 5.2 (aarch64 x86_64): libfreebl3-3.79.2-150000.3.82.1 libfreebl3-debuginfo-3.79.2-150000.3.82.1 libfreebl3-hmac-3.79.2-150000.3.82.1 libsoftokn3-3.79.2-150000.3.82.1 libsoftokn3-debuginfo-3.79.2-150000.3.82.1 libsoftokn3-hmac-3.79.2-150000.3.82.1 mozilla-nspr-4.34.1-150000.3.26.1 mozilla-nspr-debuginfo-4.34.1-150000.3.26.1 mozilla-nspr-debugsource-4.34.1-150000.3.26.1 mozilla-nss-3.79.2-150000.3.82.1 mozilla-nss-certs-3.79.2-150000.3.82.1 mozilla-nss-certs-debuginfo-3.79.2-150000.3.82.1 mozilla-nss-debuginfo-3.79.2-150000.3.82.1 mozilla-nss-debugsource-3.79.2-150000.3.82.1 mozilla-nss-tools-3.79.2-150000.3.82.1 mozilla-nss-tools-debuginfo-3.79.2-150000.3.82.1 - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): mozilla-nspr-4.34.1-150000.3.26.1 mozilla-nspr-debuginfo-4.34.1-150000.3.26.1 mozilla-nspr-debugsource-4.34.1-150000.3.26.1 mozilla-nspr-devel-4.34.1-150000.3.26.1 - openSUSE Leap 15.4 (x86_64): mozilla-nspr-32bit-4.34.1-150000.3.26.1 mozilla-nspr-32bit-debuginfo-4.34.1-150000.3.26.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): libfreebl3-3.79.2-150000.3.82.1 libfreebl3-debuginfo-3.79.2-150000.3.82.1 libfreebl3-hmac-3.79.2-150000.3.82.1 libsoftokn3-3.79.2-150000.3.82.1 libsoftokn3-debuginfo-3.79.2-150000.3.82.1 libsoftokn3-hmac-3.79.2-150000.3.82.1 mozilla-nspr-4.34.1-150000.3.26.1 mozilla-nspr-debuginfo-4.34.1-150000.3.26.1 mozilla-nspr-debugsource-4.34.1-150000.3.26.1 mozilla-nspr-devel-4.34.1-150000.3.26.1 mozilla-nss-3.79.2-150000.3.82.1 mozilla-nss-certs-3.79.2-150000.3.82.1 mozilla-nss-certs-debuginfo-3.79.2-150000.3.82.1 mozilla-nss-debuginfo-3.79.2-150000.3.82.1 mozilla-nss-debugsource-3.79.2-150000.3.82.1 mozilla-nss-devel-3.79.2-150000.3.82.1 mozilla-nss-sysinit-3.79.2-150000.3.82.1 mozilla-nss-sysinit-debuginfo-3.79.2-150000.3.82.1 mozilla-nss-tools-3.79.2-150000.3.82.1 mozilla-nss-tools-debuginfo-3.79.2-150000.3.82.1 - openSUSE Leap 15.3 (x86_64): libfreebl3-32bit-3.79.2-150000.3.82.1 libfreebl3-32bit-debuginfo-3.79.2-150000.3.82.1 libfreebl3-hmac-32bit-3.79.2-150000.3.82.1 libsoftokn3-32bit-3.79.2-150000.3.82.1 libsoftokn3-32bit-debuginfo-3.79.2-150000.3.82.1 libsoftokn3-hmac-32bit-3.79.2-150000.3.82.1 mozilla-nspr-32bit-4.34.1-150000.3.26.1 mozilla-nspr-32bit-debuginfo-4.34.1-150000.3.26.1 mozilla-nss-32bit-3.79.2-150000.3.82.1 mozilla-nss-32bit-debuginfo-3.79.2-150000.3.82.1 mozilla-nss-certs-32bit-3.79.2-150000.3.82.1 mozilla-nss-certs-32bit-debuginfo-3.79.2-150000.3.82.1 mozilla-nss-sysinit-32bit-3.79.2-150000.3.82.1 mozilla-nss-sysinit-32bit-debuginfo-3.79.2-150000.3.82.1 - SUSE Manager Server 4.1 (ppc64le s390x x86_64): libfreebl3-3.79.2-150000.3.82.1 libfreebl3-debuginfo-3.79.2-150000.3.82.1 libfreebl3-hmac-3.79.2-150000.3.82.1 libsoftokn3-3.79.2-150000.3.82.1 libsoftokn3-debuginfo-3.79.2-150000.3.82.1 libsoftokn3-hmac-3.79.2-150000.3.82.1 mozilla-nspr-4.34.1-150000.3.26.1 mozilla-nspr-debuginfo-4.34.1-150000.3.26.1 mozilla-nspr-debugsource-4.34.1-150000.3.26.1 mozilla-nspr-devel-4.34.1-150000.3.26.1 mozilla-nss-3.79.2-150000.3.82.1 mozilla-nss-certs-3.79.2-150000.3.82.1 mozilla-nss-certs-debuginfo-3.79.2-150000.3.82.1 mozilla-nss-debuginfo-3.79.2-150000.3.82.1 mozilla-nss-debugsource-3.79.2-150000.3.82.1 mozilla-nss-devel-3.79.2-150000.3.82.1 mozilla-nss-sysinit-3.79.2-150000.3.82.1 mozilla-nss-sysinit-debuginfo-3.79.2-150000.3.82.1 mozilla-nss-tools-3.79.2-150000.3.82.1 mozilla-nss-tools-debuginfo-3.79.2-150000.3.82.1 - SUSE Manager Server 4.1 (x86_64): libfreebl3-32bit-3.79.2-150000.3.82.1 libfreebl3-32bit-debuginfo-3.79.2-150000.3.82.1 libfreebl3-hmac-32bit-3.79.2-150000.3.82.1 libsoftokn3-32bit-3.79.2-150000.3.82.1 libsoftokn3-32bit-debuginfo-3.79.2-150000.3.82.1 libsoftokn3-hmac-32bit-3.79.2-150000.3.82.1 mozilla-nspr-32bit-4.34.1-150000.3.26.1 mozilla-nspr-32bit-debuginfo-4.34.1-150000.3.26.1 mozilla-nss-32bit-3.79.2-150000.3.82.1 mozilla-nss-32bit-debuginfo-3.79.2-150000.3.82.1 mozilla-nss-certs-32bit-3.79.2-150000.3.82.1 mozilla-nss-certs-32bit-debuginfo-3.79.2-150000.3.82.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): libfreebl3-3.79.2-150000.3.82.1 libfreebl3-32bit-3.79.2-150000.3.82.1 libfreebl3-32bit-debuginfo-3.79.2-150000.3.82.1 libfreebl3-debuginfo-3.79.2-150000.3.82.1 libfreebl3-hmac-3.79.2-150000.3.82.1 libfreebl3-hmac-32bit-3.79.2-150000.3.82.1 libsoftokn3-3.79.2-150000.3.82.1 libsoftokn3-32bit-3.79.2-150000.3.82.1 libsoftokn3-32bit-debuginfo-3.79.2-150000.3.82.1 libsoftokn3-debuginfo-3.79.2-150000.3.82.1 libsoftokn3-hmac-3.79.2-150000.3.82.1 libsoftokn3-hmac-32bit-3.79.2-150000.3.82.1 mozilla-nspr-32bit-4.34.1-150000.3.26.1 mozilla-nspr-32bit-debuginfo-4.34.1-150000.3.26.1 mozilla-nspr-4.34.1-150000.3.26.1 mozilla-nspr-debuginfo-4.34.1-150000.3.26.1 mozilla-nspr-debugsource-4.34.1-150000.3.26.1 mozilla-nspr-devel-4.34.1-150000.3.26.1 mozilla-nss-3.79.2-150000.3.82.1 mozilla-nss-32bit-3.79.2-150000.3.82.1 mozilla-nss-32bit-debuginfo-3.79.2-150000.3.82.1 mozilla-nss-certs-3.79.2-150000.3.82.1 mozilla-nss-certs-32bit-3.79.2-150000.3.82.1 mozilla-nss-certs-32bit-debuginfo-3.79.2-150000.3.82.1 mozilla-nss-certs-debuginfo-3.79.2-150000.3.82.1 mozilla-nss-debuginfo-3.79.2-150000.3.82.1 mozilla-nss-debugsource-3.79.2-150000.3.82.1 mozilla-nss-devel-3.79.2-150000.3.82.1 mozilla-nss-sysinit-3.79.2-150000.3.82.1 mozilla-nss-sysinit-debuginfo-3.79.2-150000.3.82.1 mozilla-nss-tools-3.79.2-150000.3.82.1 mozilla-nss-tools-debuginfo-3.79.2-150000.3.82.1 - SUSE Manager Proxy 4.1 (x86_64): libfreebl3-3.79.2-150000.3.82.1 libfreebl3-32bit-3.79.2-150000.3.82.1 libfreebl3-32bit-debuginfo-3.79.2-150000.3.82.1 libfreebl3-debuginfo-3.79.2-150000.3.82.1 libfreebl3-hmac-3.79.2-150000.3.82.1 libfreebl3-hmac-32bit-3.79.2-150000.3.82.1 libsoftokn3-3.79.2-150000.3.82.1 libsoftokn3-32bit-3.79.2-150000.3.82.1 libsoftokn3-32bit-debuginfo-3.79.2-150000.3.82.1 libsoftokn3-debuginfo-3.79.2-150000.3.82.1 libsoftokn3-hmac-3.79.2-150000.3.82.1 libsoftokn3-hmac-32bit-3.79.2-150000.3.82.1 mozilla-nspr-32bit-4.34.1-150000.3.26.1 mozilla-nspr-32bit-debuginfo-4.34.1-150000.3.26.1 mozilla-nspr-4.34.1-150000.3.26.1 mozilla-nspr-debuginfo-4.34.1-150000.3.26.1 mozilla-nspr-debugsource-4.34.1-150000.3.26.1 mozilla-nspr-devel-4.34.1-150000.3.26.1 mozilla-nss-3.79.2-150000.3.82.1 mozilla-nss-32bit-3.79.2-150000.3.82.1 mozilla-nss-32bit-debuginfo-3.79.2-150000.3.82.1 mozilla-nss-certs-3.79.2-150000.3.82.1 mozilla-nss-certs-32bit-3.79.2-150000.3.82.1 mozilla-nss-certs-32bit-debuginfo-3.79.2-150000.3.82.1 mozilla-nss-certs-debuginfo-3.79.2-150000.3.82.1 mozilla-nss-debuginfo-3.79.2-150000.3.82.1 mozilla-nss-debugsource-3.79.2-150000.3.82.1 mozilla-nss-devel-3.79.2-150000.3.82.1 mozilla-nss-sysinit-3.79.2-150000.3.82.1 mozilla-nss-sysinit-debuginfo-3.79.2-150000.3.82.1 mozilla-nss-tools-3.79.2-150000.3.82.1 mozilla-nss-tools-debuginfo-3.79.2-150000.3.82.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): libfreebl3-3.79.2-150000.3.82.1 libfreebl3-debuginfo-3.79.2-150000.3.82.1 libfreebl3-hmac-3.79.2-150000.3.82.1 libsoftokn3-3.79.2-150000.3.82.1 libsoftokn3-debuginfo-3.79.2-150000.3.82.1 libsoftokn3-hmac-3.79.2-150000.3.82.1 mozilla-nspr-4.34.1-150000.3.26.1 mozilla-nspr-debuginfo-4.34.1-150000.3.26.1 mozilla-nspr-debugsource-4.34.1-150000.3.26.1 mozilla-nspr-devel-4.34.1-150000.3.26.1 mozilla-nss-3.79.2-150000.3.82.1 mozilla-nss-certs-3.79.2-150000.3.82.1 mozilla-nss-certs-debuginfo-3.79.2-150000.3.82.1 mozilla-nss-debuginfo-3.79.2-150000.3.82.1 mozilla-nss-debugsource-3.79.2-150000.3.82.1 mozilla-nss-devel-3.79.2-150000.3.82.1 mozilla-nss-sysinit-3.79.2-150000.3.82.1 mozilla-nss-sysinit-debuginfo-3.79.2-150000.3.82.1 mozilla-nss-tools-3.79.2-150000.3.82.1 mozilla-nss-tools-debuginfo-3.79.2-150000.3.82.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (x86_64): libfreebl3-32bit-3.79.2-150000.3.82.1 libfreebl3-32bit-debuginfo-3.79.2-150000.3.82.1 libfreebl3-hmac-32bit-3.79.2-150000.3.82.1 libsoftokn3-32bit-3.79.2-150000.3.82.1 libsoftokn3-32bit-debuginfo-3.79.2-150000.3.82.1 libsoftokn3-hmac-32bit-3.79.2-150000.3.82.1 mozilla-nspr-32bit-4.34.1-150000.3.26.1 mozilla-nspr-32bit-debuginfo-4.34.1-150000.3.26.1 mozilla-nss-32bit-3.79.2-150000.3.82.1 mozilla-nss-32bit-debuginfo-3.79.2-150000.3.82.1 mozilla-nss-certs-32bit-3.79.2-150000.3.82.1 mozilla-nss-certs-32bit-debuginfo-3.79.2-150000.3.82.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): libfreebl3-3.79.2-150000.3.82.1 libfreebl3-debuginfo-3.79.2-150000.3.82.1 libfreebl3-hmac-3.79.2-150000.3.82.1 libsoftokn3-3.79.2-150000.3.82.1 libsoftokn3-debuginfo-3.79.2-150000.3.82.1 libsoftokn3-hmac-3.79.2-150000.3.82.1 mozilla-nspr-4.34.1-150000.3.26.1 mozilla-nspr-debuginfo-4.34.1-150000.3.26.1 mozilla-nspr-debugsource-4.34.1-150000.3.26.1 mozilla-nspr-devel-4.34.1-150000.3.26.1 mozilla-nss-3.79.2-150000.3.82.1 mozilla-nss-certs-3.79.2-150000.3.82.1 mozilla-nss-certs-debuginfo-3.79.2-150000.3.82.1 mozilla-nss-debuginfo-3.79.2-150000.3.82.1 mozilla-nss-debugsource-3.79.2-150000.3.82.1 mozilla-nss-devel-3.79.2-150000.3.82.1 mozilla-nss-sysinit-3.79.2-150000.3.82.1 mozilla-nss-sysinit-debuginfo-3.79.2-150000.3.82.1 mozilla-nss-tools-3.79.2-150000.3.82.1 mozilla-nss-tools-debuginfo-3.79.2-150000.3.82.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (x86_64): libfreebl3-32bit-3.79.2-150000.3.82.1 libfreebl3-32bit-debuginfo-3.79.2-150000.3.82.1 libfreebl3-hmac-32bit-3.79.2-150000.3.82.1 libsoftokn3-32bit-3.79.2-150000.3.82.1 libsoftokn3-32bit-debuginfo-3.79.2-150000.3.82.1 libsoftokn3-hmac-32bit-3.79.2-150000.3.82.1 mozilla-nspr-32bit-4.34.1-150000.3.26.1 mozilla-nspr-32bit-debuginfo-4.34.1-150000.3.26.1 mozilla-nss-32bit-3.79.2-150000.3.82.1 mozilla-nss-32bit-debuginfo-3.79.2-150000.3.82.1 mozilla-nss-certs-32bit-3.79.2-150000.3.82.1 mozilla-nss-certs-32bit-debuginfo-3.79.2-150000.3.82.1 - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): libfreebl3-3.79.2-150000.3.82.1 libfreebl3-debuginfo-3.79.2-150000.3.82.1 libfreebl3-hmac-3.79.2-150000.3.82.1 libsoftokn3-3.79.2-150000.3.82.1 libsoftokn3-debuginfo-3.79.2-150000.3.82.1 libsoftokn3-hmac-3.79.2-150000.3.82.1 mozilla-nspr-4.34.1-150000.3.26.1 mozilla-nspr-debuginfo-4.34.1-150000.3.26.1 mozilla-nspr-debugsource-4.34.1-150000.3.26.1 mozilla-nspr-devel-4.34.1-150000.3.26.1 mozilla-nss-3.79.2-150000.3.82.1 mozilla-nss-certs-3.79.2-150000.3.82.1 mozilla-nss-certs-debuginfo-3.79.2-150000.3.82.1 mozilla-nss-debuginfo-3.79.2-150000.3.82.1 mozilla-nss-debugsource-3.79.2-150000.3.82.1 mozilla-nss-devel-3.79.2-150000.3.82.1 mozilla-nss-sysinit-3.79.2-150000.3.82.1 mozilla-nss-sysinit-debuginfo-3.79.2-150000.3.82.1 mozilla-nss-tools-3.79.2-150000.3.82.1 mozilla-nss-tools-debuginfo-3.79.2-150000.3.82.1 - SUSE Linux Enterprise Server for SAP 15 (x86_64): libfreebl3-32bit-3.79.2-150000.3.82.1 libfreebl3-32bit-debuginfo-3.79.2-150000.3.82.1 libfreebl3-hmac-32bit-3.79.2-150000.3.82.1 libsoftokn3-32bit-3.79.2-150000.3.82.1 libsoftokn3-32bit-debuginfo-3.79.2-150000.3.82.1 libsoftokn3-hmac-32bit-3.79.2-150000.3.82.1 mozilla-nspr-32bit-4.34.1-150000.3.26.1 mozilla-nspr-32bit-debuginfo-4.34.1-150000.3.26.1 mozilla-nss-32bit-3.79.2-150000.3.82.1 mozilla-nss-32bit-debuginfo-3.79.2-150000.3.82.1 mozilla-nss-certs-32bit-3.79.2-150000.3.82.1 mozilla-nss-certs-32bit-debuginfo-3.79.2-150000.3.82.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): libfreebl3-3.79.2-150000.3.82.1 libfreebl3-debuginfo-3.79.2-150000.3.82.1 libfreebl3-hmac-3.79.2-150000.3.82.1 libsoftokn3-3.79.2-150000.3.82.1 libsoftokn3-debuginfo-3.79.2-150000.3.82.1 libsoftokn3-hmac-3.79.2-150000.3.82.1 mozilla-nspr-4.34.1-150000.3.26.1 mozilla-nspr-debuginfo-4.34.1-150000.3.26.1 mozilla-nspr-debugsource-4.34.1-150000.3.26.1 mozilla-nspr-devel-4.34.1-150000.3.26.1 mozilla-nss-3.79.2-150000.3.82.1 mozilla-nss-certs-3.79.2-150000.3.82.1 mozilla-nss-certs-debuginfo-3.79.2-150000.3.82.1 mozilla-nss-debuginfo-3.79.2-150000.3.82.1 mozilla-nss-debugsource-3.79.2-150000.3.82.1 mozilla-nss-devel-3.79.2-150000.3.82.1 mozilla-nss-sysinit-3.79.2-150000.3.82.1 mozilla-nss-sysinit-debuginfo-3.79.2-150000.3.82.1 mozilla-nss-tools-3.79.2-150000.3.82.1 mozilla-nss-tools-debuginfo-3.79.2-150000.3.82.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (x86_64): libfreebl3-32bit-3.79.2-150000.3.82.1 libfreebl3-32bit-debuginfo-3.79.2-150000.3.82.1 libfreebl3-hmac-32bit-3.79.2-150000.3.82.1 libsoftokn3-32bit-3.79.2-150000.3.82.1 libsoftokn3-32bit-debuginfo-3.79.2-150000.3.82.1 libsoftokn3-hmac-32bit-3.79.2-150000.3.82.1 mozilla-nspr-32bit-4.34.1-150000.3.26.1 mozilla-nspr-32bit-debuginfo-4.34.1-150000.3.26.1 mozilla-nss-32bit-3.79.2-150000.3.82.1 mozilla-nss-32bit-debuginfo-3.79.2-150000.3.82.1 mozilla-nss-certs-32bit-3.79.2-150000.3.82.1 mozilla-nss-certs-32bit-debuginfo-3.79.2-150000.3.82.1 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): libfreebl3-3.79.2-150000.3.82.1 libfreebl3-32bit-3.79.2-150000.3.82.1 libfreebl3-32bit-debuginfo-3.79.2-150000.3.82.1 libfreebl3-debuginfo-3.79.2-150000.3.82.1 libfreebl3-hmac-3.79.2-150000.3.82.1 libfreebl3-hmac-32bit-3.79.2-150000.3.82.1 libsoftokn3-3.79.2-150000.3.82.1 libsoftokn3-32bit-3.79.2-150000.3.82.1 libsoftokn3-32bit-debuginfo-3.79.2-150000.3.82.1 libsoftokn3-debuginfo-3.79.2-150000.3.82.1 libsoftokn3-hmac-3.79.2-150000.3.82.1 libsoftokn3-hmac-32bit-3.79.2-150000.3.82.1 mozilla-nspr-32bit-4.34.1-150000.3.26.1 mozilla-nspr-32bit-debuginfo-4.34.1-150000.3.26.1 mozilla-nspr-4.34.1-150000.3.26.1 mozilla-nspr-debuginfo-4.34.1-150000.3.26.1 mozilla-nspr-debugsource-4.34.1-150000.3.26.1 mozilla-nspr-devel-4.34.1-150000.3.26.1 mozilla-nss-3.79.2-150000.3.82.1 mozilla-nss-32bit-3.79.2-150000.3.82.1 mozilla-nss-32bit-debuginfo-3.79.2-150000.3.82.1 mozilla-nss-certs-3.79.2-150000.3.82.1 mozilla-nss-certs-32bit-3.79.2-150000.3.82.1 mozilla-nss-certs-32bit-debuginfo-3.79.2-150000.3.82.1 mozilla-nss-certs-debuginfo-3.79.2-150000.3.82.1 mozilla-nss-debuginfo-3.79.2-150000.3.82.1 mozilla-nss-debugsource-3.79.2-150000.3.82.1 mozilla-nss-devel-3.79.2-150000.3.82.1 mozilla-nss-sysinit-3.79.2-150000.3.82.1 mozilla-nss-sysinit-debuginfo-3.79.2-150000.3.82.1 mozilla-nss-tools-3.79.2-150000.3.82.1 mozilla-nss-tools-debuginfo-3.79.2-150000.3.82.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): libfreebl3-3.79.2-150000.3.82.1 libfreebl3-debuginfo-3.79.2-150000.3.82.1 libfreebl3-hmac-3.79.2-150000.3.82.1 libsoftokn3-3.79.2-150000.3.82.1 libsoftokn3-debuginfo-3.79.2-150000.3.82.1 libsoftokn3-hmac-3.79.2-150000.3.82.1 mozilla-nspr-4.34.1-150000.3.26.1 mozilla-nspr-debuginfo-4.34.1-150000.3.26.1 mozilla-nspr-debugsource-4.34.1-150000.3.26.1 mozilla-nspr-devel-4.34.1-150000.3.26.1 mozilla-nss-3.79.2-150000.3.82.1 mozilla-nss-certs-3.79.2-150000.3.82.1 mozilla-nss-certs-debuginfo-3.79.2-150000.3.82.1 mozilla-nss-debuginfo-3.79.2-150000.3.82.1 mozilla-nss-debugsource-3.79.2-150000.3.82.1 mozilla-nss-devel-3.79.2-150000.3.82.1 mozilla-nss-sysinit-3.79.2-150000.3.82.1 mozilla-nss-sysinit-debuginfo-3.79.2-150000.3.82.1 mozilla-nss-tools-3.79.2-150000.3.82.1 mozilla-nss-tools-debuginfo-3.79.2-150000.3.82.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (x86_64): libfreebl3-32bit-3.79.2-150000.3.82.1 libfreebl3-32bit-debuginfo-3.79.2-150000.3.82.1 libfreebl3-hmac-32bit-3.79.2-150000.3.82.1 libsoftokn3-32bit-3.79.2-150000.3.82.1 libsoftokn3-32bit-debuginfo-3.79.2-150000.3.82.1 libsoftokn3-hmac-32bit-3.79.2-150000.3.82.1 mozilla-nspr-32bit-4.34.1-150000.3.26.1 mozilla-nspr-32bit-debuginfo-4.34.1-150000.3.26.1 mozilla-nss-32bit-3.79.2-150000.3.82.1 mozilla-nss-32bit-debuginfo-3.79.2-150000.3.82.1 mozilla-nss-certs-32bit-3.79.2-150000.3.82.1 mozilla-nss-certs-32bit-debuginfo-3.79.2-150000.3.82.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): libfreebl3-3.79.2-150000.3.82.1 libfreebl3-32bit-3.79.2-150000.3.82.1 libfreebl3-32bit-debuginfo-3.79.2-150000.3.82.1 libfreebl3-debuginfo-3.79.2-150000.3.82.1 libfreebl3-hmac-3.79.2-150000.3.82.1 libfreebl3-hmac-32bit-3.79.2-150000.3.82.1 libsoftokn3-3.79.2-150000.3.82.1 libsoftokn3-32bit-3.79.2-150000.3.82.1 libsoftokn3-32bit-debuginfo-3.79.2-150000.3.82.1 libsoftokn3-debuginfo-3.79.2-150000.3.82.1 libsoftokn3-hmac-3.79.2-150000.3.82.1 libsoftokn3-hmac-32bit-3.79.2-150000.3.82.1 mozilla-nspr-32bit-4.34.1-150000.3.26.1 mozilla-nspr-32bit-debuginfo-4.34.1-150000.3.26.1 mozilla-nspr-4.34.1-150000.3.26.1 mozilla-nspr-debuginfo-4.34.1-150000.3.26.1 mozilla-nspr-debugsource-4.34.1-150000.3.26.1 mozilla-nspr-devel-4.34.1-150000.3.26.1 mozilla-nss-3.79.2-150000.3.82.1 mozilla-nss-32bit-3.79.2-150000.3.82.1 mozilla-nss-32bit-debuginfo-3.79.2-150000.3.82.1 mozilla-nss-certs-3.79.2-150000.3.82.1 mozilla-nss-certs-32bit-3.79.2-150000.3.82.1 mozilla-nss-certs-32bit-debuginfo-3.79.2-150000.3.82.1 mozilla-nss-certs-debuginfo-3.79.2-150000.3.82.1 mozilla-nss-debuginfo-3.79.2-150000.3.82.1 mozilla-nss-debugsource-3.79.2-150000.3.82.1 mozilla-nss-devel-3.79.2-150000.3.82.1 mozilla-nss-sysinit-3.79.2-150000.3.82.1 mozilla-nss-sysinit-debuginfo-3.79.2-150000.3.82.1 mozilla-nss-tools-3.79.2-150000.3.82.1 mozilla-nss-tools-debuginfo-3.79.2-150000.3.82.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): libfreebl3-3.79.2-150000.3.82.1 libfreebl3-debuginfo-3.79.2-150000.3.82.1 libfreebl3-hmac-3.79.2-150000.3.82.1 libsoftokn3-3.79.2-150000.3.82.1 libsoftokn3-debuginfo-3.79.2-150000.3.82.1 libsoftokn3-hmac-3.79.2-150000.3.82.1 mozilla-nspr-4.34.1-150000.3.26.1 mozilla-nspr-debuginfo-4.34.1-150000.3.26.1 mozilla-nspr-debugsource-4.34.1-150000.3.26.1 mozilla-nspr-devel-4.34.1-150000.3.26.1 mozilla-nss-3.79.2-150000.3.82.1 mozilla-nss-certs-3.79.2-150000.3.82.1 mozilla-nss-certs-debuginfo-3.79.2-150000.3.82.1 mozilla-nss-debuginfo-3.79.2-150000.3.82.1 mozilla-nss-debugsource-3.79.2-150000.3.82.1 mozilla-nss-devel-3.79.2-150000.3.82.1 mozilla-nss-sysinit-3.79.2-150000.3.82.1 mozilla-nss-sysinit-debuginfo-3.79.2-150000.3.82.1 mozilla-nss-tools-3.79.2-150000.3.82.1 mozilla-nss-tools-debuginfo-3.79.2-150000.3.82.1 - SUSE Linux Enterprise Module for Server Applications 15-SP3 (aarch64 ppc64le s390x x86_64): libfreebl3-hmac-3.79.2-150000.3.82.1 libsoftokn3-hmac-3.79.2-150000.3.82.1 mozilla-nss-debuginfo-3.79.2-150000.3.82.1 mozilla-nss-debugsource-3.79.2-150000.3.82.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): mozilla-nspr-4.34.1-150000.3.26.1 mozilla-nspr-debuginfo-4.34.1-150000.3.26.1 mozilla-nspr-debugsource-4.34.1-150000.3.26.1 mozilla-nspr-devel-4.34.1-150000.3.26.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (x86_64): mozilla-nspr-32bit-4.34.1-150000.3.26.1 mozilla-nspr-32bit-debuginfo-4.34.1-150000.3.26.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): libfreebl3-3.79.2-150000.3.82.1 libfreebl3-debuginfo-3.79.2-150000.3.82.1 libfreebl3-hmac-3.79.2-150000.3.82.1 libsoftokn3-3.79.2-150000.3.82.1 libsoftokn3-debuginfo-3.79.2-150000.3.82.1 libsoftokn3-hmac-3.79.2-150000.3.82.1 mozilla-nspr-4.34.1-150000.3.26.1 mozilla-nspr-debuginfo-4.34.1-150000.3.26.1 mozilla-nspr-debugsource-4.34.1-150000.3.26.1 mozilla-nspr-devel-4.34.1-150000.3.26.1 mozilla-nss-3.79.2-150000.3.82.1 mozilla-nss-certs-3.79.2-150000.3.82.1 mozilla-nss-certs-debuginfo-3.79.2-150000.3.82.1 mozilla-nss-debuginfo-3.79.2-150000.3.82.1 mozilla-nss-debugsource-3.79.2-150000.3.82.1 mozilla-nss-devel-3.79.2-150000.3.82.1 mozilla-nss-sysinit-3.79.2-150000.3.82.1 mozilla-nss-sysinit-debuginfo-3.79.2-150000.3.82.1 mozilla-nss-tools-3.79.2-150000.3.82.1 mozilla-nss-tools-debuginfo-3.79.2-150000.3.82.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (x86_64): libfreebl3-32bit-3.79.2-150000.3.82.1 libfreebl3-32bit-debuginfo-3.79.2-150000.3.82.1 libfreebl3-hmac-32bit-3.79.2-150000.3.82.1 libsoftokn3-32bit-3.79.2-150000.3.82.1 libsoftokn3-32bit-debuginfo-3.79.2-150000.3.82.1 libsoftokn3-hmac-32bit-3.79.2-150000.3.82.1 mozilla-nspr-32bit-4.34.1-150000.3.26.1 mozilla-nspr-32bit-debuginfo-4.34.1-150000.3.26.1 mozilla-nss-32bit-3.79.2-150000.3.82.1 mozilla-nss-32bit-debuginfo-3.79.2-150000.3.82.1 mozilla-nss-certs-32bit-3.79.2-150000.3.82.1 mozilla-nss-certs-32bit-debuginfo-3.79.2-150000.3.82.1 - SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64): mozilla-nspr-4.34.1-150000.3.26.1 mozilla-nspr-debuginfo-4.34.1-150000.3.26.1 mozilla-nspr-debugsource-4.34.1-150000.3.26.1 - SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64): libfreebl3-3.79.2-150000.3.82.1 libfreebl3-debuginfo-3.79.2-150000.3.82.1 libfreebl3-hmac-3.79.2-150000.3.82.1 libsoftokn3-3.79.2-150000.3.82.1 libsoftokn3-debuginfo-3.79.2-150000.3.82.1 libsoftokn3-hmac-3.79.2-150000.3.82.1 mozilla-nspr-4.34.1-150000.3.26.1 mozilla-nspr-debuginfo-4.34.1-150000.3.26.1 mozilla-nspr-debugsource-4.34.1-150000.3.26.1 mozilla-nss-3.79.2-150000.3.82.1 mozilla-nss-certs-3.79.2-150000.3.82.1 mozilla-nss-certs-debuginfo-3.79.2-150000.3.82.1 mozilla-nss-debuginfo-3.79.2-150000.3.82.1 mozilla-nss-debugsource-3.79.2-150000.3.82.1 mozilla-nss-tools-3.79.2-150000.3.82.1 mozilla-nss-tools-debuginfo-3.79.2-150000.3.82.1 - SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64): libfreebl3-3.79.2-150000.3.82.1 libfreebl3-debuginfo-3.79.2-150000.3.82.1 libfreebl3-hmac-3.79.2-150000.3.82.1 libsoftokn3-3.79.2-150000.3.82.1 libsoftokn3-debuginfo-3.79.2-150000.3.82.1 libsoftokn3-hmac-3.79.2-150000.3.82.1 mozilla-nspr-4.34.1-150000.3.26.1 mozilla-nspr-debuginfo-4.34.1-150000.3.26.1 mozilla-nspr-debugsource-4.34.1-150000.3.26.1 mozilla-nss-3.79.2-150000.3.82.1 mozilla-nss-certs-3.79.2-150000.3.82.1 mozilla-nss-certs-debuginfo-3.79.2-150000.3.82.1 mozilla-nss-debuginfo-3.79.2-150000.3.82.1 mozilla-nss-debugsource-3.79.2-150000.3.82.1 mozilla-nss-tools-3.79.2-150000.3.82.1 mozilla-nss-tools-debuginfo-3.79.2-150000.3.82.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): libfreebl3-3.79.2-150000.3.82.1 libfreebl3-debuginfo-3.79.2-150000.3.82.1 libfreebl3-hmac-3.79.2-150000.3.82.1 libsoftokn3-3.79.2-150000.3.82.1 libsoftokn3-debuginfo-3.79.2-150000.3.82.1 libsoftokn3-hmac-3.79.2-150000.3.82.1 mozilla-nspr-4.34.1-150000.3.26.1 mozilla-nspr-debuginfo-4.34.1-150000.3.26.1 mozilla-nspr-debugsource-4.34.1-150000.3.26.1 mozilla-nspr-devel-4.34.1-150000.3.26.1 mozilla-nss-3.79.2-150000.3.82.1 mozilla-nss-certs-3.79.2-150000.3.82.1 mozilla-nss-certs-debuginfo-3.79.2-150000.3.82.1 mozilla-nss-debuginfo-3.79.2-150000.3.82.1 mozilla-nss-debugsource-3.79.2-150000.3.82.1 mozilla-nss-devel-3.79.2-150000.3.82.1 mozilla-nss-sysinit-3.79.2-150000.3.82.1 mozilla-nss-sysinit-debuginfo-3.79.2-150000.3.82.1 mozilla-nss-tools-3.79.2-150000.3.82.1 mozilla-nss-tools-debuginfo-3.79.2-150000.3.82.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (x86_64): libfreebl3-32bit-3.79.2-150000.3.82.1 libfreebl3-32bit-debuginfo-3.79.2-150000.3.82.1 libfreebl3-hmac-32bit-3.79.2-150000.3.82.1 libsoftokn3-32bit-3.79.2-150000.3.82.1 libsoftokn3-32bit-debuginfo-3.79.2-150000.3.82.1 libsoftokn3-hmac-32bit-3.79.2-150000.3.82.1 mozilla-nspr-32bit-4.34.1-150000.3.26.1 mozilla-nspr-32bit-debuginfo-4.34.1-150000.3.26.1 mozilla-nss-32bit-3.79.2-150000.3.82.1 mozilla-nss-32bit-debuginfo-3.79.2-150000.3.82.1 mozilla-nss-certs-32bit-3.79.2-150000.3.82.1 mozilla-nss-certs-32bit-debuginfo-3.79.2-150000.3.82.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): libfreebl3-3.79.2-150000.3.82.1 libfreebl3-debuginfo-3.79.2-150000.3.82.1 libfreebl3-hmac-3.79.2-150000.3.82.1 libsoftokn3-3.79.2-150000.3.82.1 libsoftokn3-debuginfo-3.79.2-150000.3.82.1 libsoftokn3-hmac-3.79.2-150000.3.82.1 mozilla-nspr-4.34.1-150000.3.26.1 mozilla-nspr-debuginfo-4.34.1-150000.3.26.1 mozilla-nspr-debugsource-4.34.1-150000.3.26.1 mozilla-nspr-devel-4.34.1-150000.3.26.1 mozilla-nss-3.79.2-150000.3.82.1 mozilla-nss-certs-3.79.2-150000.3.82.1 mozilla-nss-certs-debuginfo-3.79.2-150000.3.82.1 mozilla-nss-debuginfo-3.79.2-150000.3.82.1 mozilla-nss-debugsource-3.79.2-150000.3.82.1 mozilla-nss-devel-3.79.2-150000.3.82.1 mozilla-nss-sysinit-3.79.2-150000.3.82.1 mozilla-nss-sysinit-debuginfo-3.79.2-150000.3.82.1 mozilla-nss-tools-3.79.2-150000.3.82.1 mozilla-nss-tools-debuginfo-3.79.2-150000.3.82.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (x86_64): libfreebl3-32bit-3.79.2-150000.3.82.1 libfreebl3-32bit-debuginfo-3.79.2-150000.3.82.1 libfreebl3-hmac-32bit-3.79.2-150000.3.82.1 libsoftokn3-32bit-3.79.2-150000.3.82.1 libsoftokn3-32bit-debuginfo-3.79.2-150000.3.82.1 libsoftokn3-hmac-32bit-3.79.2-150000.3.82.1 mozilla-nspr-32bit-4.34.1-150000.3.26.1 mozilla-nspr-32bit-debuginfo-4.34.1-150000.3.26.1 mozilla-nss-32bit-3.79.2-150000.3.82.1 mozilla-nss-32bit-debuginfo-3.79.2-150000.3.82.1 mozilla-nss-certs-32bit-3.79.2-150000.3.82.1 mozilla-nss-certs-32bit-debuginfo-3.79.2-150000.3.82.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): libfreebl3-3.79.2-150000.3.82.1 libfreebl3-debuginfo-3.79.2-150000.3.82.1 libfreebl3-hmac-3.79.2-150000.3.82.1 libsoftokn3-3.79.2-150000.3.82.1 libsoftokn3-debuginfo-3.79.2-150000.3.82.1 libsoftokn3-hmac-3.79.2-150000.3.82.1 mozilla-nspr-4.34.1-150000.3.26.1 mozilla-nspr-debuginfo-4.34.1-150000.3.26.1 mozilla-nspr-debugsource-4.34.1-150000.3.26.1 mozilla-nspr-devel-4.34.1-150000.3.26.1 mozilla-nss-3.79.2-150000.3.82.1 mozilla-nss-certs-3.79.2-150000.3.82.1 mozilla-nss-certs-debuginfo-3.79.2-150000.3.82.1 mozilla-nss-debuginfo-3.79.2-150000.3.82.1 mozilla-nss-debugsource-3.79.2-150000.3.82.1 mozilla-nss-devel-3.79.2-150000.3.82.1 mozilla-nss-sysinit-3.79.2-150000.3.82.1 mozilla-nss-sysinit-debuginfo-3.79.2-150000.3.82.1 mozilla-nss-tools-3.79.2-150000.3.82.1 mozilla-nss-tools-debuginfo-3.79.2-150000.3.82.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (x86_64): libfreebl3-32bit-3.79.2-150000.3.82.1 libfreebl3-32bit-debuginfo-3.79.2-150000.3.82.1 libfreebl3-hmac-32bit-3.79.2-150000.3.82.1 libsoftokn3-32bit-3.79.2-150000.3.82.1 libsoftokn3-32bit-debuginfo-3.79.2-150000.3.82.1 libsoftokn3-hmac-32bit-3.79.2-150000.3.82.1 mozilla-nspr-32bit-4.34.1-150000.3.26.1 mozilla-nspr-32bit-debuginfo-4.34.1-150000.3.26.1 mozilla-nss-32bit-3.79.2-150000.3.82.1 mozilla-nss-32bit-debuginfo-3.79.2-150000.3.82.1 mozilla-nss-certs-32bit-3.79.2-150000.3.82.1 mozilla-nss-certs-32bit-debuginfo-3.79.2-150000.3.82.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): libfreebl3-3.79.2-150000.3.82.1 libfreebl3-debuginfo-3.79.2-150000.3.82.1 libfreebl3-hmac-3.79.2-150000.3.82.1 libsoftokn3-3.79.2-150000.3.82.1 libsoftokn3-debuginfo-3.79.2-150000.3.82.1 libsoftokn3-hmac-3.79.2-150000.3.82.1 mozilla-nspr-4.34.1-150000.3.26.1 mozilla-nspr-debuginfo-4.34.1-150000.3.26.1 mozilla-nspr-debugsource-4.34.1-150000.3.26.1 mozilla-nspr-devel-4.34.1-150000.3.26.1 mozilla-nss-3.79.2-150000.3.82.1 mozilla-nss-certs-3.79.2-150000.3.82.1 mozilla-nss-certs-debuginfo-3.79.2-150000.3.82.1 mozilla-nss-debuginfo-3.79.2-150000.3.82.1 mozilla-nss-debugsource-3.79.2-150000.3.82.1 mozilla-nss-devel-3.79.2-150000.3.82.1 mozilla-nss-sysinit-3.79.2-150000.3.82.1 mozilla-nss-sysinit-debuginfo-3.79.2-150000.3.82.1 mozilla-nss-tools-3.79.2-150000.3.82.1 mozilla-nss-tools-debuginfo-3.79.2-150000.3.82.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (x86_64): libfreebl3-32bit-3.79.2-150000.3.82.1 libfreebl3-32bit-debuginfo-3.79.2-150000.3.82.1 libfreebl3-hmac-32bit-3.79.2-150000.3.82.1 libsoftokn3-32bit-3.79.2-150000.3.82.1 libsoftokn3-32bit-debuginfo-3.79.2-150000.3.82.1 libsoftokn3-hmac-32bit-3.79.2-150000.3.82.1 mozilla-nspr-32bit-4.34.1-150000.3.26.1 mozilla-nspr-32bit-debuginfo-4.34.1-150000.3.26.1 mozilla-nss-32bit-3.79.2-150000.3.82.1 mozilla-nss-32bit-debuginfo-3.79.2-150000.3.82.1 mozilla-nss-certs-32bit-3.79.2-150000.3.82.1 mozilla-nss-certs-32bit-debuginfo-3.79.2-150000.3.82.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): libfreebl3-3.79.2-150000.3.82.1 libfreebl3-debuginfo-3.79.2-150000.3.82.1 libfreebl3-hmac-3.79.2-150000.3.82.1 libsoftokn3-3.79.2-150000.3.82.1 libsoftokn3-debuginfo-3.79.2-150000.3.82.1 libsoftokn3-hmac-3.79.2-150000.3.82.1 mozilla-nspr-4.34.1-150000.3.26.1 mozilla-nspr-debuginfo-4.34.1-150000.3.26.1 mozilla-nspr-debugsource-4.34.1-150000.3.26.1 mozilla-nspr-devel-4.34.1-150000.3.26.1 mozilla-nss-3.79.2-150000.3.82.1 mozilla-nss-certs-3.79.2-150000.3.82.1 mozilla-nss-certs-debuginfo-3.79.2-150000.3.82.1 mozilla-nss-debuginfo-3.79.2-150000.3.82.1 mozilla-nss-debugsource-3.79.2-150000.3.82.1 mozilla-nss-devel-3.79.2-150000.3.82.1 mozilla-nss-sysinit-3.79.2-150000.3.82.1 mozilla-nss-sysinit-debuginfo-3.79.2-150000.3.82.1 mozilla-nss-tools-3.79.2-150000.3.82.1 mozilla-nss-tools-debuginfo-3.79.2-150000.3.82.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (x86_64): libfreebl3-32bit-3.79.2-150000.3.82.1 libfreebl3-32bit-debuginfo-3.79.2-150000.3.82.1 libfreebl3-hmac-32bit-3.79.2-150000.3.82.1 libsoftokn3-32bit-3.79.2-150000.3.82.1 libsoftokn3-32bit-debuginfo-3.79.2-150000.3.82.1 libsoftokn3-hmac-32bit-3.79.2-150000.3.82.1 mozilla-nspr-32bit-4.34.1-150000.3.26.1 mozilla-nspr-32bit-debuginfo-4.34.1-150000.3.26.1 mozilla-nss-32bit-3.79.2-150000.3.82.1 mozilla-nss-32bit-debuginfo-3.79.2-150000.3.82.1 mozilla-nss-certs-32bit-3.79.2-150000.3.82.1 mozilla-nss-certs-32bit-debuginfo-3.79.2-150000.3.82.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): libfreebl3-3.79.2-150000.3.82.1 libfreebl3-debuginfo-3.79.2-150000.3.82.1 libfreebl3-hmac-3.79.2-150000.3.82.1 libsoftokn3-3.79.2-150000.3.82.1 libsoftokn3-debuginfo-3.79.2-150000.3.82.1 libsoftokn3-hmac-3.79.2-150000.3.82.1 mozilla-nspr-4.34.1-150000.3.26.1 mozilla-nspr-debuginfo-4.34.1-150000.3.26.1 mozilla-nspr-debugsource-4.34.1-150000.3.26.1 mozilla-nspr-devel-4.34.1-150000.3.26.1 mozilla-nss-3.79.2-150000.3.82.1 mozilla-nss-certs-3.79.2-150000.3.82.1 mozilla-nss-certs-debuginfo-3.79.2-150000.3.82.1 mozilla-nss-debuginfo-3.79.2-150000.3.82.1 mozilla-nss-debugsource-3.79.2-150000.3.82.1 mozilla-nss-devel-3.79.2-150000.3.82.1 mozilla-nss-sysinit-3.79.2-150000.3.82.1 mozilla-nss-sysinit-debuginfo-3.79.2-150000.3.82.1 mozilla-nss-tools-3.79.2-150000.3.82.1 mozilla-nss-tools-debuginfo-3.79.2-150000.3.82.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (x86_64): libfreebl3-32bit-3.79.2-150000.3.82.1 libfreebl3-32bit-debuginfo-3.79.2-150000.3.82.1 libfreebl3-hmac-32bit-3.79.2-150000.3.82.1 libsoftokn3-32bit-3.79.2-150000.3.82.1 libsoftokn3-32bit-debuginfo-3.79.2-150000.3.82.1 libsoftokn3-hmac-32bit-3.79.2-150000.3.82.1 mozilla-nspr-32bit-4.34.1-150000.3.26.1 mozilla-nspr-32bit-debuginfo-4.34.1-150000.3.26.1 mozilla-nss-32bit-3.79.2-150000.3.82.1 mozilla-nss-32bit-debuginfo-3.79.2-150000.3.82.1 mozilla-nss-certs-32bit-3.79.2-150000.3.82.1 mozilla-nss-certs-32bit-debuginfo-3.79.2-150000.3.82.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): libfreebl3-3.79.2-150000.3.82.1 libfreebl3-debuginfo-3.79.2-150000.3.82.1 libfreebl3-hmac-3.79.2-150000.3.82.1 libsoftokn3-3.79.2-150000.3.82.1 libsoftokn3-debuginfo-3.79.2-150000.3.82.1 libsoftokn3-hmac-3.79.2-150000.3.82.1 mozilla-nspr-4.34.1-150000.3.26.1 mozilla-nspr-debuginfo-4.34.1-150000.3.26.1 mozilla-nspr-debugsource-4.34.1-150000.3.26.1 mozilla-nspr-devel-4.34.1-150000.3.26.1 mozilla-nss-3.79.2-150000.3.82.1 mozilla-nss-certs-3.79.2-150000.3.82.1 mozilla-nss-certs-debuginfo-3.79.2-150000.3.82.1 mozilla-nss-debuginfo-3.79.2-150000.3.82.1 mozilla-nss-debugsource-3.79.2-150000.3.82.1 mozilla-nss-devel-3.79.2-150000.3.82.1 mozilla-nss-sysinit-3.79.2-150000.3.82.1 mozilla-nss-sysinit-debuginfo-3.79.2-150000.3.82.1 mozilla-nss-tools-3.79.2-150000.3.82.1 mozilla-nss-tools-debuginfo-3.79.2-150000.3.82.1 - SUSE Enterprise Storage 7 (x86_64): libfreebl3-32bit-3.79.2-150000.3.82.1 libfreebl3-32bit-debuginfo-3.79.2-150000.3.82.1 libfreebl3-hmac-32bit-3.79.2-150000.3.82.1 libsoftokn3-32bit-3.79.2-150000.3.82.1 libsoftokn3-32bit-debuginfo-3.79.2-150000.3.82.1 libsoftokn3-hmac-32bit-3.79.2-150000.3.82.1 mozilla-nspr-32bit-4.34.1-150000.3.26.1 mozilla-nspr-32bit-debuginfo-4.34.1-150000.3.26.1 mozilla-nss-32bit-3.79.2-150000.3.82.1 mozilla-nss-32bit-debuginfo-3.79.2-150000.3.82.1 mozilla-nss-certs-32bit-3.79.2-150000.3.82.1 mozilla-nss-certs-32bit-debuginfo-3.79.2-150000.3.82.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): libfreebl3-3.79.2-150000.3.82.1 libfreebl3-debuginfo-3.79.2-150000.3.82.1 libfreebl3-hmac-3.79.2-150000.3.82.1 libsoftokn3-3.79.2-150000.3.82.1 libsoftokn3-debuginfo-3.79.2-150000.3.82.1 libsoftokn3-hmac-3.79.2-150000.3.82.1 mozilla-nspr-4.34.1-150000.3.26.1 mozilla-nspr-debuginfo-4.34.1-150000.3.26.1 mozilla-nspr-debugsource-4.34.1-150000.3.26.1 mozilla-nspr-devel-4.34.1-150000.3.26.1 mozilla-nss-3.79.2-150000.3.82.1 mozilla-nss-certs-3.79.2-150000.3.82.1 mozilla-nss-certs-debuginfo-3.79.2-150000.3.82.1 mozilla-nss-debuginfo-3.79.2-150000.3.82.1 mozilla-nss-debugsource-3.79.2-150000.3.82.1 mozilla-nss-devel-3.79.2-150000.3.82.1 mozilla-nss-sysinit-3.79.2-150000.3.82.1 mozilla-nss-sysinit-debuginfo-3.79.2-150000.3.82.1 mozilla-nss-tools-3.79.2-150000.3.82.1 mozilla-nss-tools-debuginfo-3.79.2-150000.3.82.1 - SUSE Enterprise Storage 6 (x86_64): libfreebl3-32bit-3.79.2-150000.3.82.1 libfreebl3-32bit-debuginfo-3.79.2-150000.3.82.1 libfreebl3-hmac-32bit-3.79.2-150000.3.82.1 libsoftokn3-32bit-3.79.2-150000.3.82.1 libsoftokn3-32bit-debuginfo-3.79.2-150000.3.82.1 libsoftokn3-hmac-32bit-3.79.2-150000.3.82.1 mozilla-nspr-32bit-4.34.1-150000.3.26.1 mozilla-nspr-32bit-debuginfo-4.34.1-150000.3.26.1 mozilla-nss-32bit-3.79.2-150000.3.82.1 mozilla-nss-32bit-debuginfo-3.79.2-150000.3.82.1 mozilla-nss-certs-32bit-3.79.2-150000.3.82.1 mozilla-nss-certs-32bit-debuginfo-3.79.2-150000.3.82.1 - SUSE CaaS Platform 4.0 (x86_64): libfreebl3-3.79.2-150000.3.82.1 libfreebl3-32bit-3.79.2-150000.3.82.1 libfreebl3-32bit-debuginfo-3.79.2-150000.3.82.1 libfreebl3-debuginfo-3.79.2-150000.3.82.1 libfreebl3-hmac-3.79.2-150000.3.82.1 libfreebl3-hmac-32bit-3.79.2-150000.3.82.1 libsoftokn3-3.79.2-150000.3.82.1 libsoftokn3-32bit-3.79.2-150000.3.82.1 libsoftokn3-32bit-debuginfo-3.79.2-150000.3.82.1 libsoftokn3-debuginfo-3.79.2-150000.3.82.1 libsoftokn3-hmac-3.79.2-150000.3.82.1 libsoftokn3-hmac-32bit-3.79.2-150000.3.82.1 mozilla-nspr-32bit-4.34.1-150000.3.26.1 mozilla-nspr-32bit-debuginfo-4.34.1-150000.3.26.1 mozilla-nspr-4.34.1-150000.3.26.1 mozilla-nspr-debuginfo-4.34.1-150000.3.26.1 mozilla-nspr-debugsource-4.34.1-150000.3.26.1 mozilla-nspr-devel-4.34.1-150000.3.26.1 mozilla-nss-3.79.2-150000.3.82.1 mozilla-nss-32bit-3.79.2-150000.3.82.1 mozilla-nss-32bit-debuginfo-3.79.2-150000.3.82.1 mozilla-nss-certs-3.79.2-150000.3.82.1 mozilla-nss-certs-32bit-3.79.2-150000.3.82.1 mozilla-nss-certs-32bit-debuginfo-3.79.2-150000.3.82.1 mozilla-nss-certs-debuginfo-3.79.2-150000.3.82.1 mozilla-nss-debuginfo-3.79.2-150000.3.82.1 mozilla-nss-debugsource-3.79.2-150000.3.82.1 mozilla-nss-devel-3.79.2-150000.3.82.1 mozilla-nss-sysinit-3.79.2-150000.3.82.1 mozilla-nss-sysinit-debuginfo-3.79.2-150000.3.82.1 mozilla-nss-tools-3.79.2-150000.3.82.1 mozilla-nss-tools-debuginfo-3.79.2-150000.3.82.1 References: https://bugzilla.suse.com/1191546 https://bugzilla.suse.com/1198980 https://bugzilla.suse.com/1201298 https://bugzilla.suse.com/1202870 https://bugzilla.suse.com/1204729 From sle-updates at lists.suse.com Fri Nov 4 17:37:49 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 4 Nov 2022 18:37:49 +0100 (CET) Subject: SUSE-SU-2022:3879-1: critical: Security update for release-notes-susemanager, release-notes-susemanager-proxy Message-ID: <20221104173749.131F3FDD7@maintenance.suse.de> SUSE Security Update: Security update for release-notes-susemanager, release-notes-susemanager-proxy ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3879-1 Rating: critical References: #1195624 #1197724 #1199726 #1200596 #1201059 #1201788 #1202167 #1202729 #1202785 #1203283 #1203406 #1203422 #1203564 #1203599 #1203611 #1203898 #1204146 #1204203 #1204543 #1204716 #1204741 Cross-References: CVE-2022-31255 CVE-2022-43753 CVE-2022-43754 CVSS scores: CVE-2022-43753 (SUSE): 5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N CVE-2022-43754 (SUSE): 3 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:N/A:N Affected Products: SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.2 SUSE Manager Server 4.2 ______________________________________________________________________________ An update that solves three vulnerabilities and has 18 fixes is now available. Description: This update for release-notes-susemanager, release-notes-susemanager-proxy fixes the following issues: Release notes for SUSE Manager: - Update to SUSE Manager 4.2.10 * Apache exporter has been upgraded to version 0.11.0 * CVEs fixed: CVE-2022-43753, CVE-2022-43754, CVE-2022-31255 * Bugs mentioned: bsc#1195624, bsc#1197724, bsc#1199726, bsc#1200596, bsc#1201059 bsc#1201788, bsc#1202167, bsc#1202729, bsc#1202785, bsc#1203283 bsc#1203406, bsc#1203422, bsc#1203564, bsc#1203599, bsc#1203611 bsc#1203898, bsc#1204146, bsc#1204203, bsc#1195624, bsc#1197724 bsc#1199726, bsc#1200596, bsc#1201059, bsc#1201788, bsc#1202167 bsc#1202729, bsc#1202785, bsc#1203283, bsc#1203406, bsc#1203422 bsc#1203564, bsc#1203599, bsc#1203611, bsc#1203898, bsc#1204146 bsc#1204716, bsc#1204741, bsc#1204543 Release notes for SUSE Manager Proxy: - Update to SUSE Manager 4.2.10 * Bugs mentioned: bsc#1201059, bsc#1201788, bsc#1203283 Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 4.2: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2022-3879=1 - SUSE Manager Retail Branch Server 4.2: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.2-2022-3879=1 - SUSE Manager Proxy 4.2: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2022-3879=1 Package List: - SUSE Manager Server 4.2 (ppc64le s390x x86_64): release-notes-susemanager-4.2.10-150300.3.57.1 - SUSE Manager Retail Branch Server 4.2 (x86_64): release-notes-susemanager-proxy-4.2.10-150300.3.46.1 - SUSE Manager Proxy 4.2 (x86_64): release-notes-susemanager-proxy-4.2.10-150300.3.46.1 References: https://www.suse.com/security/cve/CVE-2022-31255.html https://www.suse.com/security/cve/CVE-2022-43753.html https://www.suse.com/security/cve/CVE-2022-43754.html https://bugzilla.suse.com/1195624 https://bugzilla.suse.com/1197724 https://bugzilla.suse.com/1199726 https://bugzilla.suse.com/1200596 https://bugzilla.suse.com/1201059 https://bugzilla.suse.com/1201788 https://bugzilla.suse.com/1202167 https://bugzilla.suse.com/1202729 https://bugzilla.suse.com/1202785 https://bugzilla.suse.com/1203283 https://bugzilla.suse.com/1203406 https://bugzilla.suse.com/1203422 https://bugzilla.suse.com/1203564 https://bugzilla.suse.com/1203599 https://bugzilla.suse.com/1203611 https://bugzilla.suse.com/1203898 https://bugzilla.suse.com/1204146 https://bugzilla.suse.com/1204203 https://bugzilla.suse.com/1204543 https://bugzilla.suse.com/1204716 https://bugzilla.suse.com/1204741 From sle-updates at lists.suse.com Fri Nov 4 17:40:11 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 4 Nov 2022 18:40:11 +0100 (CET) Subject: SUSE-RU-2022:3877-1: moderate: Recommended update for scap-security-guide Message-ID: <20221104174011.080A0FDD7@maintenance.suse.de> SUSE Recommended Update: Recommended update for scap-security-guide ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:3877-1 Rating: moderate References: ECO-3319 Affected Products: SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that has 0 recommended fixes and contains one feature can now be installed. Description: This update for scap-security-guide fixes the following issues: ComplianceAsCode was updated to 0.1.64 (jsc#ECO-3319) - Introduce ol9 stig profile - Introduce Ol9 anssi profiles - Update RHEL8 STIG to V1R7 - Introduce e8 profile for OL9 - Update RHEL7 STIG to V3R8 - some SUSE profile fixes - enable Ubuntu 2204 profiles - Added several RPM requires that are needed by the SUSE remediation scripts. (e.g. awk is not necessary installed) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-3877=1 Package List: - SUSE Linux Enterprise Server 12-SP5 (noarch): scap-security-guide-0.1.64-3.39.1 scap-security-guide-debian-0.1.64-3.39.1 scap-security-guide-redhat-0.1.64-3.39.1 scap-security-guide-ubuntu-0.1.64-3.39.1 References: From sle-updates at lists.suse.com Fri Nov 4 20:20:31 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 4 Nov 2022 21:20:31 +0100 (CET) Subject: SUSE-RU-2022:3881-1: moderate: Recommended update for scap-security-guide Message-ID: <20221104202031.DC62CFDD7@maintenance.suse.de> SUSE Recommended Update: Recommended update for scap-security-guide ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:3881-1 Rating: moderate References: ECO-3319 Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Linux Enterprise Storage 7.1 SUSE Manager Proxy 4.2 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.2 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.2 SUSE Manager Server 4.3 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has 0 recommended fixes and contains one feature can now be installed. Description: This update for scap-security-guide fixes the following issues: - Ship Ubuntu 2204 profiles. - ComplianceAsCode was updated to 0.1.64 (jsc#ECO-3319): - Introduce OL9 stig and anssi profiles - Update RHEL8 STIG to V1R7 - Introduce e8 profile for OL9 - Update RHEL7 STIG to V3R8 - some SUSE profile fixes - Added several RPM requires that are needed by the SUSE remediation scripts. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-3881=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-3881=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-3881=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-3881=1 Package List: - openSUSE Leap 15.4 (noarch): scap-security-guide-0.1.64-150000.1.50.1 scap-security-guide-debian-0.1.64-150000.1.50.1 scap-security-guide-redhat-0.1.64-150000.1.50.1 scap-security-guide-ubuntu-0.1.64-150000.1.50.1 - openSUSE Leap 15.3 (noarch): scap-security-guide-0.1.64-150000.1.50.1 scap-security-guide-debian-0.1.64-150000.1.50.1 scap-security-guide-redhat-0.1.64-150000.1.50.1 scap-security-guide-ubuntu-0.1.64-150000.1.50.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (noarch): scap-security-guide-0.1.64-150000.1.50.1 scap-security-guide-debian-0.1.64-150000.1.50.1 scap-security-guide-redhat-0.1.64-150000.1.50.1 scap-security-guide-ubuntu-0.1.64-150000.1.50.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch): scap-security-guide-0.1.64-150000.1.50.1 scap-security-guide-debian-0.1.64-150000.1.50.1 scap-security-guide-redhat-0.1.64-150000.1.50.1 scap-security-guide-ubuntu-0.1.64-150000.1.50.1 References: From sle-updates at lists.suse.com Sat Nov 5 08:21:26 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 5 Nov 2022 09:21:26 +0100 (CET) Subject: SUSE-CU-2022:2809-1: Security update of ses/7.1/ceph/grafana Message-ID: <20221105082126.610BAFDB8@maintenance.suse.de> SUSE Container Update Advisory: ses/7.1/ceph/grafana ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2809-1 Container Tags : ses/7.1/ceph/grafana:8.3.10 , ses/7.1/ceph/grafana:8.3.10.2.2.285 , ses/7.1/ceph/grafana:latest , ses/7.1/ceph/grafana:sle15.3.pacific Container Release : 2.2.285 Severity : important Type : security References : 1167864 1181961 1195726 1195727 1195728 1200501 1201535 1201539 1202812 1203911 1204137 1204383 CVE-2020-10696 CVE-2021-20206 CVE-2022-21702 CVE-2022-21703 CVE-2022-21713 CVE-2022-2990 CVE-2022-31097 CVE-2022-31107 CVE-2022-32221 ----------------------------------------------------------------- The container ses/7.1/ceph/grafana was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3765-1 Released: Wed Oct 26 11:17:18 2022 Summary: Security update for grafana Type: security Severity: important References: 1195726,1195727,1195728,1201535,1201539,CVE-2022-21702,CVE-2022-21703,CVE-2022-21713,CVE-2022-31097,CVE-2022-31107 This update for grafana fixes the following issues: Updated to version 8.3.10 (jsc#SLE-24565, jsc#SLE-23422, jsc#SLE-23439): - CVE-2022-31097: Fixed XSS vulnerability in the Unified Alerting (bsc#1201535). - CVE-2022-31107: Fixed OAuth account takeover vulnerability (bsc#1201539). - CVE-2022-21702: Fixed XSS through attacker-controlled data source (bsc#1195726). - CVE-2022-21703: Fixed Cross Site Request Forgery (bsc#1195727). - CVE-2022-21713: Fixed Teams API IDOR (bsc#1195728). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3766-1 Released: Wed Oct 26 11:38:01 2022 Summary: Security update for buildah Type: security Severity: important References: 1167864,1181961,1202812,CVE-2020-10696,CVE-2021-20206,CVE-2022-2990 This update for buildah fixes the following issues: - CVE-2021-20206: Fixed an issue in libcni that could allow an attacker to execute arbitrary binaries on the host (bsc#1181961). - CVE-2020-10696: Fixed an issue that could lead to files being overwritten during the image building process (bsc#1167864). - CVE-2022-2990: Fixed possible information disclosure and modification / bsc#1202812 Buildah was updated to version 1.27.1: * run: add container gid to additional groups - Add fix for CVE-2022-2990 / bsc#1202812 Update to version 1.27.0: * Don't try to call runLabelStdioPipes if spec.Linux is not set * build: support filtering cache by duration using --cache-ttl * build: support building from commit when using git repo as build context * build: clean up git repos correctly when using subdirs * integration tests: quote '?' in shell scripts * test: manifest inspect should have OCIv1 annotation * vendor: bump to c/common at 87fab4b7019a * Failure to determine a file or directory should print an error * refactor: remove unused CommitOptions from generateBuildOutput * stage_executor: generate output for cases with no commit * stage_executor, commit: output only if last stage in build * Use errors.Is() instead of os.Is{Not,}Exist * Minor test tweak for podman-remote compatibility * Cirrus: Use the latest imgts container * imagebuildah: complain about the right Dockerfile * tests: don't try to wrap `nil` errors * cmd/buildah.commitCmd: don't shadow 'err' * cmd/buildah.pullCmd: complain about DecryptConfig/EncryptConfig * Fix a copy/paste error message * Fix a typo in an error message * build,cache: support pulling/pushing cache layers to/from remote sources * Update vendor of containers/(common, storage, image) * Rename chroot/run.go to chroot/run_linux.go * Don't bother telling codespell to skip files that don't exist * Set user namespace defaults correctly for the library * imagebuildah: optimize cache hits for COPY and ADD instructions * Cirrus: Update VM images w/ updated bats * docs, run: show SELinux label flag for cache and bind mounts * imagebuildah, build: remove undefined concurrent writes * bump github.com/opencontainers/runtime-tools * Add FreeBSD support for 'buildah info' * Vendor in latest containers/(storage, common, image) * Add freebsd cross build targets * Make the jail package build on 32bit platforms * Cirrus: Ensure the build-push VM image is labeled * GHA: Fix dynamic script filename * Vendor in containers/(common, storage, image) * Run codespell * Remove import of github.com/pkg/errors * Avoid using cgo in pkg/jail * Rename footypes to fooTypes for naming consistency * Move cleanupTempVolumes and cleanupRunMounts to run_common.go * Make the various run mounts work for FreeBSD * Move get{Bind,Tmpfs,Secret,SSH}Mount to run_common.go * Move runSetupRunMounts to run_common.go * Move cleanableDestinationListFromMounts to run_common.go * Make setupMounts and runSetupBuiltinVolumes work on FreeBSD * Move setupMounts and runSetupBuiltinVolumes to run_common.go * Tidy up - runMakeStdioPipe can't be shared with linux * Move runAcceptTerminal to run_common.go * Move stdio copying utilities to run_common.go * Move runUsingRuntime and runCollectOutput to run_common.go * Move fileCloser, waitForSync and contains to run_common.go * Move checkAndOverrideIsolationOptions to run_common.go * Move DefaultNamespaceOptions to run_common.go * Move getNetworkInterface to run_common.go * Move configureEnvironment to run_common.go * Don't crash in configureUIDGID if Process.Capabilities is nil * Move configureUIDGID to run_common.go * Move runLookupPath to run_common.go * Move setupTerminal to run_common.go * Move etc file generation utilities to run_common.go * Add run support for FreeBSD * Add a simple FreeBSD jail library * Add FreeBSD support to pkg/chrootuser * Sync call signature for RunUsingChroot with chroot/run.go * test: verify feature to resolve basename with args * vendor: bump openshift/imagebuilder to master at 4151e43 * GHA: Remove required reserved-name use * buildah: set XDG_RUNTIME_DIR before setting default runroot * imagebuildah: honor build output even if build container is not commited * chroot: honor DefaultErrnoRet * [CI:DOCS] improve pull-policy documentation * tests: retrofit test since --file does not supports dir * Switch to golang native error wrapping * BuildDockerfiles: error out if path to containerfile is a directory * define.downloadToDirectory: fail early if bad HTTP response * GHA: Allow re-use of Cirrus-Cron fail-mail workflow * add: fail on bad http response instead of writing to container * [CI:DOCS] Update buildahimage comment * lint: inspectable is never nil * vendor: c/common to common at 7e1563b * build: support OCI hooks for ephemeral build containers * [CI:BUILD] Install latest buildah instead of compiling * Add subid support with BuildRequires and BUILDTAG [NO NEW TESTS NEEDED] * Make sure cpp is installed in buildah images * demo: use unshare for rootless invocations * buildah.spec.rpkg: initial addition * build: fix test for subid 4 * build, userns: add support for --userns=auto * Fix building upstream buildah image * Remove redundant buildahimages-are-sane validation * Docs: Update multi-arch buildah images readme * Cirrus: Migrate multiarch build off github actions * retrofit-tests: we skip unused stages so use stages * stage_executor: dont rely on stage while looking for additional-context * buildkit, multistage: skip computing unwanted stages * More test cleanup * copier: work around freebsd bug for 'mkdir /' * Replace $BUILDAH_BINARY with buildah() function * Fix up buildah images * Make util and copier build on FreeBSD * Vendor in latest github.com/sirupsen/logrus * Makefile: allow building without .git * run_unix: don't return an error from getNetworkInterface * run_unix: return a valid DefaultNamespaceOptions * Update vendor of containers/storage * chroot: use ActKillThread instead of ActKill * use resolvconf package from c/common/libnetwork * update c/common to latest main * copier: add `NoOverwriteNonDirDir` option * Sort buildoptions and move cli/build functions to internal * Fix TODO: de-spaghettify run mounts * Move options parsing out of build.go and into pkg/cli * [CI:DOCS] Tutorial 04 - Include Debian/Ubuntu deps * build, multiarch: support splitting build logs for --platform * [CI:BUILD] WIP Cleanup Image Dockerfiles * cli remove stutter * docker-parity: ignore sanity check if baseImage history is null * build, commit: allow disabling image history with --omit-history * Fix use generic/ambiguous DEBUG name * Cirrus: use Ubuntu 22.04 LTS * Fix codespell errors * Remove util.StringInSlice because it is defined in containers/common * buildah: add support for renaming a device in rootless setups * squash: never use build cache when computing last step of last stage * Update vendor of containers/(common, storage, image) * buildkit: supports additionalBuildContext in builds via --build-context * buildah source pull/push: show progress bar * run: allow resuing secret twice in different RUN steps * test helpers: default to being rootless-aware * Add --cpp-flag flag to buildah build * build: accept branch and subdirectory when context is git repo * Vendor in latest containers/common * vendor: update c/storage and c/image * Fix gentoo install docs * copier: move NSS load to new process * Add test for prevention of reusing encrypted layers * Make `buildah build --label foo` create an empty 'foo' label again Update to version 1.26.4: * build, multiarch: support splitting build logs for --platform * copier: add `NoOverwriteNonDirDir` option * docker-parity: ignore sanity check if baseImage history is null * build, commit: allow disabling image history with --omit-history * buildkit: supports additionalBuildContext in builds via --build-context * Add --cpp-flag flag to buildah build Update to version 1.26.3: * define.downloadToDirectory: fail early if bad HTTP response * add: fail on bad http response instead of writing to container * squash: never use build cache when computing last step of last stage * run: allow resuing secret twice in different RUN steps * integration tests: update expected error messages * integration tests: quote '?' in shell scripts * Use errors.Is() to check for storage errors * lint: inspectable is never nil * chroot: use ActKillThread instead of ActKill * chroot: honor DefaultErrnoRet * Set user namespace defaults correctly for the library * contrib/rpm/buildah.spec: fix `rpm` parser warnings Drop requires on apparmor pattern, should be moved elsewhere for systems which want AppArmor instead of SELinux. - Update BuildRequires to libassuan-devel >= 2.5.2, pkgconfig file is required to build. Update to version 1.26.2: * buildah: add support for renaming a device in rootless setups Update to version 1.26.1: * Make `buildah build --label foo` create an empty 'foo' label again * imagebuildah,build: move deepcopy of args before we spawn goroutine * Vendor in containers/storage v1.40.2 * buildah.BuilderOptions.DefaultEnv is ignored, so mark it as deprecated * help output: get more consistent about option usage text * Handle OS version and features flags * buildah build: --annotation and --label should remove values * buildah build: add a --env * buildah: deep copy options.Args before performing concurrent build/stage * test: inline platform and builtinargs behaviour * vendor: bump imagebuilder to master/009dbc6 * build: automatically set correct TARGETPLATFORM where expected * Vendor in containers/(common, storage, image) * imagebuildah, executor: process arg variables while populating baseMap * buildkit: add support for custom build output with --output * Cirrus: Update CI VMs to F36 * fix staticcheck linter warning for deprecated function * Fix docs build on FreeBSD * copier.unwrapError(): update for Go 1.16 * copier.PutOptions: add StripSetuidBit/StripSetgidBit/StripStickyBit * copier.Put(): write to read-only directories * Ed's periodic test cleanup * using consistent lowercase 'invalid' word in returned err msg * use etchosts package from c/common * run: set actual hostname in /etc/hostname to match docker parity * Update vendor of containers/(common,storage,image) * manifest-create: allow creating manifest list from local image * Update vendor of storage,common,image * Initialize network backend before first pull * oci spec: change special mount points for namespaces * tests/helpers.bash: assert handle corner cases correctly * buildah: actually use containers.conf settings * integration tests: learn to start a dummy registry * Fix error check to work on Podman * buildah build should accept at most one arg * tests: reduce concurrency for flaky bud-multiple-platform-no-run * vendor in latest containers/common,image,storage * manifest-add: allow override arch,variant while adding image * Remove a stray `\` from .containerenv * Vendor in latest opencontainers/selinux v1.10.1 * build, commit: allow removing default identity labels * Create shorter names for containers based on image IDs * test: skip rootless on cgroupv2 in root env * fix hang when oci runtime fails * Set permissions for GitHub actions * copier test: use correct UID/GID in test archives * run: set parent-death signals and forward SIGHUP/SIGINT/SIGTERM ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3773-1 Released: Wed Oct 26 12:19:29 2022 Summary: Security update for curl Type: security Severity: important References: 1204383,CVE-2022-32221 This update for curl fixes the following issues: - CVE-2022-32221: Fixed POST following PUT confusion (bsc#1204383). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3776-1 Released: Wed Oct 26 14:06:43 2022 Summary: Recommended update for permissions Type: recommended Severity: important References: 1203911,1204137 This update for permissions fixes the following issues: - Revert changes that replaced ping capabilities with ICMP_PROTO sockets. Older SUSE Linux Enterprise versions don't properly support ICMP_PROTO sockets feature yet (bsc#1204137) - Fix regression introduced by backport of security fix (bsc#1203911) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3792-1 Released: Thu Oct 27 10:09:11 2022 Summary: Recommended update for grafana-piechart-panel Type: recommended Severity: moderate References: 1200501 This update for grafana-piechart-panel fixes the following issues: - Update grafana-piechart-panel to version 1.6.2 that is signed for use with Grafana v8.x (bsc#1200501) The following package changes have been done: - grafana-piechart-panel-1.6.2-150200.3.11.1 updated - grafana-8.3.10-150200.3.26.1 updated - libcurl4-7.66.0-150200.4.42.1 updated - libgpg-error0-1.42-150300.9.3.1 updated - permissions-20181225-150200.23.20.1 updated - container:sles15-image-15.0.0-17.20.59 updated From sle-updates at lists.suse.com Sat Nov 5 08:23:48 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 5 Nov 2022 09:23:48 +0100 (CET) Subject: SUSE-CU-2022:2810-1: Recommended update of bci/dotnet-aspnet Message-ID: <20221105082348.49961FDB8@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-aspnet ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2810-1 Container Tags : bci/dotnet-aspnet:3.1 , bci/dotnet-aspnet:3.1-42.15 , bci/dotnet-aspnet:3.1.30 , bci/dotnet-aspnet:3.1.30-42.15 Container Release : 42.15 Severity : moderate Type : recommended References : 1190651 1202148 ----------------------------------------------------------------- The container bci/dotnet-aspnet was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3870-1 Released: Fri Nov 4 11:12:08 2022 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1190651,1202148 This update for openssl-1_1 fixes the following issues: - FIPS: Add a missing dependency on jitterentropy-devel for libopenssl-1_1-devel (bsc#1202148) - FIPS: OpenSSL service-level indicator: Allow AES XTS 256 (bsc#1190651) The following package changes have been done: - libopenssl1_1-1.1.1l-150400.7.13.1 updated - libopenssl1_1-hmac-1.1.1l-150400.7.13.1 updated - container:sles15-image-15.0.0-27.14.9 updated From sle-updates at lists.suse.com Sat Nov 5 08:25:30 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 5 Nov 2022 09:25:30 +0100 (CET) Subject: SUSE-CU-2022:2811-1: Recommended update of bci/dotnet-aspnet Message-ID: <20221105082530.53198FDB8@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-aspnet ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2811-1 Container Tags : bci/dotnet-aspnet:5.0 , bci/dotnet-aspnet:5.0-27.30 , bci/dotnet-aspnet:5.0.17 , bci/dotnet-aspnet:5.0.17-27.30 Container Release : 27.30 Severity : moderate Type : recommended References : 1190651 1202148 ----------------------------------------------------------------- The container bci/dotnet-aspnet was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3870-1 Released: Fri Nov 4 11:12:08 2022 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1190651,1202148 This update for openssl-1_1 fixes the following issues: - FIPS: Add a missing dependency on jitterentropy-devel for libopenssl-1_1-devel (bsc#1202148) - FIPS: OpenSSL service-level indicator: Allow AES XTS 256 (bsc#1190651) The following package changes have been done: - libopenssl1_1-1.1.1l-150400.7.13.1 updated - libopenssl1_1-hmac-1.1.1l-150400.7.13.1 updated - container:sles15-image-15.0.0-27.14.9 updated From sle-updates at lists.suse.com Sat Nov 5 08:27:24 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 5 Nov 2022 09:27:24 +0100 (CET) Subject: SUSE-CU-2022:2812-1: Recommended update of bci/dotnet-aspnet Message-ID: <20221105082724.EA1D4FDB8@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-aspnet ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2812-1 Container Tags : bci/dotnet-aspnet:6.0 , bci/dotnet-aspnet:6.0-22.30 , bci/dotnet-aspnet:6.0.9 , bci/dotnet-aspnet:6.0.9-22.30 Container Release : 22.30 Severity : moderate Type : recommended References : 1190651 1202148 ----------------------------------------------------------------- The container bci/dotnet-aspnet was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3870-1 Released: Fri Nov 4 11:12:08 2022 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1190651,1202148 This update for openssl-1_1 fixes the following issues: - FIPS: Add a missing dependency on jitterentropy-devel for libopenssl-1_1-devel (bsc#1202148) - FIPS: OpenSSL service-level indicator: Allow AES XTS 256 (bsc#1190651) The following package changes have been done: - libopenssl1_1-1.1.1l-150400.7.13.1 updated - libopenssl1_1-hmac-1.1.1l-150400.7.13.1 updated - container:sles15-image-15.0.0-27.14.9 updated From sle-updates at lists.suse.com Sat Nov 5 08:29:42 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 5 Nov 2022 09:29:42 +0100 (CET) Subject: SUSE-CU-2022:2813-1: Recommended update of bci/dotnet-sdk Message-ID: <20221105082942.AA3FBFDB8@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-sdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2813-1 Container Tags : bci/dotnet-sdk:3.1 , bci/dotnet-sdk:3.1-47.14 , bci/dotnet-sdk:3.1.30 , bci/dotnet-sdk:3.1.30-47.14 Container Release : 47.14 Severity : moderate Type : recommended References : 1190651 1202148 ----------------------------------------------------------------- The container bci/dotnet-sdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3870-1 Released: Fri Nov 4 11:12:08 2022 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1190651,1202148 This update for openssl-1_1 fixes the following issues: - FIPS: Add a missing dependency on jitterentropy-devel for libopenssl-1_1-devel (bsc#1202148) - FIPS: OpenSSL service-level indicator: Allow AES XTS 256 (bsc#1190651) The following package changes have been done: - libopenssl1_1-1.1.1l-150400.7.13.1 updated - libopenssl1_1-hmac-1.1.1l-150400.7.13.1 updated - container:sles15-image-15.0.0-27.14.9 updated From sle-updates at lists.suse.com Sat Nov 5 08:31:43 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 5 Nov 2022 09:31:43 +0100 (CET) Subject: SUSE-CU-2022:2814-1: Recommended update of bci/dotnet-sdk Message-ID: <20221105083143.66F50FDB8@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-sdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2814-1 Container Tags : bci/dotnet-sdk:5.0 , bci/dotnet-sdk:5.0-35.30 , bci/dotnet-sdk:5.0.17 , bci/dotnet-sdk:5.0.17-35.30 Container Release : 35.30 Severity : moderate Type : recommended References : 1190651 1202148 ----------------------------------------------------------------- The container bci/dotnet-sdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3870-1 Released: Fri Nov 4 11:12:08 2022 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1190651,1202148 This update for openssl-1_1 fixes the following issues: - FIPS: Add a missing dependency on jitterentropy-devel for libopenssl-1_1-devel (bsc#1202148) - FIPS: OpenSSL service-level indicator: Allow AES XTS 256 (bsc#1190651) The following package changes have been done: - libopenssl1_1-1.1.1l-150400.7.13.1 updated - libopenssl1_1-hmac-1.1.1l-150400.7.13.1 updated - container:sles15-image-15.0.0-27.14.9 updated From sle-updates at lists.suse.com Sat Nov 5 08:33:57 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 5 Nov 2022 09:33:57 +0100 (CET) Subject: SUSE-CU-2022:2815-1: Recommended update of bci/dotnet-sdk Message-ID: <20221105083357.B9D80FDB8@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-sdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2815-1 Container Tags : bci/dotnet-sdk:6.0 , bci/dotnet-sdk:6.0-24.30 , bci/dotnet-sdk:6.0.9 , bci/dotnet-sdk:6.0.9-24.30 Container Release : 24.30 Severity : moderate Type : recommended References : 1190651 1202148 ----------------------------------------------------------------- The container bci/dotnet-sdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3870-1 Released: Fri Nov 4 11:12:08 2022 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1190651,1202148 This update for openssl-1_1 fixes the following issues: - FIPS: Add a missing dependency on jitterentropy-devel for libopenssl-1_1-devel (bsc#1202148) - FIPS: OpenSSL service-level indicator: Allow AES XTS 256 (bsc#1190651) The following package changes have been done: - libopenssl1_1-1.1.1l-150400.7.13.1 updated - libopenssl1_1-hmac-1.1.1l-150400.7.13.1 updated - container:sles15-image-15.0.0-27.14.9 updated From sle-updates at lists.suse.com Sat Nov 5 08:36:06 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 5 Nov 2022 09:36:06 +0100 (CET) Subject: SUSE-CU-2022:2816-1: Recommended update of bci/dotnet-runtime Message-ID: <20221105083606.3B1ACFDB8@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-runtime ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2816-1 Container Tags : bci/dotnet-runtime:3.1 , bci/dotnet-runtime:3.1-48.14 , bci/dotnet-runtime:3.1.30 , bci/dotnet-runtime:3.1.30-48.14 Container Release : 48.14 Severity : moderate Type : recommended References : 1190651 1202148 ----------------------------------------------------------------- The container bci/dotnet-runtime was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3870-1 Released: Fri Nov 4 11:12:08 2022 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1190651,1202148 This update for openssl-1_1 fixes the following issues: - FIPS: Add a missing dependency on jitterentropy-devel for libopenssl-1_1-devel (bsc#1202148) - FIPS: OpenSSL service-level indicator: Allow AES XTS 256 (bsc#1190651) The following package changes have been done: - libopenssl1_1-1.1.1l-150400.7.13.1 updated - libopenssl1_1-hmac-1.1.1l-150400.7.13.1 updated - container:sles15-image-15.0.0-27.14.9 updated From sle-updates at lists.suse.com Sat Nov 5 08:38:08 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 5 Nov 2022 09:38:08 +0100 (CET) Subject: SUSE-CU-2022:2817-1: Recommended update of bci/dotnet-runtime Message-ID: <20221105083808.5B5C9FDB8@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-runtime ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2817-1 Container Tags : bci/dotnet-runtime:5.0 , bci/dotnet-runtime:5.0-34.30 , bci/dotnet-runtime:5.0.17 , bci/dotnet-runtime:5.0.17-34.30 Container Release : 34.30 Severity : moderate Type : recommended References : 1190651 1202148 ----------------------------------------------------------------- The container bci/dotnet-runtime was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3870-1 Released: Fri Nov 4 11:12:08 2022 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1190651,1202148 This update for openssl-1_1 fixes the following issues: - FIPS: Add a missing dependency on jitterentropy-devel for libopenssl-1_1-devel (bsc#1202148) - FIPS: OpenSSL service-level indicator: Allow AES XTS 256 (bsc#1190651) The following package changes have been done: - libopenssl1_1-1.1.1l-150400.7.13.1 updated - libopenssl1_1-hmac-1.1.1l-150400.7.13.1 updated - container:sles15-image-15.0.0-27.14.9 updated From sle-updates at lists.suse.com Sat Nov 5 08:40:04 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 5 Nov 2022 09:40:04 +0100 (CET) Subject: SUSE-CU-2022:2818-1: Recommended update of bci/dotnet-runtime Message-ID: <20221105084004.9076EFDB8@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-runtime ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2818-1 Container Tags : bci/dotnet-runtime:6.0 , bci/dotnet-runtime:6.0-21.30 , bci/dotnet-runtime:6.0.9 , bci/dotnet-runtime:6.0.9-21.30 Container Release : 21.30 Severity : moderate Type : recommended References : 1190651 1202148 ----------------------------------------------------------------- The container bci/dotnet-runtime was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3870-1 Released: Fri Nov 4 11:12:08 2022 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1190651,1202148 This update for openssl-1_1 fixes the following issues: - FIPS: Add a missing dependency on jitterentropy-devel for libopenssl-1_1-devel (bsc#1202148) - FIPS: OpenSSL service-level indicator: Allow AES XTS 256 (bsc#1190651) The following package changes have been done: - libopenssl1_1-1.1.1l-150400.7.13.1 updated - libopenssl1_1-hmac-1.1.1l-150400.7.13.1 updated - container:sles15-image-15.0.0-27.14.9 updated From sle-updates at lists.suse.com Sat Nov 5 08:43:17 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 5 Nov 2022 09:43:17 +0100 (CET) Subject: SUSE-CU-2022:2819-1: Recommended update of bci/golang Message-ID: <20221105084317.611C2FDB8@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2819-1 Container Tags : bci/golang:1.16 , bci/golang:1.16-30.70 Container Release : 30.70 Severity : moderate Type : recommended References : 1190651 1202148 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3870-1 Released: Fri Nov 4 11:12:08 2022 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1190651,1202148 This update for openssl-1_1 fixes the following issues: - FIPS: Add a missing dependency on jitterentropy-devel for libopenssl-1_1-devel (bsc#1202148) - FIPS: OpenSSL service-level indicator: Allow AES XTS 256 (bsc#1190651) The following package changes have been done: - libopenssl1_1-1.1.1l-150400.7.13.1 updated - libopenssl1_1-hmac-1.1.1l-150400.7.13.1 updated - container:sles15-image-15.0.0-27.14.9 updated From sle-updates at lists.suse.com Sat Nov 5 08:46:39 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 5 Nov 2022 09:46:39 +0100 (CET) Subject: SUSE-CU-2022:2820-1: Recommended update of bci/golang Message-ID: <20221105084639.57317FDB8@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2820-1 Container Tags : bci/golang:1.17 , bci/golang:1.17-29.70 Container Release : 29.70 Severity : moderate Type : recommended References : 1190651 1202148 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3870-1 Released: Fri Nov 4 11:12:08 2022 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1190651,1202148 This update for openssl-1_1 fixes the following issues: - FIPS: Add a missing dependency on jitterentropy-devel for libopenssl-1_1-devel (bsc#1202148) - FIPS: OpenSSL service-level indicator: Allow AES XTS 256 (bsc#1190651) The following package changes have been done: - libopenssl1_1-1.1.1l-150400.7.13.1 updated - libopenssl1_1-hmac-1.1.1l-150400.7.13.1 updated - container:sles15-image-15.0.0-27.14.9 updated From sle-updates at lists.suse.com Sat Nov 5 08:49:15 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 5 Nov 2022 09:49:15 +0100 (CET) Subject: SUSE-CU-2022:2821-1: Recommended update of bci/golang Message-ID: <20221105084915.83ABAFDB8@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2821-1 Container Tags : bci/golang:1.18 , bci/golang:1.18-18.16 Container Release : 18.16 Severity : moderate Type : recommended References : 1190651 1202148 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3870-1 Released: Fri Nov 4 11:12:08 2022 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1190651,1202148 This update for openssl-1_1 fixes the following issues: - FIPS: Add a missing dependency on jitterentropy-devel for libopenssl-1_1-devel (bsc#1202148) - FIPS: OpenSSL service-level indicator: Allow AES XTS 256 (bsc#1190651) The following package changes have been done: - libopenssl1_1-1.1.1l-150400.7.13.1 updated - libopenssl1_1-hmac-1.1.1l-150400.7.13.1 updated - container:sles15-image-15.0.0-27.14.9 updated From sle-updates at lists.suse.com Sat Nov 5 08:51:17 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 5 Nov 2022 09:51:17 +0100 (CET) Subject: SUSE-CU-2022:2822-1: Recommended update of bci/bci-init Message-ID: <20221105085117.B9326FDB8@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-init ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2822-1 Container Tags : bci/bci-init:15.4 , bci/bci-init:15.4.24.17 , bci/bci-init:latest Container Release : 24.17 Severity : moderate Type : recommended References : 1190651 1202148 ----------------------------------------------------------------- The container bci/bci-init was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3870-1 Released: Fri Nov 4 11:12:08 2022 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1190651,1202148 This update for openssl-1_1 fixes the following issues: - FIPS: Add a missing dependency on jitterentropy-devel for libopenssl-1_1-devel (bsc#1202148) - FIPS: OpenSSL service-level indicator: Allow AES XTS 256 (bsc#1190651) The following package changes have been done: - libopenssl1_1-1.1.1l-150400.7.13.1 updated - libopenssl1_1-hmac-1.1.1l-150400.7.13.1 updated - container:sles15-image-15.0.0-27.14.9 updated From sle-updates at lists.suse.com Sat Nov 5 08:53:04 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 5 Nov 2022 09:53:04 +0100 (CET) Subject: SUSE-CU-2022:2823-1: Recommended update of bci/nodejs Message-ID: <20221105085304.637A1FDB8@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2823-1 Container Tags : bci/node:14 , bci/node:14-35.14 , bci/nodejs:14 , bci/nodejs:14-35.14 Container Release : 35.14 Severity : moderate Type : recommended References : 1190651 1202148 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3870-1 Released: Fri Nov 4 11:12:08 2022 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1190651,1202148 This update for openssl-1_1 fixes the following issues: - FIPS: Add a missing dependency on jitterentropy-devel for libopenssl-1_1-devel (bsc#1202148) - FIPS: OpenSSL service-level indicator: Allow AES XTS 256 (bsc#1190651) The following package changes have been done: - libopenssl1_1-1.1.1l-150400.7.13.1 updated - libopenssl1_1-hmac-1.1.1l-150400.7.13.1 updated - container:sles15-image-15.0.0-27.14.9 updated From sle-updates at lists.suse.com Sat Nov 5 08:54:07 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 5 Nov 2022 09:54:07 +0100 (CET) Subject: SUSE-CU-2022:2824-1: Recommended update of bci/nodejs Message-ID: <20221105085407.C8A82FDB8@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2824-1 Container Tags : bci/node:16 , bci/node:16-11.14 , bci/node:latest , bci/nodejs:16 , bci/nodejs:16-11.14 , bci/nodejs:latest Container Release : 11.14 Severity : moderate Type : recommended References : 1190651 1202148 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3870-1 Released: Fri Nov 4 11:12:08 2022 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1190651,1202148 This update for openssl-1_1 fixes the following issues: - FIPS: Add a missing dependency on jitterentropy-devel for libopenssl-1_1-devel (bsc#1202148) - FIPS: OpenSSL service-level indicator: Allow AES XTS 256 (bsc#1190651) The following package changes have been done: - libopenssl1_1-1.1.1l-150400.7.13.1 updated - libopenssl1_1-hmac-1.1.1l-150400.7.13.1 updated - container:sles15-image-15.0.0-27.14.9 updated From sle-updates at lists.suse.com Sat Nov 5 08:55:43 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 5 Nov 2022 09:55:43 +0100 (CET) Subject: SUSE-CU-2022:2825-1: Recommended update of bci/python Message-ID: <20221105085543.22CAEFDB8@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2825-1 Container Tags : bci/python:3 , bci/python:3.10 , bci/python:3.10-7.14 , bci/python:latest Container Release : 7.14 Severity : moderate Type : recommended References : 1190651 1202148 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3870-1 Released: Fri Nov 4 11:12:08 2022 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1190651,1202148 This update for openssl-1_1 fixes the following issues: - FIPS: Add a missing dependency on jitterentropy-devel for libopenssl-1_1-devel (bsc#1202148) - FIPS: OpenSSL service-level indicator: Allow AES XTS 256 (bsc#1190651) The following package changes have been done: - libopenssl1_1-1.1.1l-150400.7.13.1 updated - libopenssl1_1-hmac-1.1.1l-150400.7.13.1 updated - openssl-1_1-1.1.1l-150400.7.13.1 updated - container:sles15-image-15.0.0-27.14.9 updated From sle-updates at lists.suse.com Sat Nov 5 08:57:34 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 5 Nov 2022 09:57:34 +0100 (CET) Subject: SUSE-CU-2022:2826-1: Recommended update of bci/python Message-ID: <20221105085734.97D8EFDB8@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2826-1 Container Tags : bci/python:3 , bci/python:3.6 , bci/python:3.6-30.14 Container Release : 30.14 Severity : moderate Type : recommended References : 1190651 1202148 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3870-1 Released: Fri Nov 4 11:12:08 2022 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1190651,1202148 This update for openssl-1_1 fixes the following issues: - FIPS: Add a missing dependency on jitterentropy-devel for libopenssl-1_1-devel (bsc#1202148) - FIPS: OpenSSL service-level indicator: Allow AES XTS 256 (bsc#1190651) The following package changes have been done: - libopenssl1_1-1.1.1l-150400.7.13.1 updated - libopenssl1_1-hmac-1.1.1l-150400.7.13.1 updated - openssl-1_1-1.1.1l-150400.7.13.1 updated - container:sles15-image-15.0.0-27.14.9 updated From sle-updates at lists.suse.com Sat Nov 5 09:00:44 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 5 Nov 2022 10:00:44 +0100 (CET) Subject: SUSE-CU-2022:2827-1: Recommended update of bci/ruby Message-ID: <20221105090044.14C8BFDB8@maintenance.suse.de> SUSE Container Update Advisory: bci/ruby ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2827-1 Container Tags : bci/ruby:2 , bci/ruby:2.5 , bci/ruby:2.5-31.11 , bci/ruby:latest Container Release : 31.11 Severity : moderate Type : recommended References : 1190651 1202148 ----------------------------------------------------------------- The container bci/ruby was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3870-1 Released: Fri Nov 4 11:12:08 2022 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1190651,1202148 This update for openssl-1_1 fixes the following issues: - FIPS: Add a missing dependency on jitterentropy-devel for libopenssl-1_1-devel (bsc#1202148) - FIPS: OpenSSL service-level indicator: Allow AES XTS 256 (bsc#1190651) The following package changes have been done: - libopenssl1_1-1.1.1l-150400.7.13.1 updated - libopenssl1_1-hmac-1.1.1l-150400.7.13.1 updated From sle-updates at lists.suse.com Sat Nov 5 09:02:53 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 5 Nov 2022 10:02:53 +0100 (CET) Subject: SUSE-CU-2022:2828-1: Recommended update of bci/rust Message-ID: <20221105090253.30E82FDB8@maintenance.suse.de> SUSE Container Update Advisory: bci/rust ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2828-1 Container Tags : bci/rust:1.59 , bci/rust:1.59-9.79 Container Release : 9.79 Severity : moderate Type : recommended References : 1190651 1202148 ----------------------------------------------------------------- The container bci/rust was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3870-1 Released: Fri Nov 4 11:12:08 2022 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1190651,1202148 This update for openssl-1_1 fixes the following issues: - FIPS: Add a missing dependency on jitterentropy-devel for libopenssl-1_1-devel (bsc#1202148) - FIPS: OpenSSL service-level indicator: Allow AES XTS 256 (bsc#1190651) The following package changes have been done: - libopenssl1_1-1.1.1l-150400.7.13.1 updated - libopenssl1_1-hmac-1.1.1l-150400.7.13.1 updated From sle-updates at lists.suse.com Sat Nov 5 09:03:26 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 5 Nov 2022 10:03:26 +0100 (CET) Subject: SUSE-CU-2022:2829-1: Recommended update of bci/rust Message-ID: <20221105090326.39906FDB8@maintenance.suse.de> SUSE Container Update Advisory: bci/rust ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2829-1 Container Tags : bci/rust:1.63 , bci/rust:1.63-3.11 , bci/rust:latest Container Release : 3.11 Severity : moderate Type : recommended References : 1190651 1202148 ----------------------------------------------------------------- The container bci/rust was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3870-1 Released: Fri Nov 4 11:12:08 2022 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1190651,1202148 This update for openssl-1_1 fixes the following issues: - FIPS: Add a missing dependency on jitterentropy-devel for libopenssl-1_1-devel (bsc#1202148) - FIPS: OpenSSL service-level indicator: Allow AES XTS 256 (bsc#1190651) The following package changes have been done: - libopenssl1_1-1.1.1l-150400.7.13.1 updated - libopenssl1_1-hmac-1.1.1l-150400.7.13.1 updated From sle-updates at lists.suse.com Sun Nov 6 08:36:18 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 6 Nov 2022 09:36:18 +0100 (CET) Subject: SUSE-CU-2022:2831-1: Security update of suse/sles12sp4 Message-ID: <20221106083619.31137FDD6@maintenance.suse.de> SUSE Container Update Advisory: suse/sles12sp4 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2831-1 Container Tags : suse/sles12sp4:26.526 , suse/sles12sp4:latest Container Release : 26.526 Severity : important Type : security References : 1204708 CVE-2022-43680 ----------------------------------------------------------------- The container suse/sles12sp4 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3874-1 Released: Fri Nov 4 15:06:57 2022 Summary: Security update for expat Type: security Severity: important References: 1204708,CVE-2022-43680 This update for expat fixes the following issues: - CVE-2022-43680: Fixed use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate (bsc#1204708). The following package changes have been done: - base-container-licenses-3.0-1.324 updated - container-suseconnect-2.0.0-1.209 updated - libexpat1-2.1.0-21.28.1 updated From sle-updates at lists.suse.com Sun Nov 6 08:45:47 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 6 Nov 2022 09:45:47 +0100 (CET) Subject: SUSE-CU-2022:2832-1: Security update of suse/sles12sp5 Message-ID: <20221106084548.026B1FDD6@maintenance.suse.de> SUSE Container Update Advisory: suse/sles12sp5 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2832-1 Container Tags : suse/sles12sp5:6.5.396 , suse/sles12sp5:latest Container Release : 6.5.396 Severity : important Type : security References : 1204708 CVE-2022-43680 ----------------------------------------------------------------- The container suse/sles12sp5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3874-1 Released: Fri Nov 4 15:06:57 2022 Summary: Security update for expat Type: security Severity: important References: 1204708,CVE-2022-43680 This update for expat fixes the following issues: - CVE-2022-43680: Fixed use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate (bsc#1204708). The following package changes have been done: - libexpat1-2.1.0-21.28.1 updated From sle-updates at lists.suse.com Sun Nov 6 09:09:16 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 6 Nov 2022 10:09:16 +0100 (CET) Subject: SUSE-CU-2022:2833-1: Security update of suse/sle15 Message-ID: <20221106090917.105C8FDD6@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2833-1 Container Tags : suse/sle15:15.0 , suse/sle15:15.0.4.22.635 Container Release : 4.22.635 Severity : important Type : security References : 1201978 1204366 1204367 CVE-2016-3709 CVE-2022-40303 CVE-2022-40304 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3871-1 Released: Fri Nov 4 13:26:29 2022 Summary: Security update for libxml2 Type: security Severity: important References: 1201978,1204366,1204367,CVE-2016-3709,CVE-2022-40303,CVE-2022-40304 This update for libxml2 fixes the following issues: - CVE-2016-3709: Fixed possible XSS vulnerability (bsc#1201978). - CVE-2022-40303: Fixed integer overflows with XML_PARSE_HUGE (bsc#1204366). - CVE-2022-40304: Fixed dict corruption caused by entity reference cycles (bsc#1204367). The following package changes have been done: - libxml2-2-2.9.7-150000.3.51.1 updated From sle-updates at lists.suse.com Sun Nov 6 09:28:13 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 6 Nov 2022 10:28:13 +0100 (CET) Subject: SUSE-CU-2022:2834-1: Security update of suse/sle15 Message-ID: <20221106092814.7CB86FDD6@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2834-1 Container Tags : suse/sle15:15.1 , suse/sle15:15.1.6.2.697 Container Release : 6.2.697 Severity : important Type : security References : 1201978 1204366 1204367 CVE-2016-3709 CVE-2022-40303 CVE-2022-40304 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3871-1 Released: Fri Nov 4 13:26:29 2022 Summary: Security update for libxml2 Type: security Severity: important References: 1201978,1204366,1204367,CVE-2016-3709,CVE-2022-40303,CVE-2022-40304 This update for libxml2 fixes the following issues: - CVE-2016-3709: Fixed possible XSS vulnerability (bsc#1201978). - CVE-2022-40303: Fixed integer overflows with XML_PARSE_HUGE (bsc#1204366). - CVE-2022-40304: Fixed dict corruption caused by entity reference cycles (bsc#1204367). The following package changes have been done: - libxml2-2-2.9.7-150000.3.51.1 updated From sle-updates at lists.suse.com Sun Nov 6 09:42:53 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 6 Nov 2022 10:42:53 +0100 (CET) Subject: SUSE-CU-2022:2835-1: Security update of suse/sle15 Message-ID: <20221106094253.45CC4FDD7@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2835-1 Container Tags : suse/sle15:15.2 , suse/sle15:15.2.9.5.218 Container Release : 9.5.218 Severity : important Type : security References : 1201978 1204366 1204367 CVE-2016-3709 CVE-2022-40303 CVE-2022-40304 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3871-1 Released: Fri Nov 4 13:26:29 2022 Summary: Security update for libxml2 Type: security Severity: important References: 1201978,1204366,1204367,CVE-2016-3709,CVE-2022-40303,CVE-2022-40304 This update for libxml2 fixes the following issues: - CVE-2016-3709: Fixed possible XSS vulnerability (bsc#1201978). - CVE-2022-40303: Fixed integer overflows with XML_PARSE_HUGE (bsc#1204366). - CVE-2022-40304: Fixed dict corruption caused by entity reference cycles (bsc#1204367). The following package changes have been done: - libxml2-2-2.9.7-150000.3.51.1 updated From sle-updates at lists.suse.com Sun Nov 6 09:49:09 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 6 Nov 2022 10:49:09 +0100 (CET) Subject: SUSE-CU-2022:2836-1: Security update of bci/bci-init Message-ID: <20221106094909.316AEFDD6@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-init ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2836-1 Container Tags : bci/bci-init:15.3 , bci/bci-init:15.3.21.28 Container Release : 21.28 Severity : important Type : security References : 1201978 1204366 1204367 CVE-2016-3709 CVE-2022-40303 CVE-2022-40304 ----------------------------------------------------------------- The container bci/bci-init was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3871-1 Released: Fri Nov 4 13:26:29 2022 Summary: Security update for libxml2 Type: security Severity: important References: 1201978,1204366,1204367,CVE-2016-3709,CVE-2022-40303,CVE-2022-40304 This update for libxml2 fixes the following issues: - CVE-2016-3709: Fixed possible XSS vulnerability (bsc#1201978). - CVE-2022-40303: Fixed integer overflows with XML_PARSE_HUGE (bsc#1204366). - CVE-2022-40304: Fixed dict corruption caused by entity reference cycles (bsc#1204367). The following package changes have been done: - libxml2-2-2.9.7-150000.3.51.1 updated From sle-updates at lists.suse.com Sun Nov 6 09:57:09 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 6 Nov 2022 10:57:09 +0100 (CET) Subject: SUSE-CU-2022:2838-1: Security update of bci/nodejs Message-ID: <20221106095710.1B929FDD6@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2838-1 Container Tags : bci/node:12 , bci/node:12-17.36 , bci/nodejs:12 , bci/nodejs:12-17.36 Container Release : 17.36 Severity : important Type : security References : 1201978 1204366 1204367 CVE-2016-3709 CVE-2022-40303 CVE-2022-40304 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3871-1 Released: Fri Nov 4 13:26:29 2022 Summary: Security update for libxml2 Type: security Severity: important References: 1201978,1204366,1204367,CVE-2016-3709,CVE-2022-40303,CVE-2022-40304 This update for libxml2 fixes the following issues: - CVE-2016-3709: Fixed possible XSS vulnerability (bsc#1201978). - CVE-2022-40303: Fixed integer overflows with XML_PARSE_HUGE (bsc#1204366). - CVE-2022-40304: Fixed dict corruption caused by entity reference cycles (bsc#1204367). The following package changes have been done: - libxml2-2-2.9.7-150000.3.51.1 updated From sle-updates at lists.suse.com Sun Nov 6 10:02:53 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 6 Nov 2022 11:02:53 +0100 (CET) Subject: SUSE-CU-2022:2839-1: Security update of bci/python Message-ID: <20221106100253.E40C2FDD7@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2839-1 Container Tags : bci/python:3 , bci/python:3.9 , bci/python:3.9-20.12 Container Release : 20.12 Severity : important Type : security References : 1201978 1204366 1204367 CVE-2016-3709 CVE-2022-40303 CVE-2022-40304 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3871-1 Released: Fri Nov 4 13:26:29 2022 Summary: Security update for libxml2 Type: security Severity: important References: 1201978,1204366,1204367,CVE-2016-3709,CVE-2022-40303,CVE-2022-40304 This update for libxml2 fixes the following issues: - CVE-2016-3709: Fixed possible XSS vulnerability (bsc#1201978). - CVE-2022-40303: Fixed integer overflows with XML_PARSE_HUGE (bsc#1204366). - CVE-2022-40304: Fixed dict corruption caused by entity reference cycles (bsc#1204367). The following package changes have been done: - libxml2-2-2.9.7-150000.3.51.1 updated - container:sles15-image-15.0.0-17.20.60 updated From sle-updates at lists.suse.com Sun Nov 6 10:12:34 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 6 Nov 2022 11:12:34 +0100 (CET) Subject: SUSE-CU-2022:2840-1: Security update of suse/sle15 Message-ID: <20221106101234.42F29FDD7@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2840-1 Container Tags : bci/bci-base:15.3 , bci/bci-base:15.3.17.20.60 , suse/sle15:15.3 , suse/sle15:15.3.17.20.60 Container Release : 17.20.60 Severity : important Type : security References : 1201978 1204366 1204367 CVE-2016-3709 CVE-2022-40303 CVE-2022-40304 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3871-1 Released: Fri Nov 4 13:26:29 2022 Summary: Security update for libxml2 Type: security Severity: important References: 1201978,1204366,1204367,CVE-2016-3709,CVE-2022-40303,CVE-2022-40304 This update for libxml2 fixes the following issues: - CVE-2016-3709: Fixed possible XSS vulnerability (bsc#1201978). - CVE-2022-40303: Fixed integer overflows with XML_PARSE_HUGE (bsc#1204366). - CVE-2022-40304: Fixed dict corruption caused by entity reference cycles (bsc#1204367). The following package changes have been done: - libxml2-2-2.9.7-150000.3.51.1 updated From sle-updates at lists.suse.com Sun Nov 6 10:14:33 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 6 Nov 2022 11:14:33 +0100 (CET) Subject: SUSE-CU-2022:2841-1: Recommended update of suse/pcp Message-ID: <20221106101434.108C5FDD7@maintenance.suse.de> SUSE Container Update Advisory: suse/pcp ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2841-1 Container Tags : suse/pcp:5 , suse/pcp:5.2 , suse/pcp:5.2.2 , suse/pcp:5.2.2-11.44 , suse/pcp:latest Container Release : 11.44 Severity : moderate Type : recommended References : 1190651 1191546 1198980 1201298 1202148 1202870 1204729 ----------------------------------------------------------------- The container suse/pcp was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3870-1 Released: Fri Nov 4 11:12:08 2022 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1190651,1202148 This update for openssl-1_1 fixes the following issues: - FIPS: Add a missing dependency on jitterentropy-devel for libopenssl-1_1-devel (bsc#1202148) - FIPS: OpenSSL service-level indicator: Allow AES XTS 256 (bsc#1190651) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3873-1 Released: Fri Nov 4 14:58:08 2022 Summary: Recommended update for mozilla-nspr, mozilla-nss Type: recommended Severity: moderate References: 1191546,1198980,1201298,1202870,1204729 This update for mozilla-nspr, mozilla-nss fixes the following issues: mozilla-nspr was updated to version 4.34.1: * add file descriptor sanity checks in the NSPR poll function. mozilla-nss was updated to NSS 3.79.2 (bsc#1204729): * Bump minimum NSPR version to 4.34.1. * Gracefully handle null nickname in CERT_GetCertNicknameWithValidity. Other fixes that were applied: - FIPS: Allow the use of DSA keys (verification only) (bsc#1201298). - FIPS: Add sftk_FIPSRepeatIntegrityCheck() to softoken's .def file (bsc#1198980). - FIPS: Allow the use of longer symmetric keys via the service level indicator (bsc#1191546). - FIPS: Prevent TLS sessions from getting flagged as non-FIPS (bsc#1191546). - FIPS: Mark DSA keygen unapproved (bsc#1191546, bsc#1201298). - FIPS: Use libjitterentropy for entropy (bsc#1202870). - FIPS: Fixed an abort() when both NSS_FIPS and /proc FIPS mode are enabled. The following package changes have been done: - libopenssl1_1-1.1.1l-150400.7.13.1 updated - libopenssl1_1-hmac-1.1.1l-150400.7.13.1 updated - mozilla-nspr-4.34.1-150000.3.26.1 updated - container:bci-bci-init-15.4-15.4-24.17 updated From sle-updates at lists.suse.com Sun Nov 6 10:15:46 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 6 Nov 2022 11:15:46 +0100 (CET) Subject: SUSE-CU-2022:2842-1: Recommended update of bci/rust Message-ID: <20221106101547.B21C4FDD7@maintenance.suse.de> SUSE Container Update Advisory: bci/rust ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2842-1 Container Tags : bci/rust:1.61 , bci/rust:1.61-7.19 Container Release : 7.19 Severity : moderate Type : recommended References : 1190651 1202148 ----------------------------------------------------------------- The container bci/rust was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3870-1 Released: Fri Nov 4 11:12:08 2022 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1190651,1202148 This update for openssl-1_1 fixes the following issues: - FIPS: Add a missing dependency on jitterentropy-devel for libopenssl-1_1-devel (bsc#1202148) - FIPS: OpenSSL service-level indicator: Allow AES XTS 256 (bsc#1190651) The following package changes have been done: - libopenssl1_1-1.1.1l-150400.7.13.1 updated - libopenssl1_1-hmac-1.1.1l-150400.7.13.1 updated From sle-updates at lists.suse.com Sun Nov 6 10:16:47 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 6 Nov 2022 11:16:47 +0100 (CET) Subject: SUSE-CU-2022:2843-1: Recommended update of bci/rust Message-ID: <20221106101647.E3D1DFDD7@maintenance.suse.de> SUSE Container Update Advisory: bci/rust ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2843-1 Container Tags : bci/rust:1.62 , bci/rust:1.62-3.18 , bci/rust:latest Container Release : 3.18 Severity : moderate Type : recommended References : 1190651 1202148 ----------------------------------------------------------------- The container bci/rust was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3870-1 Released: Fri Nov 4 11:12:08 2022 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1190651,1202148 This update for openssl-1_1 fixes the following issues: - FIPS: Add a missing dependency on jitterentropy-devel for libopenssl-1_1-devel (bsc#1202148) - FIPS: OpenSSL service-level indicator: Allow AES XTS 256 (bsc#1190651) The following package changes have been done: - libopenssl1_1-1.1.1l-150400.7.13.1 updated - libopenssl1_1-hmac-1.1.1l-150400.7.13.1 updated From sle-updates at lists.suse.com Sun Nov 6 10:17:11 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 6 Nov 2022 11:17:11 +0100 (CET) Subject: SUSE-CU-2022:2829-1: Recommended update of bci/rust Message-ID: <20221106101712.51F18FDD7@maintenance.suse.de> SUSE Container Update Advisory: bci/rust ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2829-1 Container Tags : bci/rust:1.63 , bci/rust:1.63-3.11 , bci/rust:latest Container Release : 3.11 Severity : moderate Type : recommended References : 1190651 1202148 ----------------------------------------------------------------- The container bci/rust was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3870-1 Released: Fri Nov 4 11:12:08 2022 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1190651,1202148 This update for openssl-1_1 fixes the following issues: - FIPS: Add a missing dependency on jitterentropy-devel for libopenssl-1_1-devel (bsc#1202148) - FIPS: OpenSSL service-level indicator: Allow AES XTS 256 (bsc#1190651) The following package changes have been done: - libopenssl1_1-1.1.1l-150400.7.13.1 updated - libopenssl1_1-hmac-1.1.1l-150400.7.13.1 updated From sle-updates at lists.suse.com Mon Nov 7 11:22:43 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 7 Nov 2022 12:22:43 +0100 (CET) Subject: SUSE-RU-2022:3882-1: moderate: Recommended update for openssl-1_1 Message-ID: <20221107112243.E7FA9FDD7@maintenance.suse.de> SUSE Recommended Update: Recommended update for openssl-1_1 ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:3882-1 Rating: moderate References: #1180995 Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server for SAP 15-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for openssl-1_1 fixes the following issues: - FIPS: Default to RFC7919 groups when generating ECDH parameters using 'genpkey' or 'dhparam' in FIPS mode. (bsc#1180995) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-3882=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-3882=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-3882=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-3882=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-3882=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-3882=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): libopenssl-1_1-devel-1.1.0i-150100.14.39.1 libopenssl1_1-1.1.0i-150100.14.39.1 libopenssl1_1-debuginfo-1.1.0i-150100.14.39.1 libopenssl1_1-hmac-1.1.0i-150100.14.39.1 openssl-1_1-1.1.0i-150100.14.39.1 openssl-1_1-debuginfo-1.1.0i-150100.14.39.1 openssl-1_1-debugsource-1.1.0i-150100.14.39.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (x86_64): libopenssl-1_1-devel-32bit-1.1.0i-150100.14.39.1 libopenssl1_1-32bit-1.1.0i-150100.14.39.1 libopenssl1_1-32bit-debuginfo-1.1.0i-150100.14.39.1 libopenssl1_1-hmac-32bit-1.1.0i-150100.14.39.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): libopenssl-1_1-devel-1.1.0i-150100.14.39.1 libopenssl1_1-1.1.0i-150100.14.39.1 libopenssl1_1-debuginfo-1.1.0i-150100.14.39.1 libopenssl1_1-hmac-1.1.0i-150100.14.39.1 openssl-1_1-1.1.0i-150100.14.39.1 openssl-1_1-debuginfo-1.1.0i-150100.14.39.1 openssl-1_1-debugsource-1.1.0i-150100.14.39.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (x86_64): libopenssl-1_1-devel-32bit-1.1.0i-150100.14.39.1 libopenssl1_1-32bit-1.1.0i-150100.14.39.1 libopenssl1_1-32bit-debuginfo-1.1.0i-150100.14.39.1 libopenssl1_1-hmac-32bit-1.1.0i-150100.14.39.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): libopenssl-1_1-devel-1.1.0i-150100.14.39.1 libopenssl-1_1-devel-32bit-1.1.0i-150100.14.39.1 libopenssl1_1-1.1.0i-150100.14.39.1 libopenssl1_1-32bit-1.1.0i-150100.14.39.1 libopenssl1_1-32bit-debuginfo-1.1.0i-150100.14.39.1 libopenssl1_1-debuginfo-1.1.0i-150100.14.39.1 libopenssl1_1-hmac-1.1.0i-150100.14.39.1 libopenssl1_1-hmac-32bit-1.1.0i-150100.14.39.1 openssl-1_1-1.1.0i-150100.14.39.1 openssl-1_1-debuginfo-1.1.0i-150100.14.39.1 openssl-1_1-debugsource-1.1.0i-150100.14.39.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): libopenssl-1_1-devel-1.1.0i-150100.14.39.1 libopenssl1_1-1.1.0i-150100.14.39.1 libopenssl1_1-debuginfo-1.1.0i-150100.14.39.1 libopenssl1_1-hmac-1.1.0i-150100.14.39.1 openssl-1_1-1.1.0i-150100.14.39.1 openssl-1_1-debuginfo-1.1.0i-150100.14.39.1 openssl-1_1-debugsource-1.1.0i-150100.14.39.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (x86_64): libopenssl-1_1-devel-32bit-1.1.0i-150100.14.39.1 libopenssl1_1-32bit-1.1.0i-150100.14.39.1 libopenssl1_1-32bit-debuginfo-1.1.0i-150100.14.39.1 libopenssl1_1-hmac-32bit-1.1.0i-150100.14.39.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): libopenssl-1_1-devel-1.1.0i-150100.14.39.1 libopenssl1_1-1.1.0i-150100.14.39.1 libopenssl1_1-debuginfo-1.1.0i-150100.14.39.1 libopenssl1_1-hmac-1.1.0i-150100.14.39.1 openssl-1_1-1.1.0i-150100.14.39.1 openssl-1_1-debuginfo-1.1.0i-150100.14.39.1 openssl-1_1-debugsource-1.1.0i-150100.14.39.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (x86_64): libopenssl-1_1-devel-32bit-1.1.0i-150100.14.39.1 libopenssl1_1-32bit-1.1.0i-150100.14.39.1 libopenssl1_1-32bit-debuginfo-1.1.0i-150100.14.39.1 libopenssl1_1-hmac-32bit-1.1.0i-150100.14.39.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): libopenssl-1_1-devel-1.1.0i-150100.14.39.1 libopenssl1_1-1.1.0i-150100.14.39.1 libopenssl1_1-debuginfo-1.1.0i-150100.14.39.1 libopenssl1_1-hmac-1.1.0i-150100.14.39.1 openssl-1_1-1.1.0i-150100.14.39.1 openssl-1_1-debuginfo-1.1.0i-150100.14.39.1 openssl-1_1-debugsource-1.1.0i-150100.14.39.1 - SUSE Enterprise Storage 6 (x86_64): libopenssl-1_1-devel-32bit-1.1.0i-150100.14.39.1 libopenssl1_1-32bit-1.1.0i-150100.14.39.1 libopenssl1_1-32bit-debuginfo-1.1.0i-150100.14.39.1 libopenssl1_1-hmac-32bit-1.1.0i-150100.14.39.1 - SUSE CaaS Platform 4.0 (x86_64): libopenssl-1_1-devel-1.1.0i-150100.14.39.1 libopenssl-1_1-devel-32bit-1.1.0i-150100.14.39.1 libopenssl1_1-1.1.0i-150100.14.39.1 libopenssl1_1-32bit-1.1.0i-150100.14.39.1 libopenssl1_1-32bit-debuginfo-1.1.0i-150100.14.39.1 libopenssl1_1-debuginfo-1.1.0i-150100.14.39.1 libopenssl1_1-hmac-1.1.0i-150100.14.39.1 libopenssl1_1-hmac-32bit-1.1.0i-150100.14.39.1 openssl-1_1-1.1.0i-150100.14.39.1 openssl-1_1-debuginfo-1.1.0i-150100.14.39.1 openssl-1_1-debugsource-1.1.0i-150100.14.39.1 References: https://bugzilla.suse.com/1180995 From sle-updates at lists.suse.com Mon Nov 7 14:20:11 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 7 Nov 2022 15:20:11 +0100 (CET) Subject: SUSE-SU-2022:3886-1: important: Security update for sudo Message-ID: <20221107142011.84012FDB8@maintenance.suse.de> SUSE Security Update: Security update for sudo ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3886-1 Rating: important References: #1204986 Cross-References: CVE-2022-43995 CVSS scores: CVE-2022-43995 (NVD) : 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H CVE-2022-43995 (SUSE): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H Affected Products: SUSE Linux Enterprise Server 12-SP2-BCL ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for sudo fixes the following issues: - CVE-2022-43995: Fixed a potential heap-based buffer over-read when entering a password of seven characters or fewer and using the crypt() password backend (bsc#1204986). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2022-3886=1 Package List: - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): sudo-1.8.10p3-10.38.1 sudo-debuginfo-1.8.10p3-10.38.1 sudo-debugsource-1.8.10p3-10.38.1 References: https://www.suse.com/security/cve/CVE-2022-43995.html https://bugzilla.suse.com/1204986 From sle-updates at lists.suse.com Mon Nov 7 14:20:47 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 7 Nov 2022 15:20:47 +0100 (CET) Subject: SUSE-RU-2022:3885-1: moderate: Recommended update for gnutls Message-ID: <20221107142047.7C4AFFDB8@maintenance.suse.de> SUSE Recommended Update: Recommended update for gnutls ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:3885-1 Rating: moderate References: #1203299 Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for gnutls fixes the following issues: - Fix AVX CPU feature detection for OSXSAVE (bsc#1203299) This fixes a SIGILL termination at the verzoupper instruction when trying to run GnuTLS on a Linux kernel with the noxsave command line parameter set. Relevant mostly for virtual systems. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-3885=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-3885=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): gnutls-3.7.3-150400.4.19.1 gnutls-debuginfo-3.7.3-150400.4.19.1 gnutls-debugsource-3.7.3-150400.4.19.1 gnutls-guile-3.7.3-150400.4.19.1 gnutls-guile-debuginfo-3.7.3-150400.4.19.1 libgnutls-devel-3.7.3-150400.4.19.1 libgnutls30-3.7.3-150400.4.19.1 libgnutls30-debuginfo-3.7.3-150400.4.19.1 libgnutls30-hmac-3.7.3-150400.4.19.1 libgnutlsxx-devel-3.7.3-150400.4.19.1 libgnutlsxx28-3.7.3-150400.4.19.1 libgnutlsxx28-debuginfo-3.7.3-150400.4.19.1 - openSUSE Leap 15.4 (x86_64): libgnutls-devel-32bit-3.7.3-150400.4.19.1 libgnutls30-32bit-3.7.3-150400.4.19.1 libgnutls30-32bit-debuginfo-3.7.3-150400.4.19.1 libgnutls30-hmac-32bit-3.7.3-150400.4.19.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): gnutls-3.7.3-150400.4.19.1 gnutls-debuginfo-3.7.3-150400.4.19.1 gnutls-debugsource-3.7.3-150400.4.19.1 libgnutls-devel-3.7.3-150400.4.19.1 libgnutls30-3.7.3-150400.4.19.1 libgnutls30-debuginfo-3.7.3-150400.4.19.1 libgnutls30-hmac-3.7.3-150400.4.19.1 libgnutlsxx-devel-3.7.3-150400.4.19.1 libgnutlsxx28-3.7.3-150400.4.19.1 libgnutlsxx28-debuginfo-3.7.3-150400.4.19.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (x86_64): libgnutls30-32bit-3.7.3-150400.4.19.1 libgnutls30-32bit-debuginfo-3.7.3-150400.4.19.1 libgnutls30-hmac-32bit-3.7.3-150400.4.19.1 References: https://bugzilla.suse.com/1203299 From sle-updates at lists.suse.com Mon Nov 7 14:21:32 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 7 Nov 2022 15:21:32 +0100 (CET) Subject: SUSE-SU-2022:3884-1: important: Security update for expat Message-ID: <20221107142132.5C2B3FDB8@maintenance.suse.de> SUSE Security Update: Security update for expat ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3884-1 Rating: important References: #1204708 Cross-References: CVE-2022-43680 CVSS scores: CVE-2022-43680 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-43680 (SUSE): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Micro 5.3 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for expat fixes the following issues: - CVE-2022-43680: Fixed use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate (bsc#1204708). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-3884=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-3884=1 - SUSE Linux Enterprise Micro 5.3: zypper in -t patch SUSE-SLE-Micro-5.3-2022-3884=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): expat-2.4.4-150400.3.12.1 expat-debuginfo-2.4.4-150400.3.12.1 expat-debugsource-2.4.4-150400.3.12.1 libexpat-devel-2.4.4-150400.3.12.1 libexpat1-2.4.4-150400.3.12.1 libexpat1-debuginfo-2.4.4-150400.3.12.1 - openSUSE Leap 15.4 (x86_64): expat-32bit-debuginfo-2.4.4-150400.3.12.1 libexpat-devel-32bit-2.4.4-150400.3.12.1 libexpat1-32bit-2.4.4-150400.3.12.1 libexpat1-32bit-debuginfo-2.4.4-150400.3.12.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): expat-2.4.4-150400.3.12.1 expat-debuginfo-2.4.4-150400.3.12.1 expat-debugsource-2.4.4-150400.3.12.1 libexpat-devel-2.4.4-150400.3.12.1 libexpat1-2.4.4-150400.3.12.1 libexpat1-debuginfo-2.4.4-150400.3.12.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (x86_64): expat-32bit-debuginfo-2.4.4-150400.3.12.1 libexpat1-32bit-2.4.4-150400.3.12.1 libexpat1-32bit-debuginfo-2.4.4-150400.3.12.1 - SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64): expat-debuginfo-2.4.4-150400.3.12.1 expat-debugsource-2.4.4-150400.3.12.1 libexpat1-2.4.4-150400.3.12.1 libexpat1-debuginfo-2.4.4-150400.3.12.1 References: https://www.suse.com/security/cve/CVE-2022-43680.html https://bugzilla.suse.com/1204708 From sle-updates at lists.suse.com Mon Nov 7 17:20:17 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 7 Nov 2022 18:20:17 +0100 (CET) Subject: SUSE-SU-2022:3888-1: important: Security update for vsftpd Message-ID: <20221107172017.757DEFDD6@maintenance.suse.de> SUSE Security Update: Security update for vsftpd ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3888-1 Rating: important References: #1021387 #1052900 #1187678 #1187686 #786024 PM-3322 Cross-References: CVE-2021-3618 CVSS scores: CVE-2021-3618 (NVD) : 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N CVE-2021-3618 (SUSE): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N Affected Products: SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that solves one vulnerability, contains one feature and has four fixes is now available. Description: This update for vsftpd fixes the following issues: - CVE-2021-3618: Enforced security checks against ALPACA attack (PM-3322, bsc#1187686, bsc#1187678). Bugfixes: - Fixed a seccomp failure in FIPS mode when SSL was enabled (bsc#1052900). - Allowed wait4() to be called so that the broker can wait for its child processes (bsc#1021387). - Allowed sendto() syscall when /dev/log support is enabled (bsc#786024). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-3888=1 Package List: - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): vsftpd-3.0.5-51.1 vsftpd-debuginfo-3.0.5-51.1 vsftpd-debugsource-3.0.5-51.1 References: https://www.suse.com/security/cve/CVE-2021-3618.html https://bugzilla.suse.com/1021387 https://bugzilla.suse.com/1052900 https://bugzilla.suse.com/1187678 https://bugzilla.suse.com/1187686 https://bugzilla.suse.com/786024 From sle-updates at lists.suse.com Mon Nov 7 20:19:51 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 7 Nov 2022 21:19:51 +0100 (CET) Subject: SUSE-SU-2022:3890-1: important: Security update for rubygem-nokogiri Message-ID: <20221107201951.77807FDD6@maintenance.suse.de> SUSE Security Update: Security update for rubygem-nokogiri ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3890-1 Rating: important References: #1198408 #1199782 Cross-References: CVE-2022-24836 CVE-2022-29181 CVSS scores: CVE-2022-24836 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-24836 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-29181 (NVD) : 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H CVE-2022-29181 (SUSE): 7.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H Affected Products: SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud Crowbar 9 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for rubygem-nokogiri fixes the following issues: - CVE-2022-24836: Fixes possibility to DoS because of inefficient RE in HTML encoding. (bsc#1198408) - CVE-2022-29181: Fixes Improper Handling of Unexpected Data Typesi. (bsc#1199782) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2022-3890=1 - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2022-3890=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): ruby2.1-rubygem-nokogiri-1.6.1-5.6.1 ruby2.1-rubygem-nokogiri-debuginfo-1.6.1-5.6.1 rubygem-nokogiri-debugsource-1.6.1-5.6.1 - SUSE OpenStack Cloud Crowbar 8 (x86_64): ruby2.1-rubygem-nokogiri-1.6.1-5.6.1 ruby2.1-rubygem-nokogiri-debuginfo-1.6.1-5.6.1 rubygem-nokogiri-debugsource-1.6.1-5.6.1 References: https://www.suse.com/security/cve/CVE-2022-24836.html https://www.suse.com/security/cve/CVE-2022-29181.html https://bugzilla.suse.com/1198408 https://bugzilla.suse.com/1199782 From sle-updates at lists.suse.com Mon Nov 7 20:20:35 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 7 Nov 2022 21:20:35 +0100 (CET) Subject: SUSE-SU-2022:3892-1: moderate: Security update for exiv2 Message-ID: <20221107202035.9AF51FDD6@maintenance.suse.de> SUSE Security Update: Security update for exiv2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3892-1 Rating: moderate References: #1142679 #1185913 #1189338 Cross-References: CVE-2019-13111 CVE-2021-29463 CVE-2021-34334 CVSS scores: CVE-2019-13111 (NVD) : 5.5 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2019-13111 (SUSE): 4.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2021-29463 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2021-29463 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2021-34334 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2021-34334 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Module for Desktop Applications 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Storage 7.1 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for exiv2 fixes the following issues: - CVE-2019-13111: Fixed nteger overflow in WebPImage:decodeChunks (bsc#1142679). - CVE-2021-29463: Fixed out-of-bounds read (bsc#1185913). - CVE-2021-34334: Fixed a DoS due to integer overflow in loop counter bug (bsc#1189338). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-3892=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP3-2022-3892=1 Package List: - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): exiv2-0.26-150000.6.21.1 exiv2-debuginfo-0.26-150000.6.21.1 exiv2-debugsource-0.26-150000.6.21.1 libexiv2-26-0.26-150000.6.21.1 libexiv2-26-debuginfo-0.26-150000.6.21.1 libexiv2-devel-0.26-150000.6.21.1 libexiv2-doc-0.26-150000.6.21.1 - openSUSE Leap 15.3 (x86_64): libexiv2-26-32bit-0.26-150000.6.21.1 libexiv2-26-32bit-debuginfo-0.26-150000.6.21.1 - openSUSE Leap 15.3 (noarch): exiv2-lang-0.26-150000.6.21.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (aarch64 ppc64le s390x x86_64): exiv2-debuginfo-0.26-150000.6.21.1 exiv2-debugsource-0.26-150000.6.21.1 libexiv2-26-0.26-150000.6.21.1 libexiv2-26-debuginfo-0.26-150000.6.21.1 libexiv2-devel-0.26-150000.6.21.1 References: https://www.suse.com/security/cve/CVE-2019-13111.html https://www.suse.com/security/cve/CVE-2021-29463.html https://www.suse.com/security/cve/CVE-2021-34334.html https://bugzilla.suse.com/1142679 https://bugzilla.suse.com/1185913 https://bugzilla.suse.com/1189338 From sle-updates at lists.suse.com Mon Nov 7 20:21:36 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 7 Nov 2022 21:21:36 +0100 (CET) Subject: SUSE-SU-2022:3889-1: important: Security update for exiv2 Message-ID: <20221107202136.D5892FDD6@maintenance.suse.de> SUSE Security Update: Security update for exiv2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3889-1 Rating: important References: #1068871 #1142675 #1142679 #1185002 #1185218 #1185447 #1185913 #1186053 #1186192 #1188645 #1188733 #1189332 #1189333 #1189334 #1189335 #1189338 PED-1393 Cross-References: CVE-2017-1000128 CVE-2019-13108 CVE-2019-13111 CVE-2020-19716 CVE-2021-29457 CVE-2021-29463 CVE-2021-29470 CVE-2021-29623 CVE-2021-31291 CVE-2021-32617 CVE-2021-34334 CVE-2021-37620 CVE-2021-37621 CVE-2021-37622 CVE-2021-37623 CVSS scores: CVE-2017-1000128 (NVD) : 5.5 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2017-1000128 (SUSE): 3.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2019-13108 (NVD) : 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2019-13108 (SUSE): 4.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2019-13111 (NVD) : 5.5 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2019-13111 (SUSE): 4.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2020-19716 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2020-19716 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2021-29457 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-29457 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-29463 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2021-29463 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2021-29470 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2021-29470 (SUSE): 4.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2021-29623 (NVD) : 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N CVE-2021-29623 (SUSE): 5.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N CVE-2021-31291 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2021-32617 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2021-32617 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2021-34334 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2021-34334 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2021-37620 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2021-37620 (SUSE): 3.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2021-37621 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2021-37621 (SUSE): 4.4 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H CVE-2021-37622 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2021-37622 (SUSE): 5.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2021-37623 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2021-37623 (SUSE): 5.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Desktop Applications 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that solves 15 vulnerabilities, contains one feature and has one errata is now available. Description: This update for exiv2 fixes the following issues: Updated to version 0.27.5 (jsc#PED-1393): - CVE-2017-1000128: Fixed stack out of bounds read in JPEG2000 parser (bsc#1068871). - CVE-2019-13108: Fixed integer overflow PngImage:readMetadata (bsc#1142675). - CVE-2020-19716: Fixed buffer overflow vulnerability in the Databuf function in types.cpp (bsc#1188645). - CVE-2021-29457: Fixed heap buffer overflow when write metadata into a crafted image file (bsc#1185002). - CVE-2021-29470: Fixed out-of-bounds read in Exiv2:Jp2Image:encodeJp2Header (bsc#1185447). - CVE-2021-29623: Fixed read of uninitialized memory (bsc#1186053). - CVE-2021-31291: Fixed heap-based buffer overflow in jp2image.cpp (bsc#1188733). - CVE-2021-32617: Fixed denial of service due to inefficient algorithm (bsc#1186192). - CVE-2021-37620: Fixed out-of-bounds read in XmpTextValue:read() (bsc#1189332). - CVE-2021-37621: Fixed DoS due to infinite loop in Image:printIFDStructure (bsc#1189333). - CVE-2021-37622: Fixed DoS due to infinite loop in JpegBase:printStructure (bsc#1189334) - CVE-2021-34334: Fixed DoS due to integer overflow in loop counter(bsc#1189338) - CVE-2021-37623: Fixed DoS due to infinite loop in JpegBase:printStructure (bsc#1189335) - CVE-2021-29463: Fixed out-of-bounds read in webpimage.cpp (bsc#1185913). - CVE-2021-34334: Fixed DoS due to integer overflow in loop counter (bsc#1189338) - CVE-2019-13111: Fixed integer overflow in WebPImage:decodeChunks that lead to denial of service (bsc#1142679) - CVE-2021-29463: Fixed an out-of-bounds read was found in webpimage.cpp (bsc#1185913) Bugfixes: - Fixed build using GCC 11 (bsc#1185218). A new libexiv2-2_27 shared library is shipped, the libexiv2-2_26 is provided only for compatibility now. Please recompile your applications using the exiv2 library. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-3889=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP4: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP4-2022-3889=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): exiv2-0.27.5-150400.15.4.1 exiv2-debuginfo-0.27.5-150400.15.4.1 exiv2-debugsource-0.27.5-150400.15.4.1 libexiv2-26-0.26-150400.9.16.1 libexiv2-26-debuginfo-0.26-150400.9.16.1 libexiv2-27-0.27.5-150400.15.4.1 libexiv2-27-debuginfo-0.27.5-150400.15.4.1 libexiv2-devel-0.27.5-150400.15.4.1 libexiv2-xmp-static-0.27.5-150400.15.4.1 - openSUSE Leap 15.4 (noarch): exiv2-lang-0.27.5-150400.15.4.1 - openSUSE Leap 15.4 (x86_64): libexiv2-26-32bit-0.26-150400.9.16.1 libexiv2-26-32bit-debuginfo-0.26-150400.9.16.1 libexiv2-27-32bit-0.27.5-150400.15.4.1 libexiv2-27-32bit-debuginfo-0.27.5-150400.15.4.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP4 (aarch64 ppc64le s390x x86_64): exiv2-debuginfo-0.27.5-150400.15.4.1 exiv2-debugsource-0.27.5-150400.15.4.1 libexiv2-26-0.26-150400.9.16.1 libexiv2-26-debuginfo-0.26-150400.9.16.1 libexiv2-27-0.27.5-150400.15.4.1 libexiv2-27-debuginfo-0.27.5-150400.15.4.1 libexiv2-devel-0.27.5-150400.15.4.1 libexiv2-xmp-static-0.27.5-150400.15.4.1 References: https://www.suse.com/security/cve/CVE-2017-1000128.html https://www.suse.com/security/cve/CVE-2019-13108.html https://www.suse.com/security/cve/CVE-2019-13111.html https://www.suse.com/security/cve/CVE-2020-19716.html https://www.suse.com/security/cve/CVE-2021-29457.html https://www.suse.com/security/cve/CVE-2021-29463.html https://www.suse.com/security/cve/CVE-2021-29470.html https://www.suse.com/security/cve/CVE-2021-29623.html https://www.suse.com/security/cve/CVE-2021-31291.html https://www.suse.com/security/cve/CVE-2021-32617.html https://www.suse.com/security/cve/CVE-2021-34334.html https://www.suse.com/security/cve/CVE-2021-37620.html https://www.suse.com/security/cve/CVE-2021-37621.html https://www.suse.com/security/cve/CVE-2021-37622.html https://www.suse.com/security/cve/CVE-2021-37623.html https://bugzilla.suse.com/1068871 https://bugzilla.suse.com/1142675 https://bugzilla.suse.com/1142679 https://bugzilla.suse.com/1185002 https://bugzilla.suse.com/1185218 https://bugzilla.suse.com/1185447 https://bugzilla.suse.com/1185913 https://bugzilla.suse.com/1186053 https://bugzilla.suse.com/1186192 https://bugzilla.suse.com/1188645 https://bugzilla.suse.com/1188733 https://bugzilla.suse.com/1189332 https://bugzilla.suse.com/1189333 https://bugzilla.suse.com/1189334 https://bugzilla.suse.com/1189335 https://bugzilla.suse.com/1189338 From sle-updates at lists.suse.com Tue Nov 8 08:20:40 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 8 Nov 2022 09:20:40 +0100 (CET) Subject: SUSE-RU-2022:3893-1: moderate: Recommended update for resource-agents Message-ID: <20221108082040.46818FDB8@maintenance.suse.de> SUSE Recommended Update: Recommended update for resource-agents ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:3893-1 Rating: moderate References: #1203758 Affected Products: SUSE Linux Enterprise High Availability 12-SP4 SUSE Linux Enterprise High Availability 12-SP5 SUSE Linux Enterprise High Performance Computing 12-SP4 SUSE Linux Enterprise High Performance Computing 12-SP5 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for resource-agents fixes the following issues: - Fix DB2 HADR failing promote actions (bsc#1203758) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 12-SP5: zypper in -t patch SUSE-SLE-HA-12-SP5-2022-3893=1 - SUSE Linux Enterprise High Availability 12-SP4: zypper in -t patch SUSE-SLE-HA-12-SP4-2022-3893=1 Package List: - SUSE Linux Enterprise High Availability 12-SP5 (ppc64le s390x x86_64): ldirectord-4.3.018.a7fb5035-3.101.1 resource-agents-4.3.018.a7fb5035-3.101.1 resource-agents-debuginfo-4.3.018.a7fb5035-3.101.1 resource-agents-debugsource-4.3.018.a7fb5035-3.101.1 - SUSE Linux Enterprise High Availability 12-SP5 (noarch): monitoring-plugins-metadata-4.3.018.a7fb5035-3.101.1 - SUSE Linux Enterprise High Availability 12-SP4 (ppc64le s390x x86_64): ldirectord-4.3.018.a7fb5035-3.101.1 resource-agents-4.3.018.a7fb5035-3.101.1 resource-agents-debuginfo-4.3.018.a7fb5035-3.101.1 resource-agents-debugsource-4.3.018.a7fb5035-3.101.1 - SUSE Linux Enterprise High Availability 12-SP4 (noarch): monitoring-plugins-metadata-4.3.018.a7fb5035-3.101.1 References: https://bugzilla.suse.com/1203758 From sle-updates at lists.suse.com Tue Nov 8 08:21:23 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 8 Nov 2022 09:21:23 +0100 (CET) Subject: SUSE-RU-2022:3894-1: moderate: Recommended update for resource-agents Message-ID: <20221108082123.5A86CFDB8@maintenance.suse.de> SUSE Recommended Update: Recommended update for resource-agents ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:3894-1 Rating: moderate References: #1203758 Affected Products: SUSE Linux Enterprise High Availability 15-SP2 SUSE Linux Enterprise High Performance Computing 15-SP2 SUSE Linux Enterprise Server 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP2 SUSE Linux Enterprise Storage 7 SUSE Manager Proxy 4.1 SUSE Manager Retail Branch Server 4.1 SUSE Manager Server 4.1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for resource-agents fixes the following issues: - Fix DB2 HADR resource-agents bug (bsc#1203758) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 15-SP2: zypper in -t patch SUSE-SLE-Product-HA-15-SP2-2022-3894=1 Package List: - SUSE Linux Enterprise High Availability 15-SP2 (aarch64 ppc64le s390x x86_64): ldirectord-4.4.0+git57.70549516-150200.3.59.1 resource-agents-4.4.0+git57.70549516-150200.3.59.1 resource-agents-debuginfo-4.4.0+git57.70549516-150200.3.59.1 resource-agents-debugsource-4.4.0+git57.70549516-150200.3.59.1 - SUSE Linux Enterprise High Availability 15-SP2 (noarch): monitoring-plugins-metadata-4.4.0+git57.70549516-150200.3.59.1 References: https://bugzilla.suse.com/1203758 From sle-updates at lists.suse.com Tue Nov 8 08:50:01 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 8 Nov 2022 09:50:01 +0100 (CET) Subject: SUSE-CU-2022:2846-1: Recommended update of suse/sle15 Message-ID: <20221108085001.B35AAFDB8@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2846-1 Container Tags : suse/sle15:15.1 , suse/sle15:15.1.6.2.699 Container Release : 6.2.699 Severity : moderate Type : recommended References : 1180995 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3882-1 Released: Mon Nov 7 09:06:03 2022 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1180995 This update for openssl-1_1 fixes the following issues: - FIPS: Default to RFC7919 groups when generating ECDH parameters using 'genpkey' or 'dhparam' in FIPS mode. (bsc#1180995) The following package changes have been done: - libopenssl1_1-1.1.0i-150100.14.39.1 updated - openssl-1_1-1.1.0i-150100.14.39.1 updated From sle-updates at lists.suse.com Tue Nov 8 09:18:18 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 8 Nov 2022 10:18:18 +0100 (CET) Subject: SUSE-CU-2022:2851-1: Security update of suse/389-ds Message-ID: <20221108091818.5FBC9FDB8@maintenance.suse.de> SUSE Container Update Advisory: suse/389-ds ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2851-1 Container Tags : suse/389-ds:2.0 , suse/389-ds:2.0-17.29 , suse/389-ds:latest Container Release : 17.29 Severity : important Type : security References : 1190651 1191546 1198980 1201298 1202148 1202870 1204708 1204729 CVE-2022-43680 ----------------------------------------------------------------- The container suse/389-ds was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3870-1 Released: Fri Nov 4 11:12:08 2022 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1190651,1202148 This update for openssl-1_1 fixes the following issues: - FIPS: Add a missing dependency on jitterentropy-devel for libopenssl-1_1-devel (bsc#1202148) - FIPS: OpenSSL service-level indicator: Allow AES XTS 256 (bsc#1190651) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3873-1 Released: Fri Nov 4 14:58:08 2022 Summary: Recommended update for mozilla-nspr, mozilla-nss Type: recommended Severity: moderate References: 1191546,1198980,1201298,1202870,1204729 This update for mozilla-nspr, mozilla-nss fixes the following issues: mozilla-nspr was updated to version 4.34.1: * add file descriptor sanity checks in the NSPR poll function. mozilla-nss was updated to NSS 3.79.2 (bsc#1204729): * Bump minimum NSPR version to 4.34.1. * Gracefully handle null nickname in CERT_GetCertNicknameWithValidity. Other fixes that were applied: - FIPS: Allow the use of DSA keys (verification only) (bsc#1201298). - FIPS: Add sftk_FIPSRepeatIntegrityCheck() to softoken's .def file (bsc#1198980). - FIPS: Allow the use of longer symmetric keys via the service level indicator (bsc#1191546). - FIPS: Prevent TLS sessions from getting flagged as non-FIPS (bsc#1191546). - FIPS: Mark DSA keygen unapproved (bsc#1191546, bsc#1201298). - FIPS: Use libjitterentropy for entropy (bsc#1202870). - FIPS: Fixed an abort() when both NSS_FIPS and /proc FIPS mode are enabled. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3884-1 Released: Mon Nov 7 10:59:26 2022 Summary: Security update for expat Type: security Severity: important References: 1204708,CVE-2022-43680 This update for expat fixes the following issues: - CVE-2022-43680: Fixed use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate (bsc#1204708). The following package changes have been done: - libopenssl1_1-1.1.1l-150400.7.13.1 updated - libopenssl1_1-hmac-1.1.1l-150400.7.13.1 updated - openssl-1_1-1.1.1l-150400.7.13.1 updated - libexpat1-2.4.4-150400.3.12.1 updated - mozilla-nspr-4.34.1-150000.3.26.1 updated - container:sles15-image-15.0.0-27.14.9 updated From sle-updates at lists.suse.com Tue Nov 8 09:30:53 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 8 Nov 2022 10:30:53 +0100 (CET) Subject: SUSE-CU-2022:2857-1: Security update of bci/golang Message-ID: <20221108093053.D2A65FDB8@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2857-1 Container Tags : bci/golang:1.16 , bci/golang:1.16-30.72 Container Release : 30.72 Severity : important Type : security References : 1204708 CVE-2022-43680 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3884-1 Released: Mon Nov 7 10:59:26 2022 Summary: Security update for expat Type: security Severity: important References: 1204708,CVE-2022-43680 This update for expat fixes the following issues: - CVE-2022-43680: Fixed use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate (bsc#1204708). The following package changes have been done: - libexpat1-2.4.4-150400.3.12.1 updated From sle-updates at lists.suse.com Tue Nov 8 09:34:09 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 8 Nov 2022 10:34:09 +0100 (CET) Subject: SUSE-CU-2022:2858-1: Security update of bci/golang Message-ID: <20221108093409.CE3BFFDB8@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2858-1 Container Tags : bci/golang:1.17 , bci/golang:1.17-29.72 Container Release : 29.72 Severity : important Type : security References : 1204708 CVE-2022-43680 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3884-1 Released: Mon Nov 7 10:59:26 2022 Summary: Security update for expat Type: security Severity: important References: 1204708,CVE-2022-43680 This update for expat fixes the following issues: - CVE-2022-43680: Fixed use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate (bsc#1204708). The following package changes have been done: - libexpat1-2.4.4-150400.3.12.1 updated From sle-updates at lists.suse.com Tue Nov 8 09:36:39 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 8 Nov 2022 10:36:39 +0100 (CET) Subject: SUSE-CU-2022:2859-1: Security update of bci/golang Message-ID: <20221108093639.072A9FDB8@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2859-1 Container Tags : bci/golang:1.18 , bci/golang:1.18-18.18 Container Release : 18.18 Severity : important Type : security References : 1204708 CVE-2022-43680 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3884-1 Released: Mon Nov 7 10:59:26 2022 Summary: Security update for expat Type: security Severity: important References: 1204708,CVE-2022-43680 This update for expat fixes the following issues: - CVE-2022-43680: Fixed use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate (bsc#1204708). The following package changes have been done: - libexpat1-2.4.4-150400.3.12.1 updated From sle-updates at lists.suse.com Tue Nov 8 09:38:40 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 8 Nov 2022 10:38:40 +0100 (CET) Subject: SUSE-CU-2022:2860-1: Security update of bci/bci-init Message-ID: <20221108093840.0F9CFFDB8@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-init ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2860-1 Container Tags : bci/bci-init:15.4 , bci/bci-init:15.4.24.19 , bci/bci-init:latest Container Release : 24.19 Severity : important Type : security References : 1204708 CVE-2022-43680 ----------------------------------------------------------------- The container bci/bci-init was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3884-1 Released: Mon Nov 7 10:59:26 2022 Summary: Security update for expat Type: security Severity: important References: 1204708,CVE-2022-43680 This update for expat fixes the following issues: - CVE-2022-43680: Fixed use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate (bsc#1204708). The following package changes have been done: - libexpat1-2.4.4-150400.3.12.1 updated From sle-updates at lists.suse.com Tue Nov 8 09:40:26 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 8 Nov 2022 10:40:26 +0100 (CET) Subject: SUSE-CU-2022:2861-1: Security update of bci/nodejs Message-ID: <20221108094026.56DE8FDB8@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2861-1 Container Tags : bci/node:14 , bci/node:14-35.16 , bci/nodejs:14 , bci/nodejs:14-35.16 Container Release : 35.16 Severity : important Type : security References : 1204708 CVE-2022-43680 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3884-1 Released: Mon Nov 7 10:59:26 2022 Summary: Security update for expat Type: security Severity: important References: 1204708,CVE-2022-43680 This update for expat fixes the following issues: - CVE-2022-43680: Fixed use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate (bsc#1204708). The following package changes have been done: - libexpat1-2.4.4-150400.3.12.1 updated From sle-updates at lists.suse.com Tue Nov 8 09:41:33 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 8 Nov 2022 10:41:33 +0100 (CET) Subject: SUSE-CU-2022:2862-1: Security update of bci/nodejs Message-ID: <20221108094133.3F152FDB8@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2862-1 Container Tags : bci/node:16 , bci/node:16-11.16 , bci/node:latest , bci/nodejs:16 , bci/nodejs:16-11.16 , bci/nodejs:latest Container Release : 11.16 Severity : important Type : security References : 1204708 CVE-2022-43680 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3884-1 Released: Mon Nov 7 10:59:26 2022 Summary: Security update for expat Type: security Severity: important References: 1204708,CVE-2022-43680 This update for expat fixes the following issues: - CVE-2022-43680: Fixed use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate (bsc#1204708). The following package changes have been done: - libexpat1-2.4.4-150400.3.12.1 updated From sle-updates at lists.suse.com Tue Nov 8 09:44:34 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 8 Nov 2022 10:44:34 +0100 (CET) Subject: SUSE-CU-2022:2863-1: Security update of suse/pcp Message-ID: <20221108094434.7C604FDD6@maintenance.suse.de> SUSE Container Update Advisory: suse/pcp ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2863-1 Container Tags : suse/pcp:5 , suse/pcp:5.2 , suse/pcp:5.2.2 , suse/pcp:5.2.2-11.49 , suse/pcp:latest Container Release : 11.49 Severity : important Type : security References : 1204708 CVE-2022-43680 ----------------------------------------------------------------- The container suse/pcp was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3884-1 Released: Mon Nov 7 10:59:26 2022 Summary: Security update for expat Type: security Severity: important References: 1204708,CVE-2022-43680 This update for expat fixes the following issues: - CVE-2022-43680: Fixed use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate (bsc#1204708). The following package changes have been done: - libexpat1-2.4.4-150400.3.12.1 updated - container:bci-bci-init-15.4-15.4-24.19 updated From sle-updates at lists.suse.com Tue Nov 8 09:46:07 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 8 Nov 2022 10:46:07 +0100 (CET) Subject: SUSE-CU-2022:2864-1: Security update of bci/python Message-ID: <20221108094607.A3B2DFDB8@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2864-1 Container Tags : bci/python:3 , bci/python:3.10 , bci/python:3.10-7.16 , bci/python:latest Container Release : 7.16 Severity : important Type : security References : 1204708 CVE-2022-43680 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3884-1 Released: Mon Nov 7 10:59:26 2022 Summary: Security update for expat Type: security Severity: important References: 1204708,CVE-2022-43680 This update for expat fixes the following issues: - CVE-2022-43680: Fixed use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate (bsc#1204708). The following package changes have been done: - libexpat1-2.4.4-150400.3.12.1 updated From sle-updates at lists.suse.com Tue Nov 8 09:47:42 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 8 Nov 2022 10:47:42 +0100 (CET) Subject: SUSE-CU-2022:2865-1: Security update of bci/python Message-ID: <20221108094742.CEB48FDD6@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2865-1 Container Tags : bci/python:3 , bci/python:3.6 , bci/python:3.6-30.16 Container Release : 30.16 Severity : important Type : security References : 1204708 CVE-2022-43680 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3884-1 Released: Mon Nov 7 10:59:26 2022 Summary: Security update for expat Type: security Severity: important References: 1204708,CVE-2022-43680 This update for expat fixes the following issues: - CVE-2022-43680: Fixed use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate (bsc#1204708). The following package changes have been done: - libexpat1-2.4.4-150400.3.12.1 updated From sle-updates at lists.suse.com Tue Nov 8 09:50:26 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 8 Nov 2022 10:50:26 +0100 (CET) Subject: SUSE-CU-2022:2866-1: Security update of bci/ruby Message-ID: <20221108095026.828A2FDB8@maintenance.suse.de> SUSE Container Update Advisory: bci/ruby ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2866-1 Container Tags : bci/ruby:2 , bci/ruby:2.5 , bci/ruby:2.5-31.13 , bci/ruby:latest Container Release : 31.13 Severity : important Type : security References : 1204708 CVE-2022-43680 ----------------------------------------------------------------- The container bci/ruby was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3884-1 Released: Mon Nov 7 10:59:26 2022 Summary: Security update for expat Type: security Severity: important References: 1204708,CVE-2022-43680 This update for expat fixes the following issues: - CVE-2022-43680: Fixed use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate (bsc#1204708). The following package changes have been done: - libexpat1-2.4.4-150400.3.12.1 updated - container:sles15-image-15.0.0-27.14.9 updated From sle-updates at lists.suse.com Tue Nov 8 09:53:49 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 8 Nov 2022 10:53:49 +0100 (CET) Subject: SUSE-CU-2022:2868-1: Recommended update of bci/rust Message-ID: <20221108095349.6E29EFDB8@maintenance.suse.de> SUSE Container Update Advisory: bci/rust ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2868-1 Container Tags : bci/rust:1.60 , bci/rust:1.60-6.21 Container Release : 6.21 Severity : moderate Type : recommended References : 1190651 1202148 ----------------------------------------------------------------- The container bci/rust was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3870-1 Released: Fri Nov 4 11:12:08 2022 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1190651,1202148 This update for openssl-1_1 fixes the following issues: - FIPS: Add a missing dependency on jitterentropy-devel for libopenssl-1_1-devel (bsc#1202148) - FIPS: OpenSSL service-level indicator: Allow AES XTS 256 (bsc#1190651) The following package changes have been done: - libopenssl1_1-1.1.1l-150400.7.13.1 updated - libopenssl1_1-hmac-1.1.1l-150400.7.13.1 updated - container:sles15-image-15.0.0-27.14.9 updated From sle-updates at lists.suse.com Tue Nov 8 09:56:50 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 8 Nov 2022 10:56:50 +0100 (CET) Subject: SUSE-CU-2022:2870-1: Recommended update of suse/sle15 Message-ID: <20221108095650.A59E2FDB8@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2870-1 Container Tags : bci/bci-base:15.4 , bci/bci-base:15.4.27.14.9 , suse/sle15:15.4 , suse/sle15:15.4.27.14.9 Container Release : 27.14.9 Severity : moderate Type : recommended References : 1190651 1202148 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3870-1 Released: Fri Nov 4 11:12:08 2022 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1190651,1202148 This update for openssl-1_1 fixes the following issues: - FIPS: Add a missing dependency on jitterentropy-devel for libopenssl-1_1-devel (bsc#1202148) - FIPS: OpenSSL service-level indicator: Allow AES XTS 256 (bsc#1190651) The following package changes have been done: - libopenssl1_1-hmac-1.1.1l-150400.7.13.1 updated - libopenssl1_1-1.1.1l-150400.7.13.1 updated - openssl-1_1-1.1.1l-150400.7.13.1 updated From sle-updates at lists.suse.com Tue Nov 8 14:27:40 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 8 Nov 2022 15:27:40 +0100 (CET) Subject: SUSE-SU-2022:3896-1: moderate: Security update for conmon Message-ID: <20221108142740.187C8FDD6@maintenance.suse.de> SUSE Security Update: Security update for conmon ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3896-1 Rating: moderate References: #1200285 Cross-References: CVE-2022-1708 CVSS scores: CVE-2022-1708 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-1708 (SUSE): 6.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:N/A:H Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Enterprise Storage 7 SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Manager Proxy 4.1 SUSE Manager Retail Branch Server 4.1 SUSE Manager Server 4.1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for conmon fixes the following issues: conmon was updated to 2.1.3: * Stop using g_unix_signal_add() to avoid threads * Rename CLI optionlog-size-global-max to log-global-size-max Update to version 2.1.2: * add log-global-size-max option to limit the total output conmon processes (CVE-2022-1708 bsc#1200285) * journald: print tag and name if both are specified * drop some logs to debug level Update to version 2.1.0 * logging: buffer partial messages to journald * exit: close all fds >= 3 * fix: cgroup: Free memory_cgroup_file_path if open fails. Call g_free instead of free. Update to version 2.0.32 * Fix: Avoid mainfd_std{in,out} sharing the same file descriptor. * exit_command: Fix: unset subreaper attribute before running exit command Update to version 2.0.31 * logging: new mode -l passthrough * ctr_logs: use container name or ID as SYSLOG_IDENTIFIER for journald * conmon: Fix: free userdata files before exec cleanup Update to version 2.0.30: * Remove unreachable code path * exit: report if the exit command was killed * exit: fix race zombie reaper * conn_sock: allow watchdog messages through the notify socket proxy * seccomp: add support for seccomp notify Update to version 2.0.29: * Reset OOM score back to 0 for container runtime * call functions registered with atexit on SIGTERM * conn_sock: fix potential segfault Update to version 2.0.27: * Add CRI-O integration test GitHub action * exec: don't fail on EBADFD * close_fds: fix close of external fds * Add arm64 static build binary Update to version 2.0.26: * conn_sock: do not fail on EAGAIN * fix segfault from a double freed pointer * Fix a bug where conmon could never spawn a container, because a disagreement between the caller and itself on where the attach socket was. * improve --full-attach to ignore the socket-dir directly. that means callers don't need to specify a socket dir at all (and can remove it) * add full-attach option to allow callers to not truncate a very long path for the attach socket * close only opened FDs * set locale to inherit environment Update to version 2.0.22: * added man page * attach: always chdir * conn_sock: Explicitly free a heap-allocated string * refactor I/O and add SD_NOTIFY proxy support Update to version 2.0.21: * protect against kill(-1) * Makefile: enable debuginfo generation * Remove go.sum file and add go.mod * Fail if conmon config could not be written * nix: remove double definition for e2fsprogs * Speedup static build by utilizing CI cache on `/nix` folder * Fix nix build for failing e2fsprogs tests * test: fix CI * Use Podman for building Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-3896=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-3896=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-3896=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-3896=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-3896=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-3896=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-3896=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-3896=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-3896=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-3896=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-3896=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-3896=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-3896=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-3896=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-3896=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Manager Server 4.1 (ppc64le s390x x86_64): conmon-2.1.3-150100.3.9.1 conmon-debuginfo-2.1.3-150100.3.9.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): conmon-2.1.3-150100.3.9.1 conmon-debuginfo-2.1.3-150100.3.9.1 - SUSE Manager Proxy 4.1 (x86_64): conmon-2.1.3-150100.3.9.1 conmon-debuginfo-2.1.3-150100.3.9.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): conmon-2.1.3-150100.3.9.1 conmon-debuginfo-2.1.3-150100.3.9.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): conmon-2.1.3-150100.3.9.1 conmon-debuginfo-2.1.3-150100.3.9.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): conmon-2.1.3-150100.3.9.1 conmon-debuginfo-2.1.3-150100.3.9.1 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): conmon-2.1.3-150100.3.9.1 conmon-debuginfo-2.1.3-150100.3.9.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): conmon-2.1.3-150100.3.9.1 conmon-debuginfo-2.1.3-150100.3.9.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): conmon-2.1.3-150100.3.9.1 conmon-debuginfo-2.1.3-150100.3.9.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): conmon-2.1.3-150100.3.9.1 conmon-debuginfo-2.1.3-150100.3.9.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): conmon-2.1.3-150100.3.9.1 conmon-debuginfo-2.1.3-150100.3.9.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): conmon-2.1.3-150100.3.9.1 conmon-debuginfo-2.1.3-150100.3.9.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): conmon-2.1.3-150100.3.9.1 conmon-debuginfo-2.1.3-150100.3.9.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): conmon-2.1.3-150100.3.9.1 conmon-debuginfo-2.1.3-150100.3.9.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): conmon-2.1.3-150100.3.9.1 conmon-debuginfo-2.1.3-150100.3.9.1 - SUSE CaaS Platform 4.0 (x86_64): conmon-2.1.3-150100.3.9.1 conmon-debuginfo-2.1.3-150100.3.9.1 References: https://www.suse.com/security/cve/CVE-2022-1708.html https://bugzilla.suse.com/1200285 From sle-updates at lists.suse.com Tue Nov 8 14:29:29 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 8 Nov 2022 15:29:29 +0100 (CET) Subject: SUSE-RU-2022:3900-1: moderate: Recommended update for docker Message-ID: <20221108142929.ADA43FDD6@maintenance.suse.de> SUSE Recommended Update: Recommended update for docker ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:3900-1 Rating: moderate References: #1200022 Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Enterprise Storage 7 SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Micro 5.3 SUSE Linux Enterprise Module for Containers 15-SP3 SUSE Linux Enterprise Module for Containers 15-SP4 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Linux Enterprise Storage 7.1 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.1 SUSE Manager Retail Branch Server 4.2 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.1 SUSE Manager Server 4.2 SUSE Manager Server 4.3 openSUSE Leap 15.3 openSUSE Leap 15.4 openSUSE Leap Micro 5.2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for docker fixes the following issues: - Fix a crash-on-start issue with dockerd (bsc#1200022) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap Micro 5.2: zypper in -t patch openSUSE-Leap-Micro-5.2-2022-3900=1 - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-3900=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-3900=1 - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-3900=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-3900=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-3900=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-3900=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-3900=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-3900=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-3900=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-3900=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-3900=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-3900=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2022-3900=1 - SUSE Linux Enterprise Module for Containers 15-SP4: zypper in -t patch SUSE-SLE-Module-Containers-15-SP4-2022-3900=1 - SUSE Linux Enterprise Module for Containers 15-SP3: zypper in -t patch SUSE-SLE-Module-Containers-15-SP3-2022-3900=1 - SUSE Linux Enterprise Micro 5.3: zypper in -t patch SUSE-SLE-Micro-5.3-2022-3900=1 - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-3900=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-3900=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-3900=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-3900=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-3900=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-3900=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-3900=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-3900=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-3900=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-3900=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - openSUSE Leap Micro 5.2 (aarch64 x86_64): docker-20.10.17_ce-150000.169.1 docker-debuginfo-20.10.17_ce-150000.169.1 - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): docker-20.10.17_ce-150000.169.1 docker-debuginfo-20.10.17_ce-150000.169.1 docker-kubic-20.10.17_ce-150000.169.1 docker-kubic-debuginfo-20.10.17_ce-150000.169.1 docker-kubic-kubeadm-criconfig-20.10.17_ce-150000.169.1 - openSUSE Leap 15.4 (noarch): docker-bash-completion-20.10.17_ce-150000.169.1 docker-fish-completion-20.10.17_ce-150000.169.1 docker-kubic-bash-completion-20.10.17_ce-150000.169.1 docker-kubic-fish-completion-20.10.17_ce-150000.169.1 docker-kubic-zsh-completion-20.10.17_ce-150000.169.1 docker-zsh-completion-20.10.17_ce-150000.169.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): docker-20.10.17_ce-150000.169.1 docker-debuginfo-20.10.17_ce-150000.169.1 docker-kubic-20.10.17_ce-150000.169.1 docker-kubic-debuginfo-20.10.17_ce-150000.169.1 docker-kubic-kubeadm-criconfig-20.10.17_ce-150000.169.1 - openSUSE Leap 15.3 (noarch): docker-bash-completion-20.10.17_ce-150000.169.1 docker-fish-completion-20.10.17_ce-150000.169.1 docker-kubic-bash-completion-20.10.17_ce-150000.169.1 docker-kubic-fish-completion-20.10.17_ce-150000.169.1 docker-kubic-zsh-completion-20.10.17_ce-150000.169.1 docker-zsh-completion-20.10.17_ce-150000.169.1 - SUSE Manager Server 4.1 (ppc64le s390x x86_64): docker-20.10.17_ce-150000.169.1 docker-debuginfo-20.10.17_ce-150000.169.1 - SUSE Manager Server 4.1 (noarch): docker-bash-completion-20.10.17_ce-150000.169.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): docker-20.10.17_ce-150000.169.1 docker-debuginfo-20.10.17_ce-150000.169.1 - SUSE Manager Retail Branch Server 4.1 (noarch): docker-bash-completion-20.10.17_ce-150000.169.1 - SUSE Manager Proxy 4.1 (x86_64): docker-20.10.17_ce-150000.169.1 docker-debuginfo-20.10.17_ce-150000.169.1 - SUSE Manager Proxy 4.1 (noarch): docker-bash-completion-20.10.17_ce-150000.169.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): docker-20.10.17_ce-150000.169.1 docker-debuginfo-20.10.17_ce-150000.169.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (noarch): docker-bash-completion-20.10.17_ce-150000.169.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): docker-20.10.17_ce-150000.169.1 docker-debuginfo-20.10.17_ce-150000.169.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (noarch): docker-bash-completion-20.10.17_ce-150000.169.1 - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): docker-20.10.17_ce-150000.169.1 docker-debuginfo-20.10.17_ce-150000.169.1 - SUSE Linux Enterprise Server for SAP 15 (noarch): docker-bash-completion-20.10.17_ce-150000.169.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): docker-20.10.17_ce-150000.169.1 docker-debuginfo-20.10.17_ce-150000.169.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (noarch): docker-bash-completion-20.10.17_ce-150000.169.1 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): docker-20.10.17_ce-150000.169.1 docker-debuginfo-20.10.17_ce-150000.169.1 - SUSE Linux Enterprise Server 15-SP2-BCL (noarch): docker-bash-completion-20.10.17_ce-150000.169.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): docker-20.10.17_ce-150000.169.1 docker-debuginfo-20.10.17_ce-150000.169.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (noarch): docker-bash-completion-20.10.17_ce-150000.169.1 - SUSE Linux Enterprise Server 15-SP1-BCL (noarch): docker-bash-completion-20.10.17_ce-150000.169.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): docker-20.10.17_ce-150000.169.1 docker-debuginfo-20.10.17_ce-150000.169.1 - SUSE Linux Enterprise Server 15-LTSS (noarch): docker-bash-completion-20.10.17_ce-150000.169.1 - SUSE Linux Enterprise Server 15-LTSS (s390x): docker-20.10.17_ce-150000.169.1 docker-debuginfo-20.10.17_ce-150000.169.1 - SUSE Linux Enterprise Module for Containers 15-SP4 (aarch64 ppc64le s390x x86_64): docker-20.10.17_ce-150000.169.1 docker-debuginfo-20.10.17_ce-150000.169.1 - SUSE Linux Enterprise Module for Containers 15-SP4 (noarch): docker-bash-completion-20.10.17_ce-150000.169.1 - SUSE Linux Enterprise Module for Containers 15-SP3 (aarch64 ppc64le s390x x86_64): docker-20.10.17_ce-150000.169.1 docker-debuginfo-20.10.17_ce-150000.169.1 - SUSE Linux Enterprise Module for Containers 15-SP3 (noarch): docker-bash-completion-20.10.17_ce-150000.169.1 docker-fish-completion-20.10.17_ce-150000.169.1 - SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64): docker-20.10.17_ce-150000.169.1 docker-debuginfo-20.10.17_ce-150000.169.1 - SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64): docker-20.10.17_ce-150000.169.1 docker-debuginfo-20.10.17_ce-150000.169.1 - SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64): docker-20.10.17_ce-150000.169.1 docker-debuginfo-20.10.17_ce-150000.169.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): docker-20.10.17_ce-150000.169.1 docker-debuginfo-20.10.17_ce-150000.169.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (noarch): docker-bash-completion-20.10.17_ce-150000.169.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): docker-20.10.17_ce-150000.169.1 docker-debuginfo-20.10.17_ce-150000.169.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (noarch): docker-bash-completion-20.10.17_ce-150000.169.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): docker-20.10.17_ce-150000.169.1 docker-debuginfo-20.10.17_ce-150000.169.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (noarch): docker-bash-completion-20.10.17_ce-150000.169.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): docker-20.10.17_ce-150000.169.1 docker-debuginfo-20.10.17_ce-150000.169.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (noarch): docker-bash-completion-20.10.17_ce-150000.169.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (x86_64): docker-20.10.17_ce-150000.169.1 docker-debuginfo-20.10.17_ce-150000.169.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (noarch): docker-bash-completion-20.10.17_ce-150000.169.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (noarch): docker-bash-completion-20.10.17_ce-150000.169.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (x86_64): docker-20.10.17_ce-150000.169.1 docker-debuginfo-20.10.17_ce-150000.169.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): docker-20.10.17_ce-150000.169.1 docker-debuginfo-20.10.17_ce-150000.169.1 - SUSE Enterprise Storage 7 (noarch): docker-bash-completion-20.10.17_ce-150000.169.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): docker-20.10.17_ce-150000.169.1 docker-debuginfo-20.10.17_ce-150000.169.1 - SUSE Enterprise Storage 6 (noarch): docker-bash-completion-20.10.17_ce-150000.169.1 - SUSE CaaS Platform 4.0 (x86_64): docker-20.10.17_ce-150000.169.1 docker-debuginfo-20.10.17_ce-150000.169.1 - SUSE CaaS Platform 4.0 (noarch): docker-bash-completion-20.10.17_ce-150000.169.1 References: https://bugzilla.suse.com/1200022 From sle-updates at lists.suse.com Tue Nov 8 14:31:21 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 8 Nov 2022 15:31:21 +0100 (CET) Subject: SUSE-SU-2022:3897-1: important: Security update for the Linux Kernel Message-ID: <20221108143121.E6150FDD6@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3897-1 Rating: important References: #1032323 #1065729 #1152489 #1196018 #1198702 #1200465 #1200788 #1201725 #1202638 #1202686 #1202700 #1203066 #1203098 #1203290 #1203387 #1203391 #1203496 #1203514 #1203770 #1203802 #1204051 #1204053 #1204059 #1204060 #1204125 #1204166 #1204168 #1204354 #1204355 #1204382 #1204402 #1204415 #1204417 #1204431 #1204439 #1204470 #1204479 #1204574 #1204575 #1204619 #1204635 #1204637 #1204646 #1204647 #1204653 #1204728 #1204753 #1204754 PED-1931 Cross-References: CVE-2021-4037 CVE-2022-2153 CVE-2022-28748 CVE-2022-2964 CVE-2022-2978 CVE-2022-3169 CVE-2022-3176 CVE-2022-3424 CVE-2022-3521 CVE-2022-3524 CVE-2022-3535 CVE-2022-3542 CVE-2022-3545 CVE-2022-3565 CVE-2022-3577 CVE-2022-3586 CVE-2022-3594 CVE-2022-3621 CVE-2022-3623 CVE-2022-3625 CVE-2022-3629 CVE-2022-3640 CVE-2022-3646 CVE-2022-3649 CVE-2022-39189 CVE-2022-40768 CVE-2022-41674 CVE-2022-42703 CVE-2022-42719 CVE-2022-42720 CVE-2022-42721 CVE-2022-42722 CVE-2022-43750 CVSS scores: CVE-2021-4037 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-4037 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N CVE-2022-2153 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-2153 (SUSE): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2022-28748 (SUSE): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N CVE-2022-2964 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-2964 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-2978 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-2978 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3169 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3169 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-3176 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3176 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3424 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3521 (NVD) : 2.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L CVE-2022-3521 (SUSE): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-3524 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-3524 (SUSE): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3535 (NVD) : 3.5 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L CVE-2022-3535 (SUSE): 2.3 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L CVE-2022-3542 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3542 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-3545 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3545 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-3565 (NVD) : 8 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3565 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-3577 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3577 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3586 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3586 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3594 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-3594 (SUSE): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-3621 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-3621 (SUSE): 4.3 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3623 (NVD) : 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3623 (SUSE): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3625 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3625 (SUSE): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2022-3629 (NVD) : 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L CVE-2022-3629 (SUSE): 2.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L CVE-2022-3640 (NVD) : 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-3640 (SUSE): 7.1 CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-3646 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2022-3646 (SUSE): 2.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L CVE-2022-3649 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-3649 (SUSE): 3.1 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L CVE-2022-39189 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-39189 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-40768 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-40768 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-41674 (NVD) : 8.1 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H CVE-2022-41674 (SUSE): 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-42703 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-42703 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-42719 (NVD) : 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-42719 (SUSE): 7.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-42720 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-42720 (SUSE): 7.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-42721 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-42721 (SUSE): 7.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-42722 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-42722 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-43750 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-43750 (SUSE): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Module for Public Cloud 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Storage 7.1 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 ______________________________________________________________________________ An update that solves 33 vulnerabilities, contains one feature and has 15 fixes is now available. Description: The SUSE Linux Enterprise 15 SP3 Azure kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2021-4037: Fixed function logic vulnerability that allowed local users to create files for the XFS file-system with an unintended group ownership and with group execution and SGID permission bits set (bnc#1198702). - CVE-2022-2153: Fixed vulnerability in KVM that could allow an unprivileged local attacker on the host to cause DoS (bnc#1200788). - CVE-2022-2964, CVE-2022-28748: Fixed memory corruption issues in ax88179_178a devices (bnc#1202686 bsc#1196018). - CVE-2022-2978: Fixed use-after-free in the NILFS file system that could lead to local privilege escalation or DoS (bnc#1202700). - CVE-2022-3169: Fixed a denial of service flaw which occurs when consecutive requests to NVME_IOCTL_RESET and the NVME_IOCTL_SUBSYS_RESET are sent (bnc#1203290). - CVE-2022-3176: Fixed use-after-free in io_uring when using POLLFREE (bnc#1203391). - CVE-2022-3424: Fixed use-after-free in gru_set_context_option(), gru_fault() and gru_handle_user_call_os() that could lead to kernel panic (bsc#1204166). - CVE-2022-3521: Fixed race condition in kcm_tx_work() in net/kcm/kcmsock.c (bnc#1204355). - CVE-2022-3524: Fixed memory leak in ipv6_renew_options() in the IPv6 handler (bnc#1204354). - CVE-2022-3535: Fixed memory leak in mvpp2_dbgfs_port_init() in drivers/net/ethernet/marvell/mvpp2/mvpp2_debugfs.c (bnc#1204417). - CVE-2022-3542: Fixed memory leak in bnx2x_tpa_stop() in drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.c (bnc#1204402). - CVE-2022-3545: Fixed use-after-free in area_cache_get() in drivers/net/ethernet/netronome/nfp/nfpcore/nfp_cppcore.c (bnc#1204415). - CVE-2022-3565: Fixed use-after-free in del_timer() in drivers/isdn/mISDN/l1oip_core.c (bnc#1204431). - CVE-2022-3577: Fixed out-of-bounds memory write flaw in bigben device driver that could lead to local privilege escalation or DoS (bnc#1204470). - CVE-2022-3586: Fixed use-after-free in socket buffer (SKB) that could allow a local unprivileged user to cause a denial of service (bnc#1204439). - CVE-2022-3594: Fixed excessive data logging in intr_callback() in drivers/net/usb/r8152.c (bnc#1204479). - CVE-2022-3621: Fixed null pointer dereference in nilfs_bmap_lookup_at_level() in fs/nilfs2/inode.c (bnc#1204574). - CVE-2022-3623: Fixed race condition in follow_page_pte() (mm/gup.c) (bsc#1204575). - CVE-2022-3625: Fixed use-after-free in devlink_param_set()/devlink_param_get() in net/core/devlink.c (bnc#1204637). - CVE-2022-3629: Fixed memory leak in vsock_connect() in net/vmw_vsock/af_vsock.c (bnc#1204635). - CVE-2022-3640: Fixed use-after-free in l2cap_conn_del() in net/bluetooth/l2cap_core.c (bnc#1204619). - CVE-2022-3646: Fixed memory leak in nilfs_attach_log_writer() in fs/nilfs2/segment.c (bnc#1204646). - CVE-2022-3649: Fixed use-after-free in nilfs_new_inode() in fs/nilfs2/inode.c (bnc#1204647). - CVE-2022-39189: Fixed a flaw in the x86 KVM subsystem that could allow unprivileged guest users to compromise the guest kernel via TLB flush operations on preempted vCPU (bnc#1203066). - CVE-2022-40768: Fixed information disclosure in stex_queuecommand_lck (bnc#1203514). - CVE-2022-41674: Fixed a DoS issue where kernel can crash on the reception of specific WiFi Frames (bsc#1203770). - CVE-2022-42703: Fixed use-after-free in mm/rmap.c related to leaf anon_vma double reuse (bnc#1204168). - CVE-2022-42719: Fixed MBSSID parsing use-after-free. (bsc#1204051) - CVE-2022-42720: Fixed BSS refcounting bugs. (bsc#1204059) - CVE-2022-42721: Avoid nontransmitted BSS list corruption. (bsc#1204060) - CVE-2022-42722: Fixed crash in beacon protection for P2P-device. (bsc#1204125) - CVE-2022-43750: Fixed vulnerability in usbmon that allowed a user-space client to corrupt the monitor's internal memory (bnc#1204653). The following non-security bugs were fixed: - acpi: APEI: do not add task_work to kernel thread to avoid memory leak (git-fixes). - acpi: HMAT: Release platform device in case of platform_device_add_data() fails (git-fixes). - acpi: extlog: Handle multiple records (git-fixes). - acpi: processor idle: Practically limit "Dummy wait" workaround to old Intel systems (bnc#1203802). - acpi: video: Add Toshiba Satellite/Portege Z830 quirk (git-fixes). - alsa: Use del_timer_sync( before freeing timer (git-fixes). - alsa: ac97: fix possible memory leak in snd_ac97_dev_register() (git-fixes). - alsa: aoa: Fix I2S device accounting (git-fixes). - alsa: aoa: i2sbus: fix possible memory leak in i2sbus_add_dev() (git-fixes). - alsa: asihpi - Remove useless code in hpi_meter_get_peak() (git-fixes). - alsa: au88x0: use explicitly signed char (git-fixes). - alsa: dmaengine: increment buffer pointer atomically (git-fixes). - alsa: hda/hdmi: Do not skip notification handling during PM operation (git-fixes). - alsa: hda/realtek: Add Intel Reference SSID to support headset keys (git-fixes). - alsa: hda/realtek: Add pincfg for ASUS G513 HP jack (git-fixes). - alsa: hda/realtek: Add pincfg for ASUS G533Z HP jack (git-fixes). - alsa: hda/realtek: Add quirk for ASUS GA503R laptop (git-fixes). - alsa: hda/realtek: Add quirk for ASUS GV601R laptop (git-fixes). - alsa: hda/realtek: Add quirk for Huawei WRT-WX9 (git-fixes). - alsa: hda/realtek: Correct pin configs for ASUS G533Z (git-fixes). - alsa: hda/realtek: Enable 4-speaker output Dell Precision 5530 laptop (git-fixes). - alsa: hda/realtek: remove ALC289_FIXUP_DUAL_SPK for Dell 5530 (git-fixes). - alsa: hda/sigmatel: Fix unused variable warning for beep power change (git-fixes). - alsa: hda/sigmatel: Keep power up while beep is enabled (git-fixes). - alsa: hda/tegra: Align BDL entry to 4KB boundary (git-fixes). - alsa: hda: Fix position reporting on Poulsbo (git-fixes). - alsa: hda: add Intel 5 Series / 3400 PCI DID (git-fixes). - alsa: oss: Fix potential deadlock at unregistration (git-fixes). - alsa: rawmidi: Drop register_mutex in snd_rawmidi_free() (git-fixes). - alsa: rme9652: use explicitly signed char (git-fixes). - alsa: usb-audio: Fix NULL dererence at error path (git-fixes). - alsa: usb-audio: Fix potential memory leaks (git-fixes). - arm64: assembler: add cond_yield macro (git-fixes) - asoc: eureka-tlv320: Hold reference returned from of_find_xxx API (git-fixes). - asoc: fsl_sai: Remove unnecessary FIFO reset in ISR (git-fixes). - asoc: mt6660: Fix PM disable depth imbalance in mt6660_i2c_probe (git-fixes). - asoc: nau8824: Fix semaphore unbalance at error paths (git-fixes). - asoc: rsnd: Add check for rsnd_mod_power_on (git-fixes). - asoc: tas2770: Reinit regcache on reset (git-fixes). - asoc: wcd9335: fix order of Slimbus unprepare/disable (git-fixes). - asoc: wcd934x: fix order of Slimbus unprepare/disable (git-fixes). - asoc: wm5102: Fix PM disable depth imbalance in wm5102_probe (git-fixes). - asoc: wm5110: Fix PM disable depth imbalance in wm5110_probe (git-fixes). - asoc: wm8997: Fix PM disable depth imbalance in wm8997_probe (git-fixes). - ata: fix ata_id_has_devslp() (git-fixes). - ata: fix ata_id_has_dipm() (git-fixes). - ata: fix ata_id_has_ncq_autosense() (git-fixes). - ata: fix ata_id_sense_reporting_enabled() and ata_id_has_sense_reporting() (git-fixes). - ata: libahci_platform: Sanity check the DT child nodes number (git-fixes). - bluetooth: L2CAP: Fix user-after-free (git-fixes). - bluetooth: L2CAP: initialize delayed works at l2cap_chan_create() (git-fixes). - bluetooth: hci_core: Fix not handling link timeouts propertly (git-fixes). - bluetooth: hci_sysfs: Fix attempting to call device_add multiple times (git-fixes). - can: bcm: check the result of can_send() in bcm_can_tx() (git-fixes). - can: gs_usb: gs_can_open(): fix race dev->can.state condition (git-fixes). - can: kvaser_usb: Fix possible completions during init_completion (git-fixes). - can: kvaser_usb: Fix use of uninitialized completion (git-fixes). - can: kvaser_usb_leaf: Fix CAN state after restart (git-fixes). - can: kvaser_usb_leaf: Fix TX queue out of sync after restart (git-fixes). - can: mscan: mpc5xxx: mpc5xxx_can_probe(): add missing put_clock() in error path (git-fixes). - cgroup/cpuset: Enable update_tasks_cpumask() on top_cpuset (bsc#1204753). - clk: bcm2835: Make peripheral PLLC critical (git-fixes). - clk: bcm2835: fix bcm2835_clock_rate_from_divisor declaration (git-fixes). - clk: berlin: Add of_node_put() for of_get_parent() (git-fixes). - clk: imx: imx6sx: remove the SET_RATE_PARENT flag for QSPI clocks (git-fixes). - clk: iproc: Do not rely on node name for correct PLL setup (git-fixes). - clk: mediatek: mt8183: mfgcfg: Propagate rate changes to parent (git-fixes). - clk: oxnas: Hold reference returned by of_get_parent() (git-fixes). - clk: qcom: gcc-msm8916: use ARRAY_SIZE instead of specifying num_parents (git-fixes). - clk: qoriq: Hold reference returned by of_get_parent() (git-fixes). - clk: tegra20: Fix refcount leak in tegra20_clock_init (git-fixes). - clk: tegra: Fix refcount leak in tegra114_clock_init (git-fixes). - clk: tegra: Fix refcount leak in tegra210_clock_init (git-fixes). - clk: ti: dra7-atl: Fix reference leak in of_dra7_atl_clk_probe (git-fixes). - clk: zynqmp: Fix stack-out-of-bounds in strncpy` (git-fixes). - clk: zynqmp: pll: rectify rate rounding in zynqmp_pll_round_rate (git-fixes). - crypto: akcipher - default implementation for setting a private key (git-fixes). - crypto: arm64/sha - fix function types (git-fixes) - crypto: arm64/sha1-ce - simplify NEON yield (git-fixes) - crypto: arm64/sha2-ce - simplify NEON yield (git-fixes) - crypto: arm64/sha3-ce - simplify NEON yield (git-fixes) - crypto: arm64/sha512-ce - simplify NEON yield (git-fixes) - crypto: cavium - prevent integer overflow loading firmware (git-fixes). - crypto: ccp - Release dma channels before dmaengine unrgister (git-fixes). - crypto: hisilicon/zip - fix mismatch in get/set sgl_sge_nr (git-fixes). - device property: Fix documentation for *_match_string() APIs (git-fixes). - dmaengine: ioat: stop mod_timer from resurrecting deleted timer in __cleanup() (git-fixes). - dmaengine: xilinx_dma: Report error in case of dma_set_mask_and_coherent API failure (git-fixes). - dmaengine: xilinx_dma: cleanup for fetching xlnx,num-fstores property (git-fixes). - docs: update mediator information in CoC docs (git-fixes). - drivers: serial: jsm: fix some leaks in probe (git-fixes). - drm/amd/display: Limit user regamma to a valid value (git-fixes). - drm/amdgpu: do not register a dirty callback for non-atomic (git-fixes). - drm/amdgpu: fix initial connector audio value (git-fixes). - drm/amdgpu: use dirty framebuffer helper (git-fixes). - drm/bridge: Avoid uninitialized variable warning (git-fixes). - drm/bridge: megachips: Fix a null pointer dereference bug (git-fixes). - drm/bridge: parade-ps8640: Fix regulator supply order (git-fixes). - drm/i915/gvt: fix a memory leak in intel_gvt_init_vgpu_types (git-fixes). - drm/mipi-dsi: Detach devices when removing the host (git-fixes). - drm/msm/dpu: Fix comment typo (git-fixes). - drm/msm/dpu: index dpu_kms->hw_vbif using vbif_idx (git-fixes). - drm/msm/dsi: fix memory corruption with too many bridges (git-fixes). - drm/msm/hdmi: fix memory corruption with too many bridges (git-fixes). - drm/msm: Fix return type of mdp4_lvds_connector_mode_valid (git-fixes). - drm/msm: Make .remove and .shutdown HW shutdown consistent (git-fixes). - drm/nouveau/nouveau_bo: fix potential memory leak in nouveau_bo_alloc() (git-fixes). - drm/nouveau: fix a use-after-free in nouveau_gem_prime_import_sg_table() (git-fixes). - drm/omap: dss: Fix refcount leak bugs (git-fixes). - drm/rockchip: Fix return type of cdn_dp_connector_mode_valid (git-fixes). - drm/scheduler: quieten kernel-doc warnings (git-fixes). - drm/udl: Restore display mode on resume (git-fixes). - drm: Prevent drm_copy_field() to attempt copying a NULL pointer (git-fixes). - drm: Use size_t type for len variable in drm_copy_field() (git-fixes). - drm: bridge: adv7511: fix CEC power down control register offset (git-fixes). - drm: fix drm_mipi_dbi build errors (git-fixes). - drm: panel-orientation-quirks: Add quirk for Anbernic Win600 (git-fixes). - drm:pl111: Add of_node_put() when breaking out of for_each_available_child_of_node() (git-fixes). - dyndbg: fix module.dyndbg handling (git-fixes). - dyndbg: let query-modname override actual module name (git-fixes). - efi: Correct Macmini DMI match in uefi cert quirk (git-fixes). - efi: libstub: drop pointless get_memory_map() call (git-fixes). - exfat: Return ENAMETOOLONG consistently for oversized paths (bsc#1204053 bsc#1201725). - fbdev: cyber2000fb: fix missing pci_disable_device() (git-fixes). - fbdev: da8xx-fb: Fix error handling in .remove() (git-fixes). - firmware: arm_scmi: Add SCMI PM driver remove routine (git-fixes). - firmware: google: Test spinlock on panic path to avoid lockups (git-fixes). - fpga: prevent integer overflow in dfl_feature_ioctl_set_irq() (git-fixes). - gpio: rockchip: request GPIO mux to pinctrl when setting direction (git-fixes). - hid: hid-logitech-hidpp: avoid unnecessary assignments in hidpp_connect_event (git-fixes). - hid: hidraw: fix memory leak in hidraw_release() (git-fixes). - hid: magicmouse: Do not set BTN_MOUSE on double report (git-fixes). - hid: multitouch: Add memory barriers (git-fixes). - hid: roccat: Fix use-after-free in roccat_read() (git-fixes). - hsi: omap_ssi: Fix refcount leak in ssi_probe (git-fixes). - hsi: omap_ssi_port: Fix dma_map_sg error check (git-fixes). - hwmon/coretemp: Handle large core ID value (git-fixes). - ib/cm: Cancel mad on the DREQ event when the state is MRA_REP_RCVD (git-fixes) - ib/cma: Allow XRC INI QPs to set their local ACK timeout (git-fixes) - ib/core: Only update PKEY and GID caches on respective events (git-fixes) - ib/hfi1: Adjust pkey entry in index 0 (git-fixes) - ib/hfi1: Fix abba locking issue with sc_disable() (git-fixes) - ib/hfi1: Fix possible null-pointer dereference in _extend_sdma_tx_descs() (git-fixes) - ib/mlx4: Add support for REJ due to timeout (git-fixes) - ib/mlx4: Use port iterator and validation APIs (git-fixes) - ib/qib: Protect from buffer overflow in struct qib_user_sdma_pkt fields (git-fixes) - ib/rdmavt: Add __init/__exit annotations to module init/exit funcs (git-fixes) - ib/srpt: Remove redundant assignment to ret (git-fixes) - iio: ABI: Fix wrong format of differential capacitance channel ABI (git-fixes). - iio: adc: ad7923: fix channel readings for some variants (git-fixes). - iio: adc: at91-sama5d2_adc: check return status for pressure and touch (git-fixes). - iio: adc: at91-sama5d2_adc: fix AT91_SAMA5D2_MR_TRACKTIM_MAX (git-fixes). - iio: adc: at91-sama5d2_adc: lock around oversampling and sample freq (git-fixes). - iio: adc: mcp3911: use correct id bits (git-fixes). - iio: dac: ad5593r: Fix i2c read protocol requirements (git-fixes). - iio: inkern: only release the device node when done with it (git-fixes). - iio: light: tsl2583: Fix module unloading (git-fixes). - iio: pressure: dps310: Refactor startup procedure (git-fixes). - iio: pressure: dps310: Reset chip after timeout (git-fixes). - input: i8042 - fix refount leak on sparc (git-fixes). - input: xpad - add supported devices as contributed on github (git-fixes). - input: xpad - fix wireless 360 controller breaking after suspend (git-fixes). - irqchip/ls-extirq: Fix invalid wait context by avoiding to use regmap (git-fixes). - kABI: arm64/crypto/sha512 Preserve function signature (git-fixes). - kbuild: Add skip_encoding_btf_enum64 option to pahole (git-fixes). - kbuild: remove the target in signal traps when interrupted (git-fixes). - kbuild: sink stdout from cmd for silent build (git-fixes). - kbuild: skip per-CPU BTF generation for pahole v1.18-v1.21 (jsc#SLE-24559). - kthread: Extract KTHREAD_IS_PER_CPU (bsc#1204753). - kvm: nVMX: Unconditionally purge queued/injected events on nested "exit" (git-fixes). - kvm: s390: Clarify SIGP orders versus STOP/RESTART (git-fixes). - kvm: s390: VSIE: fix MVPG handling for prefixing and MSO (git-fixes). - kvm: s390: clear kicked_mask before sleeping again (git-fixes). - kvm: s390: preserve deliverable_mask in __airqs_kick_single_vcpu (git-fixes). - kvm: s390: pv: do not present the ecall interrupt twice (git-fixes). - kvm: s390: split kvm_s390_real_to_abs (git-fixes). - kvm: s390x: fix SCK locking (git-fixes) - kvm: x86/emulator: Fix handing of POP SS to correctly set interruptibility (git-fixes). - lib/sg_pool: change module_init(sg_pool_init) to subsys_initcall (git-fixes). - libata: add ATA_HORKAGE_NOLPM for Pioneer BDR-207M and BDR-205 (git-fixes). - locking/csd_lock: Change csdlock_debug from early_param to __setup (git-fixes). - mISDN: fix use-after-free bugs in l1oip timer handlers (git-fixes). - mISDN: hfcpci: Fix use-after-free bug in hfcpci_softirq (git-fixes). - mac802154: Fix LQI recording (git-fixes). - mailbox: bcm-ferxrm-mailbox: Fix error check for dma_map_sg (git-fixes). - media: aspeed-video: ignore interrupts that are not enabled (git-fixes). - media: cedrus: Set the platform driver data earlier (git-fixes). - media: coda: Add more H264 levels for CODA960 (git-fixes). - media: coda: Fix reported H264 profile (git-fixes). - media: cx88: Fix a null-ptr-deref bug in buffer_prepare() (git-fixes). - media: dvb_vb2: fix possible out of bound access (git-fixes). - media: v4l2-dv-timings: add sanity checks for blanking values (git-fixes). - media: videodev2.h: V4L2_DV_BT_BLANKING_HEIGHT should check 'interlaced' (git-fixes). - media: xilinx: vipp: Fix refcount leak in xvip_graph_dma_init (git-fixes). - memory: of: Fix refcount leak bug in of_get_ddr_timings() (git-fixes). - memory: pl353-smc: Fix refcount leak bug in pl353_smc_probe() (git-fixes). - mfd: fsl-imx25: Fix an error handling path in mx25_tsadc_setup_irq() (git-fixes). - mfd: intel_soc_pmic: Fix an error handling path in intel_soc_pmic_i2c_probe() (git-fixes). - mfd: lp8788: Fix an error handling path in lp8788_irq_init() and lp8788_irq_init() (git-fixes). - mfd: lp8788: Fix an error handling path in lp8788_probe() (git-fixes). - mfd: sm501: Add check for platform_driver_register() (git-fixes). - misc: ocxl: fix possible refcount leak in afu_ioctl() (git-fixes). - mm, memcg: avoid stale protection values when cgroup is above protection (bsc#1204754). - mm/hugetlb: fix races when looking up a CONT-PTE/PMD size hugetlb page (bsc#1204575). - mm: memcontrol: fix occasional OOMs due to proportional memory.low reclaim (bsc#1204754). - mmc: au1xmmc: Fix an error handling path in au1xmmc_probe() (git-fixes). - mmc: core: Fix kernel panic when remove non-standard SDIO card (git-fixes). - mmc: core: Replace with already defined values for readability (git-fixes). - mmc: core: Terminate infinite loop in SD-UHS voltage switch (git-fixes). - mmc: moxart: fix 4-bit bus width and remove 8-bit bus width (git-fixes). - mmc: sdhci-msm: add compatible string check for sdm670 (git-fixes). - mmc: sdhci-sprd: Fix minimum clock limit (git-fixes). - mmc: wmt-sdmmc: Fix an error handling path in wmt_mci_probe() (git-fixes). - mtd: devices: docg3: check the return value of devm_ioremap() in the probe (git-fixes). - mtd: rawnand: atmel: Unmap streaming DMA mappings (git-fixes). - mtd: rawnand: marvell: Use correct logic for nand-keep-config (git-fixes). - mtd: rawnand: meson: fix bit map use in meson_nfc_ecc_correct() (git-fixes). - net/ieee802154: fix uninit value bug in dgram_sendmsg (git-fixes). - net: ieee802154: return -EINVAL for unknown addr type (git-fixes). - net: usb: qmi_wwan: Add new usb-id for Dell branded EM7455 (git-fixes). - net: usb: qmi_wwan: Add new usb-id for Dell branded EM7455 (git-fixes). - net: usb: qmi_wwan: add Quectel RM520N (git-fixes). - openvswitch: Fix double reporting of drops in dropwatch (git-fixes). - openvswitch: Fix overreporting of drops in dropwatch (git-fixes). - openvswitch: switch from WARN to pr_warn (git-fixes). - padata: introduce internal padata_get/put_pd() helpers (bsc#1202638). - padata: make padata_free_shell() to respect pd's ->refcnt (bsc#1202638). - parisc/sticon: fix reverse colors (bsc#1152489) Backporting notes: * context changes - parisc: parisc-agp requires SBA IOMMU driver (bsc#1152489) - pci: Dynamically map ECAM regions (bsc#1204382). - pci: Fix used_buses calculation in pci_scan_child_bus_extend() (git-fixes). - pci: Sanitise firmware BAR assignments behind a PCI-PCI bridge (git-fixes). - phy: qualcomm: call clk_disable_unprepare in the error handling (git-fixes). - pinctrl: armada-37xx: Add missing GPIO-only pins (git-fixes). - pinctrl: armada-37xx: Checks for errors in gpio_request_enable callback (git-fixes). - pinctrl: armada-37xx: Fix definitions for MPP pins 20-22 (git-fixes). - pinctrl: rockchip: add pinmux_ops.gpio_set_direction callback (git-fixes). - platform/x86: msi-laptop: Change DMI match / alias strings to fix module autoloading (git-fixes). - platform/x86: msi-laptop: Fix old-ec check for backlight registering (git-fixes). - platform/x86: msi-laptop: Fix resource cleanup (git-fixes). - pm: domains: Fix handling of unavailable/disabled idle states (git-fixes). - pm: hibernate: Allow hybrid sleep to work with s2idle (git-fixes). - power: supply: adp5061: fix out-of-bounds read in adp5061_get_chg_type() (git-fixes). - powerpc/64: Remove unused SYS_CALL_TABLE symbol (jsc#SLE-9246 git-fixes). - powerpc/fadump: align destination address to pagesize (bsc#1204728 ltc#200074). - powerpc/kprobes: Fix null pointer reference in arch_prepare_kprobe() (jsc#SLE-13847 git-fixes). - powerpc/mm/64s: Drop pgd_huge() (bsc#1065729). - powerpc/mm: remove pmd_huge/pud_huge stubs and include hugetlb.h (bsc#1065729). - powerpc/pci_dn: Add missing of_node_put() (bsc#1065729). - powerpc/powernv: add missing of_node_put() in opal_export_attrs() (bsc#1065729). - powerpc/pseries: Interface to represent PAPR firmware attributes (bsc#1200465 ltc#197256 jsc#PED-1931). - quota: widen timestamps for the fs_disk_quota structure (bsc#1203387). - rdma/bnxt_re: Add missing spin lock initialization (git-fixes) - rdma/bnxt_re: Fix query SRQ failure (git-fixes) - rdma/cm: Fix memory leak in ib_cm_insert_listen (git-fixes) - rdma/cma: Ensure rdma_addr_cancel() happens before issuing more requests (git-fixes) - rdma/cma: Fix arguments order in net device validation (git-fixes) - rdma/core: Sanitize WQ state received from the userspace (git-fixes) - rdma/cxgb4: Remove MW support (git-fixes) - rdma/efa: Free IRQ vectors on error flow (git-fixes) - rdma/efa: Remove double QP type assignment (git-fixes) - rdma/efa: Use ib_umem_num_dma_pages() (git-fixes) - rdma/hfi1: Fix potential integer multiplication overflow errors (git-fixes) - rdma/hns: Remove unnecessary check for the sgid_attr when modifying QP (git-fixes) - rdma/i40iw: Use ib_umem_num_dma_pages() (git-fixes) - rdma/iwcm: Release resources if iw_cm module initialization fails (git-fixes) - rdma/mlx4: Return missed an error if device does not support steering (git-fixes) - rdma/mlx5: Add missing check for return value in get namespace flow (git-fixes) - rdma/mlx5: Block FDB rules when not in switchdev mode (git-fixes) - rdma/mlx5: Fix memory leak in error flow for subscribe event routine (git-fixes) - rdma/mlx5: Make mkeys always owned by the kernel's PD when not enabled (git-fixes) - rdma/mlx5: Set user priority for DCT (git-fixes) - rdma/mlx5: Use set_mkc_access_pd_addr_fields() in reg_create() (git-fixes) - rdma/mthca: Work around -Wenum-conversion warning (git-fixes) - rdma/qedr: Fix NULL deref for query_qp on the GSI QP (git-fixes) - rdma/qedr: Fix potential memory leak in __qedr_alloc_mr() (git-fixes) - rdma/qedr: Fix reporting QP timeout attribute (git-fixes) - rdma/qib: Remove superfluous fallthrough statements (git-fixes) - rdma/rtrs-srv: Pass the correct number of entries for dma mapped SGL (git-fixes) - rdma/rxe: Do not overwrite errno from ib_umem_get() (git-fixes) - rdma/rxe: Fix "kernel NULL pointer dereference" error (git-fixes) - rdma/rxe: Fix error unwind in rxe_create_qp() (git-fixes) - rdma/rxe: Fix extra copies in build_rdma_network_hdr (git-fixes) - rdma/rxe: Fix extra copy in prepare_ack_packet (git-fixes) - rdma/rxe: Fix failure during driver load (git-fixes) - rdma/rxe: Fix over copying in get_srq_wqe (git-fixes) - rdma/rxe: Fix redundant call to ip_send_check (git-fixes) - rdma/rxe: Fix redundant skb_put_zero (git-fixes) - rdma/rxe: Fix rnr retry behavior (git-fixes) - rdma/rxe: Fix the error caused by qp->sk (git-fixes) - rdma/rxe: Fix wrong port_cap_flags (git-fixes) - rdma/rxe: Generate a completion for unsupported/invalid opcode (git-fixes) - rdma/rxe: Remove unused pkt->offset (git-fixes) - rdma/rxe: Return CQE error if invalid lkey was supplied (git-fixes) - rdma/sa_query: Use strscpy_pad instead of memcpy to copy a string (git-fixes) - rdma/siw: Always consume all skbuf data in sk_data_ready() upcall. (git-fixes) - rdma/siw: Fix a condition race issue in MPA request processing (git-fixes) - rdma/siw: Fix duplicated reported IW_CM_EVENT_CONNECT_REPLY event (git-fixes) - rdma/siw: Pass a pointer to virt_to_page() (git-fixes) - rdma/usnic: fix set-but-not-unused variable 'flags' warning (git-fixes) - rdma: Verify port when creating flow rule (git-fixes) - rdma: remove useless condition in siw_create_cq() (git-fixes) - regulator: pfuze100: Fix the global-out-of-bounds access in pfuze100_regulator_probe() (git-fixes). - regulator: qcom_rpm: Fix circular deferral regression (git-fixes). - reset: imx7: Fix the iMX8MP PCIe PHY PERST support (git-fixes). - revert "drivers/video/backlight/platform_lcd.c: add support for (bsc#1152489) - revert "drm: bridge: analogix/dp: add panel prepare/unprepare in suspend/resume time" (git-fixes). - revert "usb: add quirks for Lenovo OneLink+ Dock" (git-fixes). - revert "usb: storage: Add quirk for Samsung Fit flash" (git-fixes). - revert "usb: storage: Add quirk for Samsung Fit flash" (git-fixes). - rpmsg: qcom: glink: replace strncpy() with strscpy_pad() (git-fixes). - rtc: stmp3xxx: Add failure handling for stmp3xxx_wdt_register() (git-fixes). - s390/hypfs: avoid error message under KVM (bsc#1032323). - sbitmap: Avoid leaving waitqueue in invalid state in __sbq_wake_up() (git-fixes). - sbitmap: fix possible io hung due to lost wakeup (git-fixes). - scsi: libsas: Fix use-after-free bug in smp_execute_task_sg() (git-fixes). - scsi: mpt3sas: Fix return value check of dma_get_required_mask() (git-fixes). - scsi: qla2xxx: Fix disk failure to rediscover (git-fixes). - selftest/powerpc: Add PAPR sysfs attributes sniff test (bsc#1200465 ltc#197256 jsc#PED-1931). - selftests/powerpc: Skip energy_scale_info test on older firmware (git-fixes). - serial: Create uart_xmit_advance() (git-fixes). - serial: tegra-tcu: Use uart_xmit_advance(), fixes icount.tx accounting (git-fixes). - serial: tegra: Use uart_xmit_advance(), fixes icount.tx accounting (git-fixes). - soc: qcom: smem_state: Add refcounting for the 'state->of_node' (git-fixes). - soc: qcom: smsm: Fix refcount leak bugs in qcom_smsm_probe() (git-fixes). - soc: sunxi: sram: Actually claim SRAM regions (git-fixes). - soc: sunxi: sram: Fix debugfs info for A64 SRAM C (git-fixes). - soc: sunxi: sram: Prevent the driver from being unbound (git-fixes). - soc: sunxi_sram: Make use of the helper function devm_platform_ioremap_resource() (git-fixes). - spi/omap100k:Fix PM disable depth imbalance in omap1_spi100k_probe (git-fixes). - spi: mt7621: Fix an error message in mt7621_spi_probe() (git-fixes). - spi: qup: add missing clk_disable_unprepare on error in spi_qup_pm_resume_runtime() (git-fixes). - spi: qup: add missing clk_disable_unprepare on error in spi_qup_resume() (git-fixes). - spi: s3c64xx: Fix large transfers with DMA (git-fixes). - staging: rtl8723bs: fix a potential memory leak in rtw_init_cmd_priv() (git-fixes). - staging: vt6655: fix potential memory leak (git-fixes). - staging: vt6655: fix some erroneous memory clean-up loops (git-fixes). - struct pci_config_window kABI workaround (bsc#1204382). - thermal: intel_powerclamp: Use first online CPU as control_cpu (git-fixes). - thermal: intel_powerclamp: Use get_cpu() instead of smp_processor_id() to avoid crash (git-fixes). - tty/serial: atmel: RS485 & ISO7816: wait for TXRDY before sending data (git-fixes). - tty: serial: fsl_lpuart: disable dma rx/tx use flags in lpuart_dma_shutdown (git-fixes). - tty: xilinx_uartps: Fix the ignore_status (git-fixes). - uas: add no-uas quirk for Hiksemi usb_disk (git-fixes). - uas: ignore UAS for Thinkplus chips (git-fixes). - usb-storage: Add Hiksemi USB3-FW to IGNORE_UAS (git-fixes). - usb: add quirks for Lenovo OneLink+ Dock (git-fixes). - usb: add quirks for Lenovo OneLink+ Dock (git-fixes). - usb: bdc: change state when port disconnected (git-fixes). - usb: dwc3: gadget: Avoid starting DWC3 gadget during UDC unbind (git-fixes). - usb: dwc3: gadget: Do not set IMI for no_interrupt (git-fixes). - usb: dwc3: gadget: Prevent repeat pullup() (git-fixes). - usb: dwc3: gadget: Stop processing more requests on IMI (git-fixes). - usb: gadget: function: fix dangling pnp_string in f_printer.c (git-fixes). - usb: host: xhci: Fix potential memory leak in xhci_alloc_stream_info() (git-fixes). - usb: idmouse: fix an uninit-value in idmouse_open (git-fixes). - usb: mon: make mmapped memory read only (git-fixes). - usb: musb: Fix musb_gadget.c rxstate overflow bug (git-fixes). - usb: serial: console: move mutex_unlock() before usb_serial_put() (git-fixes). - usb: serial: ftdi_sio: fix 300 bps rate for SIO (git-fixes). - usb: serial: option: add Quectel BG95 0x0203 composition (git-fixes). - usb: serial: option: add Quectel BG95 0x0203 composition (git-fixes). - usb: serial: option: add Quectel RM520N (git-fixes). - usb: serial: option: add Quectel RM520N (git-fixes). - usb: serial: qcserial: add new usb-id for Dell branded EM7455 (git-fixes). - usb: serial: qcserial: add new usb-id for Dell branded EM7455 (git-fixes). - usb: typec: ucsi: Remove incorrect warning (git-fixes). - usb: xhci-mtk: add a function to (un)load bandwidth info (git-fixes). - usb: xhci-mtk: add only one extra CS for FS/LS INTR (git-fixes). - usb: xhci-mtk: add some schedule error number (git-fixes). - usb: xhci-mtk: fix issue of out-of-bounds array access (git-fixes). - usb: xhci-mtk: get the microframe boundary for ESIT (git-fixes). - usb: xhci-mtk: use @sch_tt to check whether need do TT schedule (git-fixes). - vhost/vsock: Use kvmalloc/kvfree for larger packets (git-fixes). - video: fbdev: pxa3xx-gcu: Fix integer overflow in pxa3xx_gcu_write (git-fixes). - watchdog: armada_37xx_wdt: Fix .set_timeout callback (git-fixes). - watchdog: ftwdt010_wdt: fix test for platform_get_irq() failure (git-fixes). - wifi: ath10k: add peer map clean up for peer delete in ath10k_sta_state() (git-fixes). - wifi: ath9k: avoid uninit memory read in ath9k_htc_rx_msg() (git-fixes). - wifi: brcmfmac: fix invalid address access when enabling SCAN log level (git-fixes). - wifi: brcmfmac: fix use-after-free bug in brcmf_netdev_start_xmit() (git-fixes). - wifi: cfg80211: update hidden BSSes to avoid WARN_ON (git-fixes). - wifi: iwlwifi: mvm: fix double list_add at iwl_mvm_mac_wake_tx_queue (other cases) (git-fixes). - wifi: mac80211: Fix UAF in ieee80211_scan_rx() (git-fixes). - wifi: mac80211: allow bw change during channel switch in mesh (git-fixes). - wifi: mac80211: do not drop packets smaller than the LLC-SNAP header on fast-rx (git-fixes). - wifi: mac80211_hwsim: avoid mac80211 warning on bad rate (git-fixes). - wifi: rt2x00: correctly set BBP register 86 for MT7620 (git-fixes). - wifi: rt2x00: do not run Rt5592 IQ calibration on MT7620 (git-fixes). - wifi: rt2x00: set SoC wmac clock register (git-fixes). - wifi: rt2x00: set VGC gain for both chains of MT7620 (git-fixes). - wifi: rt2x00: set correct TX_SW_CFG1 MAC register for MT7620 (git-fixes). - wifi: rtl8xxxu: Fix AIFS written to REG_EDCA_*_PARAM (git-fixes). - wifi: rtl8xxxu: Fix skb misuse in TX queue selection (git-fixes). - wifi: rtl8xxxu: Improve rtl8xxxu_queue_select (git-fixes). - wifi: rtl8xxxu: Remove copy-paste leftover in gen2_update_rate_mask (git-fixes). - wifi: rtl8xxxu: gen2: Fix mistake in path B IQ calibration (git-fixes). - wifi: rtl8xxxu: tighten bounds checking in rtl8xxxu_read_efuse() (git-fixes). - xfs: add missing assert in xfs_fsmap_owner_from_rmap (git-fixes). - xfs: enable big timestamps (bsc#1203387). - xfs: enable new inode btree counters feature (bsc#1203387). - xfs: explicitly define inode timestamp range (bsc#1203387). - xfs: fix memory corruption during remote attr value buffer invalidation (git-fixes). - xfs: fix s_maxbytes computation on 32-bit kernels (git-fixes). - xfs: hoist out xfs_resizefs_init_new_ags() (git-fixes). - xfs: move incore structures out of xfs_da_format.h (git-fixes). - xfs: quota: move to time64_t interfaces (bsc#1203387). - xfs: redefine xfs_ictimestamp_t (bsc#1203387). Refresh patches.suse/xfs-repair-malformed-inode-items-during-log-recovery.patch. - xfs: redefine xfs_timestamp_t (bsc#1203387). - xfs: refactor remote attr value buffer invalidation (git-fixes). - xfs: remove obsolete AGF counter debugging (git-fixes). - xfs: rename `new' to `delta' in xfs_growfs_data_private() (git-fixes). - xfs: reserve data and rt quota at the same time (bsc#1203496). - xfs: slightly tweak an assert in xfs_fs_map_blocks (git-fixes). - xfs: store inode btree block counts in AGI header (bsc#1203387). - xfs: streamline xfs_attr3_leaf_inactive (git-fixes). - xfs: use a struct timespec64 for the in-core crtime (bsc#1203387). - xfs: use the finobt block counts to speed up mount times (bsc#1203387). - xfs: widen ondisk inode timestamps to deal with y2038+ (bsc#1203387). - xfs: widen ondisk quota expiration timestamps to handle y2038+ (bsc#1203387). - xhci: Do not show warning for reinit on known broken suspend (git-fixes). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-3897=1 - SUSE Linux Enterprise Module for Public Cloud 15-SP3: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP3-2022-3897=1 Package List: - openSUSE Leap 15.3 (x86_64): cluster-md-kmp-azure-5.3.18-150300.38.83.1 cluster-md-kmp-azure-debuginfo-5.3.18-150300.38.83.1 dlm-kmp-azure-5.3.18-150300.38.83.1 dlm-kmp-azure-debuginfo-5.3.18-150300.38.83.1 gfs2-kmp-azure-5.3.18-150300.38.83.1 gfs2-kmp-azure-debuginfo-5.3.18-150300.38.83.1 kernel-azure-5.3.18-150300.38.83.1 kernel-azure-debuginfo-5.3.18-150300.38.83.1 kernel-azure-debugsource-5.3.18-150300.38.83.1 kernel-azure-devel-5.3.18-150300.38.83.1 kernel-azure-devel-debuginfo-5.3.18-150300.38.83.1 kernel-azure-extra-5.3.18-150300.38.83.1 kernel-azure-extra-debuginfo-5.3.18-150300.38.83.1 kernel-azure-livepatch-devel-5.3.18-150300.38.83.1 kernel-azure-optional-5.3.18-150300.38.83.1 kernel-azure-optional-debuginfo-5.3.18-150300.38.83.1 kernel-syms-azure-5.3.18-150300.38.83.1 kselftests-kmp-azure-5.3.18-150300.38.83.1 kselftests-kmp-azure-debuginfo-5.3.18-150300.38.83.1 ocfs2-kmp-azure-5.3.18-150300.38.83.1 ocfs2-kmp-azure-debuginfo-5.3.18-150300.38.83.1 reiserfs-kmp-azure-5.3.18-150300.38.83.1 reiserfs-kmp-azure-debuginfo-5.3.18-150300.38.83.1 - openSUSE Leap 15.3 (noarch): kernel-devel-azure-5.3.18-150300.38.83.1 kernel-source-azure-5.3.18-150300.38.83.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP3 (noarch): kernel-devel-azure-5.3.18-150300.38.83.1 kernel-source-azure-5.3.18-150300.38.83.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP3 (x86_64): kernel-azure-5.3.18-150300.38.83.1 kernel-azure-debuginfo-5.3.18-150300.38.83.1 kernel-azure-debugsource-5.3.18-150300.38.83.1 kernel-azure-devel-5.3.18-150300.38.83.1 kernel-azure-devel-debuginfo-5.3.18-150300.38.83.1 kernel-syms-azure-5.3.18-150300.38.83.1 References: https://www.suse.com/security/cve/CVE-2021-4037.html https://www.suse.com/security/cve/CVE-2022-2153.html https://www.suse.com/security/cve/CVE-2022-28748.html https://www.suse.com/security/cve/CVE-2022-2964.html https://www.suse.com/security/cve/CVE-2022-2978.html https://www.suse.com/security/cve/CVE-2022-3169.html https://www.suse.com/security/cve/CVE-2022-3176.html https://www.suse.com/security/cve/CVE-2022-3424.html https://www.suse.com/security/cve/CVE-2022-3521.html https://www.suse.com/security/cve/CVE-2022-3524.html https://www.suse.com/security/cve/CVE-2022-3535.html https://www.suse.com/security/cve/CVE-2022-3542.html https://www.suse.com/security/cve/CVE-2022-3545.html https://www.suse.com/security/cve/CVE-2022-3565.html https://www.suse.com/security/cve/CVE-2022-3577.html https://www.suse.com/security/cve/CVE-2022-3586.html https://www.suse.com/security/cve/CVE-2022-3594.html https://www.suse.com/security/cve/CVE-2022-3621.html https://www.suse.com/security/cve/CVE-2022-3623.html https://www.suse.com/security/cve/CVE-2022-3625.html https://www.suse.com/security/cve/CVE-2022-3629.html https://www.suse.com/security/cve/CVE-2022-3640.html https://www.suse.com/security/cve/CVE-2022-3646.html https://www.suse.com/security/cve/CVE-2022-3649.html https://www.suse.com/security/cve/CVE-2022-39189.html https://www.suse.com/security/cve/CVE-2022-40768.html https://www.suse.com/security/cve/CVE-2022-41674.html https://www.suse.com/security/cve/CVE-2022-42703.html https://www.suse.com/security/cve/CVE-2022-42719.html https://www.suse.com/security/cve/CVE-2022-42720.html https://www.suse.com/security/cve/CVE-2022-42721.html https://www.suse.com/security/cve/CVE-2022-42722.html https://www.suse.com/security/cve/CVE-2022-43750.html https://bugzilla.suse.com/1032323 https://bugzilla.suse.com/1065729 https://bugzilla.suse.com/1152489 https://bugzilla.suse.com/1196018 https://bugzilla.suse.com/1198702 https://bugzilla.suse.com/1200465 https://bugzilla.suse.com/1200788 https://bugzilla.suse.com/1201725 https://bugzilla.suse.com/1202638 https://bugzilla.suse.com/1202686 https://bugzilla.suse.com/1202700 https://bugzilla.suse.com/1203066 https://bugzilla.suse.com/1203098 https://bugzilla.suse.com/1203290 https://bugzilla.suse.com/1203387 https://bugzilla.suse.com/1203391 https://bugzilla.suse.com/1203496 https://bugzilla.suse.com/1203514 https://bugzilla.suse.com/1203770 https://bugzilla.suse.com/1203802 https://bugzilla.suse.com/1204051 https://bugzilla.suse.com/1204053 https://bugzilla.suse.com/1204059 https://bugzilla.suse.com/1204060 https://bugzilla.suse.com/1204125 https://bugzilla.suse.com/1204166 https://bugzilla.suse.com/1204168 https://bugzilla.suse.com/1204354 https://bugzilla.suse.com/1204355 https://bugzilla.suse.com/1204382 https://bugzilla.suse.com/1204402 https://bugzilla.suse.com/1204415 https://bugzilla.suse.com/1204417 https://bugzilla.suse.com/1204431 https://bugzilla.suse.com/1204439 https://bugzilla.suse.com/1204470 https://bugzilla.suse.com/1204479 https://bugzilla.suse.com/1204574 https://bugzilla.suse.com/1204575 https://bugzilla.suse.com/1204619 https://bugzilla.suse.com/1204635 https://bugzilla.suse.com/1204637 https://bugzilla.suse.com/1204646 https://bugzilla.suse.com/1204647 https://bugzilla.suse.com/1204653 https://bugzilla.suse.com/1204728 https://bugzilla.suse.com/1204753 https://bugzilla.suse.com/1204754 From sle-updates at lists.suse.com Tue Nov 8 14:36:51 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 8 Nov 2022 15:36:51 +0100 (CET) Subject: SUSE-SU-2022:3899-1: important: Security update for sendmail Message-ID: <20221108143651.D1294FDD6@maintenance.suse.de> SUSE Security Update: Security update for sendmail ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3899-1 Rating: important References: #1202937 #1204696 Cross-References: CVE-2022-31256 CVSS scores: CVE-2022-31256 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-31256 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Enterprise Storage 7 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Linux Enterprise Storage 7.1 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.1 SUSE Manager Retail Branch Server 4.2 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.1 SUSE Manager Server 4.2 SUSE Manager Server 4.3 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for sendmail fixes the following issues: - CVE-2022-31256: Fixed mail to root privilege escalation via sm-client.pre script (bsc#1204696, bsc#1202937). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-3899=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-3899=1 - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-3899=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-3899=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-3899=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-3899=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-3899=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-3899=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-3899=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-3899=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-3899=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-3899=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2022-3899=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2022-3899=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP3-2022-3899=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-3899=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-3899=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-3899=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-3899=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-3899=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-3899=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-3899=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-3899=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-3899=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-3899=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): libmilter1_0-8.15.2-150000.8.9.1 libmilter1_0-debuginfo-8.15.2-150000.8.9.1 rmail-8.15.2-150000.8.9.1 rmail-debuginfo-8.15.2-150000.8.9.1 sendmail-8.15.2-150000.8.9.1 sendmail-debuginfo-8.15.2-150000.8.9.1 sendmail-debugsource-8.15.2-150000.8.9.1 sendmail-devel-8.15.2-150000.8.9.1 - openSUSE Leap 15.4 (noarch): libmilter-doc-8.15.2-150000.8.9.1 sendmail-starttls-8.15.2-150000.8.9.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): libmilter1_0-8.15.2-150000.8.9.1 libmilter1_0-debuginfo-8.15.2-150000.8.9.1 rmail-8.15.2-150000.8.9.1 rmail-debuginfo-8.15.2-150000.8.9.1 sendmail-8.15.2-150000.8.9.1 sendmail-debuginfo-8.15.2-150000.8.9.1 sendmail-debugsource-8.15.2-150000.8.9.1 sendmail-devel-8.15.2-150000.8.9.1 - openSUSE Leap 15.3 (noarch): libmilter-doc-8.15.2-150000.8.9.1 sendmail-starttls-8.15.2-150000.8.9.1 - SUSE Manager Server 4.1 (ppc64le s390x x86_64): libmilter1_0-8.15.2-150000.8.9.1 libmilter1_0-debuginfo-8.15.2-150000.8.9.1 sendmail-debuginfo-8.15.2-150000.8.9.1 sendmail-debugsource-8.15.2-150000.8.9.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): libmilter1_0-8.15.2-150000.8.9.1 libmilter1_0-debuginfo-8.15.2-150000.8.9.1 sendmail-debuginfo-8.15.2-150000.8.9.1 sendmail-debugsource-8.15.2-150000.8.9.1 - SUSE Manager Proxy 4.1 (x86_64): libmilter1_0-8.15.2-150000.8.9.1 libmilter1_0-debuginfo-8.15.2-150000.8.9.1 sendmail-debuginfo-8.15.2-150000.8.9.1 sendmail-debugsource-8.15.2-150000.8.9.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): libmilter1_0-8.15.2-150000.8.9.1 libmilter1_0-debuginfo-8.15.2-150000.8.9.1 sendmail-debuginfo-8.15.2-150000.8.9.1 sendmail-debugsource-8.15.2-150000.8.9.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): libmilter1_0-8.15.2-150000.8.9.1 libmilter1_0-debuginfo-8.15.2-150000.8.9.1 sendmail-debuginfo-8.15.2-150000.8.9.1 sendmail-debugsource-8.15.2-150000.8.9.1 - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): libmilter1_0-8.15.2-150000.8.9.1 libmilter1_0-debuginfo-8.15.2-150000.8.9.1 sendmail-debuginfo-8.15.2-150000.8.9.1 sendmail-debugsource-8.15.2-150000.8.9.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): libmilter1_0-8.15.2-150000.8.9.1 libmilter1_0-debuginfo-8.15.2-150000.8.9.1 sendmail-debuginfo-8.15.2-150000.8.9.1 sendmail-debugsource-8.15.2-150000.8.9.1 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): libmilter1_0-8.15.2-150000.8.9.1 libmilter1_0-debuginfo-8.15.2-150000.8.9.1 sendmail-debuginfo-8.15.2-150000.8.9.1 sendmail-debugsource-8.15.2-150000.8.9.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): libmilter1_0-8.15.2-150000.8.9.1 libmilter1_0-debuginfo-8.15.2-150000.8.9.1 sendmail-debuginfo-8.15.2-150000.8.9.1 sendmail-debugsource-8.15.2-150000.8.9.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): libmilter1_0-8.15.2-150000.8.9.1 libmilter1_0-debuginfo-8.15.2-150000.8.9.1 sendmail-debuginfo-8.15.2-150000.8.9.1 sendmail-debugsource-8.15.2-150000.8.9.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): libmilter1_0-8.15.2-150000.8.9.1 libmilter1_0-debuginfo-8.15.2-150000.8.9.1 sendmail-debuginfo-8.15.2-150000.8.9.1 sendmail-debugsource-8.15.2-150000.8.9.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 (aarch64 ppc64le s390x x86_64): rmail-8.15.2-150000.8.9.1 rmail-debuginfo-8.15.2-150000.8.9.1 sendmail-debuginfo-8.15.2-150000.8.9.1 sendmail-debugsource-8.15.2-150000.8.9.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (aarch64 ppc64le s390x x86_64): rmail-8.15.2-150000.8.9.1 rmail-debuginfo-8.15.2-150000.8.9.1 sendmail-debuginfo-8.15.2-150000.8.9.1 sendmail-debugsource-8.15.2-150000.8.9.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): libmilter1_0-8.15.2-150000.8.9.1 libmilter1_0-debuginfo-8.15.2-150000.8.9.1 sendmail-debuginfo-8.15.2-150000.8.9.1 sendmail-debugsource-8.15.2-150000.8.9.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): libmilter1_0-8.15.2-150000.8.9.1 libmilter1_0-debuginfo-8.15.2-150000.8.9.1 sendmail-debuginfo-8.15.2-150000.8.9.1 sendmail-debugsource-8.15.2-150000.8.9.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): libmilter1_0-8.15.2-150000.8.9.1 libmilter1_0-debuginfo-8.15.2-150000.8.9.1 sendmail-debuginfo-8.15.2-150000.8.9.1 sendmail-debugsource-8.15.2-150000.8.9.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): libmilter1_0-8.15.2-150000.8.9.1 libmilter1_0-debuginfo-8.15.2-150000.8.9.1 sendmail-debuginfo-8.15.2-150000.8.9.1 sendmail-debugsource-8.15.2-150000.8.9.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): libmilter1_0-8.15.2-150000.8.9.1 libmilter1_0-debuginfo-8.15.2-150000.8.9.1 sendmail-debuginfo-8.15.2-150000.8.9.1 sendmail-debugsource-8.15.2-150000.8.9.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): libmilter1_0-8.15.2-150000.8.9.1 libmilter1_0-debuginfo-8.15.2-150000.8.9.1 sendmail-debuginfo-8.15.2-150000.8.9.1 sendmail-debugsource-8.15.2-150000.8.9.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): libmilter1_0-8.15.2-150000.8.9.1 libmilter1_0-debuginfo-8.15.2-150000.8.9.1 sendmail-debuginfo-8.15.2-150000.8.9.1 sendmail-debugsource-8.15.2-150000.8.9.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): libmilter1_0-8.15.2-150000.8.9.1 libmilter1_0-debuginfo-8.15.2-150000.8.9.1 sendmail-debuginfo-8.15.2-150000.8.9.1 sendmail-debugsource-8.15.2-150000.8.9.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): libmilter1_0-8.15.2-150000.8.9.1 libmilter1_0-debuginfo-8.15.2-150000.8.9.1 sendmail-debuginfo-8.15.2-150000.8.9.1 sendmail-debugsource-8.15.2-150000.8.9.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): libmilter1_0-8.15.2-150000.8.9.1 libmilter1_0-debuginfo-8.15.2-150000.8.9.1 sendmail-debuginfo-8.15.2-150000.8.9.1 sendmail-debugsource-8.15.2-150000.8.9.1 - SUSE CaaS Platform 4.0 (x86_64): libmilter1_0-8.15.2-150000.8.9.1 libmilter1_0-debuginfo-8.15.2-150000.8.9.1 sendmail-debuginfo-8.15.2-150000.8.9.1 sendmail-debugsource-8.15.2-150000.8.9.1 References: https://www.suse.com/security/cve/CVE-2022-31256.html https://bugzilla.suse.com/1202937 https://bugzilla.suse.com/1204696 From sle-updates at lists.suse.com Tue Nov 8 14:38:22 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 8 Nov 2022 15:38:22 +0100 (CET) Subject: SUSE-SU-2022:3895-1: important: Security update for ganglia-web Message-ID: <20221108143822.2E0EBFDD7@maintenance.suse.de> SUSE Security Update: Security update for ganglia-web ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3895-1 Rating: important References: #1088887 #1160761 #1179835 Cross-References: CVE-2019-20378 CVSS scores: CVE-2019-20378 (NVD) : 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVE-2019-20378 (SUSE): 7.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L Affected Products: SUSE Linux Enterprise Module for HPC 12 ______________________________________________________________________________ An update that solves one vulnerability and has two fixes is now available. Description: This update for ganglia-web fixes the following issues: - updated to 3.7.5 which fixes (bsc#1179835) - CVE-2019-20378: Fixed a possible XSS via ce and cs parameters in header.php (bsc#1160761). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for HPC 12: zypper in -t patch SUSE-SLE-Module-HPC-12-2022-3895=1 Package List: - SUSE Linux Enterprise Module for HPC 12 (noarch): ganglia-web-3.7.5-3.8.1 References: https://www.suse.com/security/cve/CVE-2019-20378.html https://bugzilla.suse.com/1088887 https://bugzilla.suse.com/1160761 https://bugzilla.suse.com/1179835 From sle-updates at lists.suse.com Tue Nov 8 14:39:12 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 8 Nov 2022 15:39:12 +0100 (CET) Subject: SUSE-SU-2022:3898-1: important: Security update for sendmail Message-ID: <20221108143912.055A4FDD7@maintenance.suse.de> SUSE Security Update: Security update for sendmail ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3898-1 Rating: important References: #1202937 #1204696 Cross-References: CVE-2022-31256 CVSS scores: CVE-2022-31256 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-31256 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise High Performance Computing SUSE Linux Enterprise Module for Legacy Software 12 SUSE Linux Enterprise Server SUSE Linux Enterprise Server for SAP Applications ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for sendmail fixes the following issues: - CVE-2022-31256: Fixed mail to root privilege escalation via sm-client.pre script (bsc#1204696, bsc#1202937). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Legacy Software 12: zypper in -t patch SUSE-SLE-Module-Legacy-12-2022-3898=1 Package List: - SUSE Linux Enterprise Module for Legacy Software 12 (aarch64 ppc64le s390x x86_64): sendmail-8.14.9-4.6.1 sendmail-debuginfo-8.14.9-4.6.1 sendmail-debugsource-8.14.9-4.6.1 References: https://www.suse.com/security/cve/CVE-2022-31256.html https://bugzilla.suse.com/1202937 https://bugzilla.suse.com/1204696 From sle-updates at lists.suse.com Tue Nov 8 14:40:21 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 8 Nov 2022 15:40:21 +0100 (CET) Subject: SUSE-RU-2022:3901-1: moderate: Recommended update for openssl-1_1 Message-ID: <20221108144021.0A439FDD7@maintenance.suse.de> SUSE Recommended Update: Recommended update for openssl-1_1 ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:3901-1 Rating: moderate References: #1180995 #1203046 Affected Products: SUSE Enterprise Storage 7 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Storage 7.1 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.1 SUSE Manager Retail Branch Server 4.2 SUSE Manager Server 4.1 SUSE Manager Server 4.2 openSUSE Leap 15.3 openSUSE Leap Micro 5.2 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for openssl-1_1 fixes the following issues: - Default to RFC7919 groups when generating ECDH parameters using 'genpkey' or 'dhparam' in FIPS mode (bsc#1180995) - Fix memory leaks (bsc#1203046) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap Micro 5.2: zypper in -t patch openSUSE-Leap-Micro-5.2-2022-3901=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-3901=1 - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-3901=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-3901=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-3901=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-3901=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-3901=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-3901=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-3901=1 - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-3901=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-3901=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-3901=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-3901=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-3901=1 Package List: - openSUSE Leap Micro 5.2 (aarch64 x86_64): libopenssl-1_1-devel-1.1.1d-150200.11.54.1 libopenssl1_1-1.1.1d-150200.11.54.1 libopenssl1_1-debuginfo-1.1.1d-150200.11.54.1 libopenssl1_1-hmac-1.1.1d-150200.11.54.1 openssl-1_1-1.1.1d-150200.11.54.1 openssl-1_1-debuginfo-1.1.1d-150200.11.54.1 openssl-1_1-debugsource-1.1.1d-150200.11.54.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): libopenssl-1_1-devel-1.1.1d-150200.11.54.1 libopenssl1_1-1.1.1d-150200.11.54.1 libopenssl1_1-debuginfo-1.1.1d-150200.11.54.1 libopenssl1_1-hmac-1.1.1d-150200.11.54.1 openssl-1_1-1.1.1d-150200.11.54.1 openssl-1_1-debuginfo-1.1.1d-150200.11.54.1 openssl-1_1-debugsource-1.1.1d-150200.11.54.1 - openSUSE Leap 15.3 (noarch): openssl-1_1-doc-1.1.1d-150200.11.54.1 - openSUSE Leap 15.3 (x86_64): libopenssl-1_1-devel-32bit-1.1.1d-150200.11.54.1 libopenssl1_1-32bit-1.1.1d-150200.11.54.1 libopenssl1_1-32bit-debuginfo-1.1.1d-150200.11.54.1 libopenssl1_1-hmac-32bit-1.1.1d-150200.11.54.1 - SUSE Manager Server 4.1 (ppc64le s390x x86_64): libopenssl-1_1-devel-1.1.1d-150200.11.54.1 libopenssl1_1-1.1.1d-150200.11.54.1 libopenssl1_1-debuginfo-1.1.1d-150200.11.54.1 libopenssl1_1-hmac-1.1.1d-150200.11.54.1 openssl-1_1-1.1.1d-150200.11.54.1 openssl-1_1-debuginfo-1.1.1d-150200.11.54.1 openssl-1_1-debugsource-1.1.1d-150200.11.54.1 - SUSE Manager Server 4.1 (x86_64): libopenssl1_1-32bit-1.1.1d-150200.11.54.1 libopenssl1_1-32bit-debuginfo-1.1.1d-150200.11.54.1 libopenssl1_1-hmac-32bit-1.1.1d-150200.11.54.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): libopenssl-1_1-devel-1.1.1d-150200.11.54.1 libopenssl1_1-1.1.1d-150200.11.54.1 libopenssl1_1-32bit-1.1.1d-150200.11.54.1 libopenssl1_1-32bit-debuginfo-1.1.1d-150200.11.54.1 libopenssl1_1-debuginfo-1.1.1d-150200.11.54.1 libopenssl1_1-hmac-1.1.1d-150200.11.54.1 libopenssl1_1-hmac-32bit-1.1.1d-150200.11.54.1 openssl-1_1-1.1.1d-150200.11.54.1 openssl-1_1-debuginfo-1.1.1d-150200.11.54.1 openssl-1_1-debugsource-1.1.1d-150200.11.54.1 - SUSE Manager Proxy 4.1 (x86_64): libopenssl-1_1-devel-1.1.1d-150200.11.54.1 libopenssl1_1-1.1.1d-150200.11.54.1 libopenssl1_1-32bit-1.1.1d-150200.11.54.1 libopenssl1_1-32bit-debuginfo-1.1.1d-150200.11.54.1 libopenssl1_1-debuginfo-1.1.1d-150200.11.54.1 libopenssl1_1-hmac-1.1.1d-150200.11.54.1 libopenssl1_1-hmac-32bit-1.1.1d-150200.11.54.1 openssl-1_1-1.1.1d-150200.11.54.1 openssl-1_1-debuginfo-1.1.1d-150200.11.54.1 openssl-1_1-debugsource-1.1.1d-150200.11.54.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): libopenssl-1_1-devel-1.1.1d-150200.11.54.1 libopenssl1_1-1.1.1d-150200.11.54.1 libopenssl1_1-debuginfo-1.1.1d-150200.11.54.1 libopenssl1_1-hmac-1.1.1d-150200.11.54.1 openssl-1_1-1.1.1d-150200.11.54.1 openssl-1_1-debuginfo-1.1.1d-150200.11.54.1 openssl-1_1-debugsource-1.1.1d-150200.11.54.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (x86_64): libopenssl1_1-32bit-1.1.1d-150200.11.54.1 libopenssl1_1-32bit-debuginfo-1.1.1d-150200.11.54.1 libopenssl1_1-hmac-32bit-1.1.1d-150200.11.54.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): libopenssl-1_1-devel-1.1.1d-150200.11.54.1 libopenssl1_1-1.1.1d-150200.11.54.1 libopenssl1_1-debuginfo-1.1.1d-150200.11.54.1 libopenssl1_1-hmac-1.1.1d-150200.11.54.1 openssl-1_1-1.1.1d-150200.11.54.1 openssl-1_1-debuginfo-1.1.1d-150200.11.54.1 openssl-1_1-debugsource-1.1.1d-150200.11.54.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (x86_64): libopenssl1_1-32bit-1.1.1d-150200.11.54.1 libopenssl1_1-32bit-debuginfo-1.1.1d-150200.11.54.1 libopenssl1_1-hmac-32bit-1.1.1d-150200.11.54.1 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): libopenssl-1_1-devel-1.1.1d-150200.11.54.1 libopenssl1_1-1.1.1d-150200.11.54.1 libopenssl1_1-32bit-1.1.1d-150200.11.54.1 libopenssl1_1-32bit-debuginfo-1.1.1d-150200.11.54.1 libopenssl1_1-debuginfo-1.1.1d-150200.11.54.1 libopenssl1_1-hmac-1.1.1d-150200.11.54.1 libopenssl1_1-hmac-32bit-1.1.1d-150200.11.54.1 openssl-1_1-1.1.1d-150200.11.54.1 openssl-1_1-debuginfo-1.1.1d-150200.11.54.1 openssl-1_1-debugsource-1.1.1d-150200.11.54.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): libopenssl-1_1-devel-1.1.1d-150200.11.54.1 libopenssl1_1-1.1.1d-150200.11.54.1 libopenssl1_1-debuginfo-1.1.1d-150200.11.54.1 libopenssl1_1-hmac-1.1.1d-150200.11.54.1 openssl-1_1-1.1.1d-150200.11.54.1 openssl-1_1-debuginfo-1.1.1d-150200.11.54.1 openssl-1_1-debugsource-1.1.1d-150200.11.54.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (x86_64): libopenssl-1_1-devel-32bit-1.1.1d-150200.11.54.1 libopenssl1_1-32bit-1.1.1d-150200.11.54.1 libopenssl1_1-32bit-debuginfo-1.1.1d-150200.11.54.1 libopenssl1_1-hmac-32bit-1.1.1d-150200.11.54.1 - SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64): libopenssl-1_1-devel-1.1.1d-150200.11.54.1 libopenssl1_1-1.1.1d-150200.11.54.1 libopenssl1_1-debuginfo-1.1.1d-150200.11.54.1 libopenssl1_1-hmac-1.1.1d-150200.11.54.1 openssl-1_1-1.1.1d-150200.11.54.1 openssl-1_1-debuginfo-1.1.1d-150200.11.54.1 openssl-1_1-debugsource-1.1.1d-150200.11.54.1 - SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64): libopenssl-1_1-devel-1.1.1d-150200.11.54.1 libopenssl1_1-1.1.1d-150200.11.54.1 libopenssl1_1-debuginfo-1.1.1d-150200.11.54.1 libopenssl1_1-hmac-1.1.1d-150200.11.54.1 openssl-1_1-1.1.1d-150200.11.54.1 openssl-1_1-debuginfo-1.1.1d-150200.11.54.1 openssl-1_1-debugsource-1.1.1d-150200.11.54.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): libopenssl-1_1-devel-1.1.1d-150200.11.54.1 libopenssl1_1-1.1.1d-150200.11.54.1 libopenssl1_1-debuginfo-1.1.1d-150200.11.54.1 libopenssl1_1-hmac-1.1.1d-150200.11.54.1 openssl-1_1-1.1.1d-150200.11.54.1 openssl-1_1-debuginfo-1.1.1d-150200.11.54.1 openssl-1_1-debugsource-1.1.1d-150200.11.54.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (x86_64): libopenssl1_1-32bit-1.1.1d-150200.11.54.1 libopenssl1_1-32bit-debuginfo-1.1.1d-150200.11.54.1 libopenssl1_1-hmac-32bit-1.1.1d-150200.11.54.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): libopenssl-1_1-devel-1.1.1d-150200.11.54.1 libopenssl1_1-1.1.1d-150200.11.54.1 libopenssl1_1-debuginfo-1.1.1d-150200.11.54.1 libopenssl1_1-hmac-1.1.1d-150200.11.54.1 openssl-1_1-1.1.1d-150200.11.54.1 openssl-1_1-debuginfo-1.1.1d-150200.11.54.1 openssl-1_1-debugsource-1.1.1d-150200.11.54.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (x86_64): libopenssl1_1-32bit-1.1.1d-150200.11.54.1 libopenssl1_1-32bit-debuginfo-1.1.1d-150200.11.54.1 libopenssl1_1-hmac-32bit-1.1.1d-150200.11.54.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): libopenssl-1_1-devel-1.1.1d-150200.11.54.1 libopenssl1_1-1.1.1d-150200.11.54.1 libopenssl1_1-debuginfo-1.1.1d-150200.11.54.1 libopenssl1_1-hmac-1.1.1d-150200.11.54.1 openssl-1_1-1.1.1d-150200.11.54.1 openssl-1_1-debuginfo-1.1.1d-150200.11.54.1 openssl-1_1-debugsource-1.1.1d-150200.11.54.1 - SUSE Enterprise Storage 7 (x86_64): libopenssl1_1-32bit-1.1.1d-150200.11.54.1 libopenssl1_1-32bit-debuginfo-1.1.1d-150200.11.54.1 libopenssl1_1-hmac-32bit-1.1.1d-150200.11.54.1 References: https://bugzilla.suse.com/1180995 https://bugzilla.suse.com/1203046 From sle-updates at lists.suse.com Tue Nov 8 14:42:21 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 8 Nov 2022 15:42:21 +0100 (CET) Subject: SUSE-RU-2022:3905-1: important: Recommended update for aaa_base Message-ID: <20221108144221.1C0E2FDD7@maintenance.suse.de> SUSE Recommended Update: Recommended update for aaa_base ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:3905-1 Rating: important References: #1196840 #1199492 #1199918 #1199926 #1199927 Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Enterprise Storage 7 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Server Applications 15-SP3 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Storage 7.1 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.1 SUSE Manager Retail Branch Server 4.2 SUSE Manager Server 4.1 SUSE Manager Server 4.2 openSUSE Leap 15.3 openSUSE Leap Micro 5.2 ______________________________________________________________________________ An update that has 5 recommended fixes can now be installed. Description: This update for aaa_base and iputils fixes the following issues: aaa_base: - Failures in ping for SUSE Linux Enterprise 15 and 15 SP1 due to sysctl setting for ping_group_range (bsc#1199926, bsc#1199927) - The wrapper rootsh is not a restricted shell (bsc#1199492) iputils: - Fix device binding on ping6 for ICMP datagram socket. (bsc#1196840, bsc#1199918, bsc#1199926, bsc#1199927) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap Micro 5.2: zypper in -t patch openSUSE-Leap-Micro-5.2-2022-3905=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-3905=1 - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-3905=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-3905=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-3905=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-3905=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-3905=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-3905=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-3905=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-3905=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-3905=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-3905=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2022-3905=1 - SUSE Linux Enterprise Module for Server Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP3-2022-3905=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-3905=1 - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-3905=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-3905=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-3905=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-3905=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-3905=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-3905=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-3905=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-3905=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-3905=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-3905=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - openSUSE Leap Micro 5.2 (aarch64 x86_64): iputils-debuginfo-s20161105-150000.8.6.1 iputils-debugsource-s20161105-150000.8.6.1 iputils-s20161105-150000.8.6.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): iputils-debuginfo-s20161105-150000.8.6.1 iputils-debugsource-s20161105-150000.8.6.1 iputils-s20161105-150000.8.6.1 rarpd-debuginfo-s20161105-150000.8.6.1 rarpd-s20161105-150000.8.6.1 - SUSE Manager Server 4.1 (ppc64le s390x x86_64): aaa_base-84.87+git20180409.04c9dae-150000.3.60.1 aaa_base-debuginfo-84.87+git20180409.04c9dae-150000.3.60.1 aaa_base-debugsource-84.87+git20180409.04c9dae-150000.3.60.1 aaa_base-extras-84.87+git20180409.04c9dae-150000.3.60.1 aaa_base-malloccheck-84.87+git20180409.04c9dae-150000.3.60.1 iputils-debuginfo-s20161105-150000.8.6.1 iputils-debugsource-s20161105-150000.8.6.1 iputils-s20161105-150000.8.6.1 rarpd-debuginfo-s20161105-150000.8.6.1 rarpd-s20161105-150000.8.6.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): aaa_base-84.87+git20180409.04c9dae-150000.3.60.1 aaa_base-debuginfo-84.87+git20180409.04c9dae-150000.3.60.1 aaa_base-debugsource-84.87+git20180409.04c9dae-150000.3.60.1 aaa_base-extras-84.87+git20180409.04c9dae-150000.3.60.1 aaa_base-malloccheck-84.87+git20180409.04c9dae-150000.3.60.1 iputils-debuginfo-s20161105-150000.8.6.1 iputils-debugsource-s20161105-150000.8.6.1 iputils-s20161105-150000.8.6.1 rarpd-debuginfo-s20161105-150000.8.6.1 rarpd-s20161105-150000.8.6.1 - SUSE Manager Proxy 4.1 (x86_64): aaa_base-84.87+git20180409.04c9dae-150000.3.60.1 aaa_base-debuginfo-84.87+git20180409.04c9dae-150000.3.60.1 aaa_base-debugsource-84.87+git20180409.04c9dae-150000.3.60.1 aaa_base-extras-84.87+git20180409.04c9dae-150000.3.60.1 aaa_base-malloccheck-84.87+git20180409.04c9dae-150000.3.60.1 iputils-debuginfo-s20161105-150000.8.6.1 iputils-debugsource-s20161105-150000.8.6.1 iputils-s20161105-150000.8.6.1 rarpd-debuginfo-s20161105-150000.8.6.1 rarpd-s20161105-150000.8.6.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): aaa_base-84.87+git20180409.04c9dae-150000.3.60.1 aaa_base-debuginfo-84.87+git20180409.04c9dae-150000.3.60.1 aaa_base-debugsource-84.87+git20180409.04c9dae-150000.3.60.1 aaa_base-extras-84.87+git20180409.04c9dae-150000.3.60.1 aaa_base-malloccheck-84.87+git20180409.04c9dae-150000.3.60.1 iputils-debuginfo-s20161105-150000.8.6.1 iputils-debugsource-s20161105-150000.8.6.1 iputils-s20161105-150000.8.6.1 rarpd-debuginfo-s20161105-150000.8.6.1 rarpd-s20161105-150000.8.6.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): aaa_base-84.87+git20180409.04c9dae-150000.3.60.1 aaa_base-debuginfo-84.87+git20180409.04c9dae-150000.3.60.1 aaa_base-debugsource-84.87+git20180409.04c9dae-150000.3.60.1 aaa_base-extras-84.87+git20180409.04c9dae-150000.3.60.1 aaa_base-malloccheck-84.87+git20180409.04c9dae-150000.3.60.1 iputils-debuginfo-s20161105-150000.8.6.1 iputils-debugsource-s20161105-150000.8.6.1 iputils-s20161105-150000.8.6.1 rarpd-debuginfo-s20161105-150000.8.6.1 rarpd-s20161105-150000.8.6.1 - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): aaa_base-84.87+git20180409.04c9dae-150000.3.60.1 aaa_base-debuginfo-84.87+git20180409.04c9dae-150000.3.60.1 aaa_base-debugsource-84.87+git20180409.04c9dae-150000.3.60.1 aaa_base-extras-84.87+git20180409.04c9dae-150000.3.60.1 aaa_base-malloccheck-84.87+git20180409.04c9dae-150000.3.60.1 iputils-debuginfo-s20161105-150000.8.6.1 iputils-debugsource-s20161105-150000.8.6.1 iputils-s20161105-150000.8.6.1 rarpd-debuginfo-s20161105-150000.8.6.1 rarpd-s20161105-150000.8.6.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): aaa_base-84.87+git20180409.04c9dae-150000.3.60.1 aaa_base-debuginfo-84.87+git20180409.04c9dae-150000.3.60.1 aaa_base-debugsource-84.87+git20180409.04c9dae-150000.3.60.1 aaa_base-extras-84.87+git20180409.04c9dae-150000.3.60.1 aaa_base-malloccheck-84.87+git20180409.04c9dae-150000.3.60.1 iputils-debuginfo-s20161105-150000.8.6.1 iputils-debugsource-s20161105-150000.8.6.1 iputils-s20161105-150000.8.6.1 rarpd-debuginfo-s20161105-150000.8.6.1 rarpd-s20161105-150000.8.6.1 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): aaa_base-84.87+git20180409.04c9dae-150000.3.60.1 aaa_base-debuginfo-84.87+git20180409.04c9dae-150000.3.60.1 aaa_base-debugsource-84.87+git20180409.04c9dae-150000.3.60.1 aaa_base-extras-84.87+git20180409.04c9dae-150000.3.60.1 aaa_base-malloccheck-84.87+git20180409.04c9dae-150000.3.60.1 iputils-debuginfo-s20161105-150000.8.6.1 iputils-debugsource-s20161105-150000.8.6.1 iputils-s20161105-150000.8.6.1 rarpd-debuginfo-s20161105-150000.8.6.1 rarpd-s20161105-150000.8.6.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): aaa_base-84.87+git20180409.04c9dae-150000.3.60.1 aaa_base-debuginfo-84.87+git20180409.04c9dae-150000.3.60.1 aaa_base-debugsource-84.87+git20180409.04c9dae-150000.3.60.1 aaa_base-extras-84.87+git20180409.04c9dae-150000.3.60.1 aaa_base-malloccheck-84.87+git20180409.04c9dae-150000.3.60.1 iputils-debuginfo-s20161105-150000.8.6.1 iputils-debugsource-s20161105-150000.8.6.1 iputils-s20161105-150000.8.6.1 rarpd-debuginfo-s20161105-150000.8.6.1 rarpd-s20161105-150000.8.6.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): aaa_base-84.87+git20180409.04c9dae-150000.3.60.1 aaa_base-debuginfo-84.87+git20180409.04c9dae-150000.3.60.1 aaa_base-debugsource-84.87+git20180409.04c9dae-150000.3.60.1 aaa_base-extras-84.87+git20180409.04c9dae-150000.3.60.1 aaa_base-malloccheck-84.87+git20180409.04c9dae-150000.3.60.1 iputils-debuginfo-s20161105-150000.8.6.1 iputils-debugsource-s20161105-150000.8.6.1 iputils-s20161105-150000.8.6.1 rarpd-debuginfo-s20161105-150000.8.6.1 rarpd-s20161105-150000.8.6.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): aaa_base-84.87+git20180409.04c9dae-150000.3.60.1 aaa_base-debuginfo-84.87+git20180409.04c9dae-150000.3.60.1 aaa_base-debugsource-84.87+git20180409.04c9dae-150000.3.60.1 aaa_base-extras-84.87+git20180409.04c9dae-150000.3.60.1 aaa_base-malloccheck-84.87+git20180409.04c9dae-150000.3.60.1 iputils-debuginfo-s20161105-150000.8.6.1 iputils-debugsource-s20161105-150000.8.6.1 iputils-s20161105-150000.8.6.1 rarpd-debuginfo-s20161105-150000.8.6.1 rarpd-s20161105-150000.8.6.1 - SUSE Linux Enterprise Module for Server Applications 15-SP3 (aarch64 ppc64le s390x x86_64): iputils-debuginfo-s20161105-150000.8.6.1 iputils-debugsource-s20161105-150000.8.6.1 rarpd-debuginfo-s20161105-150000.8.6.1 rarpd-s20161105-150000.8.6.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): iputils-debuginfo-s20161105-150000.8.6.1 iputils-debugsource-s20161105-150000.8.6.1 iputils-s20161105-150000.8.6.1 - SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64): iputils-debuginfo-s20161105-150000.8.6.1 iputils-debugsource-s20161105-150000.8.6.1 iputils-s20161105-150000.8.6.1 - SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64): iputils-debuginfo-s20161105-150000.8.6.1 iputils-debugsource-s20161105-150000.8.6.1 iputils-s20161105-150000.8.6.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): aaa_base-84.87+git20180409.04c9dae-150000.3.60.1 aaa_base-debuginfo-84.87+git20180409.04c9dae-150000.3.60.1 aaa_base-debugsource-84.87+git20180409.04c9dae-150000.3.60.1 aaa_base-extras-84.87+git20180409.04c9dae-150000.3.60.1 aaa_base-malloccheck-84.87+git20180409.04c9dae-150000.3.60.1 iputils-debuginfo-s20161105-150000.8.6.1 iputils-debugsource-s20161105-150000.8.6.1 iputils-s20161105-150000.8.6.1 rarpd-debuginfo-s20161105-150000.8.6.1 rarpd-s20161105-150000.8.6.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): aaa_base-84.87+git20180409.04c9dae-150000.3.60.1 aaa_base-debuginfo-84.87+git20180409.04c9dae-150000.3.60.1 aaa_base-debugsource-84.87+git20180409.04c9dae-150000.3.60.1 aaa_base-extras-84.87+git20180409.04c9dae-150000.3.60.1 aaa_base-malloccheck-84.87+git20180409.04c9dae-150000.3.60.1 iputils-debuginfo-s20161105-150000.8.6.1 iputils-debugsource-s20161105-150000.8.6.1 iputils-s20161105-150000.8.6.1 rarpd-debuginfo-s20161105-150000.8.6.1 rarpd-s20161105-150000.8.6.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): aaa_base-84.87+git20180409.04c9dae-150000.3.60.1 aaa_base-debuginfo-84.87+git20180409.04c9dae-150000.3.60.1 aaa_base-debugsource-84.87+git20180409.04c9dae-150000.3.60.1 aaa_base-extras-84.87+git20180409.04c9dae-150000.3.60.1 aaa_base-malloccheck-84.87+git20180409.04c9dae-150000.3.60.1 iputils-debuginfo-s20161105-150000.8.6.1 iputils-debugsource-s20161105-150000.8.6.1 iputils-s20161105-150000.8.6.1 rarpd-debuginfo-s20161105-150000.8.6.1 rarpd-s20161105-150000.8.6.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): aaa_base-84.87+git20180409.04c9dae-150000.3.60.1 aaa_base-debuginfo-84.87+git20180409.04c9dae-150000.3.60.1 aaa_base-debugsource-84.87+git20180409.04c9dae-150000.3.60.1 aaa_base-extras-84.87+git20180409.04c9dae-150000.3.60.1 aaa_base-malloccheck-84.87+git20180409.04c9dae-150000.3.60.1 iputils-debuginfo-s20161105-150000.8.6.1 iputils-debugsource-s20161105-150000.8.6.1 iputils-s20161105-150000.8.6.1 rarpd-debuginfo-s20161105-150000.8.6.1 rarpd-s20161105-150000.8.6.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): aaa_base-84.87+git20180409.04c9dae-150000.3.60.1 aaa_base-debuginfo-84.87+git20180409.04c9dae-150000.3.60.1 aaa_base-debugsource-84.87+git20180409.04c9dae-150000.3.60.1 aaa_base-extras-84.87+git20180409.04c9dae-150000.3.60.1 aaa_base-malloccheck-84.87+git20180409.04c9dae-150000.3.60.1 iputils-debuginfo-s20161105-150000.8.6.1 iputils-debugsource-s20161105-150000.8.6.1 iputils-s20161105-150000.8.6.1 rarpd-debuginfo-s20161105-150000.8.6.1 rarpd-s20161105-150000.8.6.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): aaa_base-84.87+git20180409.04c9dae-150000.3.60.1 aaa_base-debuginfo-84.87+git20180409.04c9dae-150000.3.60.1 aaa_base-debugsource-84.87+git20180409.04c9dae-150000.3.60.1 aaa_base-extras-84.87+git20180409.04c9dae-150000.3.60.1 aaa_base-malloccheck-84.87+git20180409.04c9dae-150000.3.60.1 iputils-debuginfo-s20161105-150000.8.6.1 iputils-debugsource-s20161105-150000.8.6.1 iputils-s20161105-150000.8.6.1 rarpd-debuginfo-s20161105-150000.8.6.1 rarpd-s20161105-150000.8.6.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): aaa_base-84.87+git20180409.04c9dae-150000.3.60.1 aaa_base-debuginfo-84.87+git20180409.04c9dae-150000.3.60.1 aaa_base-debugsource-84.87+git20180409.04c9dae-150000.3.60.1 aaa_base-extras-84.87+git20180409.04c9dae-150000.3.60.1 aaa_base-malloccheck-84.87+git20180409.04c9dae-150000.3.60.1 iputils-debuginfo-s20161105-150000.8.6.1 iputils-debugsource-s20161105-150000.8.6.1 iputils-s20161105-150000.8.6.1 rarpd-debuginfo-s20161105-150000.8.6.1 rarpd-s20161105-150000.8.6.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): aaa_base-84.87+git20180409.04c9dae-150000.3.60.1 aaa_base-debuginfo-84.87+git20180409.04c9dae-150000.3.60.1 aaa_base-debugsource-84.87+git20180409.04c9dae-150000.3.60.1 aaa_base-extras-84.87+git20180409.04c9dae-150000.3.60.1 aaa_base-malloccheck-84.87+git20180409.04c9dae-150000.3.60.1 iputils-debuginfo-s20161105-150000.8.6.1 iputils-debugsource-s20161105-150000.8.6.1 iputils-s20161105-150000.8.6.1 rarpd-debuginfo-s20161105-150000.8.6.1 rarpd-s20161105-150000.8.6.1 - SUSE CaaS Platform 4.0 (x86_64): aaa_base-84.87+git20180409.04c9dae-150000.3.60.1 aaa_base-debuginfo-84.87+git20180409.04c9dae-150000.3.60.1 aaa_base-debugsource-84.87+git20180409.04c9dae-150000.3.60.1 aaa_base-extras-84.87+git20180409.04c9dae-150000.3.60.1 aaa_base-malloccheck-84.87+git20180409.04c9dae-150000.3.60.1 iputils-debuginfo-s20161105-150000.8.6.1 iputils-debugsource-s20161105-150000.8.6.1 iputils-s20161105-150000.8.6.1 rarpd-debuginfo-s20161105-150000.8.6.1 rarpd-s20161105-150000.8.6.1 References: https://bugzilla.suse.com/1196840 https://bugzilla.suse.com/1199492 https://bugzilla.suse.com/1199918 https://bugzilla.suse.com/1199926 https://bugzilla.suse.com/1199927 From sle-updates at lists.suse.com Tue Nov 8 14:44:14 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 8 Nov 2022 15:44:14 +0100 (CET) Subject: SUSE-SU-2022:3908-1: moderate: Security update for gstreamer-plugins-good Message-ID: <20221108144414.D87EDFDD7@maintenance.suse.de> SUSE Security Update: Security update for gstreamer-plugins-good ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3908-1 Rating: moderate References: #1201688 #1201693 #1201702 #1201704 #1201706 #1201707 #1201708 Cross-References: CVE-2022-1920 CVE-2022-1921 CVE-2022-1922 CVE-2022-1923 CVE-2022-1924 CVE-2022-1925 CVE-2022-2122 CVSS scores: CVE-2022-1920 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-1920 (SUSE): 6.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H CVE-2022-1921 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-1921 (SUSE): 6.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H CVE-2022-1922 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-1922 (SUSE): 6.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H CVE-2022-1923 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-1923 (SUSE): 6.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H CVE-2022-1924 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-1924 (SUSE): 6.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H CVE-2022-1925 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-1925 (SUSE): 6.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H CVE-2022-2122 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-2122 (SUSE): 6.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes 7 vulnerabilities is now available. Description: This update for gstreamer-plugins-good fixes the following issues: - CVE-2022-1920: Fixed integer overflow in WavPack header handling code (bsc#1201688). - CVE-2022-1921: Fixed integer overflow resulting in heap corruption in avidemux element (bsc#1201693). - CVE-2022-1922: Fixed integer overflows in mkv demuxing (bsc#1201702). - CVE-2022-1923: Fixed integer overflows in mkv demuxing using bzip (bsc#1201704). - CVE-2022-1924: Fixed integer overflows in mkv demuxing using lzo (bsc#1201706). - CVE-2022-1925: Fixed integer overflows in mkv demuxing using HEADERSTRIP (bsc#1201707). - CVE-2022-2122: Fixed integer overflows in qtdemux using zlib (bsc#1201708). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-3908=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-3908=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): gstreamer-plugins-good-1.20.1-150400.3.3.1 gstreamer-plugins-good-debuginfo-1.20.1-150400.3.3.1 gstreamer-plugins-good-debugsource-1.20.1-150400.3.3.1 gstreamer-plugins-good-extra-1.20.1-150400.3.3.1 gstreamer-plugins-good-extra-debuginfo-1.20.1-150400.3.3.1 gstreamer-plugins-good-gtk-1.20.1-150400.3.3.1 gstreamer-plugins-good-gtk-debuginfo-1.20.1-150400.3.3.1 gstreamer-plugins-good-jack-1.20.1-150400.3.3.1 gstreamer-plugins-good-jack-debuginfo-1.20.1-150400.3.3.1 gstreamer-plugins-good-qtqml-1.20.1-150400.3.3.1 gstreamer-plugins-good-qtqml-debuginfo-1.20.1-150400.3.3.1 - openSUSE Leap 15.4 (noarch): gstreamer-plugins-good-lang-1.20.1-150400.3.3.1 - openSUSE Leap 15.4 (x86_64): gstreamer-plugins-good-32bit-1.20.1-150400.3.3.1 gstreamer-plugins-good-32bit-debuginfo-1.20.1-150400.3.3.1 gstreamer-plugins-good-extra-32bit-1.20.1-150400.3.3.1 gstreamer-plugins-good-extra-32bit-debuginfo-1.20.1-150400.3.3.1 gstreamer-plugins-good-jack-32bit-1.20.1-150400.3.3.1 gstreamer-plugins-good-jack-32bit-debuginfo-1.20.1-150400.3.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): gstreamer-plugins-good-1.20.1-150400.3.3.1 gstreamer-plugins-good-debuginfo-1.20.1-150400.3.3.1 gstreamer-plugins-good-debugsource-1.20.1-150400.3.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (noarch): gstreamer-plugins-good-lang-1.20.1-150400.3.3.1 References: https://www.suse.com/security/cve/CVE-2022-1920.html https://www.suse.com/security/cve/CVE-2022-1921.html https://www.suse.com/security/cve/CVE-2022-1922.html https://www.suse.com/security/cve/CVE-2022-1923.html https://www.suse.com/security/cve/CVE-2022-1924.html https://www.suse.com/security/cve/CVE-2022-1925.html https://www.suse.com/security/cve/CVE-2022-2122.html https://bugzilla.suse.com/1201688 https://bugzilla.suse.com/1201693 https://bugzilla.suse.com/1201702 https://bugzilla.suse.com/1201704 https://bugzilla.suse.com/1201706 https://bugzilla.suse.com/1201707 https://bugzilla.suse.com/1201708 From sle-updates at lists.suse.com Tue Nov 8 14:45:37 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 8 Nov 2022 15:45:37 +0100 (CET) Subject: SUSE-SU-2022:3907-1: moderate: Security update for gstreamer-plugins-base Message-ID: <20221108144537.308D5FDD7@maintenance.suse.de> SUSE Security Update: Security update for gstreamer-plugins-base ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3907-1 Rating: moderate References: #1185448 Cross-References: CVE-2021-3522 CVSS scores: CVE-2021-3522 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2021-3522 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Storage 7.1 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 openSUSE Leap 15.4 openSUSE Leap Micro 5.2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for gstreamer-plugins-base fixes the following issues: - CVE-2021-3522: Fixed ID3v2 tag frame size check and potential invalid reads (bsc#1185448). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap Micro 5.2: zypper in -t patch openSUSE-Leap-Micro-5.2-2022-3907=1 - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-3907=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-3907=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP3-2022-3907=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-3907=1 - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-3907=1 Package List: - openSUSE Leap Micro 5.2 (aarch64 x86_64): gstreamer-plugins-base-1.16.3-150200.4.6.2 gstreamer-plugins-base-debuginfo-1.16.3-150200.4.6.2 gstreamer-plugins-base-debugsource-1.16.3-150200.4.6.2 libgstallocators-1_0-0-1.16.3-150200.4.6.2 libgstallocators-1_0-0-debuginfo-1.16.3-150200.4.6.2 libgstapp-1_0-0-1.16.3-150200.4.6.2 libgstapp-1_0-0-debuginfo-1.16.3-150200.4.6.2 libgstaudio-1_0-0-1.16.3-150200.4.6.2 libgstaudio-1_0-0-debuginfo-1.16.3-150200.4.6.2 libgstgl-1_0-0-1.16.3-150200.4.6.2 libgstgl-1_0-0-debuginfo-1.16.3-150200.4.6.2 libgstpbutils-1_0-0-1.16.3-150200.4.6.2 libgstpbutils-1_0-0-debuginfo-1.16.3-150200.4.6.2 libgstriff-1_0-0-1.16.3-150200.4.6.2 libgstriff-1_0-0-debuginfo-1.16.3-150200.4.6.2 libgsttag-1_0-0-1.16.3-150200.4.6.2 libgsttag-1_0-0-debuginfo-1.16.3-150200.4.6.2 libgstvideo-1_0-0-1.16.3-150200.4.6.2 libgstvideo-1_0-0-debuginfo-1.16.3-150200.4.6.2 - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): gstreamer-plugins-base-doc-1.16.3-150200.4.6.2 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): gstreamer-plugins-base-1.16.3-150200.4.6.2 gstreamer-plugins-base-debuginfo-1.16.3-150200.4.6.2 gstreamer-plugins-base-debugsource-1.16.3-150200.4.6.2 gstreamer-plugins-base-devel-1.16.3-150200.4.6.2 gstreamer-plugins-base-doc-1.16.3-150200.4.6.2 libgstallocators-1_0-0-1.16.3-150200.4.6.2 libgstallocators-1_0-0-debuginfo-1.16.3-150200.4.6.2 libgstapp-1_0-0-1.16.3-150200.4.6.2 libgstapp-1_0-0-debuginfo-1.16.3-150200.4.6.2 libgstaudio-1_0-0-1.16.3-150200.4.6.2 libgstaudio-1_0-0-debuginfo-1.16.3-150200.4.6.2 libgstfft-1_0-0-1.16.3-150200.4.6.2 libgstfft-1_0-0-debuginfo-1.16.3-150200.4.6.2 libgstgl-1_0-0-1.16.3-150200.4.6.2 libgstgl-1_0-0-debuginfo-1.16.3-150200.4.6.2 libgstpbutils-1_0-0-1.16.3-150200.4.6.2 libgstpbutils-1_0-0-debuginfo-1.16.3-150200.4.6.2 libgstriff-1_0-0-1.16.3-150200.4.6.2 libgstriff-1_0-0-debuginfo-1.16.3-150200.4.6.2 libgstrtp-1_0-0-1.16.3-150200.4.6.2 libgstrtp-1_0-0-debuginfo-1.16.3-150200.4.6.2 libgstrtsp-1_0-0-1.16.3-150200.4.6.2 libgstrtsp-1_0-0-debuginfo-1.16.3-150200.4.6.2 libgstsdp-1_0-0-1.16.3-150200.4.6.2 libgstsdp-1_0-0-debuginfo-1.16.3-150200.4.6.2 libgsttag-1_0-0-1.16.3-150200.4.6.2 libgsttag-1_0-0-debuginfo-1.16.3-150200.4.6.2 libgstvideo-1_0-0-1.16.3-150200.4.6.2 libgstvideo-1_0-0-debuginfo-1.16.3-150200.4.6.2 typelib-1_0-GstAllocators-1_0-1.16.3-150200.4.6.2 typelib-1_0-GstApp-1_0-1.16.3-150200.4.6.2 typelib-1_0-GstAudio-1_0-1.16.3-150200.4.6.2 typelib-1_0-GstGL-1_0-1.16.3-150200.4.6.2 typelib-1_0-GstPbutils-1_0-1.16.3-150200.4.6.2 typelib-1_0-GstRtp-1_0-1.16.3-150200.4.6.2 typelib-1_0-GstRtsp-1_0-1.16.3-150200.4.6.2 typelib-1_0-GstSdp-1_0-1.16.3-150200.4.6.2 typelib-1_0-GstTag-1_0-1.16.3-150200.4.6.2 typelib-1_0-GstVideo-1_0-1.16.3-150200.4.6.2 - openSUSE Leap 15.3 (noarch): gstreamer-plugins-base-lang-1.16.3-150200.4.6.2 - openSUSE Leap 15.3 (x86_64): gstreamer-plugins-base-32bit-1.16.3-150200.4.6.2 gstreamer-plugins-base-32bit-debuginfo-1.16.3-150200.4.6.2 gstreamer-plugins-base-devel-32bit-1.16.3-150200.4.6.2 libgstallocators-1_0-0-32bit-1.16.3-150200.4.6.2 libgstallocators-1_0-0-32bit-debuginfo-1.16.3-150200.4.6.2 libgstapp-1_0-0-32bit-1.16.3-150200.4.6.2 libgstapp-1_0-0-32bit-debuginfo-1.16.3-150200.4.6.2 libgstaudio-1_0-0-32bit-1.16.3-150200.4.6.2 libgstaudio-1_0-0-32bit-debuginfo-1.16.3-150200.4.6.2 libgstfft-1_0-0-32bit-1.16.3-150200.4.6.2 libgstfft-1_0-0-32bit-debuginfo-1.16.3-150200.4.6.2 libgstgl-1_0-0-32bit-1.16.3-150200.4.6.2 libgstgl-1_0-0-32bit-debuginfo-1.16.3-150200.4.6.2 libgstpbutils-1_0-0-32bit-1.16.3-150200.4.6.2 libgstpbutils-1_0-0-32bit-debuginfo-1.16.3-150200.4.6.2 libgstriff-1_0-0-32bit-1.16.3-150200.4.6.2 libgstriff-1_0-0-32bit-debuginfo-1.16.3-150200.4.6.2 libgstrtp-1_0-0-32bit-1.16.3-150200.4.6.2 libgstrtp-1_0-0-32bit-debuginfo-1.16.3-150200.4.6.2 libgstrtsp-1_0-0-32bit-1.16.3-150200.4.6.2 libgstrtsp-1_0-0-32bit-debuginfo-1.16.3-150200.4.6.2 libgstsdp-1_0-0-32bit-1.16.3-150200.4.6.2 libgstsdp-1_0-0-32bit-debuginfo-1.16.3-150200.4.6.2 libgsttag-1_0-0-32bit-1.16.3-150200.4.6.2 libgsttag-1_0-0-32bit-debuginfo-1.16.3-150200.4.6.2 libgstvideo-1_0-0-32bit-1.16.3-150200.4.6.2 libgstvideo-1_0-0-32bit-debuginfo-1.16.3-150200.4.6.2 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (x86_64): gstreamer-plugins-base-32bit-debuginfo-1.16.3-150200.4.6.2 gstreamer-plugins-base-debugsource-1.16.3-150200.4.6.2 libgstaudio-1_0-0-32bit-1.16.3-150200.4.6.2 libgstaudio-1_0-0-32bit-debuginfo-1.16.3-150200.4.6.2 libgsttag-1_0-0-32bit-1.16.3-150200.4.6.2 libgsttag-1_0-0-32bit-debuginfo-1.16.3-150200.4.6.2 libgstvideo-1_0-0-32bit-1.16.3-150200.4.6.2 libgstvideo-1_0-0-32bit-debuginfo-1.16.3-150200.4.6.2 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): gstreamer-plugins-base-1.16.3-150200.4.6.2 gstreamer-plugins-base-debuginfo-1.16.3-150200.4.6.2 gstreamer-plugins-base-debugsource-1.16.3-150200.4.6.2 gstreamer-plugins-base-devel-1.16.3-150200.4.6.2 libgstallocators-1_0-0-1.16.3-150200.4.6.2 libgstallocators-1_0-0-debuginfo-1.16.3-150200.4.6.2 libgstapp-1_0-0-1.16.3-150200.4.6.2 libgstapp-1_0-0-debuginfo-1.16.3-150200.4.6.2 libgstaudio-1_0-0-1.16.3-150200.4.6.2 libgstaudio-1_0-0-debuginfo-1.16.3-150200.4.6.2 libgstfft-1_0-0-1.16.3-150200.4.6.2 libgstfft-1_0-0-debuginfo-1.16.3-150200.4.6.2 libgstgl-1_0-0-1.16.3-150200.4.6.2 libgstgl-1_0-0-debuginfo-1.16.3-150200.4.6.2 libgstpbutils-1_0-0-1.16.3-150200.4.6.2 libgstpbutils-1_0-0-debuginfo-1.16.3-150200.4.6.2 libgstriff-1_0-0-1.16.3-150200.4.6.2 libgstriff-1_0-0-debuginfo-1.16.3-150200.4.6.2 libgstrtp-1_0-0-1.16.3-150200.4.6.2 libgstrtp-1_0-0-debuginfo-1.16.3-150200.4.6.2 libgstrtsp-1_0-0-1.16.3-150200.4.6.2 libgstrtsp-1_0-0-debuginfo-1.16.3-150200.4.6.2 libgstsdp-1_0-0-1.16.3-150200.4.6.2 libgstsdp-1_0-0-debuginfo-1.16.3-150200.4.6.2 libgsttag-1_0-0-1.16.3-150200.4.6.2 libgsttag-1_0-0-debuginfo-1.16.3-150200.4.6.2 libgstvideo-1_0-0-1.16.3-150200.4.6.2 libgstvideo-1_0-0-debuginfo-1.16.3-150200.4.6.2 typelib-1_0-GstAllocators-1_0-1.16.3-150200.4.6.2 typelib-1_0-GstApp-1_0-1.16.3-150200.4.6.2 typelib-1_0-GstAudio-1_0-1.16.3-150200.4.6.2 typelib-1_0-GstGL-1_0-1.16.3-150200.4.6.2 typelib-1_0-GstPbutils-1_0-1.16.3-150200.4.6.2 typelib-1_0-GstRtp-1_0-1.16.3-150200.4.6.2 typelib-1_0-GstRtsp-1_0-1.16.3-150200.4.6.2 typelib-1_0-GstSdp-1_0-1.16.3-150200.4.6.2 typelib-1_0-GstTag-1_0-1.16.3-150200.4.6.2 typelib-1_0-GstVideo-1_0-1.16.3-150200.4.6.2 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch): gstreamer-plugins-base-lang-1.16.3-150200.4.6.2 - SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64): gstreamer-plugins-base-1.16.3-150200.4.6.2 gstreamer-plugins-base-debuginfo-1.16.3-150200.4.6.2 gstreamer-plugins-base-debugsource-1.16.3-150200.4.6.2 libgstallocators-1_0-0-1.16.3-150200.4.6.2 libgstallocators-1_0-0-debuginfo-1.16.3-150200.4.6.2 libgstapp-1_0-0-1.16.3-150200.4.6.2 libgstapp-1_0-0-debuginfo-1.16.3-150200.4.6.2 libgstaudio-1_0-0-1.16.3-150200.4.6.2 libgstaudio-1_0-0-debuginfo-1.16.3-150200.4.6.2 libgstgl-1_0-0-1.16.3-150200.4.6.2 libgstgl-1_0-0-debuginfo-1.16.3-150200.4.6.2 libgstpbutils-1_0-0-1.16.3-150200.4.6.2 libgstpbutils-1_0-0-debuginfo-1.16.3-150200.4.6.2 libgstriff-1_0-0-1.16.3-150200.4.6.2 libgstriff-1_0-0-debuginfo-1.16.3-150200.4.6.2 libgsttag-1_0-0-1.16.3-150200.4.6.2 libgsttag-1_0-0-debuginfo-1.16.3-150200.4.6.2 libgstvideo-1_0-0-1.16.3-150200.4.6.2 libgstvideo-1_0-0-debuginfo-1.16.3-150200.4.6.2 References: https://www.suse.com/security/cve/CVE-2021-3522.html https://bugzilla.suse.com/1185448 From sle-updates at lists.suse.com Tue Nov 8 14:46:29 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 8 Nov 2022 15:46:29 +0100 (CET) Subject: SUSE-SU-2022:3906-1: moderate: Security update for gstreamer-0_10-plugins-good Message-ID: <20221108144629.19932FDD7@maintenance.suse.de> SUSE Security Update: Security update for gstreamer-0_10-plugins-good ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3906-1 Rating: moderate References: #1201688 #1201693 #1201702 #1201704 #1201706 #1201707 #1201708 Cross-References: CVE-2022-1920 CVE-2022-1921 CVE-2022-1922 CVE-2022-1923 CVE-2022-1924 CVE-2022-1925 CVE-2022-2122 CVSS scores: CVE-2022-1920 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-1920 (SUSE): 6.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H CVE-2022-1921 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-1921 (SUSE): 6.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H CVE-2022-1922 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-1922 (SUSE): 6.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H CVE-2022-1923 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-1923 (SUSE): 6.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H CVE-2022-1924 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-1924 (SUSE): 6.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H CVE-2022-1925 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-1925 (SUSE): 6.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H CVE-2022-2122 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-2122 (SUSE): 6.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H Affected Products: SUSE Linux Enterprise Desktop 12-SP5 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Linux Enterprise Workstation Extension 12-SP5 ______________________________________________________________________________ An update that fixes 7 vulnerabilities is now available. Description: This update for gstreamer-0_10-plugins-good fixes the following issues: - CVE-2022-1920: Fixed an integer overflow while parsing matroska files (bsc#1201688). - CVE-2022-1921: Fixed an integer overflow while parsing avi files (bsc#1201693). - CVE-2022-1922: Fixed an integer overflow during mkv demuxing using zlib decompression (bsc#1201702). - CVE-2022-1923: Fixed an integer overflow during mkv demuxing using bzip decompression (bsc#1201704). - CVE-2022-1924: Fixed an integer overflow during mkv demuxing using lzo decompression (bsc#1201706). - CVE-2022-1925: Fixed an integer overflow during mkv demuxing using HEADERSTRIP decompression (bsc#1201707). - CVE-2022-2122: Fixed an integer overflow in qtdemux using zlib decompression (bsc#1201708). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP5: zypper in -t patch SUSE-SLE-WE-12-SP5-2022-3906=1 Package List: - SUSE Linux Enterprise Workstation Extension 12-SP5 (x86_64): gstreamer-0_10-plugins-good-0.10.31-17.7.1 gstreamer-0_10-plugins-good-debuginfo-0.10.31-17.7.1 gstreamer-0_10-plugins-good-debugsource-0.10.31-17.7.1 - SUSE Linux Enterprise Workstation Extension 12-SP5 (noarch): gstreamer-0_10-plugins-good-lang-0.10.31-17.7.1 References: https://www.suse.com/security/cve/CVE-2022-1920.html https://www.suse.com/security/cve/CVE-2022-1921.html https://www.suse.com/security/cve/CVE-2022-1922.html https://www.suse.com/security/cve/CVE-2022-1923.html https://www.suse.com/security/cve/CVE-2022-1924.html https://www.suse.com/security/cve/CVE-2022-1925.html https://www.suse.com/security/cve/CVE-2022-2122.html https://bugzilla.suse.com/1201688 https://bugzilla.suse.com/1201693 https://bugzilla.suse.com/1201702 https://bugzilla.suse.com/1201704 https://bugzilla.suse.com/1201706 https://bugzilla.suse.com/1201707 https://bugzilla.suse.com/1201708 From sle-updates at lists.suse.com Tue Nov 8 14:47:41 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 8 Nov 2022 15:47:41 +0100 (CET) Subject: SUSE-RU-2022:3902-1: moderate: Recommended update for openssl-1_1 Message-ID: <20221108144741.1B61AFDD7@maintenance.suse.de> SUSE Recommended Update: Recommended update for openssl-1_1 ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:3902-1 Rating: moderate References: #1180995 Affected Products: SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for openssl-1_1 fixes the following issues: - Default to RFC7919 groups when generating ECDH parameters using 'genpkey' or 'dhparam' in FIPS mode (bsc#1180995) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-3902=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-3902=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): libopenssl-1_1-devel-1.1.1d-2.72.1 openssl-1_1-debuginfo-1.1.1d-2.72.1 openssl-1_1-debugsource-1.1.1d-2.72.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (s390x x86_64): libopenssl-1_1-devel-32bit-1.1.1d-2.72.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): libopenssl1_1-1.1.1d-2.72.1 libopenssl1_1-debuginfo-1.1.1d-2.72.1 libopenssl1_1-hmac-1.1.1d-2.72.1 openssl-1_1-1.1.1d-2.72.1 openssl-1_1-debuginfo-1.1.1d-2.72.1 openssl-1_1-debugsource-1.1.1d-2.72.1 - SUSE Linux Enterprise Server 12-SP5 (s390x x86_64): libopenssl1_1-32bit-1.1.1d-2.72.1 libopenssl1_1-debuginfo-32bit-1.1.1d-2.72.1 libopenssl1_1-hmac-32bit-1.1.1d-2.72.1 References: https://bugzilla.suse.com/1180995 From sle-updates at lists.suse.com Tue Nov 8 14:48:33 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 8 Nov 2022 15:48:33 +0100 (CET) Subject: SUSE-RU-2022:3903-1: moderate: Recommended update for openssl-1_0_0 Message-ID: <20221108144833.E711FFDD7@maintenance.suse.de> SUSE Recommended Update: Recommended update for openssl-1_0_0 ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:3903-1 Rating: moderate References: #1180995 Affected Products: SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for openssl-1_0_0 fixes the following issues: - Default to RFC7919 groups when generating ECDH parameters using 'genpkey' or 'dhparam' in FIPS mode (bsc#1180995) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-3903=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-3903=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): libopenssl-1_0_0-devel-1.0.2p-3.59.1 openssl-1_0_0-debuginfo-1.0.2p-3.59.1 openssl-1_0_0-debugsource-1.0.2p-3.59.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (s390x x86_64): libopenssl-1_0_0-devel-32bit-1.0.2p-3.59.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): libopenssl-1_0_0-devel-1.0.2p-3.59.1 libopenssl1_0_0-1.0.2p-3.59.1 libopenssl1_0_0-debuginfo-1.0.2p-3.59.1 libopenssl1_0_0-hmac-1.0.2p-3.59.1 openssl-1_0_0-1.0.2p-3.59.1 openssl-1_0_0-debuginfo-1.0.2p-3.59.1 openssl-1_0_0-debugsource-1.0.2p-3.59.1 - SUSE Linux Enterprise Server 12-SP5 (s390x x86_64): libopenssl1_0_0-32bit-1.0.2p-3.59.1 libopenssl1_0_0-debuginfo-32bit-1.0.2p-3.59.1 libopenssl1_0_0-hmac-32bit-1.0.2p-3.59.1 - SUSE Linux Enterprise Server 12-SP5 (noarch): openssl-1_0_0-doc-1.0.2p-3.59.1 References: https://bugzilla.suse.com/1180995 From sle-updates at lists.suse.com Tue Nov 8 14:49:45 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 8 Nov 2022 15:49:45 +0100 (CET) Subject: SUSE-RU-2022:3904-1: moderate: Recommended update for openssh Message-ID: <20221108144945.3BAA0FDD7@maintenance.suse.de> SUSE Recommended Update: Recommended update for openssh ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:3904-1 Rating: moderate References: #1192439 Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Micro 5.3 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Module for Desktop Applications 15-SP3 SUSE Linux Enterprise Module for Desktop Applications 15-SP4 SUSE Linux Enterprise Module for Server Applications 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Linux Enterprise Storage 7.1 SUSE Manager Proxy 4.2 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.2 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.2 SUSE Manager Server 4.3 openSUSE Leap 15.3 openSUSE Leap 15.4 openSUSE Leap Micro 5.2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for openssh fixes the following issue: - Prevent empty messages from being sent. (bsc#1192439) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap Micro 5.2: zypper in -t patch openSUSE-Leap-Micro-5.2-2022-3904=1 - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-3904=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-3904=1 - SUSE Linux Enterprise Module for Server Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP3-2022-3904=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP4: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP4-2022-3904=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP3-2022-3904=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-3904=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-3904=1 - SUSE Linux Enterprise Micro 5.3: zypper in -t patch SUSE-SLE-Micro-5.3-2022-3904=1 - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-3904=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-3904=1 Package List: - openSUSE Leap Micro 5.2 (aarch64 x86_64): openssh-8.4p1-150300.3.12.2 openssh-clients-8.4p1-150300.3.12.2 openssh-clients-debuginfo-8.4p1-150300.3.12.2 openssh-common-8.4p1-150300.3.12.2 openssh-common-debuginfo-8.4p1-150300.3.12.2 openssh-debuginfo-8.4p1-150300.3.12.2 openssh-debugsource-8.4p1-150300.3.12.2 openssh-fips-8.4p1-150300.3.12.2 openssh-server-8.4p1-150300.3.12.2 openssh-server-debuginfo-8.4p1-150300.3.12.2 - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): openssh-8.4p1-150300.3.12.2 openssh-askpass-gnome-8.4p1-150300.3.12.1 openssh-askpass-gnome-debuginfo-8.4p1-150300.3.12.1 openssh-askpass-gnome-debugsource-8.4p1-150300.3.12.1 openssh-cavs-8.4p1-150300.3.12.2 openssh-cavs-debuginfo-8.4p1-150300.3.12.2 openssh-clients-8.4p1-150300.3.12.2 openssh-clients-debuginfo-8.4p1-150300.3.12.2 openssh-common-8.4p1-150300.3.12.2 openssh-common-debuginfo-8.4p1-150300.3.12.2 openssh-debuginfo-8.4p1-150300.3.12.2 openssh-debugsource-8.4p1-150300.3.12.2 openssh-fips-8.4p1-150300.3.12.2 openssh-helpers-8.4p1-150300.3.12.2 openssh-helpers-debuginfo-8.4p1-150300.3.12.2 openssh-server-8.4p1-150300.3.12.2 openssh-server-debuginfo-8.4p1-150300.3.12.2 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): openssh-8.4p1-150300.3.12.2 openssh-askpass-gnome-8.4p1-150300.3.12.1 openssh-askpass-gnome-debuginfo-8.4p1-150300.3.12.1 openssh-askpass-gnome-debugsource-8.4p1-150300.3.12.1 openssh-cavs-8.4p1-150300.3.12.2 openssh-cavs-debuginfo-8.4p1-150300.3.12.2 openssh-clients-8.4p1-150300.3.12.2 openssh-clients-debuginfo-8.4p1-150300.3.12.2 openssh-common-8.4p1-150300.3.12.2 openssh-common-debuginfo-8.4p1-150300.3.12.2 openssh-debuginfo-8.4p1-150300.3.12.2 openssh-debugsource-8.4p1-150300.3.12.2 openssh-fips-8.4p1-150300.3.12.2 openssh-helpers-8.4p1-150300.3.12.2 openssh-helpers-debuginfo-8.4p1-150300.3.12.2 openssh-server-8.4p1-150300.3.12.2 openssh-server-debuginfo-8.4p1-150300.3.12.2 - SUSE Linux Enterprise Module for Server Applications 15-SP3 (aarch64 ppc64le s390x x86_64): openssh-debuginfo-8.4p1-150300.3.12.2 openssh-debugsource-8.4p1-150300.3.12.2 openssh-fips-8.4p1-150300.3.12.2 - SUSE Linux Enterprise Module for Desktop Applications 15-SP4 (aarch64 ppc64le s390x x86_64): openssh-askpass-gnome-8.4p1-150300.3.12.1 openssh-askpass-gnome-debuginfo-8.4p1-150300.3.12.1 openssh-askpass-gnome-debugsource-8.4p1-150300.3.12.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (aarch64 ppc64le s390x x86_64): openssh-askpass-gnome-8.4p1-150300.3.12.1 openssh-askpass-gnome-debuginfo-8.4p1-150300.3.12.1 openssh-askpass-gnome-debugsource-8.4p1-150300.3.12.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): openssh-8.4p1-150300.3.12.2 openssh-clients-8.4p1-150300.3.12.2 openssh-clients-debuginfo-8.4p1-150300.3.12.2 openssh-common-8.4p1-150300.3.12.2 openssh-common-debuginfo-8.4p1-150300.3.12.2 openssh-debuginfo-8.4p1-150300.3.12.2 openssh-debugsource-8.4p1-150300.3.12.2 openssh-fips-8.4p1-150300.3.12.2 openssh-helpers-8.4p1-150300.3.12.2 openssh-helpers-debuginfo-8.4p1-150300.3.12.2 openssh-server-8.4p1-150300.3.12.2 openssh-server-debuginfo-8.4p1-150300.3.12.2 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): openssh-8.4p1-150300.3.12.2 openssh-clients-8.4p1-150300.3.12.2 openssh-clients-debuginfo-8.4p1-150300.3.12.2 openssh-common-8.4p1-150300.3.12.2 openssh-common-debuginfo-8.4p1-150300.3.12.2 openssh-debuginfo-8.4p1-150300.3.12.2 openssh-debugsource-8.4p1-150300.3.12.2 openssh-fips-8.4p1-150300.3.12.2 openssh-helpers-8.4p1-150300.3.12.2 openssh-helpers-debuginfo-8.4p1-150300.3.12.2 openssh-server-8.4p1-150300.3.12.2 openssh-server-debuginfo-8.4p1-150300.3.12.2 - SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64): openssh-8.4p1-150300.3.12.2 openssh-clients-8.4p1-150300.3.12.2 openssh-clients-debuginfo-8.4p1-150300.3.12.2 openssh-common-8.4p1-150300.3.12.2 openssh-common-debuginfo-8.4p1-150300.3.12.2 openssh-debuginfo-8.4p1-150300.3.12.2 openssh-debugsource-8.4p1-150300.3.12.2 openssh-fips-8.4p1-150300.3.12.2 openssh-server-8.4p1-150300.3.12.2 openssh-server-debuginfo-8.4p1-150300.3.12.2 - SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64): openssh-8.4p1-150300.3.12.2 openssh-clients-8.4p1-150300.3.12.2 openssh-clients-debuginfo-8.4p1-150300.3.12.2 openssh-common-8.4p1-150300.3.12.2 openssh-common-debuginfo-8.4p1-150300.3.12.2 openssh-debuginfo-8.4p1-150300.3.12.2 openssh-debugsource-8.4p1-150300.3.12.2 openssh-fips-8.4p1-150300.3.12.2 openssh-server-8.4p1-150300.3.12.2 openssh-server-debuginfo-8.4p1-150300.3.12.2 - SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64): openssh-8.4p1-150300.3.12.2 openssh-clients-8.4p1-150300.3.12.2 openssh-clients-debuginfo-8.4p1-150300.3.12.2 openssh-common-8.4p1-150300.3.12.2 openssh-common-debuginfo-8.4p1-150300.3.12.2 openssh-debuginfo-8.4p1-150300.3.12.2 openssh-debugsource-8.4p1-150300.3.12.2 openssh-fips-8.4p1-150300.3.12.2 openssh-server-8.4p1-150300.3.12.2 openssh-server-debuginfo-8.4p1-150300.3.12.2 References: https://bugzilla.suse.com/1192439 From sle-updates at lists.suse.com Tue Nov 8 17:24:54 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 8 Nov 2022 18:24:54 +0100 (CET) Subject: SUSE-RU-2022:3910-1: moderate: Recommended update for pam Message-ID: <20221108172454.9DC3DFDD7@maintenance.suse.de> SUSE Recommended Update: Recommended update for pam ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:3910-1 Rating: moderate References: PED-1712 Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Enterprise Storage 7 SUSE Enterprise Storage 7.1 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Micro 5.3 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Module for Development Tools 15-SP3 SUSE Linux Enterprise Module for Development Tools 15-SP4 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.1 SUSE Manager Retail Branch Server 4.2 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.1 SUSE Manager Server 4.2 SUSE Manager Server 4.3 openSUSE Leap 15.3 openSUSE Leap 15.4 openSUSE Leap Micro 5.2 ______________________________________________________________________________ An update that has 0 recommended fixes and contains one feature can now be installed. Description: This update for pam fixes the following issue: - Update pam_motd to the most current version. (PED-1712) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap Micro 5.2: zypper in -t patch openSUSE-Leap-Micro-5.2-2022-3910=1 - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-3910=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-3910=1 - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-3910=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-3910=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-3910=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-3910=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-3910=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-3910=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-3910=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-3910=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-3910=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-3910=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2022-3910=1 - SUSE Linux Enterprise Module for Development Tools 15-SP4: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2022-3910=1 - SUSE Linux Enterprise Module for Development Tools 15-SP3: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2022-3910=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-3910=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-3910=1 - SUSE Linux Enterprise Micro 5.3: zypper in -t patch SUSE-SLE-Micro-5.3-2022-3910=1 - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-3910=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-3910=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-3910=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-3910=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-3910=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-3910=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-3910=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-3910=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-3910=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-3910=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - openSUSE Leap Micro 5.2 (aarch64 x86_64): pam-1.3.0-150000.6.61.1 pam-debuginfo-1.3.0-150000.6.61.1 pam-debugsource-1.3.0-150000.6.61.1 - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): pam-1.3.0-150000.6.61.1 pam-debuginfo-1.3.0-150000.6.61.1 pam-debugsource-1.3.0-150000.6.61.1 pam-devel-1.3.0-150000.6.61.1 pam-extra-1.3.0-150000.6.61.1 pam-extra-debuginfo-1.3.0-150000.6.61.1 - openSUSE Leap 15.4 (x86_64): pam-32bit-1.3.0-150000.6.61.1 pam-32bit-debuginfo-1.3.0-150000.6.61.1 pam-devel-32bit-1.3.0-150000.6.61.1 pam-extra-32bit-1.3.0-150000.6.61.1 pam-extra-32bit-debuginfo-1.3.0-150000.6.61.1 - openSUSE Leap 15.4 (noarch): pam-doc-1.3.0-150000.6.61.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): pam-1.3.0-150000.6.61.1 pam-debuginfo-1.3.0-150000.6.61.1 pam-debugsource-1.3.0-150000.6.61.1 pam-devel-1.3.0-150000.6.61.1 pam-extra-1.3.0-150000.6.61.1 pam-extra-debuginfo-1.3.0-150000.6.61.1 - openSUSE Leap 15.3 (x86_64): pam-32bit-1.3.0-150000.6.61.1 pam-32bit-debuginfo-1.3.0-150000.6.61.1 pam-devel-32bit-1.3.0-150000.6.61.1 pam-extra-32bit-1.3.0-150000.6.61.1 pam-extra-32bit-debuginfo-1.3.0-150000.6.61.1 - openSUSE Leap 15.3 (noarch): pam-doc-1.3.0-150000.6.61.1 - SUSE Manager Server 4.1 (ppc64le s390x x86_64): pam-1.3.0-150000.6.61.1 pam-debuginfo-1.3.0-150000.6.61.1 pam-debugsource-1.3.0-150000.6.61.1 pam-devel-1.3.0-150000.6.61.1 pam-extra-1.3.0-150000.6.61.1 pam-extra-debuginfo-1.3.0-150000.6.61.1 - SUSE Manager Server 4.1 (noarch): pam-doc-1.3.0-150000.6.61.1 - SUSE Manager Server 4.1 (x86_64): pam-32bit-1.3.0-150000.6.61.1 pam-32bit-debuginfo-1.3.0-150000.6.61.1 pam-devel-32bit-1.3.0-150000.6.61.1 pam-extra-32bit-1.3.0-150000.6.61.1 pam-extra-32bit-debuginfo-1.3.0-150000.6.61.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): pam-1.3.0-150000.6.61.1 pam-32bit-1.3.0-150000.6.61.1 pam-32bit-debuginfo-1.3.0-150000.6.61.1 pam-debuginfo-1.3.0-150000.6.61.1 pam-debugsource-1.3.0-150000.6.61.1 pam-devel-1.3.0-150000.6.61.1 pam-devel-32bit-1.3.0-150000.6.61.1 pam-extra-1.3.0-150000.6.61.1 pam-extra-32bit-1.3.0-150000.6.61.1 pam-extra-32bit-debuginfo-1.3.0-150000.6.61.1 pam-extra-debuginfo-1.3.0-150000.6.61.1 - SUSE Manager Retail Branch Server 4.1 (noarch): pam-doc-1.3.0-150000.6.61.1 - SUSE Manager Proxy 4.1 (x86_64): pam-1.3.0-150000.6.61.1 pam-32bit-1.3.0-150000.6.61.1 pam-32bit-debuginfo-1.3.0-150000.6.61.1 pam-debuginfo-1.3.0-150000.6.61.1 pam-debugsource-1.3.0-150000.6.61.1 pam-devel-1.3.0-150000.6.61.1 pam-devel-32bit-1.3.0-150000.6.61.1 pam-extra-1.3.0-150000.6.61.1 pam-extra-32bit-1.3.0-150000.6.61.1 pam-extra-32bit-debuginfo-1.3.0-150000.6.61.1 pam-extra-debuginfo-1.3.0-150000.6.61.1 - SUSE Manager Proxy 4.1 (noarch): pam-doc-1.3.0-150000.6.61.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): pam-1.3.0-150000.6.61.1 pam-debuginfo-1.3.0-150000.6.61.1 pam-debugsource-1.3.0-150000.6.61.1 pam-devel-1.3.0-150000.6.61.1 pam-extra-1.3.0-150000.6.61.1 pam-extra-debuginfo-1.3.0-150000.6.61.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (noarch): pam-doc-1.3.0-150000.6.61.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (x86_64): pam-32bit-1.3.0-150000.6.61.1 pam-32bit-debuginfo-1.3.0-150000.6.61.1 pam-devel-32bit-1.3.0-150000.6.61.1 pam-extra-32bit-1.3.0-150000.6.61.1 pam-extra-32bit-debuginfo-1.3.0-150000.6.61.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): pam-1.3.0-150000.6.61.1 pam-debuginfo-1.3.0-150000.6.61.1 pam-debugsource-1.3.0-150000.6.61.1 pam-devel-1.3.0-150000.6.61.1 pam-extra-1.3.0-150000.6.61.1 pam-extra-debuginfo-1.3.0-150000.6.61.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (x86_64): pam-32bit-1.3.0-150000.6.61.1 pam-32bit-debuginfo-1.3.0-150000.6.61.1 pam-devel-32bit-1.3.0-150000.6.61.1 pam-extra-32bit-1.3.0-150000.6.61.1 pam-extra-32bit-debuginfo-1.3.0-150000.6.61.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (noarch): pam-doc-1.3.0-150000.6.61.1 - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): pam-1.3.0-150000.6.61.1 pam-debuginfo-1.3.0-150000.6.61.1 pam-debugsource-1.3.0-150000.6.61.1 pam-devel-1.3.0-150000.6.61.1 - SUSE Linux Enterprise Server for SAP 15 (noarch): pam-doc-1.3.0-150000.6.61.1 - SUSE Linux Enterprise Server for SAP 15 (x86_64): pam-32bit-1.3.0-150000.6.61.1 pam-32bit-debuginfo-1.3.0-150000.6.61.1 pam-devel-32bit-1.3.0-150000.6.61.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): pam-1.3.0-150000.6.61.1 pam-debuginfo-1.3.0-150000.6.61.1 pam-debugsource-1.3.0-150000.6.61.1 pam-devel-1.3.0-150000.6.61.1 pam-extra-1.3.0-150000.6.61.1 pam-extra-debuginfo-1.3.0-150000.6.61.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (x86_64): pam-32bit-1.3.0-150000.6.61.1 pam-32bit-debuginfo-1.3.0-150000.6.61.1 pam-devel-32bit-1.3.0-150000.6.61.1 pam-extra-32bit-1.3.0-150000.6.61.1 pam-extra-32bit-debuginfo-1.3.0-150000.6.61.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (noarch): pam-doc-1.3.0-150000.6.61.1 - SUSE Linux Enterprise Server 15-SP2-BCL (noarch): pam-doc-1.3.0-150000.6.61.1 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): pam-1.3.0-150000.6.61.1 pam-32bit-1.3.0-150000.6.61.1 pam-32bit-debuginfo-1.3.0-150000.6.61.1 pam-debuginfo-1.3.0-150000.6.61.1 pam-debugsource-1.3.0-150000.6.61.1 pam-devel-1.3.0-150000.6.61.1 pam-devel-32bit-1.3.0-150000.6.61.1 pam-extra-1.3.0-150000.6.61.1 pam-extra-32bit-1.3.0-150000.6.61.1 pam-extra-32bit-debuginfo-1.3.0-150000.6.61.1 pam-extra-debuginfo-1.3.0-150000.6.61.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): pam-1.3.0-150000.6.61.1 pam-debuginfo-1.3.0-150000.6.61.1 pam-debugsource-1.3.0-150000.6.61.1 pam-devel-1.3.0-150000.6.61.1 pam-extra-1.3.0-150000.6.61.1 pam-extra-debuginfo-1.3.0-150000.6.61.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (noarch): pam-doc-1.3.0-150000.6.61.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (x86_64): pam-32bit-1.3.0-150000.6.61.1 pam-32bit-debuginfo-1.3.0-150000.6.61.1 pam-devel-32bit-1.3.0-150000.6.61.1 pam-extra-32bit-1.3.0-150000.6.61.1 pam-extra-32bit-debuginfo-1.3.0-150000.6.61.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): pam-1.3.0-150000.6.61.1 pam-32bit-1.3.0-150000.6.61.1 pam-32bit-debuginfo-1.3.0-150000.6.61.1 pam-debuginfo-1.3.0-150000.6.61.1 pam-debugsource-1.3.0-150000.6.61.1 pam-devel-1.3.0-150000.6.61.1 pam-devel-32bit-1.3.0-150000.6.61.1 pam-extra-1.3.0-150000.6.61.1 pam-extra-32bit-1.3.0-150000.6.61.1 pam-extra-32bit-debuginfo-1.3.0-150000.6.61.1 pam-extra-debuginfo-1.3.0-150000.6.61.1 - SUSE Linux Enterprise Server 15-SP1-BCL (noarch): pam-doc-1.3.0-150000.6.61.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): pam-1.3.0-150000.6.61.1 pam-debuginfo-1.3.0-150000.6.61.1 pam-debugsource-1.3.0-150000.6.61.1 pam-devel-1.3.0-150000.6.61.1 - SUSE Linux Enterprise Server 15-LTSS (noarch): pam-doc-1.3.0-150000.6.61.1 - SUSE Linux Enterprise Module for Development Tools 15-SP4 (x86_64): pam-32bit-debuginfo-1.3.0-150000.6.61.1 pam-debugsource-1.3.0-150000.6.61.1 pam-devel-32bit-1.3.0-150000.6.61.1 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (x86_64): pam-32bit-debuginfo-1.3.0-150000.6.61.1 pam-debugsource-1.3.0-150000.6.61.1 pam-devel-32bit-1.3.0-150000.6.61.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): pam-1.3.0-150000.6.61.1 pam-debuginfo-1.3.0-150000.6.61.1 pam-debugsource-1.3.0-150000.6.61.1 pam-devel-1.3.0-150000.6.61.1 pam-extra-1.3.0-150000.6.61.1 pam-extra-debuginfo-1.3.0-150000.6.61.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (x86_64): pam-32bit-1.3.0-150000.6.61.1 pam-32bit-debuginfo-1.3.0-150000.6.61.1 pam-extra-32bit-1.3.0-150000.6.61.1 pam-extra-32bit-debuginfo-1.3.0-150000.6.61.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (noarch): pam-doc-1.3.0-150000.6.61.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): pam-1.3.0-150000.6.61.1 pam-debuginfo-1.3.0-150000.6.61.1 pam-debugsource-1.3.0-150000.6.61.1 pam-devel-1.3.0-150000.6.61.1 pam-extra-1.3.0-150000.6.61.1 pam-extra-debuginfo-1.3.0-150000.6.61.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (x86_64): pam-32bit-1.3.0-150000.6.61.1 pam-32bit-debuginfo-1.3.0-150000.6.61.1 pam-extra-32bit-1.3.0-150000.6.61.1 pam-extra-32bit-debuginfo-1.3.0-150000.6.61.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch): pam-doc-1.3.0-150000.6.61.1 - SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64): pam-1.3.0-150000.6.61.1 pam-debuginfo-1.3.0-150000.6.61.1 pam-debugsource-1.3.0-150000.6.61.1 - SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64): pam-1.3.0-150000.6.61.1 pam-debuginfo-1.3.0-150000.6.61.1 pam-debugsource-1.3.0-150000.6.61.1 - SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64): pam-1.3.0-150000.6.61.1 pam-debuginfo-1.3.0-150000.6.61.1 pam-debugsource-1.3.0-150000.6.61.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): pam-1.3.0-150000.6.61.1 pam-debuginfo-1.3.0-150000.6.61.1 pam-debugsource-1.3.0-150000.6.61.1 pam-devel-1.3.0-150000.6.61.1 pam-extra-1.3.0-150000.6.61.1 pam-extra-debuginfo-1.3.0-150000.6.61.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (noarch): pam-doc-1.3.0-150000.6.61.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (x86_64): pam-32bit-1.3.0-150000.6.61.1 pam-32bit-debuginfo-1.3.0-150000.6.61.1 pam-devel-32bit-1.3.0-150000.6.61.1 pam-extra-32bit-1.3.0-150000.6.61.1 pam-extra-32bit-debuginfo-1.3.0-150000.6.61.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): pam-1.3.0-150000.6.61.1 pam-debuginfo-1.3.0-150000.6.61.1 pam-debugsource-1.3.0-150000.6.61.1 pam-devel-1.3.0-150000.6.61.1 pam-extra-1.3.0-150000.6.61.1 pam-extra-debuginfo-1.3.0-150000.6.61.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (x86_64): pam-32bit-1.3.0-150000.6.61.1 pam-32bit-debuginfo-1.3.0-150000.6.61.1 pam-devel-32bit-1.3.0-150000.6.61.1 pam-extra-32bit-1.3.0-150000.6.61.1 pam-extra-32bit-debuginfo-1.3.0-150000.6.61.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (noarch): pam-doc-1.3.0-150000.6.61.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): pam-1.3.0-150000.6.61.1 pam-debuginfo-1.3.0-150000.6.61.1 pam-debugsource-1.3.0-150000.6.61.1 pam-devel-1.3.0-150000.6.61.1 pam-extra-1.3.0-150000.6.61.1 pam-extra-debuginfo-1.3.0-150000.6.61.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (x86_64): pam-32bit-1.3.0-150000.6.61.1 pam-32bit-debuginfo-1.3.0-150000.6.61.1 pam-devel-32bit-1.3.0-150000.6.61.1 pam-extra-32bit-1.3.0-150000.6.61.1 pam-extra-32bit-debuginfo-1.3.0-150000.6.61.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (noarch): pam-doc-1.3.0-150000.6.61.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): pam-1.3.0-150000.6.61.1 pam-debuginfo-1.3.0-150000.6.61.1 pam-debugsource-1.3.0-150000.6.61.1 pam-devel-1.3.0-150000.6.61.1 pam-extra-1.3.0-150000.6.61.1 pam-extra-debuginfo-1.3.0-150000.6.61.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (x86_64): pam-32bit-1.3.0-150000.6.61.1 pam-32bit-debuginfo-1.3.0-150000.6.61.1 pam-devel-32bit-1.3.0-150000.6.61.1 pam-extra-32bit-1.3.0-150000.6.61.1 pam-extra-32bit-debuginfo-1.3.0-150000.6.61.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (noarch): pam-doc-1.3.0-150000.6.61.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): pam-1.3.0-150000.6.61.1 pam-debuginfo-1.3.0-150000.6.61.1 pam-debugsource-1.3.0-150000.6.61.1 pam-devel-1.3.0-150000.6.61.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (x86_64): pam-32bit-1.3.0-150000.6.61.1 pam-32bit-debuginfo-1.3.0-150000.6.61.1 pam-devel-32bit-1.3.0-150000.6.61.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (noarch): pam-doc-1.3.0-150000.6.61.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): pam-1.3.0-150000.6.61.1 pam-debuginfo-1.3.0-150000.6.61.1 pam-debugsource-1.3.0-150000.6.61.1 pam-devel-1.3.0-150000.6.61.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (noarch): pam-doc-1.3.0-150000.6.61.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (x86_64): pam-32bit-1.3.0-150000.6.61.1 pam-32bit-debuginfo-1.3.0-150000.6.61.1 pam-devel-32bit-1.3.0-150000.6.61.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): pam-1.3.0-150000.6.61.1 pam-debuginfo-1.3.0-150000.6.61.1 pam-debugsource-1.3.0-150000.6.61.1 pam-devel-1.3.0-150000.6.61.1 pam-extra-1.3.0-150000.6.61.1 pam-extra-debuginfo-1.3.0-150000.6.61.1 - SUSE Enterprise Storage 7 (noarch): pam-doc-1.3.0-150000.6.61.1 - SUSE Enterprise Storage 7 (x86_64): pam-32bit-1.3.0-150000.6.61.1 pam-32bit-debuginfo-1.3.0-150000.6.61.1 pam-devel-32bit-1.3.0-150000.6.61.1 pam-extra-32bit-1.3.0-150000.6.61.1 pam-extra-32bit-debuginfo-1.3.0-150000.6.61.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): pam-1.3.0-150000.6.61.1 pam-debuginfo-1.3.0-150000.6.61.1 pam-debugsource-1.3.0-150000.6.61.1 pam-devel-1.3.0-150000.6.61.1 pam-extra-1.3.0-150000.6.61.1 pam-extra-debuginfo-1.3.0-150000.6.61.1 - SUSE Enterprise Storage 6 (x86_64): pam-32bit-1.3.0-150000.6.61.1 pam-32bit-debuginfo-1.3.0-150000.6.61.1 pam-devel-32bit-1.3.0-150000.6.61.1 pam-extra-32bit-1.3.0-150000.6.61.1 pam-extra-32bit-debuginfo-1.3.0-150000.6.61.1 - SUSE Enterprise Storage 6 (noarch): pam-doc-1.3.0-150000.6.61.1 - SUSE CaaS Platform 4.0 (x86_64): pam-1.3.0-150000.6.61.1 pam-32bit-1.3.0-150000.6.61.1 pam-32bit-debuginfo-1.3.0-150000.6.61.1 pam-debuginfo-1.3.0-150000.6.61.1 pam-debugsource-1.3.0-150000.6.61.1 pam-devel-1.3.0-150000.6.61.1 pam-devel-32bit-1.3.0-150000.6.61.1 pam-extra-1.3.0-150000.6.61.1 pam-extra-32bit-1.3.0-150000.6.61.1 pam-extra-32bit-debuginfo-1.3.0-150000.6.61.1 pam-extra-debuginfo-1.3.0-150000.6.61.1 - SUSE CaaS Platform 4.0 (noarch): pam-doc-1.3.0-150000.6.61.1 References: From sle-updates at lists.suse.com Tue Nov 8 17:26:23 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 8 Nov 2022 18:26:23 +0100 (CET) Subject: SUSE-SU-2022:3911-1: moderate: Security update for gstreamer-plugins-base Message-ID: <20221108172623.72945FDD7@maintenance.suse.de> SUSE Security Update: Security update for gstreamer-plugins-base ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3911-1 Rating: moderate References: #1185448 Cross-References: CVE-2021-3522 CVSS scores: CVE-2021-3522 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2021-3522 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Desktop 12-SP5 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Workstation Extension 12-SP5 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for gstreamer-plugins-base fixes the following issues: - CVE-2021-3522: Fixed frame size check and potential invalid reads (bsc#1185448). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP5: zypper in -t patch SUSE-SLE-WE-12-SP5-2022-3911=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-3911=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-3911=1 Package List: - SUSE Linux Enterprise Workstation Extension 12-SP5 (x86_64): gstreamer-plugins-base-debuginfo-1.8.3-13.6.1 gstreamer-plugins-base-debuginfo-32bit-1.8.3-13.6.1 gstreamer-plugins-base-debugsource-1.8.3-13.6.1 libgstfft-1_0-0-32bit-1.8.3-13.6.1 libgstfft-1_0-0-debuginfo-32bit-1.8.3-13.6.1 typelib-1_0-GstAudio-1_0-1.8.3-13.6.1 typelib-1_0-GstPbutils-1_0-1.8.3-13.6.1 typelib-1_0-GstTag-1_0-1.8.3-13.6.1 typelib-1_0-GstVideo-1_0-1.8.3-13.6.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): gstreamer-plugins-base-debuginfo-1.8.3-13.6.1 gstreamer-plugins-base-debugsource-1.8.3-13.6.1 gstreamer-plugins-base-devel-1.8.3-13.6.1 typelib-1_0-GstAllocators-1_0-1.8.3-13.6.1 typelib-1_0-GstApp-1_0-1.8.3-13.6.1 typelib-1_0-GstAudio-1_0-1.8.3-13.6.1 typelib-1_0-GstFft-1_0-1.8.3-13.6.1 typelib-1_0-GstPbutils-1_0-1.8.3-13.6.1 typelib-1_0-GstRtp-1_0-1.8.3-13.6.1 typelib-1_0-GstRtsp-1_0-1.8.3-13.6.1 typelib-1_0-GstSdp-1_0-1.8.3-13.6.1 typelib-1_0-GstTag-1_0-1.8.3-13.6.1 typelib-1_0-GstVideo-1_0-1.8.3-13.6.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): gstreamer-plugins-base-1.8.3-13.6.1 gstreamer-plugins-base-debuginfo-1.8.3-13.6.1 gstreamer-plugins-base-debugsource-1.8.3-13.6.1 libgstallocators-1_0-0-1.8.3-13.6.1 libgstallocators-1_0-0-debuginfo-1.8.3-13.6.1 libgstapp-1_0-0-1.8.3-13.6.1 libgstapp-1_0-0-debuginfo-1.8.3-13.6.1 libgstaudio-1_0-0-1.8.3-13.6.1 libgstaudio-1_0-0-debuginfo-1.8.3-13.6.1 libgstfft-1_0-0-1.8.3-13.6.1 libgstfft-1_0-0-debuginfo-1.8.3-13.6.1 libgstpbutils-1_0-0-1.8.3-13.6.1 libgstpbutils-1_0-0-debuginfo-1.8.3-13.6.1 libgstriff-1_0-0-1.8.3-13.6.1 libgstriff-1_0-0-debuginfo-1.8.3-13.6.1 libgstrtp-1_0-0-1.8.3-13.6.1 libgstrtp-1_0-0-debuginfo-1.8.3-13.6.1 libgstrtsp-1_0-0-1.8.3-13.6.1 libgstrtsp-1_0-0-debuginfo-1.8.3-13.6.1 libgstsdp-1_0-0-1.8.3-13.6.1 libgstsdp-1_0-0-debuginfo-1.8.3-13.6.1 libgsttag-1_0-0-1.8.3-13.6.1 libgsttag-1_0-0-debuginfo-1.8.3-13.6.1 libgstvideo-1_0-0-1.8.3-13.6.1 libgstvideo-1_0-0-debuginfo-1.8.3-13.6.1 - SUSE Linux Enterprise Server 12-SP5 (s390x x86_64): gstreamer-plugins-base-debuginfo-32bit-1.8.3-13.6.1 libgstapp-1_0-0-32bit-1.8.3-13.6.1 libgstapp-1_0-0-debuginfo-32bit-1.8.3-13.6.1 libgstaudio-1_0-0-32bit-1.8.3-13.6.1 libgstaudio-1_0-0-debuginfo-32bit-1.8.3-13.6.1 libgstpbutils-1_0-0-32bit-1.8.3-13.6.1 libgstpbutils-1_0-0-debuginfo-32bit-1.8.3-13.6.1 libgsttag-1_0-0-32bit-1.8.3-13.6.1 libgsttag-1_0-0-debuginfo-32bit-1.8.3-13.6.1 libgstvideo-1_0-0-32bit-1.8.3-13.6.1 libgstvideo-1_0-0-debuginfo-32bit-1.8.3-13.6.1 - SUSE Linux Enterprise Server 12-SP5 (noarch): gstreamer-plugins-base-lang-1.8.3-13.6.1 References: https://www.suse.com/security/cve/CVE-2021-3522.html https://bugzilla.suse.com/1185448 From sle-updates at lists.suse.com Tue Nov 8 17:27:28 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 8 Nov 2022 18:27:28 +0100 (CET) Subject: SUSE-SU-2022:3913-1: moderate: Security update for vsftpd Message-ID: <20221108172728.400E1FDD7@maintenance.suse.de> SUSE Security Update: Security update for vsftpd ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3913-1 Rating: moderate References: #1196918 SLE-24275 Affected Products: SUSE Enterprise Storage 7 SUSE Enterprise Storage 7.1 SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Module for Server Applications 15-SP3 SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.1 SUSE Manager Retail Branch Server 4.2 SUSE Manager Server 4.1 SUSE Manager Server 4.2 openSUSE Leap 15.3 ______________________________________________________________________________ An update that contains security fixes and contains one feature can now be installed. Description: This update for vsftpd fixes the following issues: Bugfixes: - Removed unsupported systemd hardening options (bsc#1196918). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-3913=1 - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-3913=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-3913=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-3913=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-3913=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-3913=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-3913=1 - SUSE Linux Enterprise Module for Server Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP3-2022-3913=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-3913=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-3913=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-3913=1 Package List: - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): vsftpd-3.0.5-150200.12.12.1 vsftpd-debuginfo-3.0.5-150200.12.12.1 vsftpd-debugsource-3.0.5-150200.12.12.1 - SUSE Manager Server 4.1 (ppc64le s390x x86_64): vsftpd-3.0.5-150200.12.12.1 vsftpd-debuginfo-3.0.5-150200.12.12.1 vsftpd-debugsource-3.0.5-150200.12.12.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): vsftpd-3.0.5-150200.12.12.1 vsftpd-debuginfo-3.0.5-150200.12.12.1 vsftpd-debugsource-3.0.5-150200.12.12.1 - SUSE Manager Proxy 4.1 (x86_64): vsftpd-3.0.5-150200.12.12.1 vsftpd-debuginfo-3.0.5-150200.12.12.1 vsftpd-debugsource-3.0.5-150200.12.12.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): vsftpd-3.0.5-150200.12.12.1 vsftpd-debuginfo-3.0.5-150200.12.12.1 vsftpd-debugsource-3.0.5-150200.12.12.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): vsftpd-3.0.5-150200.12.12.1 vsftpd-debuginfo-3.0.5-150200.12.12.1 vsftpd-debugsource-3.0.5-150200.12.12.1 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): vsftpd-3.0.5-150200.12.12.1 vsftpd-debuginfo-3.0.5-150200.12.12.1 vsftpd-debugsource-3.0.5-150200.12.12.1 - SUSE Linux Enterprise Module for Server Applications 15-SP3 (aarch64 ppc64le s390x x86_64): vsftpd-3.0.5-150200.12.12.1 vsftpd-debuginfo-3.0.5-150200.12.12.1 vsftpd-debugsource-3.0.5-150200.12.12.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): vsftpd-3.0.5-150200.12.12.1 vsftpd-debuginfo-3.0.5-150200.12.12.1 vsftpd-debugsource-3.0.5-150200.12.12.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): vsftpd-3.0.5-150200.12.12.1 vsftpd-debuginfo-3.0.5-150200.12.12.1 vsftpd-debugsource-3.0.5-150200.12.12.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): vsftpd-3.0.5-150200.12.12.1 vsftpd-debuginfo-3.0.5-150200.12.12.1 vsftpd-debugsource-3.0.5-150200.12.12.1 References: https://bugzilla.suse.com/1196918 From sle-updates at lists.suse.com Tue Nov 8 17:28:30 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 8 Nov 2022 18:28:30 +0100 (CET) Subject: SUSE-RU-2022:3909-1: moderate: Recommended update for crmsh Message-ID: <20221108172830.5FA4AFDD7@maintenance.suse.de> SUSE Recommended Update: Recommended update for crmsh ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:3909-1 Rating: moderate References: #1196726 #1202465 #1202655 #1204670 Affected Products: SUSE Linux Enterprise High Availability 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has four recommended fixes can now be installed. Description: This update for crmsh fixes the following issues: - Update to version 4.4.0+20221028.3e41444: * Packaging: create /var/log/crmsh with tmpfiles.d * Fix: log: ownership and mode of log files should be set in RotatingFileHandler * Fix: crmsh not working when using ACL * fix: log: fail to open log file even if user is in haclient group (bsc#1204670) * Dev: bootstrap: Show remote node name when stopping service remotely * Dev: parallax: Add LogLevel=error ssh option to filter out warnings (bsc#1196726) * Revert "Only raise exception when return code of systemctl ssh command is larger than 4 (bsc#1196726)" (bsc#1202655) * configure: refresh cib before showing or modifying if no pending changes has been made (bsc#1202465) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-3909=1 - SUSE Linux Enterprise High Availability 15-SP4: zypper in -t patch SUSE-SLE-Product-HA-15-SP4-2022-3909=1 Package List: - openSUSE Leap 15.4 (noarch): crmsh-4.4.0+20221028.3e41444-150400.3.9.1 crmsh-scripts-4.4.0+20221028.3e41444-150400.3.9.1 crmsh-test-4.4.0+20221028.3e41444-150400.3.9.1 - SUSE Linux Enterprise High Availability 15-SP4 (noarch): crmsh-4.4.0+20221028.3e41444-150400.3.9.1 crmsh-scripts-4.4.0+20221028.3e41444-150400.3.9.1 References: https://bugzilla.suse.com/1196726 https://bugzilla.suse.com/1202465 https://bugzilla.suse.com/1202655 https://bugzilla.suse.com/1204670 From sle-updates at lists.suse.com Tue Nov 8 17:30:10 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 8 Nov 2022 18:30:10 +0100 (CET) Subject: SUSE-SU-2022:3912-1: important: Security update for expat Message-ID: <20221108173010.4ABC5FDD7@maintenance.suse.de> SUSE Security Update: Security update for expat ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3912-1 Rating: important References: #1204708 Cross-References: CVE-2022-43680 CVSS scores: CVE-2022-43680 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-43680 (SUSE): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Enterprise Storage 7 SUSE Enterprise Storage 7.1 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.1 SUSE Manager Retail Branch Server 4.2 SUSE Manager Server 4.1 SUSE Manager Server 4.2 openSUSE Leap 15.3 openSUSE Leap Micro 5.2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for expat fixes the following issues: - CVE-2022-43680: Fixed use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate (bsc#1204708). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap Micro 5.2: zypper in -t patch openSUSE-Leap-Micro-5.2-2022-3912=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-3912=1 - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-3912=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-3912=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-3912=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-3912=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-3912=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-3912=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-3912=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-3912=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-3912=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-3912=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2022-3912=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-3912=1 - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-3912=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-3912=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-3912=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-3912=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-3912=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-3912=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-3912=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-3912=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-3912=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-3912=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - openSUSE Leap Micro 5.2 (aarch64 x86_64): expat-debuginfo-2.2.5-150000.3.25.1 expat-debugsource-2.2.5-150000.3.25.1 libexpat1-2.2.5-150000.3.25.1 libexpat1-debuginfo-2.2.5-150000.3.25.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): expat-2.2.5-150000.3.25.1 expat-debuginfo-2.2.5-150000.3.25.1 expat-debugsource-2.2.5-150000.3.25.1 libexpat-devel-2.2.5-150000.3.25.1 libexpat1-2.2.5-150000.3.25.1 libexpat1-debuginfo-2.2.5-150000.3.25.1 - openSUSE Leap 15.3 (x86_64): expat-32bit-debuginfo-2.2.5-150000.3.25.1 libexpat-devel-32bit-2.2.5-150000.3.25.1 libexpat1-32bit-2.2.5-150000.3.25.1 libexpat1-32bit-debuginfo-2.2.5-150000.3.25.1 - SUSE Manager Server 4.1 (ppc64le s390x x86_64): expat-2.2.5-150000.3.25.1 expat-debuginfo-2.2.5-150000.3.25.1 expat-debugsource-2.2.5-150000.3.25.1 libexpat-devel-2.2.5-150000.3.25.1 libexpat1-2.2.5-150000.3.25.1 libexpat1-debuginfo-2.2.5-150000.3.25.1 - SUSE Manager Server 4.1 (x86_64): expat-32bit-debuginfo-2.2.5-150000.3.25.1 libexpat1-32bit-2.2.5-150000.3.25.1 libexpat1-32bit-debuginfo-2.2.5-150000.3.25.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): expat-2.2.5-150000.3.25.1 expat-32bit-debuginfo-2.2.5-150000.3.25.1 expat-debuginfo-2.2.5-150000.3.25.1 expat-debugsource-2.2.5-150000.3.25.1 libexpat-devel-2.2.5-150000.3.25.1 libexpat1-2.2.5-150000.3.25.1 libexpat1-32bit-2.2.5-150000.3.25.1 libexpat1-32bit-debuginfo-2.2.5-150000.3.25.1 libexpat1-debuginfo-2.2.5-150000.3.25.1 - SUSE Manager Proxy 4.1 (x86_64): expat-2.2.5-150000.3.25.1 expat-32bit-debuginfo-2.2.5-150000.3.25.1 expat-debuginfo-2.2.5-150000.3.25.1 expat-debugsource-2.2.5-150000.3.25.1 libexpat-devel-2.2.5-150000.3.25.1 libexpat1-2.2.5-150000.3.25.1 libexpat1-32bit-2.2.5-150000.3.25.1 libexpat1-32bit-debuginfo-2.2.5-150000.3.25.1 libexpat1-debuginfo-2.2.5-150000.3.25.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): expat-2.2.5-150000.3.25.1 expat-debuginfo-2.2.5-150000.3.25.1 expat-debugsource-2.2.5-150000.3.25.1 libexpat-devel-2.2.5-150000.3.25.1 libexpat1-2.2.5-150000.3.25.1 libexpat1-debuginfo-2.2.5-150000.3.25.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (x86_64): expat-32bit-debuginfo-2.2.5-150000.3.25.1 libexpat1-32bit-2.2.5-150000.3.25.1 libexpat1-32bit-debuginfo-2.2.5-150000.3.25.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): expat-2.2.5-150000.3.25.1 expat-debuginfo-2.2.5-150000.3.25.1 expat-debugsource-2.2.5-150000.3.25.1 libexpat-devel-2.2.5-150000.3.25.1 libexpat1-2.2.5-150000.3.25.1 libexpat1-debuginfo-2.2.5-150000.3.25.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (x86_64): expat-32bit-debuginfo-2.2.5-150000.3.25.1 libexpat1-32bit-2.2.5-150000.3.25.1 libexpat1-32bit-debuginfo-2.2.5-150000.3.25.1 - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): expat-2.2.5-150000.3.25.1 expat-debuginfo-2.2.5-150000.3.25.1 expat-debugsource-2.2.5-150000.3.25.1 libexpat-devel-2.2.5-150000.3.25.1 libexpat1-2.2.5-150000.3.25.1 libexpat1-debuginfo-2.2.5-150000.3.25.1 - SUSE Linux Enterprise Server for SAP 15 (x86_64): expat-32bit-debuginfo-2.2.5-150000.3.25.1 libexpat1-32bit-2.2.5-150000.3.25.1 libexpat1-32bit-debuginfo-2.2.5-150000.3.25.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): expat-2.2.5-150000.3.25.1 expat-debuginfo-2.2.5-150000.3.25.1 expat-debugsource-2.2.5-150000.3.25.1 libexpat-devel-2.2.5-150000.3.25.1 libexpat1-2.2.5-150000.3.25.1 libexpat1-debuginfo-2.2.5-150000.3.25.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (x86_64): expat-32bit-debuginfo-2.2.5-150000.3.25.1 libexpat1-32bit-2.2.5-150000.3.25.1 libexpat1-32bit-debuginfo-2.2.5-150000.3.25.1 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): expat-2.2.5-150000.3.25.1 expat-32bit-debuginfo-2.2.5-150000.3.25.1 expat-debuginfo-2.2.5-150000.3.25.1 expat-debugsource-2.2.5-150000.3.25.1 libexpat-devel-2.2.5-150000.3.25.1 libexpat1-2.2.5-150000.3.25.1 libexpat1-32bit-2.2.5-150000.3.25.1 libexpat1-32bit-debuginfo-2.2.5-150000.3.25.1 libexpat1-debuginfo-2.2.5-150000.3.25.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): expat-2.2.5-150000.3.25.1 expat-debuginfo-2.2.5-150000.3.25.1 expat-debugsource-2.2.5-150000.3.25.1 libexpat-devel-2.2.5-150000.3.25.1 libexpat1-2.2.5-150000.3.25.1 libexpat1-debuginfo-2.2.5-150000.3.25.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (x86_64): expat-32bit-debuginfo-2.2.5-150000.3.25.1 libexpat1-32bit-2.2.5-150000.3.25.1 libexpat1-32bit-debuginfo-2.2.5-150000.3.25.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): expat-2.2.5-150000.3.25.1 expat-32bit-debuginfo-2.2.5-150000.3.25.1 expat-debuginfo-2.2.5-150000.3.25.1 expat-debugsource-2.2.5-150000.3.25.1 libexpat-devel-2.2.5-150000.3.25.1 libexpat1-2.2.5-150000.3.25.1 libexpat1-32bit-2.2.5-150000.3.25.1 libexpat1-32bit-debuginfo-2.2.5-150000.3.25.1 libexpat1-debuginfo-2.2.5-150000.3.25.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): expat-2.2.5-150000.3.25.1 expat-debuginfo-2.2.5-150000.3.25.1 expat-debugsource-2.2.5-150000.3.25.1 libexpat-devel-2.2.5-150000.3.25.1 libexpat1-2.2.5-150000.3.25.1 libexpat1-debuginfo-2.2.5-150000.3.25.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): expat-2.2.5-150000.3.25.1 expat-debuginfo-2.2.5-150000.3.25.1 expat-debugsource-2.2.5-150000.3.25.1 libexpat-devel-2.2.5-150000.3.25.1 libexpat1-2.2.5-150000.3.25.1 libexpat1-debuginfo-2.2.5-150000.3.25.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (x86_64): expat-32bit-debuginfo-2.2.5-150000.3.25.1 libexpat1-32bit-2.2.5-150000.3.25.1 libexpat1-32bit-debuginfo-2.2.5-150000.3.25.1 - SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64): expat-debuginfo-2.2.5-150000.3.25.1 expat-debugsource-2.2.5-150000.3.25.1 libexpat1-2.2.5-150000.3.25.1 libexpat1-debuginfo-2.2.5-150000.3.25.1 - SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64): expat-debuginfo-2.2.5-150000.3.25.1 expat-debugsource-2.2.5-150000.3.25.1 libexpat1-2.2.5-150000.3.25.1 libexpat1-debuginfo-2.2.5-150000.3.25.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): expat-2.2.5-150000.3.25.1 expat-debuginfo-2.2.5-150000.3.25.1 expat-debugsource-2.2.5-150000.3.25.1 libexpat-devel-2.2.5-150000.3.25.1 libexpat1-2.2.5-150000.3.25.1 libexpat1-debuginfo-2.2.5-150000.3.25.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (x86_64): expat-32bit-debuginfo-2.2.5-150000.3.25.1 libexpat1-32bit-2.2.5-150000.3.25.1 libexpat1-32bit-debuginfo-2.2.5-150000.3.25.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): expat-2.2.5-150000.3.25.1 expat-debuginfo-2.2.5-150000.3.25.1 expat-debugsource-2.2.5-150000.3.25.1 libexpat-devel-2.2.5-150000.3.25.1 libexpat1-2.2.5-150000.3.25.1 libexpat1-debuginfo-2.2.5-150000.3.25.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (x86_64): expat-32bit-debuginfo-2.2.5-150000.3.25.1 libexpat1-32bit-2.2.5-150000.3.25.1 libexpat1-32bit-debuginfo-2.2.5-150000.3.25.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): expat-2.2.5-150000.3.25.1 expat-debuginfo-2.2.5-150000.3.25.1 expat-debugsource-2.2.5-150000.3.25.1 libexpat-devel-2.2.5-150000.3.25.1 libexpat1-2.2.5-150000.3.25.1 libexpat1-debuginfo-2.2.5-150000.3.25.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (x86_64): expat-32bit-debuginfo-2.2.5-150000.3.25.1 libexpat1-32bit-2.2.5-150000.3.25.1 libexpat1-32bit-debuginfo-2.2.5-150000.3.25.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): expat-2.2.5-150000.3.25.1 expat-debuginfo-2.2.5-150000.3.25.1 expat-debugsource-2.2.5-150000.3.25.1 libexpat-devel-2.2.5-150000.3.25.1 libexpat1-2.2.5-150000.3.25.1 libexpat1-debuginfo-2.2.5-150000.3.25.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (x86_64): expat-32bit-debuginfo-2.2.5-150000.3.25.1 libexpat1-32bit-2.2.5-150000.3.25.1 libexpat1-32bit-debuginfo-2.2.5-150000.3.25.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): expat-2.2.5-150000.3.25.1 expat-debuginfo-2.2.5-150000.3.25.1 expat-debugsource-2.2.5-150000.3.25.1 libexpat-devel-2.2.5-150000.3.25.1 libexpat1-2.2.5-150000.3.25.1 libexpat1-debuginfo-2.2.5-150000.3.25.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (x86_64): expat-32bit-debuginfo-2.2.5-150000.3.25.1 libexpat1-32bit-2.2.5-150000.3.25.1 libexpat1-32bit-debuginfo-2.2.5-150000.3.25.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): expat-2.2.5-150000.3.25.1 expat-debuginfo-2.2.5-150000.3.25.1 expat-debugsource-2.2.5-150000.3.25.1 libexpat-devel-2.2.5-150000.3.25.1 libexpat1-2.2.5-150000.3.25.1 libexpat1-debuginfo-2.2.5-150000.3.25.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (x86_64): expat-32bit-debuginfo-2.2.5-150000.3.25.1 libexpat1-32bit-2.2.5-150000.3.25.1 libexpat1-32bit-debuginfo-2.2.5-150000.3.25.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): expat-2.2.5-150000.3.25.1 expat-debuginfo-2.2.5-150000.3.25.1 expat-debugsource-2.2.5-150000.3.25.1 libexpat-devel-2.2.5-150000.3.25.1 libexpat1-2.2.5-150000.3.25.1 libexpat1-debuginfo-2.2.5-150000.3.25.1 - SUSE Enterprise Storage 7 (x86_64): expat-32bit-debuginfo-2.2.5-150000.3.25.1 libexpat1-32bit-2.2.5-150000.3.25.1 libexpat1-32bit-debuginfo-2.2.5-150000.3.25.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): expat-2.2.5-150000.3.25.1 expat-debuginfo-2.2.5-150000.3.25.1 expat-debugsource-2.2.5-150000.3.25.1 libexpat-devel-2.2.5-150000.3.25.1 libexpat1-2.2.5-150000.3.25.1 libexpat1-debuginfo-2.2.5-150000.3.25.1 - SUSE Enterprise Storage 6 (x86_64): expat-32bit-debuginfo-2.2.5-150000.3.25.1 libexpat1-32bit-2.2.5-150000.3.25.1 libexpat1-32bit-debuginfo-2.2.5-150000.3.25.1 - SUSE CaaS Platform 4.0 (x86_64): expat-2.2.5-150000.3.25.1 expat-32bit-debuginfo-2.2.5-150000.3.25.1 expat-debuginfo-2.2.5-150000.3.25.1 expat-debugsource-2.2.5-150000.3.25.1 libexpat-devel-2.2.5-150000.3.25.1 libexpat1-2.2.5-150000.3.25.1 libexpat1-32bit-2.2.5-150000.3.25.1 libexpat1-32bit-debuginfo-2.2.5-150000.3.25.1 libexpat1-debuginfo-2.2.5-150000.3.25.1 References: https://www.suse.com/security/cve/CVE-2022-43680.html https://bugzilla.suse.com/1204708 From sle-updates at lists.suse.com Tue Nov 8 17:31:41 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 8 Nov 2022 18:31:41 +0100 (CET) Subject: SUSE-SU-2022:3915-1: moderate: Security update for vsftpd Message-ID: <20221108173141.6C4D4FDD7@maintenance.suse.de> SUSE Security Update: Security update for vsftpd ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3915-1 Rating: moderate References: #1196918 SLE-24275 Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Server Applications 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that contains security fixes and contains one feature can now be installed. Description: This update for vsftpd fixes the following issues: Bugfixes: - Removed unsupported systemd hardening options (bsc#1196918). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-3915=1 - SUSE Linux Enterprise Module for Server Applications 15-SP4: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP4-2022-3915=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): vsftpd-3.0.5-150400.3.6.1 vsftpd-debuginfo-3.0.5-150400.3.6.1 vsftpd-debugsource-3.0.5-150400.3.6.1 - SUSE Linux Enterprise Module for Server Applications 15-SP4 (aarch64 ppc64le s390x x86_64): vsftpd-3.0.5-150400.3.6.1 vsftpd-debuginfo-3.0.5-150400.3.6.1 vsftpd-debugsource-3.0.5-150400.3.6.1 References: https://bugzilla.suse.com/1196918 From sle-updates at lists.suse.com Tue Nov 8 17:32:30 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 8 Nov 2022 18:32:30 +0100 (CET) Subject: SUSE-SU-2022:3916-1: moderate: Security update for gstreamer-0_10-plugins-base Message-ID: <20221108173230.62FC6FDD7@maintenance.suse.de> SUSE Security Update: Security update for gstreamer-0_10-plugins-base ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3916-1 Rating: moderate References: #1185448 Cross-References: CVE-2021-3522 CVSS scores: CVE-2021-3522 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2021-3522 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Desktop 12-SP5 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Workstation Extension 12-SP5 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for gstreamer-0_10-plugins-base fixes the following issues: - CVE-2021-3522: Fixed frame size check and potential invalid reads (bsc#1185448). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP5: zypper in -t patch SUSE-SLE-WE-12-SP5-2022-3916=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-3916=1 Package List: - SUSE Linux Enterprise Workstation Extension 12-SP5 (x86_64): gstreamer-0_10-plugins-base-0.10.36-18.6.1 gstreamer-0_10-plugins-base-32bit-0.10.36-18.6.1 gstreamer-0_10-plugins-base-debuginfo-0.10.36-18.6.1 gstreamer-0_10-plugins-base-debuginfo-32bit-0.10.36-18.6.1 gstreamer-0_10-plugins-base-debugsource-0.10.36-18.6.1 libgstapp-0_10-0-0.10.36-18.6.1 libgstapp-0_10-0-32bit-0.10.36-18.6.1 libgstapp-0_10-0-debuginfo-0.10.36-18.6.1 libgstapp-0_10-0-debuginfo-32bit-0.10.36-18.6.1 libgstinterfaces-0_10-0-0.10.36-18.6.1 libgstinterfaces-0_10-0-32bit-0.10.36-18.6.1 libgstinterfaces-0_10-0-debuginfo-0.10.36-18.6.1 libgstinterfaces-0_10-0-debuginfo-32bit-0.10.36-18.6.1 - SUSE Linux Enterprise Workstation Extension 12-SP5 (noarch): gstreamer-0_10-plugins-base-lang-0.10.36-18.6.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): gstreamer-0_10-plugins-base-debuginfo-0.10.36-18.6.1 gstreamer-0_10-plugins-base-debugsource-0.10.36-18.6.1 gstreamer-0_10-plugins-base-devel-0.10.36-18.6.1 typelib-1_0-GstApp-0_10-0.10.36-18.6.1 typelib-1_0-GstInterfaces-0_10-0.10.36-18.6.1 References: https://www.suse.com/security/cve/CVE-2021-3522.html https://bugzilla.suse.com/1185448 From sle-updates at lists.suse.com Tue Nov 8 17:33:30 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 8 Nov 2022 18:33:30 +0100 (CET) Subject: SUSE-SU-2022:3914-1: moderate: Security update for vsftpd Message-ID: <20221108173330.3D613FDD7@maintenance.suse.de> SUSE Security Update: Security update for vsftpd ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3914-1 Rating: moderate References: #1196918 SLE-24275 Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server for SAP 15-SP1 ______________________________________________________________________________ An update that contains security fixes and contains one feature can now be installed. Description: This update for vsftpd fixes the following issues: Bugfixes: - Removed unsupported systemd hardening options (bsc#1196918). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-3914=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-3914=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-3914=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-3914=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2022-3914=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-3914=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-3914=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-3914=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-3914=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-3914=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): vsftpd-3.0.5-150000.7.22.1 vsftpd-debuginfo-3.0.5-150000.7.22.1 vsftpd-debugsource-3.0.5-150000.7.22.1 - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): vsftpd-3.0.5-150000.7.22.1 vsftpd-debuginfo-3.0.5-150000.7.22.1 vsftpd-debugsource-3.0.5-150000.7.22.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): vsftpd-3.0.5-150000.7.22.1 vsftpd-debuginfo-3.0.5-150000.7.22.1 vsftpd-debugsource-3.0.5-150000.7.22.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): vsftpd-3.0.5-150000.7.22.1 vsftpd-debuginfo-3.0.5-150000.7.22.1 vsftpd-debugsource-3.0.5-150000.7.22.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): vsftpd-3.0.5-150000.7.22.1 vsftpd-debuginfo-3.0.5-150000.7.22.1 vsftpd-debugsource-3.0.5-150000.7.22.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): vsftpd-3.0.5-150000.7.22.1 vsftpd-debuginfo-3.0.5-150000.7.22.1 vsftpd-debugsource-3.0.5-150000.7.22.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): vsftpd-3.0.5-150000.7.22.1 vsftpd-debuginfo-3.0.5-150000.7.22.1 vsftpd-debugsource-3.0.5-150000.7.22.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): vsftpd-3.0.5-150000.7.22.1 vsftpd-debuginfo-3.0.5-150000.7.22.1 vsftpd-debugsource-3.0.5-150000.7.22.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): vsftpd-3.0.5-150000.7.22.1 vsftpd-debuginfo-3.0.5-150000.7.22.1 vsftpd-debugsource-3.0.5-150000.7.22.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): vsftpd-3.0.5-150000.7.22.1 vsftpd-debuginfo-3.0.5-150000.7.22.1 vsftpd-debugsource-3.0.5-150000.7.22.1 - SUSE CaaS Platform 4.0 (x86_64): vsftpd-3.0.5-150000.7.22.1 vsftpd-debuginfo-3.0.5-150000.7.22.1 vsftpd-debugsource-3.0.5-150000.7.22.1 References: https://bugzilla.suse.com/1196918 From sle-updates at lists.suse.com Tue Nov 8 20:21:25 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 8 Nov 2022 21:21:25 +0100 (CET) Subject: SUSE-RU-2022:3917-1: moderate: Recommended update for python-azure-agent Message-ID: <20221108202125.159D9FDD6@maintenance.suse.de> SUSE Recommended Update: Recommended update for python-azure-agent ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:3917-1 Rating: moderate References: #1203164 #1203181 PED-1298 Affected Products: SUSE Enterprise Storage 6 SUSE Enterprise Storage 7 SUSE Enterprise Storage 7.1 SUSE Linux Enterprise High Performance Computing 15-SP1 SUSE Linux Enterprise High Performance Computing 15-SP2 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Module for Public Cloud 15-SP1 SUSE Linux Enterprise Module for Public Cloud 15-SP2 SUSE Linux Enterprise Module for Public Cloud 15-SP3 SUSE Linux Enterprise Module for Public Cloud 15-SP4 SUSE Linux Enterprise Server 15-SP1 SUSE Linux Enterprise Server 15-SP2 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP1 SUSE Linux Enterprise Server for SAP Applications 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.0 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.0 SUSE Manager Retail Branch Server 4.1 SUSE Manager Retail Branch Server 4.2 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.0 SUSE Manager Server 4.1 SUSE Manager Server 4.2 SUSE Manager Server 4.3 openSUSE Leap 15.3 openSUSE Leap 15.4 openSUSE Leap Micro 5.2 ______________________________________________________________________________ An update that has two recommended fixes and contains one feature can now be installed. Description: This update for python-azure-agent fixes the following issues: - Properly set OS.EnableRDMA flag (bsc#1203181) - Update to version 2.8.0.11 (bsc#1203164) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap Micro 5.2: zypper in -t patch openSUSE-Leap-Micro-5.2-2022-3917=1 - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-3917=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-3917=1 - SUSE Linux Enterprise Module for Public Cloud 15-SP4: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP4-2022-3917=1 - SUSE Linux Enterprise Module for Public Cloud 15-SP3: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP3-2022-3917=1 - SUSE Linux Enterprise Module for Public Cloud 15-SP2: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP2-2022-3917=1 - SUSE Linux Enterprise Module for Public Cloud 15-SP1: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP1-2022-3917=1 - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-3917=1 Package List: - openSUSE Leap Micro 5.2 (noarch): python-azure-agent-2.8.0.11-150100.3.26.1 - openSUSE Leap 15.4 (noarch): python-azure-agent-2.8.0.11-150100.3.26.1 python-azure-agent-test-2.8.0.11-150100.3.26.1 - openSUSE Leap 15.3 (noarch): python-azure-agent-2.8.0.11-150100.3.26.1 python-azure-agent-test-2.8.0.11-150100.3.26.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP4 (noarch): python-azure-agent-2.8.0.11-150100.3.26.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP3 (noarch): python-azure-agent-2.8.0.11-150100.3.26.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP2 (noarch): python-azure-agent-2.8.0.11-150100.3.26.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP1 (noarch): python-azure-agent-2.8.0.11-150100.3.26.1 - SUSE Linux Enterprise Micro 5.2 (noarch): python-azure-agent-2.8.0.11-150100.3.26.1 References: https://bugzilla.suse.com/1203164 https://bugzilla.suse.com/1203181 From sle-updates at lists.suse.com Tue Nov 8 20:22:20 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 8 Nov 2022 21:22:20 +0100 (CET) Subject: SUSE-RU-2022:3918-1: moderate: Recommended update for python-azure-agent Message-ID: <20221108202220.25922FDD6@maintenance.suse.de> SUSE Recommended Update: Recommended update for python-azure-agent ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:3918-1 Rating: moderate References: #1203164 #1203181 PED-1298 Affected Products: SUSE Linux Enterprise High Performance Computing 12 SUSE Linux Enterprise Module for Public Cloud 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP Applications 12 SUSE Linux Enterprise Server for SAP Applications 12-SP3 SUSE Linux Enterprise Server for SAP Applications 12-SP4 SUSE Linux Enterprise Server for SAP Applications 12-SP5 ______________________________________________________________________________ An update that has two recommended fixes and contains one feature can now be installed. Description: This update for python-azure-agent fixes the following issues: - Properly set OS.EnableRDMA flag (bsc#1203181) - Update to version 2.8.0.11 (bsc#1203164) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2022-3918=1 Package List: - SUSE Linux Enterprise Module for Public Cloud 12 (noarch): python-azure-agent-2.8.0.11-34.41.1 References: https://bugzilla.suse.com/1203164 https://bugzilla.suse.com/1203181 From sle-updates at lists.suse.com Tue Nov 8 20:23:01 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 8 Nov 2022 21:23:01 +0100 (CET) Subject: SUSE-SU-2022:3920-1: important: Security update for containerized data importer Message-ID: <20221108202301.C3AE7FDD6@maintenance.suse.de> SUSE Security Update: Security update for containerized data importer ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3920-1 Rating: important References: Affected Products: SUSE Enterprise Storage 7.1 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Module for Containers 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update of containerized data importer images rebases the containers against the current base images to resolve security issues. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-3920=1 - SUSE Linux Enterprise Module for Containers 15-SP3: zypper in -t patch SUSE-SLE-Module-Containers-15-SP3-2022-3920=1 Package List: - openSUSE Leap 15.3 (x86_64): containerized-data-importer-api-1.43.2-150300.8.11.1 containerized-data-importer-api-debuginfo-1.43.2-150300.8.11.1 containerized-data-importer-cloner-1.43.2-150300.8.11.1 containerized-data-importer-cloner-debuginfo-1.43.2-150300.8.11.1 containerized-data-importer-controller-1.43.2-150300.8.11.1 containerized-data-importer-controller-debuginfo-1.43.2-150300.8.11.1 containerized-data-importer-importer-1.43.2-150300.8.11.1 containerized-data-importer-importer-debuginfo-1.43.2-150300.8.11.1 containerized-data-importer-manifests-1.43.2-150300.8.11.1 containerized-data-importer-operator-1.43.2-150300.8.11.1 containerized-data-importer-operator-debuginfo-1.43.2-150300.8.11.1 containerized-data-importer-uploadproxy-1.43.2-150300.8.11.1 containerized-data-importer-uploadproxy-debuginfo-1.43.2-150300.8.11.1 containerized-data-importer-uploadserver-1.43.2-150300.8.11.1 containerized-data-importer-uploadserver-debuginfo-1.43.2-150300.8.11.1 obs-service-cdi_containers_meta-1.43.2-150300.8.11.1 - SUSE Linux Enterprise Module for Containers 15-SP3 (x86_64): containerized-data-importer-manifests-1.43.2-150300.8.11.1 References: From sle-updates at lists.suse.com Tue Nov 8 20:23:33 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 8 Nov 2022 21:23:33 +0100 (CET) Subject: SUSE-SU-2022:3919-1: important: Security update for kubevirt Message-ID: <20221108202333.DE87EFDD6@maintenance.suse.de> SUSE Security Update: Security update for kubevirt ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3919-1 Rating: important References: Affected Products: SUSE Enterprise Storage 7.1 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Module for Containers 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update rebuilds the kubevirt stack to include recent security updates in its basecontainers. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-3919=1 - SUSE Linux Enterprise Module for Containers 15-SP3: zypper in -t patch SUSE-SLE-Module-Containers-15-SP3-2022-3919=1 Package List: - openSUSE Leap 15.3 (x86_64): kubevirt-container-disk-0.49.0-150300.8.15.1 kubevirt-container-disk-debuginfo-0.49.0-150300.8.15.1 kubevirt-manifests-0.49.0-150300.8.15.1 kubevirt-tests-0.49.0-150300.8.15.1 kubevirt-tests-debuginfo-0.49.0-150300.8.15.1 kubevirt-virt-api-0.49.0-150300.8.15.1 kubevirt-virt-api-debuginfo-0.49.0-150300.8.15.1 kubevirt-virt-controller-0.49.0-150300.8.15.1 kubevirt-virt-controller-debuginfo-0.49.0-150300.8.15.1 kubevirt-virt-handler-0.49.0-150300.8.15.1 kubevirt-virt-handler-debuginfo-0.49.0-150300.8.15.1 kubevirt-virt-launcher-0.49.0-150300.8.15.1 kubevirt-virt-launcher-debuginfo-0.49.0-150300.8.15.1 kubevirt-virt-operator-0.49.0-150300.8.15.1 kubevirt-virt-operator-debuginfo-0.49.0-150300.8.15.1 kubevirt-virtctl-0.49.0-150300.8.15.1 kubevirt-virtctl-debuginfo-0.49.0-150300.8.15.1 obs-service-kubevirt_containers_meta-0.49.0-150300.8.15.1 - SUSE Linux Enterprise Module for Containers 15-SP3 (x86_64): kubevirt-manifests-0.49.0-150300.8.15.1 kubevirt-virtctl-0.49.0-150300.8.15.1 kubevirt-virtctl-debuginfo-0.49.0-150300.8.15.1 References: From sle-updates at lists.suse.com Wed Nov 9 08:26:47 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 9 Nov 2022 09:26:47 +0100 (CET) Subject: SUSE-CU-2022:2872-1: Security update of suse/sle-micro/5.3/toolbox Message-ID: <20221109082647.1C71DFDB8@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.3/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2872-1 Container Tags : suse/sle-micro/5.3/toolbox:11.1 , suse/sle-micro/5.3/toolbox:11.1-5.2.28 , suse/sle-micro/5.3/toolbox:latest Container Release : 5.2.28 Severity : important Type : security References : 1204708 CVE-2022-43680 ----------------------------------------------------------------- The container suse/sle-micro/5.3/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3884-1 Released: Mon Nov 7 10:59:26 2022 Summary: Security update for expat Type: security Severity: important References: 1204708,CVE-2022-43680 This update for expat fixes the following issues: - CVE-2022-43680: Fixed use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate (bsc#1204708). The following package changes have been done: - libexpat1-2.4.4-150400.3.12.1 updated From sle-updates at lists.suse.com Wed Nov 9 08:39:51 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 9 Nov 2022 09:39:51 +0100 (CET) Subject: SUSE-CU-2022:2873-1: Recommended update of suse/sles12sp4 Message-ID: <20221109083951.99366FDB8@maintenance.suse.de> SUSE Container Update Advisory: suse/sles12sp4 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2873-1 Container Tags : suse/sles12sp4:26.528 , suse/sles12sp4:latest Container Release : 26.528 Severity : moderate Type : recommended References : 1180995 ----------------------------------------------------------------- The container suse/sles12sp4 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3903-1 Released: Tue Nov 8 10:51:02 2022 Summary: Recommended update for openssl-1_0_0 Type: recommended Severity: moderate References: 1180995 This update for openssl-1_0_0 fixes the following issues: - Default to RFC7919 groups when generating ECDH parameters using 'genpkey' or 'dhparam' in FIPS mode (bsc#1180995) The following package changes have been done: - base-container-licenses-3.0-1.325 updated - container-suseconnect-2.0.0-1.210 updated - libopenssl1_0_0-1.0.2p-3.59.1 updated - openssl-1_0_0-1.0.2p-3.59.1 updated From sle-updates at lists.suse.com Wed Nov 9 08:49:57 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 9 Nov 2022 09:49:57 +0100 (CET) Subject: SUSE-CU-2022:2874-1: Recommended update of suse/sles12sp5 Message-ID: <20221109084957.A5317FDB8@maintenance.suse.de> SUSE Container Update Advisory: suse/sles12sp5 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2874-1 Container Tags : suse/sles12sp5:6.5.398 , suse/sles12sp5:latest Container Release : 6.5.398 Severity : moderate Type : recommended References : 1180995 ----------------------------------------------------------------- The container suse/sles12sp5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3903-1 Released: Tue Nov 8 10:51:02 2022 Summary: Recommended update for openssl-1_0_0 Type: recommended Severity: moderate References: 1180995 This update for openssl-1_0_0 fixes the following issues: - Default to RFC7919 groups when generating ECDH parameters using 'genpkey' or 'dhparam' in FIPS mode (bsc#1180995) The following package changes have been done: - libopenssl1_0_0-1.0.2p-3.59.1 updated - openssl-1_0_0-1.0.2p-3.59.1 updated From sle-updates at lists.suse.com Wed Nov 9 09:16:33 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 9 Nov 2022 10:16:33 +0100 (CET) Subject: SUSE-CU-2022:2875-1: Recommended update of suse/sle15 Message-ID: <20221109091633.F38A8FDB8@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2875-1 Container Tags : suse/sle15:15.0 , suse/sle15:15.0.4.22.637 Container Release : 4.22.637 Severity : important Type : recommended References : 1196840 1199492 1199918 1199926 1199927 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3905-1 Released: Tue Nov 8 12:23:17 2022 Summary: Recommended update for aaa_base Type: recommended Severity: important References: 1196840,1199492,1199918,1199926,1199927 This update for aaa_base and iputils fixes the following issues: aaa_base: - Failures in ping for SUSE Linux Enterprise 15 and 15 SP1 due to sysctl setting for ping_group_range (bsc#1199926, bsc#1199927) - The wrapper rootsh is not a restricted shell (bsc#1199492) iputils: - Fix device binding on ping6 for ICMP datagram socket. (bsc#1196840, bsc#1199918, bsc#1199926, bsc#1199927) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3910-1 Released: Tue Nov 8 13:05:04 2022 Summary: Recommended update for pam Type: recommended Severity: moderate References: This update for pam fixes the following issue: - Update pam_motd to the most current version. (PED-1712) The following package changes have been done: - aaa_base-84.87+git20180409.04c9dae-150000.3.60.1 updated - pam-1.3.0-150000.6.61.1 updated From sle-updates at lists.suse.com Wed Nov 9 09:38:34 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 9 Nov 2022 10:38:34 +0100 (CET) Subject: SUSE-CU-2022:2876-1: Recommended update of suse/sle15 Message-ID: <20221109093834.32E71FDD6@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2876-1 Container Tags : suse/sle15:15.1 , suse/sle15:15.1.6.2.701 Container Release : 6.2.701 Severity : important Type : recommended References : 1196840 1199492 1199918 1199926 1199927 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3905-1 Released: Tue Nov 8 12:23:17 2022 Summary: Recommended update for aaa_base Type: recommended Severity: important References: 1196840,1199492,1199918,1199926,1199927 This update for aaa_base and iputils fixes the following issues: aaa_base: - Failures in ping for SUSE Linux Enterprise 15 and 15 SP1 due to sysctl setting for ping_group_range (bsc#1199926, bsc#1199927) - The wrapper rootsh is not a restricted shell (bsc#1199492) iputils: - Fix device binding on ping6 for ICMP datagram socket. (bsc#1196840, bsc#1199918, bsc#1199926, bsc#1199927) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3910-1 Released: Tue Nov 8 13:05:04 2022 Summary: Recommended update for pam Type: recommended Severity: moderate References: This update for pam fixes the following issue: - Update pam_motd to the most current version. (PED-1712) The following package changes have been done: - aaa_base-84.87+git20180409.04c9dae-150000.3.60.1 updated - pam-1.3.0-150000.6.61.1 updated From sle-updates at lists.suse.com Wed Nov 9 09:54:37 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 9 Nov 2022 10:54:37 +0100 (CET) Subject: SUSE-CU-2022:2877-1: Recommended update of suse/sle15 Message-ID: <20221109095437.B7630FDB8@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2877-1 Container Tags : suse/sle15:15.2 , suse/sle15:15.2.9.5.222 Container Release : 9.5.222 Severity : important Type : recommended References : 1180995 1196840 1199492 1199918 1199926 1199927 1203046 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3901-1 Released: Tue Nov 8 10:50:06 2022 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1180995,1203046 This update for openssl-1_1 fixes the following issues: - Default to RFC7919 groups when generating ECDH parameters using 'genpkey' or 'dhparam' in FIPS mode (bsc#1180995) - Fix memory leaks (bsc#1203046) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3905-1 Released: Tue Nov 8 12:23:17 2022 Summary: Recommended update for aaa_base Type: recommended Severity: important References: 1196840,1199492,1199918,1199926,1199927 This update for aaa_base and iputils fixes the following issues: aaa_base: - Failures in ping for SUSE Linux Enterprise 15 and 15 SP1 due to sysctl setting for ping_group_range (bsc#1199926, bsc#1199927) - The wrapper rootsh is not a restricted shell (bsc#1199492) iputils: - Fix device binding on ping6 for ICMP datagram socket. (bsc#1196840, bsc#1199918, bsc#1199926, bsc#1199927) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3910-1 Released: Tue Nov 8 13:05:04 2022 Summary: Recommended update for pam Type: recommended Severity: moderate References: This update for pam fixes the following issue: - Update pam_motd to the most current version. (PED-1712) The following package changes have been done: - aaa_base-84.87+git20180409.04c9dae-150000.3.60.1 updated - libopenssl1_1-hmac-1.1.1d-150200.11.54.1 updated - libopenssl1_1-1.1.1d-150200.11.54.1 updated - openssl-1_1-1.1.1d-150200.11.54.1 updated - pam-1.3.0-150000.6.61.1 updated From sle-updates at lists.suse.com Wed Nov 9 10:01:38 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 9 Nov 2022 11:01:38 +0100 (CET) Subject: SUSE-CU-2022:2878-1: Security update of bci/bci-init Message-ID: <20221109100138.2DB7EFDD6@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-init ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2878-1 Container Tags : bci/bci-init:15.3 , bci/bci-init:15.3.21.37 Container Release : 21.37 Severity : important Type : security References : 1180995 1203046 1204708 CVE-2022-43680 ----------------------------------------------------------------- The container bci/bci-init was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3901-1 Released: Tue Nov 8 10:50:06 2022 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1180995,1203046 This update for openssl-1_1 fixes the following issues: - Default to RFC7919 groups when generating ECDH parameters using 'genpkey' or 'dhparam' in FIPS mode (bsc#1180995) - Fix memory leaks (bsc#1203046) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3910-1 Released: Tue Nov 8 13:05:04 2022 Summary: Recommended update for pam Type: recommended Severity: moderate References: This update for pam fixes the following issue: - Update pam_motd to the most current version. (PED-1712) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3912-1 Released: Tue Nov 8 13:38:11 2022 Summary: Security update for expat Type: security Severity: important References: 1204708,CVE-2022-43680 This update for expat fixes the following issues: - CVE-2022-43680: Fixed use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate (bsc#1204708). The following package changes have been done: - libexpat1-2.2.5-150000.3.25.1 updated - libopenssl1_1-hmac-1.1.1d-150200.11.54.1 updated - libopenssl1_1-1.1.1d-150200.11.54.1 updated - openssl-1_1-1.1.1d-150200.11.54.1 updated - pam-1.3.0-150000.6.61.1 updated - container:sles15-image-15.0.0-17.20.64 updated From sle-updates at lists.suse.com Wed Nov 9 10:12:10 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 9 Nov 2022 11:12:10 +0100 (CET) Subject: SUSE-CU-2022:2880-1: Security update of bci/nodejs Message-ID: <20221109101210.5F5D0FDD6@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2880-1 Container Tags : bci/node:12 , bci/node:12-17.45 , bci/nodejs:12 , bci/nodejs:12-17.45 Container Release : 17.45 Severity : important Type : security References : 1180995 1192439 1203046 1204708 CVE-2022-43680 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3901-1 Released: Tue Nov 8 10:50:06 2022 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1180995,1203046 This update for openssl-1_1 fixes the following issues: - Default to RFC7919 groups when generating ECDH parameters using 'genpkey' or 'dhparam' in FIPS mode (bsc#1180995) - Fix memory leaks (bsc#1203046) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3904-1 Released: Tue Nov 8 10:52:13 2022 Summary: Recommended update for openssh Type: recommended Severity: moderate References: 1192439 This update for openssh fixes the following issue: - Prevent empty messages from being sent. (bsc#1192439) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3910-1 Released: Tue Nov 8 13:05:04 2022 Summary: Recommended update for pam Type: recommended Severity: moderate References: This update for pam fixes the following issue: - Update pam_motd to the most current version. (PED-1712) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3912-1 Released: Tue Nov 8 13:38:11 2022 Summary: Security update for expat Type: security Severity: important References: 1204708,CVE-2022-43680 This update for expat fixes the following issues: - CVE-2022-43680: Fixed use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate (bsc#1204708). The following package changes have been done: - libexpat1-2.2.5-150000.3.25.1 updated - libopenssl1_1-hmac-1.1.1d-150200.11.54.1 updated - libopenssl1_1-1.1.1d-150200.11.54.1 updated - openssh-clients-8.4p1-150300.3.12.2 updated - openssh-common-8.4p1-150300.3.12.2 updated - openssh-fips-8.4p1-150300.3.12.2 updated - openssl-1_1-1.1.1d-150200.11.54.1 updated - pam-1.3.0-150000.6.61.1 updated - container:sles15-image-15.0.0-17.20.64 updated From sle-updates at lists.suse.com Wed Nov 9 10:20:02 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 9 Nov 2022 11:20:02 +0100 (CET) Subject: SUSE-CU-2022:2881-1: Security update of bci/python Message-ID: <20221109102002.62B3CFDD6@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2881-1 Container Tags : bci/python:3 , bci/python:3.9 , bci/python:3.9-20.20 Container Release : 20.20 Severity : important Type : security References : 1180995 1192439 1203046 1204708 CVE-2022-43680 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3901-1 Released: Tue Nov 8 10:50:06 2022 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1180995,1203046 This update for openssl-1_1 fixes the following issues: - Default to RFC7919 groups when generating ECDH parameters using 'genpkey' or 'dhparam' in FIPS mode (bsc#1180995) - Fix memory leaks (bsc#1203046) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3904-1 Released: Tue Nov 8 10:52:13 2022 Summary: Recommended update for openssh Type: recommended Severity: moderate References: 1192439 This update for openssh fixes the following issue: - Prevent empty messages from being sent. (bsc#1192439) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3910-1 Released: Tue Nov 8 13:05:04 2022 Summary: Recommended update for pam Type: recommended Severity: moderate References: This update for pam fixes the following issue: - Update pam_motd to the most current version. (PED-1712) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3912-1 Released: Tue Nov 8 13:38:11 2022 Summary: Security update for expat Type: security Severity: important References: 1204708,CVE-2022-43680 This update for expat fixes the following issues: - CVE-2022-43680: Fixed use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate (bsc#1204708). The following package changes have been done: - libexpat1-2.2.5-150000.3.25.1 updated - libopenssl1_1-hmac-1.1.1d-150200.11.54.1 updated - libopenssl1_1-1.1.1d-150200.11.54.1 updated - openssh-clients-8.4p1-150300.3.12.2 updated - openssh-common-8.4p1-150300.3.12.2 updated - openssh-fips-8.4p1-150300.3.12.2 updated - openssl-1_1-1.1.1d-150200.11.54.1 updated - pam-1.3.0-150000.6.61.1 updated - container:sles15-image-15.0.0-17.20.64 updated From sle-updates at lists.suse.com Wed Nov 9 10:30:57 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 9 Nov 2022 11:30:57 +0100 (CET) Subject: SUSE-CU-2022:2882-1: Recommended update of suse/sle15 Message-ID: <20221109103057.39DADFDD6@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2882-1 Container Tags : bci/bci-base:15.3 , bci/bci-base:15.3.17.20.64 , suse/sle15:15.3 , suse/sle15:15.3.17.20.64 Container Release : 17.20.64 Severity : moderate Type : recommended References : 1180995 1203046 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3901-1 Released: Tue Nov 8 10:50:06 2022 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1180995,1203046 This update for openssl-1_1 fixes the following issues: - Default to RFC7919 groups when generating ECDH parameters using 'genpkey' or 'dhparam' in FIPS mode (bsc#1180995) - Fix memory leaks (bsc#1203046) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3910-1 Released: Tue Nov 8 13:05:04 2022 Summary: Recommended update for pam Type: recommended Severity: moderate References: This update for pam fixes the following issue: - Update pam_motd to the most current version. (PED-1712) The following package changes have been done: - libopenssl1_1-hmac-1.1.1d-150200.11.54.1 updated - libopenssl1_1-1.1.1d-150200.11.54.1 updated - openssl-1_1-1.1.1d-150200.11.54.1 updated - pam-1.3.0-150000.6.61.1 updated From sle-updates at lists.suse.com Wed Nov 9 10:32:34 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 9 Nov 2022 11:32:34 +0100 (CET) Subject: SUSE-CU-2022:2883-1: Recommended update of suse/389-ds Message-ID: <20221109103234.1120DFDD6@maintenance.suse.de> SUSE Container Update Advisory: suse/389-ds ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2883-1 Container Tags : suse/389-ds:2.0 , suse/389-ds:2.0-17.32 , suse/389-ds:latest Container Release : 17.32 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container suse/389-ds was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3910-1 Released: Tue Nov 8 13:05:04 2022 Summary: Recommended update for pam Type: recommended Severity: moderate References: This update for pam fixes the following issue: - Update pam_motd to the most current version. (PED-1712) The following package changes have been done: - pam-1.3.0-150000.6.61.1 updated - container:sles15-image-15.0.0-27.14.10 updated From sle-updates at lists.suse.com Wed Nov 9 10:34:16 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 9 Nov 2022 11:34:16 +0100 (CET) Subject: SUSE-CU-2022:2884-1: Recommended update of bci/dotnet-aspnet Message-ID: <20221109103416.8A994FDD6@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-aspnet ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2884-1 Container Tags : bci/dotnet-aspnet:3.1 , bci/dotnet-aspnet:3.1-42.20 , bci/dotnet-aspnet:3.1.30 , bci/dotnet-aspnet:3.1.30-42.20 Container Release : 42.20 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container bci/dotnet-aspnet was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3910-1 Released: Tue Nov 8 13:05:04 2022 Summary: Recommended update for pam Type: recommended Severity: moderate References: This update for pam fixes the following issue: - Update pam_motd to the most current version. (PED-1712) The following package changes have been done: - pam-1.3.0-150000.6.61.1 updated - container:sles15-image-15.0.0-27.14.10 updated From sle-updates at lists.suse.com Wed Nov 9 10:35:51 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 9 Nov 2022 11:35:51 +0100 (CET) Subject: SUSE-CU-2022:2885-1: Recommended update of bci/dotnet-aspnet Message-ID: <20221109103551.77096FDD6@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-aspnet ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2885-1 Container Tags : bci/dotnet-aspnet:5.0 , bci/dotnet-aspnet:5.0-27.35 , bci/dotnet-aspnet:5.0.17 , bci/dotnet-aspnet:5.0.17-27.35 Container Release : 27.35 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container bci/dotnet-aspnet was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3910-1 Released: Tue Nov 8 13:05:04 2022 Summary: Recommended update for pam Type: recommended Severity: moderate References: This update for pam fixes the following issue: - Update pam_motd to the most current version. (PED-1712) The following package changes have been done: - pam-1.3.0-150000.6.61.1 updated - container:sles15-image-15.0.0-27.14.10 updated From sle-updates at lists.suse.com Wed Nov 9 10:39:28 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 9 Nov 2022 11:39:28 +0100 (CET) Subject: SUSE-CU-2022:2887-1: Recommended update of bci/dotnet-sdk Message-ID: <20221109103928.CDC72FDB8@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-sdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2887-1 Container Tags : bci/dotnet-sdk:5.0 , bci/dotnet-sdk:5.0-35.35 , bci/dotnet-sdk:5.0.17 , bci/dotnet-sdk:5.0.17-35.35 Container Release : 35.35 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container bci/dotnet-sdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3910-1 Released: Tue Nov 8 13:05:04 2022 Summary: Recommended update for pam Type: recommended Severity: moderate References: This update for pam fixes the following issue: - Update pam_motd to the most current version. (PED-1712) The following package changes have been done: - pam-1.3.0-150000.6.61.1 updated - container:sles15-image-15.0.0-27.14.10 updated From sle-updates at lists.suse.com Wed Nov 9 10:41:37 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 9 Nov 2022 11:41:37 +0100 (CET) Subject: SUSE-CU-2022:2888-1: Recommended update of bci/dotnet-sdk Message-ID: <20221109104137.21E2BFDD6@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-sdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2888-1 Container Tags : bci/dotnet-sdk:6.0 , bci/dotnet-sdk:6.0-24.35 , bci/dotnet-sdk:6.0.9 , bci/dotnet-sdk:6.0.9-24.35 Container Release : 24.35 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container bci/dotnet-sdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3910-1 Released: Tue Nov 8 13:05:04 2022 Summary: Recommended update for pam Type: recommended Severity: moderate References: This update for pam fixes the following issue: - Update pam_motd to the most current version. (PED-1712) The following package changes have been done: - pam-1.3.0-150000.6.61.1 updated - container:sles15-image-15.0.0-27.14.10 updated From sle-updates at lists.suse.com Wed Nov 9 10:43:30 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 9 Nov 2022 11:43:30 +0100 (CET) Subject: SUSE-CU-2022:2889-1: Recommended update of bci/dotnet-runtime Message-ID: <20221109104330.DBB83FDD6@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-runtime ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2889-1 Container Tags : bci/dotnet-runtime:3.1 , bci/dotnet-runtime:3.1-48.19 , bci/dotnet-runtime:3.1.30 , bci/dotnet-runtime:3.1.30-48.19 Container Release : 48.19 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container bci/dotnet-runtime was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3910-1 Released: Tue Nov 8 13:05:04 2022 Summary: Recommended update for pam Type: recommended Severity: moderate References: This update for pam fixes the following issue: - Update pam_motd to the most current version. (PED-1712) The following package changes have been done: - pam-1.3.0-150000.6.61.1 updated - container:sles15-image-15.0.0-27.14.10 updated From sle-updates at lists.suse.com Wed Nov 9 10:45:23 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 9 Nov 2022 11:45:23 +0100 (CET) Subject: SUSE-CU-2022:2890-1: Recommended update of bci/dotnet-runtime Message-ID: <20221109104523.52AEBFDD6@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-runtime ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2890-1 Container Tags : bci/dotnet-runtime:5.0 , bci/dotnet-runtime:5.0-34.35 , bci/dotnet-runtime:5.0.17 , bci/dotnet-runtime:5.0.17-34.35 Container Release : 34.35 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container bci/dotnet-runtime was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3910-1 Released: Tue Nov 8 13:05:04 2022 Summary: Recommended update for pam Type: recommended Severity: moderate References: This update for pam fixes the following issue: - Update pam_motd to the most current version. (PED-1712) The following package changes have been done: - pam-1.3.0-150000.6.61.1 updated - container:sles15-image-15.0.0-27.14.10 updated From sle-updates at lists.suse.com Wed Nov 9 10:47:00 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 9 Nov 2022 11:47:00 +0100 (CET) Subject: SUSE-CU-2022:2891-1: Recommended update of bci/dotnet-runtime Message-ID: <20221109104700.4E6A1FDD6@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-runtime ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2891-1 Container Tags : bci/dotnet-runtime:6.0 , bci/dotnet-runtime:6.0-21.35 , bci/dotnet-runtime:6.0.9 , bci/dotnet-runtime:6.0.9-21.35 Container Release : 21.35 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container bci/dotnet-runtime was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3910-1 Released: Tue Nov 8 13:05:04 2022 Summary: Recommended update for pam Type: recommended Severity: moderate References: This update for pam fixes the following issue: - Update pam_motd to the most current version. (PED-1712) The following package changes have been done: - pam-1.3.0-150000.6.61.1 updated - container:sles15-image-15.0.0-27.14.10 updated From sle-updates at lists.suse.com Wed Nov 9 10:49:38 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 9 Nov 2022 11:49:38 +0100 (CET) Subject: SUSE-CU-2022:2892-1: Recommended update of bci/golang Message-ID: <20221109104938.36F08FDD6@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2892-1 Container Tags : bci/golang:1.16 , bci/golang:1.16-30.75 Container Release : 30.75 Severity : moderate Type : recommended References : 1192439 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3904-1 Released: Tue Nov 8 10:52:13 2022 Summary: Recommended update for openssh Type: recommended Severity: moderate References: 1192439 This update for openssh fixes the following issue: - Prevent empty messages from being sent. (bsc#1192439) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3910-1 Released: Tue Nov 8 13:05:04 2022 Summary: Recommended update for pam Type: recommended Severity: moderate References: This update for pam fixes the following issue: - Update pam_motd to the most current version. (PED-1712) The following package changes have been done: - pam-1.3.0-150000.6.61.1 updated - openssh-common-8.4p1-150300.3.12.2 updated - openssh-fips-8.4p1-150300.3.12.2 updated - openssh-clients-8.4p1-150300.3.12.2 updated - container:sles15-image-15.0.0-27.14.10 updated From sle-updates at lists.suse.com Wed Nov 9 10:51:45 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 9 Nov 2022 11:51:45 +0100 (CET) Subject: SUSE-CU-2022:2893-1: Recommended update of bci/golang Message-ID: <20221109105145.7AB15FDD6@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2893-1 Container Tags : bci/golang:1.18 , bci/golang:1.18-18.21 Container Release : 18.21 Severity : moderate Type : recommended References : 1192439 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3904-1 Released: Tue Nov 8 10:52:13 2022 Summary: Recommended update for openssh Type: recommended Severity: moderate References: 1192439 This update for openssh fixes the following issue: - Prevent empty messages from being sent. (bsc#1192439) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3910-1 Released: Tue Nov 8 13:05:04 2022 Summary: Recommended update for pam Type: recommended Severity: moderate References: This update for pam fixes the following issue: - Update pam_motd to the most current version. (PED-1712) The following package changes have been done: - pam-1.3.0-150000.6.61.1 updated - openssh-common-8.4p1-150300.3.12.2 updated - openssh-fips-8.4p1-150300.3.12.2 updated - openssh-clients-8.4p1-150300.3.12.2 updated - container:sles15-image-15.0.0-27.14.10 updated From sle-updates at lists.suse.com Wed Nov 9 11:22:22 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 9 Nov 2022 12:22:22 +0100 (CET) Subject: SUSE-SU-2022:3922-1: important: Security update for protobuf Message-ID: <20221109112222.A0E9DFDD6@maintenance.suse.de> SUSE Security Update: Security update for protobuf ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3922-1 Rating: important References: #1194530 #1203681 #1204256 Cross-References: CVE-2021-22569 CVE-2022-1941 CVE-2022-3171 CVSS scores: CVE-2021-22569 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2021-22569 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2022-1941 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-1941 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3171 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-3171 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE Enterprise Storage 7 SUSE Enterprise Storage 7.1 SUSE Linux Enterprise Desktop 15-SP2 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP2 SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Installer 15-SP2 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Micro 5.3 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Module for Development Tools 15-SP3 SUSE Linux Enterprise Module for Development Tools 15-SP4 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 SUSE Linux Enterprise Module for Public Cloud 15-SP2 SUSE Linux Enterprise Module for Public Cloud 15-SP3 SUSE Linux Enterprise Module for Public Cloud 15-SP4 SUSE Linux Enterprise Module for SUSE Manager Server 4.1 SUSE Linux Enterprise Module for SUSE Manager Server 4.2 SUSE Linux Enterprise Module for SUSE Manager Server 4.3 SUSE Linux Enterprise Server 15-SP2 SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.1 SUSE Manager Retail Branch Server 4.2 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.1 SUSE Manager Server 4.2 SUSE Manager Server 4.3 openSUSE Leap 15.3 openSUSE Leap 15.4 openSUSE Leap Micro 5.2 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for protobuf fixes the following issues: - CVE-2021-22569: Fixed Denial of Service in protobuf-java in the parsing procedure for binary data (bsc#1194530). - CVE-2022-1941: Fix a potential DoS issue in protobuf-cpp and protobuf-python (bsc#1203681) - CVE-2022-3171: Fix a potential DoS issue when parsing with binary data in protobuf-java (bsc#1204256) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap Micro 5.2: zypper in -t patch openSUSE-Leap-Micro-5.2-2022-3922=1 - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-3922=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-3922=1 - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-3922=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-3922=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-3922=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-3922=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-3922=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-3922=1 - SUSE Linux Enterprise Module for SUSE Manager Server 4.3: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.3-2022-3922=1 - SUSE Linux Enterprise Module for SUSE Manager Server 4.2: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.2-2022-3922=1 - SUSE Linux Enterprise Module for SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.1-2022-3922=1 - SUSE Linux Enterprise Module for Public Cloud 15-SP4: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP4-2022-3922=1 - SUSE Linux Enterprise Module for Public Cloud 15-SP3: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP3-2022-3922=1 - SUSE Linux Enterprise Module for Public Cloud 15-SP2: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP2-2022-3922=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2022-3922=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP3-2022-3922=1 - SUSE Linux Enterprise Module for Development Tools 15-SP4: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2022-3922=1 - SUSE Linux Enterprise Module for Development Tools 15-SP3: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2022-3922=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-3922=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-3922=1 - SUSE Linux Enterprise Micro 5.3: zypper in -t patch SUSE-SLE-Micro-5.3-2022-3922=1 - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-3922=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-3922=1 - SUSE Linux Enterprise Installer 15-SP2: zypper in -t patch SUSE-SLE-INSTALLER-15-SP2-2022-3922=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-3922=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-3922=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-3922=1 Package List: - openSUSE Leap Micro 5.2 (aarch64 x86_64): libprotobuf-lite20-3.9.2-150200.4.19.2 libprotobuf-lite20-debuginfo-3.9.2-150200.4.19.2 protobuf-debugsource-3.9.2-150200.4.19.2 - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): libprotobuf-lite20-3.9.2-150200.4.19.2 libprotobuf-lite20-debuginfo-3.9.2-150200.4.19.2 libprotobuf20-3.9.2-150200.4.19.2 libprotobuf20-debuginfo-3.9.2-150200.4.19.2 libprotoc20-3.9.2-150200.4.19.2 libprotoc20-debuginfo-3.9.2-150200.4.19.2 protobuf-debugsource-3.9.2-150200.4.19.2 protobuf-devel-3.9.2-150200.4.19.2 protobuf-devel-debuginfo-3.9.2-150200.4.19.2 protobuf-java-3.9.2-150200.4.19.2 python3-protobuf-3.9.2-150200.4.19.2 - openSUSE Leap 15.4 (noarch): protobuf-source-3.9.2-150200.4.19.2 - openSUSE Leap 15.4 (x86_64): libprotobuf-lite20-32bit-3.9.2-150200.4.19.2 libprotobuf-lite20-32bit-debuginfo-3.9.2-150200.4.19.2 libprotobuf20-32bit-3.9.2-150200.4.19.2 libprotobuf20-32bit-debuginfo-3.9.2-150200.4.19.2 libprotoc20-32bit-3.9.2-150200.4.19.2 libprotoc20-32bit-debuginfo-3.9.2-150200.4.19.2 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): libprotobuf-lite20-3.9.2-150200.4.19.2 libprotobuf-lite20-debuginfo-3.9.2-150200.4.19.2 libprotobuf20-3.9.2-150200.4.19.2 libprotobuf20-debuginfo-3.9.2-150200.4.19.2 libprotoc20-3.9.2-150200.4.19.2 libprotoc20-debuginfo-3.9.2-150200.4.19.2 protobuf-debugsource-3.9.2-150200.4.19.2 protobuf-devel-3.9.2-150200.4.19.2 protobuf-devel-debuginfo-3.9.2-150200.4.19.2 protobuf-java-3.9.2-150200.4.19.2 python2-protobuf-3.9.2-150200.4.19.2 python3-protobuf-3.9.2-150200.4.19.2 - openSUSE Leap 15.3 (x86_64): libprotobuf-lite20-32bit-3.9.2-150200.4.19.2 libprotobuf-lite20-32bit-debuginfo-3.9.2-150200.4.19.2 libprotobuf20-32bit-3.9.2-150200.4.19.2 libprotobuf20-32bit-debuginfo-3.9.2-150200.4.19.2 libprotoc20-32bit-3.9.2-150200.4.19.2 libprotoc20-32bit-debuginfo-3.9.2-150200.4.19.2 - openSUSE Leap 15.3 (noarch): protobuf-source-3.9.2-150200.4.19.2 - SUSE Manager Server 4.1 (ppc64le s390x x86_64): libprotobuf-lite20-3.9.2-150200.4.19.2 libprotobuf-lite20-debuginfo-3.9.2-150200.4.19.2 libprotobuf20-3.9.2-150200.4.19.2 libprotobuf20-debuginfo-3.9.2-150200.4.19.2 libprotoc20-3.9.2-150200.4.19.2 libprotoc20-debuginfo-3.9.2-150200.4.19.2 protobuf-debugsource-3.9.2-150200.4.19.2 protobuf-devel-3.9.2-150200.4.19.2 protobuf-devel-debuginfo-3.9.2-150200.4.19.2 - SUSE Manager Retail Branch Server 4.1 (x86_64): libprotobuf-lite20-3.9.2-150200.4.19.2 libprotobuf-lite20-debuginfo-3.9.2-150200.4.19.2 libprotobuf20-3.9.2-150200.4.19.2 libprotobuf20-debuginfo-3.9.2-150200.4.19.2 libprotoc20-3.9.2-150200.4.19.2 libprotoc20-debuginfo-3.9.2-150200.4.19.2 protobuf-debugsource-3.9.2-150200.4.19.2 protobuf-devel-3.9.2-150200.4.19.2 protobuf-devel-debuginfo-3.9.2-150200.4.19.2 - SUSE Manager Proxy 4.1 (x86_64): libprotobuf-lite20-3.9.2-150200.4.19.2 libprotobuf-lite20-debuginfo-3.9.2-150200.4.19.2 libprotobuf20-3.9.2-150200.4.19.2 libprotobuf20-debuginfo-3.9.2-150200.4.19.2 libprotoc20-3.9.2-150200.4.19.2 libprotoc20-debuginfo-3.9.2-150200.4.19.2 protobuf-debugsource-3.9.2-150200.4.19.2 protobuf-devel-3.9.2-150200.4.19.2 protobuf-devel-debuginfo-3.9.2-150200.4.19.2 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): libprotobuf-lite20-3.9.2-150200.4.19.2 libprotobuf-lite20-debuginfo-3.9.2-150200.4.19.2 libprotobuf20-3.9.2-150200.4.19.2 libprotobuf20-debuginfo-3.9.2-150200.4.19.2 libprotoc20-3.9.2-150200.4.19.2 libprotoc20-debuginfo-3.9.2-150200.4.19.2 protobuf-debugsource-3.9.2-150200.4.19.2 protobuf-devel-3.9.2-150200.4.19.2 protobuf-devel-debuginfo-3.9.2-150200.4.19.2 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): libprotobuf-lite20-3.9.2-150200.4.19.2 libprotobuf-lite20-debuginfo-3.9.2-150200.4.19.2 libprotobuf20-3.9.2-150200.4.19.2 libprotobuf20-debuginfo-3.9.2-150200.4.19.2 libprotoc20-3.9.2-150200.4.19.2 libprotoc20-debuginfo-3.9.2-150200.4.19.2 protobuf-debugsource-3.9.2-150200.4.19.2 protobuf-devel-3.9.2-150200.4.19.2 protobuf-devel-debuginfo-3.9.2-150200.4.19.2 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): libprotobuf-lite20-3.9.2-150200.4.19.2 libprotobuf-lite20-debuginfo-3.9.2-150200.4.19.2 libprotobuf20-3.9.2-150200.4.19.2 libprotobuf20-debuginfo-3.9.2-150200.4.19.2 libprotoc20-3.9.2-150200.4.19.2 libprotoc20-debuginfo-3.9.2-150200.4.19.2 protobuf-debugsource-3.9.2-150200.4.19.2 protobuf-devel-3.9.2-150200.4.19.2 protobuf-devel-debuginfo-3.9.2-150200.4.19.2 - SUSE Linux Enterprise Module for SUSE Manager Server 4.3 (aarch64 ppc64le s390x x86_64): protobuf-debugsource-3.9.2-150200.4.19.2 protobuf-java-3.9.2-150200.4.19.2 - SUSE Linux Enterprise Module for SUSE Manager Server 4.2 (aarch64 ppc64le s390x x86_64): protobuf-debugsource-3.9.2-150200.4.19.2 protobuf-java-3.9.2-150200.4.19.2 - SUSE Linux Enterprise Module for SUSE Manager Server 4.1 (aarch64 ppc64le s390x x86_64): protobuf-debugsource-3.9.2-150200.4.19.2 protobuf-java-3.9.2-150200.4.19.2 - SUSE Linux Enterprise Module for Public Cloud 15-SP4 (aarch64 ppc64le s390x x86_64): protobuf-debugsource-3.9.2-150200.4.19.2 python3-protobuf-3.9.2-150200.4.19.2 - SUSE Linux Enterprise Module for Public Cloud 15-SP3 (aarch64 ppc64le s390x x86_64): protobuf-debugsource-3.9.2-150200.4.19.2 python3-protobuf-3.9.2-150200.4.19.2 - SUSE Linux Enterprise Module for Public Cloud 15-SP2 (aarch64 ppc64le s390x x86_64): python3-protobuf-3.9.2-150200.4.19.2 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 (aarch64 ppc64le s390x x86_64): protobuf-debugsource-3.9.2-150200.4.19.2 python2-protobuf-3.9.2-150200.4.19.2 python3-protobuf-3.9.2-150200.4.19.2 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (aarch64 ppc64le s390x x86_64): protobuf-debugsource-3.9.2-150200.4.19.2 python2-protobuf-3.9.2-150200.4.19.2 python3-protobuf-3.9.2-150200.4.19.2 - SUSE Linux Enterprise Module for Development Tools 15-SP4 (aarch64 ppc64le s390x x86_64): libprotoc20-3.9.2-150200.4.19.2 libprotoc20-debuginfo-3.9.2-150200.4.19.2 protobuf-debugsource-3.9.2-150200.4.19.2 protobuf-devel-3.9.2-150200.4.19.2 protobuf-devel-debuginfo-3.9.2-150200.4.19.2 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 ppc64le s390x x86_64): libprotobuf-lite20-3.9.2-150200.4.19.2 libprotobuf-lite20-debuginfo-3.9.2-150200.4.19.2 libprotoc20-3.9.2-150200.4.19.2 libprotoc20-debuginfo-3.9.2-150200.4.19.2 protobuf-debugsource-3.9.2-150200.4.19.2 protobuf-devel-3.9.2-150200.4.19.2 protobuf-devel-debuginfo-3.9.2-150200.4.19.2 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): libprotobuf-lite20-3.9.2-150200.4.19.2 libprotobuf-lite20-debuginfo-3.9.2-150200.4.19.2 libprotobuf20-3.9.2-150200.4.19.2 libprotobuf20-debuginfo-3.9.2-150200.4.19.2 protobuf-debugsource-3.9.2-150200.4.19.2 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): libprotobuf-lite20-3.9.2-150200.4.19.2 libprotobuf20-3.9.2-150200.4.19.2 libprotobuf20-debuginfo-3.9.2-150200.4.19.2 protobuf-debugsource-3.9.2-150200.4.19.2 - SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64): libprotobuf-lite20-3.9.2-150200.4.19.2 libprotobuf-lite20-debuginfo-3.9.2-150200.4.19.2 protobuf-debugsource-3.9.2-150200.4.19.2 - SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64): libprotobuf-lite20-3.9.2-150200.4.19.2 libprotobuf-lite20-debuginfo-3.9.2-150200.4.19.2 protobuf-debugsource-3.9.2-150200.4.19.2 - SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64): libprotobuf-lite20-3.9.2-150200.4.19.2 - SUSE Linux Enterprise Installer 15-SP2 (aarch64 ppc64le s390x x86_64): libprotobuf-lite20-3.9.2-150200.4.19.2 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): libprotobuf-lite20-3.9.2-150200.4.19.2 libprotobuf-lite20-debuginfo-3.9.2-150200.4.19.2 libprotobuf20-3.9.2-150200.4.19.2 libprotobuf20-debuginfo-3.9.2-150200.4.19.2 libprotoc20-3.9.2-150200.4.19.2 libprotoc20-debuginfo-3.9.2-150200.4.19.2 protobuf-debugsource-3.9.2-150200.4.19.2 protobuf-devel-3.9.2-150200.4.19.2 protobuf-devel-debuginfo-3.9.2-150200.4.19.2 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): libprotobuf-lite20-3.9.2-150200.4.19.2 libprotobuf-lite20-debuginfo-3.9.2-150200.4.19.2 libprotobuf20-3.9.2-150200.4.19.2 libprotobuf20-debuginfo-3.9.2-150200.4.19.2 libprotoc20-3.9.2-150200.4.19.2 libprotoc20-debuginfo-3.9.2-150200.4.19.2 protobuf-debugsource-3.9.2-150200.4.19.2 protobuf-devel-3.9.2-150200.4.19.2 protobuf-devel-debuginfo-3.9.2-150200.4.19.2 - SUSE Enterprise Storage 7 (aarch64 x86_64): libprotobuf-lite20-3.9.2-150200.4.19.2 libprotobuf-lite20-debuginfo-3.9.2-150200.4.19.2 libprotobuf20-3.9.2-150200.4.19.2 libprotobuf20-debuginfo-3.9.2-150200.4.19.2 libprotoc20-3.9.2-150200.4.19.2 libprotoc20-debuginfo-3.9.2-150200.4.19.2 protobuf-debugsource-3.9.2-150200.4.19.2 protobuf-devel-3.9.2-150200.4.19.2 protobuf-devel-debuginfo-3.9.2-150200.4.19.2 References: https://www.suse.com/security/cve/CVE-2021-22569.html https://www.suse.com/security/cve/CVE-2022-1941.html https://www.suse.com/security/cve/CVE-2022-3171.html https://bugzilla.suse.com/1194530 https://bugzilla.suse.com/1203681 https://bugzilla.suse.com/1204256 From sle-updates at lists.suse.com Wed Nov 9 11:24:20 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 9 Nov 2022 12:24:20 +0100 (CET) Subject: SUSE-RU-2022:3921-1: critical: Recommended update for SUSE Manager 4.3.2 Message-ID: <20221109112420.140C8FDD6@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSE Manager 4.3.2 ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:3921-1 Rating: critical References: #1203478 #1204050 #1204948 Affected Products: SUSE Linux Enterprise Module for SUSE Manager Server 4.3 SUSE Manager Server 4.3 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for SUSE Manager 4.3.2 fixes the following issues: cobbler: - Update v2 to v3 migration script to allow migration of collections that contains settings from Cobbler 2 (bsc#1203478) proxy-httpd-image: - Remove chmod and chown of /srv/www/htdocs/pub as this folder does not exist proxy-squid-image: - Update the squid.pid path to /run/squid.squid.pid (bsc#1204948) space-walk-java: - Version 4.3.40-1 * Fix number of handlers for deleted files managed by taskomatic growing continuously (bsc#1204050) space-walk-setup: - Version 4.3.13-1 * Execute migration of Cobbler version 2 collections (bsc#1203478) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for SUSE Manager Server 4.3: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.3-2022-3921=1 Package List: - SUSE Linux Enterprise Module for SUSE Manager Server 4.3 (noarch): cobbler-3.3.3-150400.5.10.8 spacewalk-java-4.3.40-150400.3.14.7 spacewalk-java-config-4.3.40-150400.3.14.7 spacewalk-java-lib-4.3.40-150400.3.14.7 spacewalk-java-postgresql-4.3.40-150400.3.14.7 spacewalk-setup-4.3.13-150400.3.11.8 spacewalk-taskomatic-4.3.40-150400.3.14.7 References: https://bugzilla.suse.com/1203478 https://bugzilla.suse.com/1204050 https://bugzilla.suse.com/1204948 From sle-updates at lists.suse.com Wed Nov 9 17:22:28 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 9 Nov 2022 18:22:28 +0100 (CET) Subject: SUSE-SU-2022:3924-1: important: Security update for python3 Message-ID: <20221109172228.E2341FDD6@maintenance.suse.de> SUSE Security Update: Security update for python3 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3924-1 Rating: important References: #1203125 #1204577 Cross-References: CVE-2020-10735 CVE-2022-37454 CVSS scores: CVE-2020-10735 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2020-10735 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-37454 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-37454 (SUSE): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Enterprise Storage 7 SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Manager Proxy 4.1 SUSE Manager Retail Branch Server 4.1 SUSE Manager Server 4.1 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for python3 fixes the following issues: - CVE-2022-37454: Fixed a buffer overflow in hashlib.sha3_* implementations. (bsc#1204577) - CVE-2020-10735: Fixed a bug to limit amount of digits converting text to int and vice vera. (bsc#1203125) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-3924=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-3924=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-3924=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-3924=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-3924=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-3924=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-3924=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-3924=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-3924=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-3924=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2022-3924=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-3924=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-3924=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-3924=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-3924=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-3924=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-3924=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-3924=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-3924=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-3924=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Manager Server 4.1 (ppc64le s390x x86_64): libpython3_6m1_0-3.6.15-150000.3.116.1 libpython3_6m1_0-debuginfo-3.6.15-150000.3.116.1 python3-3.6.15-150000.3.116.1 python3-base-3.6.15-150000.3.116.1 python3-base-debuginfo-3.6.15-150000.3.116.1 python3-core-debugsource-3.6.15-150000.3.116.1 python3-curses-3.6.15-150000.3.116.1 python3-curses-debuginfo-3.6.15-150000.3.116.1 python3-dbm-3.6.15-150000.3.116.1 python3-dbm-debuginfo-3.6.15-150000.3.116.1 python3-debuginfo-3.6.15-150000.3.116.1 python3-debugsource-3.6.15-150000.3.116.1 python3-devel-3.6.15-150000.3.116.1 python3-devel-debuginfo-3.6.15-150000.3.116.1 python3-idle-3.6.15-150000.3.116.1 python3-tk-3.6.15-150000.3.116.1 python3-tk-debuginfo-3.6.15-150000.3.116.1 python3-tools-3.6.15-150000.3.116.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): libpython3_6m1_0-3.6.15-150000.3.116.1 libpython3_6m1_0-debuginfo-3.6.15-150000.3.116.1 python3-3.6.15-150000.3.116.1 python3-base-3.6.15-150000.3.116.1 python3-base-debuginfo-3.6.15-150000.3.116.1 python3-core-debugsource-3.6.15-150000.3.116.1 python3-curses-3.6.15-150000.3.116.1 python3-curses-debuginfo-3.6.15-150000.3.116.1 python3-dbm-3.6.15-150000.3.116.1 python3-dbm-debuginfo-3.6.15-150000.3.116.1 python3-debuginfo-3.6.15-150000.3.116.1 python3-debugsource-3.6.15-150000.3.116.1 python3-devel-3.6.15-150000.3.116.1 python3-devel-debuginfo-3.6.15-150000.3.116.1 python3-idle-3.6.15-150000.3.116.1 python3-tk-3.6.15-150000.3.116.1 python3-tk-debuginfo-3.6.15-150000.3.116.1 python3-tools-3.6.15-150000.3.116.1 - SUSE Manager Proxy 4.1 (x86_64): libpython3_6m1_0-3.6.15-150000.3.116.1 libpython3_6m1_0-debuginfo-3.6.15-150000.3.116.1 python3-3.6.15-150000.3.116.1 python3-base-3.6.15-150000.3.116.1 python3-base-debuginfo-3.6.15-150000.3.116.1 python3-core-debugsource-3.6.15-150000.3.116.1 python3-curses-3.6.15-150000.3.116.1 python3-curses-debuginfo-3.6.15-150000.3.116.1 python3-dbm-3.6.15-150000.3.116.1 python3-dbm-debuginfo-3.6.15-150000.3.116.1 python3-debuginfo-3.6.15-150000.3.116.1 python3-debugsource-3.6.15-150000.3.116.1 python3-devel-3.6.15-150000.3.116.1 python3-devel-debuginfo-3.6.15-150000.3.116.1 python3-idle-3.6.15-150000.3.116.1 python3-tk-3.6.15-150000.3.116.1 python3-tk-debuginfo-3.6.15-150000.3.116.1 python3-tools-3.6.15-150000.3.116.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): libpython3_6m1_0-3.6.15-150000.3.116.1 libpython3_6m1_0-debuginfo-3.6.15-150000.3.116.1 python3-3.6.15-150000.3.116.1 python3-base-3.6.15-150000.3.116.1 python3-base-debuginfo-3.6.15-150000.3.116.1 python3-core-debugsource-3.6.15-150000.3.116.1 python3-curses-3.6.15-150000.3.116.1 python3-curses-debuginfo-3.6.15-150000.3.116.1 python3-dbm-3.6.15-150000.3.116.1 python3-dbm-debuginfo-3.6.15-150000.3.116.1 python3-debuginfo-3.6.15-150000.3.116.1 python3-debugsource-3.6.15-150000.3.116.1 python3-devel-3.6.15-150000.3.116.1 python3-devel-debuginfo-3.6.15-150000.3.116.1 python3-idle-3.6.15-150000.3.116.1 python3-tk-3.6.15-150000.3.116.1 python3-tk-debuginfo-3.6.15-150000.3.116.1 python3-tools-3.6.15-150000.3.116.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): libpython3_6m1_0-3.6.15-150000.3.116.1 libpython3_6m1_0-debuginfo-3.6.15-150000.3.116.1 python3-3.6.15-150000.3.116.1 python3-base-3.6.15-150000.3.116.1 python3-base-debuginfo-3.6.15-150000.3.116.1 python3-core-debugsource-3.6.15-150000.3.116.1 python3-curses-3.6.15-150000.3.116.1 python3-curses-debuginfo-3.6.15-150000.3.116.1 python3-dbm-3.6.15-150000.3.116.1 python3-dbm-debuginfo-3.6.15-150000.3.116.1 python3-debuginfo-3.6.15-150000.3.116.1 python3-debugsource-3.6.15-150000.3.116.1 python3-devel-3.6.15-150000.3.116.1 python3-devel-debuginfo-3.6.15-150000.3.116.1 python3-idle-3.6.15-150000.3.116.1 python3-testsuite-3.6.15-150000.3.116.1 python3-tk-3.6.15-150000.3.116.1 python3-tk-debuginfo-3.6.15-150000.3.116.1 python3-tools-3.6.15-150000.3.116.1 - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): libpython3_6m1_0-3.6.15-150000.3.116.1 libpython3_6m1_0-debuginfo-3.6.15-150000.3.116.1 python3-3.6.15-150000.3.116.1 python3-base-3.6.15-150000.3.116.1 python3-base-debuginfo-3.6.15-150000.3.116.1 python3-core-debugsource-3.6.15-150000.3.116.1 python3-curses-3.6.15-150000.3.116.1 python3-curses-debuginfo-3.6.15-150000.3.116.1 python3-dbm-3.6.15-150000.3.116.1 python3-dbm-debuginfo-3.6.15-150000.3.116.1 python3-debuginfo-3.6.15-150000.3.116.1 python3-debugsource-3.6.15-150000.3.116.1 python3-devel-3.6.15-150000.3.116.1 python3-devel-debuginfo-3.6.15-150000.3.116.1 python3-idle-3.6.15-150000.3.116.1 python3-tk-3.6.15-150000.3.116.1 python3-tk-debuginfo-3.6.15-150000.3.116.1 python3-tools-3.6.15-150000.3.116.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): libpython3_6m1_0-3.6.15-150000.3.116.1 libpython3_6m1_0-debuginfo-3.6.15-150000.3.116.1 python3-3.6.15-150000.3.116.1 python3-base-3.6.15-150000.3.116.1 python3-base-debuginfo-3.6.15-150000.3.116.1 python3-core-debugsource-3.6.15-150000.3.116.1 python3-curses-3.6.15-150000.3.116.1 python3-curses-debuginfo-3.6.15-150000.3.116.1 python3-dbm-3.6.15-150000.3.116.1 python3-dbm-debuginfo-3.6.15-150000.3.116.1 python3-debuginfo-3.6.15-150000.3.116.1 python3-debugsource-3.6.15-150000.3.116.1 python3-devel-3.6.15-150000.3.116.1 python3-devel-debuginfo-3.6.15-150000.3.116.1 python3-idle-3.6.15-150000.3.116.1 python3-tk-3.6.15-150000.3.116.1 python3-tk-debuginfo-3.6.15-150000.3.116.1 python3-tools-3.6.15-150000.3.116.1 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): libpython3_6m1_0-3.6.15-150000.3.116.1 libpython3_6m1_0-debuginfo-3.6.15-150000.3.116.1 python3-3.6.15-150000.3.116.1 python3-base-3.6.15-150000.3.116.1 python3-base-debuginfo-3.6.15-150000.3.116.1 python3-core-debugsource-3.6.15-150000.3.116.1 python3-curses-3.6.15-150000.3.116.1 python3-curses-debuginfo-3.6.15-150000.3.116.1 python3-dbm-3.6.15-150000.3.116.1 python3-dbm-debuginfo-3.6.15-150000.3.116.1 python3-debuginfo-3.6.15-150000.3.116.1 python3-debugsource-3.6.15-150000.3.116.1 python3-devel-3.6.15-150000.3.116.1 python3-devel-debuginfo-3.6.15-150000.3.116.1 python3-idle-3.6.15-150000.3.116.1 python3-tk-3.6.15-150000.3.116.1 python3-tk-debuginfo-3.6.15-150000.3.116.1 python3-tools-3.6.15-150000.3.116.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): libpython3_6m1_0-3.6.15-150000.3.116.1 libpython3_6m1_0-debuginfo-3.6.15-150000.3.116.1 python3-3.6.15-150000.3.116.1 python3-base-3.6.15-150000.3.116.1 python3-base-debuginfo-3.6.15-150000.3.116.1 python3-core-debugsource-3.6.15-150000.3.116.1 python3-curses-3.6.15-150000.3.116.1 python3-curses-debuginfo-3.6.15-150000.3.116.1 python3-dbm-3.6.15-150000.3.116.1 python3-dbm-debuginfo-3.6.15-150000.3.116.1 python3-debuginfo-3.6.15-150000.3.116.1 python3-debugsource-3.6.15-150000.3.116.1 python3-devel-3.6.15-150000.3.116.1 python3-devel-debuginfo-3.6.15-150000.3.116.1 python3-idle-3.6.15-150000.3.116.1 python3-testsuite-3.6.15-150000.3.116.1 python3-tk-3.6.15-150000.3.116.1 python3-tk-debuginfo-3.6.15-150000.3.116.1 python3-tools-3.6.15-150000.3.116.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): libpython3_6m1_0-3.6.15-150000.3.116.1 libpython3_6m1_0-debuginfo-3.6.15-150000.3.116.1 python3-3.6.15-150000.3.116.1 python3-base-3.6.15-150000.3.116.1 python3-base-debuginfo-3.6.15-150000.3.116.1 python3-core-debugsource-3.6.15-150000.3.116.1 python3-curses-3.6.15-150000.3.116.1 python3-curses-debuginfo-3.6.15-150000.3.116.1 python3-dbm-3.6.15-150000.3.116.1 python3-dbm-debuginfo-3.6.15-150000.3.116.1 python3-debuginfo-3.6.15-150000.3.116.1 python3-debugsource-3.6.15-150000.3.116.1 python3-devel-3.6.15-150000.3.116.1 python3-devel-debuginfo-3.6.15-150000.3.116.1 python3-idle-3.6.15-150000.3.116.1 python3-testsuite-3.6.15-150000.3.116.1 python3-tk-3.6.15-150000.3.116.1 python3-tk-debuginfo-3.6.15-150000.3.116.1 python3-tools-3.6.15-150000.3.116.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): libpython3_6m1_0-3.6.15-150000.3.116.1 libpython3_6m1_0-debuginfo-3.6.15-150000.3.116.1 python3-3.6.15-150000.3.116.1 python3-base-3.6.15-150000.3.116.1 python3-base-debuginfo-3.6.15-150000.3.116.1 python3-core-debugsource-3.6.15-150000.3.116.1 python3-curses-3.6.15-150000.3.116.1 python3-curses-debuginfo-3.6.15-150000.3.116.1 python3-dbm-3.6.15-150000.3.116.1 python3-dbm-debuginfo-3.6.15-150000.3.116.1 python3-debuginfo-3.6.15-150000.3.116.1 python3-debugsource-3.6.15-150000.3.116.1 python3-devel-3.6.15-150000.3.116.1 python3-devel-debuginfo-3.6.15-150000.3.116.1 python3-idle-3.6.15-150000.3.116.1 python3-tk-3.6.15-150000.3.116.1 python3-tk-debuginfo-3.6.15-150000.3.116.1 python3-tools-3.6.15-150000.3.116.1 - SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64): libpython3_6m1_0-3.6.15-150000.3.116.1 libpython3_6m1_0-debuginfo-3.6.15-150000.3.116.1 python3-3.6.15-150000.3.116.1 python3-base-3.6.15-150000.3.116.1 python3-base-debuginfo-3.6.15-150000.3.116.1 python3-core-debugsource-3.6.15-150000.3.116.1 python3-debuginfo-3.6.15-150000.3.116.1 python3-debugsource-3.6.15-150000.3.116.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): libpython3_6m1_0-3.6.15-150000.3.116.1 libpython3_6m1_0-debuginfo-3.6.15-150000.3.116.1 python3-3.6.15-150000.3.116.1 python3-base-3.6.15-150000.3.116.1 python3-base-debuginfo-3.6.15-150000.3.116.1 python3-core-debugsource-3.6.15-150000.3.116.1 python3-curses-3.6.15-150000.3.116.1 python3-curses-debuginfo-3.6.15-150000.3.116.1 python3-dbm-3.6.15-150000.3.116.1 python3-dbm-debuginfo-3.6.15-150000.3.116.1 python3-debuginfo-3.6.15-150000.3.116.1 python3-debugsource-3.6.15-150000.3.116.1 python3-devel-3.6.15-150000.3.116.1 python3-devel-debuginfo-3.6.15-150000.3.116.1 python3-idle-3.6.15-150000.3.116.1 python3-tk-3.6.15-150000.3.116.1 python3-tk-debuginfo-3.6.15-150000.3.116.1 python3-tools-3.6.15-150000.3.116.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): libpython3_6m1_0-3.6.15-150000.3.116.1 libpython3_6m1_0-debuginfo-3.6.15-150000.3.116.1 python3-3.6.15-150000.3.116.1 python3-base-3.6.15-150000.3.116.1 python3-base-debuginfo-3.6.15-150000.3.116.1 python3-core-debugsource-3.6.15-150000.3.116.1 python3-curses-3.6.15-150000.3.116.1 python3-curses-debuginfo-3.6.15-150000.3.116.1 python3-dbm-3.6.15-150000.3.116.1 python3-dbm-debuginfo-3.6.15-150000.3.116.1 python3-debuginfo-3.6.15-150000.3.116.1 python3-debugsource-3.6.15-150000.3.116.1 python3-devel-3.6.15-150000.3.116.1 python3-devel-debuginfo-3.6.15-150000.3.116.1 python3-idle-3.6.15-150000.3.116.1 python3-tk-3.6.15-150000.3.116.1 python3-tk-debuginfo-3.6.15-150000.3.116.1 python3-tools-3.6.15-150000.3.116.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): libpython3_6m1_0-3.6.15-150000.3.116.1 libpython3_6m1_0-debuginfo-3.6.15-150000.3.116.1 python3-3.6.15-150000.3.116.1 python3-base-3.6.15-150000.3.116.1 python3-base-debuginfo-3.6.15-150000.3.116.1 python3-core-debugsource-3.6.15-150000.3.116.1 python3-curses-3.6.15-150000.3.116.1 python3-curses-debuginfo-3.6.15-150000.3.116.1 python3-dbm-3.6.15-150000.3.116.1 python3-dbm-debuginfo-3.6.15-150000.3.116.1 python3-debuginfo-3.6.15-150000.3.116.1 python3-debugsource-3.6.15-150000.3.116.1 python3-devel-3.6.15-150000.3.116.1 python3-devel-debuginfo-3.6.15-150000.3.116.1 python3-idle-3.6.15-150000.3.116.1 python3-testsuite-3.6.15-150000.3.116.1 python3-tk-3.6.15-150000.3.116.1 python3-tk-debuginfo-3.6.15-150000.3.116.1 python3-tools-3.6.15-150000.3.116.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): libpython3_6m1_0-3.6.15-150000.3.116.1 libpython3_6m1_0-debuginfo-3.6.15-150000.3.116.1 python3-3.6.15-150000.3.116.1 python3-base-3.6.15-150000.3.116.1 python3-base-debuginfo-3.6.15-150000.3.116.1 python3-core-debugsource-3.6.15-150000.3.116.1 python3-curses-3.6.15-150000.3.116.1 python3-curses-debuginfo-3.6.15-150000.3.116.1 python3-dbm-3.6.15-150000.3.116.1 python3-dbm-debuginfo-3.6.15-150000.3.116.1 python3-debuginfo-3.6.15-150000.3.116.1 python3-debugsource-3.6.15-150000.3.116.1 python3-devel-3.6.15-150000.3.116.1 python3-devel-debuginfo-3.6.15-150000.3.116.1 python3-idle-3.6.15-150000.3.116.1 python3-testsuite-3.6.15-150000.3.116.1 python3-tk-3.6.15-150000.3.116.1 python3-tk-debuginfo-3.6.15-150000.3.116.1 python3-tools-3.6.15-150000.3.116.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): libpython3_6m1_0-3.6.15-150000.3.116.1 libpython3_6m1_0-debuginfo-3.6.15-150000.3.116.1 python3-3.6.15-150000.3.116.1 python3-base-3.6.15-150000.3.116.1 python3-base-debuginfo-3.6.15-150000.3.116.1 python3-core-debugsource-3.6.15-150000.3.116.1 python3-curses-3.6.15-150000.3.116.1 python3-curses-debuginfo-3.6.15-150000.3.116.1 python3-dbm-3.6.15-150000.3.116.1 python3-dbm-debuginfo-3.6.15-150000.3.116.1 python3-debuginfo-3.6.15-150000.3.116.1 python3-debugsource-3.6.15-150000.3.116.1 python3-devel-3.6.15-150000.3.116.1 python3-devel-debuginfo-3.6.15-150000.3.116.1 python3-idle-3.6.15-150000.3.116.1 python3-tk-3.6.15-150000.3.116.1 python3-tk-debuginfo-3.6.15-150000.3.116.1 python3-tools-3.6.15-150000.3.116.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): libpython3_6m1_0-3.6.15-150000.3.116.1 libpython3_6m1_0-debuginfo-3.6.15-150000.3.116.1 python3-3.6.15-150000.3.116.1 python3-base-3.6.15-150000.3.116.1 python3-base-debuginfo-3.6.15-150000.3.116.1 python3-core-debugsource-3.6.15-150000.3.116.1 python3-curses-3.6.15-150000.3.116.1 python3-curses-debuginfo-3.6.15-150000.3.116.1 python3-dbm-3.6.15-150000.3.116.1 python3-dbm-debuginfo-3.6.15-150000.3.116.1 python3-debuginfo-3.6.15-150000.3.116.1 python3-debugsource-3.6.15-150000.3.116.1 python3-devel-3.6.15-150000.3.116.1 python3-devel-debuginfo-3.6.15-150000.3.116.1 python3-idle-3.6.15-150000.3.116.1 python3-tk-3.6.15-150000.3.116.1 python3-tk-debuginfo-3.6.15-150000.3.116.1 python3-tools-3.6.15-150000.3.116.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): libpython3_6m1_0-3.6.15-150000.3.116.1 libpython3_6m1_0-debuginfo-3.6.15-150000.3.116.1 python3-3.6.15-150000.3.116.1 python3-base-3.6.15-150000.3.116.1 python3-base-debuginfo-3.6.15-150000.3.116.1 python3-core-debugsource-3.6.15-150000.3.116.1 python3-curses-3.6.15-150000.3.116.1 python3-curses-debuginfo-3.6.15-150000.3.116.1 python3-dbm-3.6.15-150000.3.116.1 python3-dbm-debuginfo-3.6.15-150000.3.116.1 python3-debuginfo-3.6.15-150000.3.116.1 python3-debugsource-3.6.15-150000.3.116.1 python3-devel-3.6.15-150000.3.116.1 python3-devel-debuginfo-3.6.15-150000.3.116.1 python3-idle-3.6.15-150000.3.116.1 python3-tk-3.6.15-150000.3.116.1 python3-tk-debuginfo-3.6.15-150000.3.116.1 python3-tools-3.6.15-150000.3.116.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): libpython3_6m1_0-3.6.15-150000.3.116.1 libpython3_6m1_0-debuginfo-3.6.15-150000.3.116.1 python3-3.6.15-150000.3.116.1 python3-base-3.6.15-150000.3.116.1 python3-base-debuginfo-3.6.15-150000.3.116.1 python3-core-debugsource-3.6.15-150000.3.116.1 python3-curses-3.6.15-150000.3.116.1 python3-curses-debuginfo-3.6.15-150000.3.116.1 python3-dbm-3.6.15-150000.3.116.1 python3-dbm-debuginfo-3.6.15-150000.3.116.1 python3-debuginfo-3.6.15-150000.3.116.1 python3-debugsource-3.6.15-150000.3.116.1 python3-devel-3.6.15-150000.3.116.1 python3-devel-debuginfo-3.6.15-150000.3.116.1 python3-idle-3.6.15-150000.3.116.1 python3-testsuite-3.6.15-150000.3.116.1 python3-tk-3.6.15-150000.3.116.1 python3-tk-debuginfo-3.6.15-150000.3.116.1 python3-tools-3.6.15-150000.3.116.1 - SUSE CaaS Platform 4.0 (x86_64): libpython3_6m1_0-3.6.15-150000.3.116.1 libpython3_6m1_0-debuginfo-3.6.15-150000.3.116.1 python3-3.6.15-150000.3.116.1 python3-base-3.6.15-150000.3.116.1 python3-base-debuginfo-3.6.15-150000.3.116.1 python3-core-debugsource-3.6.15-150000.3.116.1 python3-curses-3.6.15-150000.3.116.1 python3-curses-debuginfo-3.6.15-150000.3.116.1 python3-dbm-3.6.15-150000.3.116.1 python3-dbm-debuginfo-3.6.15-150000.3.116.1 python3-debuginfo-3.6.15-150000.3.116.1 python3-debugsource-3.6.15-150000.3.116.1 python3-devel-3.6.15-150000.3.116.1 python3-devel-debuginfo-3.6.15-150000.3.116.1 python3-idle-3.6.15-150000.3.116.1 python3-testsuite-3.6.15-150000.3.116.1 python3-tk-3.6.15-150000.3.116.1 python3-tk-debuginfo-3.6.15-150000.3.116.1 python3-tools-3.6.15-150000.3.116.1 References: https://www.suse.com/security/cve/CVE-2020-10735.html https://www.suse.com/security/cve/CVE-2022-37454.html https://bugzilla.suse.com/1203125 https://bugzilla.suse.com/1204577 From sle-updates at lists.suse.com Wed Nov 9 17:23:46 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 9 Nov 2022 18:23:46 +0100 (CET) Subject: SUSE-RU-2022:3926-1: moderate: Recommended update for docker Message-ID: <20221109172346.1B251FDD6@maintenance.suse.de> SUSE Recommended Update: Recommended update for docker ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:3926-1 Rating: moderate References: #1200022 Affected Products: SUSE Linux Enterprise High Performance Computing 12 SUSE Linux Enterprise Module for Containers 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP Applications 12 SUSE Linux Enterprise Server for SAP Applications 12-SP3 SUSE Linux Enterprise Server for SAP Applications 12-SP4 SUSE Linux Enterprise Server for SAP Applications 12-SP5 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for docker fixes the following issues: - Fix a crash-on-start issue with dockerd (bsc#1200022) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Containers 12: zypper in -t patch SUSE-SLE-Module-Containers-12-2022-3926=1 Package List: - SUSE Linux Enterprise Module for Containers 12 (ppc64le s390x x86_64): docker-20.10.17_ce-98.86.1 docker-debuginfo-20.10.17_ce-98.86.1 References: https://bugzilla.suse.com/1200022 From sle-updates at lists.suse.com Wed Nov 9 17:24:33 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 9 Nov 2022 18:24:33 +0100 (CET) Subject: SUSE-RU-2022:3923-1: moderate: Recommended update for net-snmp Message-ID: <20221109172433.4B0BFFDD6@maintenance.suse.de> SUSE Recommended Update: Recommended update for net-snmp ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:3923-1 Rating: moderate References: #1187784 #1203572 SLE-18105 Affected Products: SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 9 ______________________________________________________________________________ An update that has two recommended fixes and contains one feature can now be installed. Description: This update for net-snmp fixes the following issues: - build with a symbol versioned openssl 1.0.2, to allow parallel operation with openssl 1.1.1. (bsc#1187784 jsc#SLE-18105) - removed libopenssl-devel requirement in the -devel package (bsc#1203572) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2022-3923=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2022-3923=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-3923=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2022-3923=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-3923=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2022-3923=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): libsnmp30-32bit-5.7.3-11.3.1 libsnmp30-5.7.3-11.3.1 libsnmp30-debuginfo-32bit-5.7.3-11.3.1 libsnmp30-debuginfo-5.7.3-11.3.1 net-snmp-5.7.3-11.3.1 net-snmp-debuginfo-5.7.3-11.3.1 net-snmp-debugsource-5.7.3-11.3.1 perl-SNMP-5.7.3-11.3.1 perl-SNMP-debuginfo-5.7.3-11.3.1 snmp-mibs-5.7.3-11.3.1 - SUSE OpenStack Cloud 9 (x86_64): libsnmp30-32bit-5.7.3-11.3.1 libsnmp30-5.7.3-11.3.1 libsnmp30-debuginfo-32bit-5.7.3-11.3.1 libsnmp30-debuginfo-5.7.3-11.3.1 net-snmp-5.7.3-11.3.1 net-snmp-debuginfo-5.7.3-11.3.1 net-snmp-debugsource-5.7.3-11.3.1 perl-SNMP-5.7.3-11.3.1 perl-SNMP-debuginfo-5.7.3-11.3.1 snmp-mibs-5.7.3-11.3.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): net-snmp-debuginfo-5.7.3-11.3.1 net-snmp-debugsource-5.7.3-11.3.1 net-snmp-devel-5.7.3-11.3.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): libsnmp30-5.7.3-11.3.1 libsnmp30-debuginfo-5.7.3-11.3.1 net-snmp-5.7.3-11.3.1 net-snmp-debuginfo-5.7.3-11.3.1 net-snmp-debugsource-5.7.3-11.3.1 perl-SNMP-5.7.3-11.3.1 perl-SNMP-debuginfo-5.7.3-11.3.1 snmp-mibs-5.7.3-11.3.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (x86_64): libsnmp30-32bit-5.7.3-11.3.1 libsnmp30-debuginfo-32bit-5.7.3-11.3.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): libsnmp30-5.7.3-11.3.1 libsnmp30-debuginfo-5.7.3-11.3.1 net-snmp-5.7.3-11.3.1 net-snmp-debuginfo-5.7.3-11.3.1 net-snmp-debugsource-5.7.3-11.3.1 perl-SNMP-5.7.3-11.3.1 perl-SNMP-debuginfo-5.7.3-11.3.1 snmp-mibs-5.7.3-11.3.1 - SUSE Linux Enterprise Server 12-SP5 (s390x x86_64): libsnmp30-32bit-5.7.3-11.3.1 libsnmp30-debuginfo-32bit-5.7.3-11.3.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): libsnmp30-5.7.3-11.3.1 libsnmp30-debuginfo-5.7.3-11.3.1 net-snmp-5.7.3-11.3.1 net-snmp-debuginfo-5.7.3-11.3.1 net-snmp-debugsource-5.7.3-11.3.1 perl-SNMP-5.7.3-11.3.1 perl-SNMP-debuginfo-5.7.3-11.3.1 snmp-mibs-5.7.3-11.3.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (s390x x86_64): libsnmp30-32bit-5.7.3-11.3.1 libsnmp30-debuginfo-32bit-5.7.3-11.3.1 References: https://bugzilla.suse.com/1187784 https://bugzilla.suse.com/1203572 From sle-updates at lists.suse.com Wed Nov 9 17:26:14 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 9 Nov 2022 18:26:14 +0100 (CET) Subject: SUSE-RU-2022:3927-1: moderate: Recommended update for runc Message-ID: <20221109172614.6063CFDD6@maintenance.suse.de> SUSE Recommended Update: Recommended update for runc ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:3927-1 Rating: moderate References: #1202021 #1202821 Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Enterprise Storage 7 SUSE Enterprise Storage 7.1 SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Micro 5.3 SUSE Linux Enterprise Module for Containers 15-SP3 SUSE Linux Enterprise Module for Containers 15-SP4 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.1 SUSE Manager Retail Branch Server 4.2 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.1 SUSE Manager Server 4.2 SUSE Manager Server 4.3 openSUSE Leap 15.3 openSUSE Leap 15.4 openSUSE Leap Micro 5.2 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for runc fixes the following issues: - Update to runc v1.1.4 (bsc#1202021) - Fix failed exec after systemctl daemon-reload (bsc#1202821) - Fix mounting via wrong proc - Fix "permission denied" error from runc run on noexec filesystem Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap Micro 5.2: zypper in -t patch openSUSE-Leap-Micro-5.2-2022-3927=1 - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-3927=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-3927=1 - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-3927=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-3927=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-3927=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-3927=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-3927=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-3927=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-3927=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-3927=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-3927=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-3927=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2022-3927=1 - SUSE Linux Enterprise Module for Containers 15-SP4: zypper in -t patch SUSE-SLE-Module-Containers-15-SP4-2022-3927=1 - SUSE Linux Enterprise Module for Containers 15-SP3: zypper in -t patch SUSE-SLE-Module-Containers-15-SP3-2022-3927=1 - SUSE Linux Enterprise Micro 5.3: zypper in -t patch SUSE-SLE-Micro-5.3-2022-3927=1 - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-3927=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-3927=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-3927=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-3927=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-3927=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-3927=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-3927=1 - SUSE Enterprise Storage 7.1: zypper in -t patch SUSE-Storage-7.1-2022-3927=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-3927=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-3927=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - openSUSE Leap Micro 5.2 (aarch64 x86_64): runc-1.1.4-150000.36.1 runc-debuginfo-1.1.4-150000.36.1 - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): runc-1.1.4-150000.36.1 runc-debuginfo-1.1.4-150000.36.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): runc-1.1.4-150000.36.1 runc-debuginfo-1.1.4-150000.36.1 - SUSE Manager Server 4.1 (ppc64le s390x x86_64): runc-1.1.4-150000.36.1 runc-debuginfo-1.1.4-150000.36.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): runc-1.1.4-150000.36.1 runc-debuginfo-1.1.4-150000.36.1 - SUSE Manager Proxy 4.1 (x86_64): runc-1.1.4-150000.36.1 runc-debuginfo-1.1.4-150000.36.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): runc-1.1.4-150000.36.1 runc-debuginfo-1.1.4-150000.36.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): runc-1.1.4-150000.36.1 runc-debuginfo-1.1.4-150000.36.1 - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): runc-1.1.4-150000.36.1 runc-debuginfo-1.1.4-150000.36.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): runc-1.1.4-150000.36.1 runc-debuginfo-1.1.4-150000.36.1 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): runc-1.1.4-150000.36.1 runc-debuginfo-1.1.4-150000.36.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): runc-1.1.4-150000.36.1 runc-debuginfo-1.1.4-150000.36.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): runc-1.1.4-150000.36.1 runc-debuginfo-1.1.4-150000.36.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): runc-1.1.4-150000.36.1 runc-debuginfo-1.1.4-150000.36.1 - SUSE Linux Enterprise Module for Containers 15-SP4 (aarch64 ppc64le s390x x86_64): runc-1.1.4-150000.36.1 runc-debuginfo-1.1.4-150000.36.1 - SUSE Linux Enterprise Module for Containers 15-SP3 (aarch64 ppc64le s390x x86_64): runc-1.1.4-150000.36.1 runc-debuginfo-1.1.4-150000.36.1 - SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64): runc-1.1.4-150000.36.1 runc-debuginfo-1.1.4-150000.36.1 - SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64): runc-1.1.4-150000.36.1 runc-debuginfo-1.1.4-150000.36.1 - SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64): runc-1.1.4-150000.36.1 runc-debuginfo-1.1.4-150000.36.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): runc-1.1.4-150000.36.1 runc-debuginfo-1.1.4-150000.36.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): runc-1.1.4-150000.36.1 runc-debuginfo-1.1.4-150000.36.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): runc-1.1.4-150000.36.1 runc-debuginfo-1.1.4-150000.36.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): runc-1.1.4-150000.36.1 runc-debuginfo-1.1.4-150000.36.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (x86_64): runc-1.1.4-150000.36.1 runc-debuginfo-1.1.4-150000.36.1 - SUSE Enterprise Storage 7.1 (aarch64 x86_64): runc-1.1.4-150000.36.1 runc-debuginfo-1.1.4-150000.36.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): runc-1.1.4-150000.36.1 runc-debuginfo-1.1.4-150000.36.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): runc-1.1.4-150000.36.1 runc-debuginfo-1.1.4-150000.36.1 - SUSE CaaS Platform 4.0 (x86_64): runc-1.1.4-150000.36.1 runc-debuginfo-1.1.4-150000.36.1 References: https://bugzilla.suse.com/1202021 https://bugzilla.suse.com/1202821 From sle-updates at lists.suse.com Wed Nov 9 17:27:47 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 9 Nov 2022 18:27:47 +0100 (CET) Subject: SUSE-SU-2022:3925-1: important: Security update for xen Message-ID: <20221109172747.DFEC3FDD6@maintenance.suse.de> SUSE Security Update: Security update for xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3925-1 Rating: important References: #1185104 #1193923 #1203806 #1203807 #1204482 #1204485 #1204487 #1204488 #1204489 #1204490 #1204494 #1204496 Cross-References: CVE-2021-28689 CVE-2022-33746 CVE-2022-33748 CVE-2022-42309 CVE-2022-42310 CVE-2022-42311 CVE-2022-42312 CVE-2022-42313 CVE-2022-42314 CVE-2022-42315 CVE-2022-42316 CVE-2022-42317 CVE-2022-42318 CVE-2022-42319 CVE-2022-42320 CVE-2022-42321 CVE-2022-42322 CVE-2022-42323 CVE-2022-42325 CVE-2022-42326 CVSS scores: CVE-2021-28689 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2021-28689 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-33746 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2022-33746 (SUSE): 5.3 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H CVE-2022-33748 (NVD) : 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2022-33748 (SUSE): 5.3 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H CVE-2022-42309 (NVD) : 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H CVE-2022-42309 (SUSE): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H CVE-2022-42310 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-42310 (SUSE): 6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H CVE-2022-42311 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-42311 (SUSE): 6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H CVE-2022-42312 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2022-42312 (SUSE): 6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H CVE-2022-42313 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2022-42313 (SUSE): 6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H CVE-2022-42314 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2022-42314 (SUSE): 6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H CVE-2022-42315 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2022-42315 (SUSE): 6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H CVE-2022-42316 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2022-42316 (SUSE): 6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H CVE-2022-42317 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2022-42317 (SUSE): 6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H CVE-2022-42318 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2022-42318 (SUSE): 6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H CVE-2022-42319 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2022-42319 (SUSE): 6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H CVE-2022-42320 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-42320 (SUSE): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H CVE-2022-42321 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2022-42321 (SUSE): 6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H CVE-2022-42322 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-42322 (SUSE): 5.3 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H CVE-2022-42323 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-42323 (SUSE): 5.3 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H CVE-2022-42325 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-42325 (SUSE): 6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H CVE-2022-42326 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-42326 (SUSE): 6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise Server for SAP 15 ______________________________________________________________________________ An update that fixes 20 vulnerabilities is now available. Description: This update for xen fixes the following issues: - CVE-2022-33746: Fixed DoS due to excessively long P2M pool freeing (bsc#1203806). - CVE-2022-33748: Fixed DoS due to race in locking (bsc#1203807). - CVE-2021-28689: Fixed speculative vulnerabilities with bare (non-shim) 32-bit PV guests (bsc#1185104). - CVE-2022-42311, CVE-2022-42312, CVE-2022-42313, CVE-2022-42314, CVE-2022-42315, CVE-2022-42316, CVE-2022-42317, CVE-2022-42318: xen: Xenstore: Guests can let xenstored run out of memory (bsc#1204482) - CVE-2022-42309: xen: Xenstore: Guests can crash xenstored (bsc#1204485) - CVE-2022-42310: xen: Xenstore: Guests can create orphaned Xenstore nodes (bsc#1204487) - CVE-2022-42319: xen: Xenstore: Guests can cause Xenstore to not free temporary memory (bsc#1204488) - CVE-2022-42320: xen: Xenstore: Guests can get access to Xenstore nodes of deleted domains (bsc#1204489) - CVE-2022-42321: xen: Xenstore: Guests can crash xenstored via exhausting the stack (bsc#1204490) - CVE-2022-42322,CVE-2022-42323: xen: Xenstore: cooperating guests can create arbitrary numbers of nodes (bsc#1204494) - CVE-2022-42325,CVE-2022-42326: xen: Xenstore: Guests can create arbitrary number of nodes via transactions (bsc#1204496) - xen: Frontends vulnerable to backends (bsc#1193923) Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-3925=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-3925=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-3925=1 Package List: - SUSE Linux Enterprise Server for SAP 15 (x86_64): xen-4.10.4_40-150000.3.84.1 xen-debugsource-4.10.4_40-150000.3.84.1 xen-devel-4.10.4_40-150000.3.84.1 xen-libs-4.10.4_40-150000.3.84.1 xen-libs-debuginfo-4.10.4_40-150000.3.84.1 xen-tools-4.10.4_40-150000.3.84.1 xen-tools-debuginfo-4.10.4_40-150000.3.84.1 xen-tools-domU-4.10.4_40-150000.3.84.1 xen-tools-domU-debuginfo-4.10.4_40-150000.3.84.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (x86_64): xen-4.10.4_40-150000.3.84.1 xen-debugsource-4.10.4_40-150000.3.84.1 xen-devel-4.10.4_40-150000.3.84.1 xen-libs-4.10.4_40-150000.3.84.1 xen-libs-debuginfo-4.10.4_40-150000.3.84.1 xen-tools-4.10.4_40-150000.3.84.1 xen-tools-debuginfo-4.10.4_40-150000.3.84.1 xen-tools-domU-4.10.4_40-150000.3.84.1 xen-tools-domU-debuginfo-4.10.4_40-150000.3.84.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (x86_64): xen-4.10.4_40-150000.3.84.1 xen-debugsource-4.10.4_40-150000.3.84.1 xen-devel-4.10.4_40-150000.3.84.1 xen-libs-4.10.4_40-150000.3.84.1 xen-libs-debuginfo-4.10.4_40-150000.3.84.1 xen-tools-4.10.4_40-150000.3.84.1 xen-tools-debuginfo-4.10.4_40-150000.3.84.1 xen-tools-domU-4.10.4_40-150000.3.84.1 xen-tools-domU-debuginfo-4.10.4_40-150000.3.84.1 References: https://www.suse.com/security/cve/CVE-2021-28689.html https://www.suse.com/security/cve/CVE-2022-33746.html https://www.suse.com/security/cve/CVE-2022-33748.html https://www.suse.com/security/cve/CVE-2022-42309.html https://www.suse.com/security/cve/CVE-2022-42310.html https://www.suse.com/security/cve/CVE-2022-42311.html https://www.suse.com/security/cve/CVE-2022-42312.html https://www.suse.com/security/cve/CVE-2022-42313.html https://www.suse.com/security/cve/CVE-2022-42314.html https://www.suse.com/security/cve/CVE-2022-42315.html https://www.suse.com/security/cve/CVE-2022-42316.html https://www.suse.com/security/cve/CVE-2022-42317.html https://www.suse.com/security/cve/CVE-2022-42318.html https://www.suse.com/security/cve/CVE-2022-42319.html https://www.suse.com/security/cve/CVE-2022-42320.html https://www.suse.com/security/cve/CVE-2022-42321.html https://www.suse.com/security/cve/CVE-2022-42322.html https://www.suse.com/security/cve/CVE-2022-42323.html https://www.suse.com/security/cve/CVE-2022-42325.html https://www.suse.com/security/cve/CVE-2022-42326.html https://bugzilla.suse.com/1185104 https://bugzilla.suse.com/1193923 https://bugzilla.suse.com/1203806 https://bugzilla.suse.com/1203807 https://bugzilla.suse.com/1204482 https://bugzilla.suse.com/1204485 https://bugzilla.suse.com/1204487 https://bugzilla.suse.com/1204488 https://bugzilla.suse.com/1204489 https://bugzilla.suse.com/1204490 https://bugzilla.suse.com/1204494 https://bugzilla.suse.com/1204496 From sle-updates at lists.suse.com Thu Nov 10 08:44:31 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 10 Nov 2022 09:44:31 +0100 (CET) Subject: SUSE-CU-2022:2895-1: Security update of suse/sle15 Message-ID: <20221110084431.4CB2CFDB8@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2895-1 Container Tags : suse/sle15:15.2 , suse/sle15:15.2.9.5.223 Container Release : 9.5.223 Severity : important Type : security References : 1194530 1203681 1204256 CVE-2021-22569 CVE-2022-1941 CVE-2022-3171 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3922-1 Released: Wed Nov 9 09:03:33 2022 Summary: Security update for protobuf Type: security Severity: important References: 1194530,1203681,1204256,CVE-2021-22569,CVE-2022-1941,CVE-2022-3171 This update for protobuf fixes the following issues: - CVE-2021-22569: Fixed Denial of Service in protobuf-java in the parsing procedure for binary data (bsc#1194530). - CVE-2022-1941: Fix a potential DoS issue in protobuf-cpp and protobuf-python (bsc#1203681) - CVE-2022-3171: Fix a potential DoS issue when parsing with binary data in protobuf-java (bsc#1204256) The following package changes have been done: - libprotobuf-lite20-3.9.2-150200.4.19.2 updated From sle-updates at lists.suse.com Thu Nov 10 08:52:57 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 10 Nov 2022 09:52:57 +0100 (CET) Subject: SUSE-CU-2022:2896-1: Security update of bci/bci-init Message-ID: <20221110085257.32E33FDB8@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-init ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2896-1 Container Tags : bci/bci-init:15.3 , bci/bci-init:15.3.21.39 Container Release : 21.39 Severity : important Type : security References : 1194530 1203681 1204256 CVE-2021-22569 CVE-2022-1941 CVE-2022-3171 ----------------------------------------------------------------- The container bci/bci-init was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3922-1 Released: Wed Nov 9 09:03:33 2022 Summary: Security update for protobuf Type: security Severity: important References: 1194530,1203681,1204256,CVE-2021-22569,CVE-2022-1941,CVE-2022-3171 This update for protobuf fixes the following issues: - CVE-2021-22569: Fixed Denial of Service in protobuf-java in the parsing procedure for binary data (bsc#1194530). - CVE-2022-1941: Fix a potential DoS issue in protobuf-cpp and protobuf-python (bsc#1203681) - CVE-2022-3171: Fix a potential DoS issue when parsing with binary data in protobuf-java (bsc#1204256) The following package changes have been done: - libprotobuf-lite20-3.9.2-150200.4.19.2 updated - container:sles15-image-15.0.0-17.20.65 updated From sle-updates at lists.suse.com Thu Nov 10 09:00:35 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 10 Nov 2022 10:00:35 +0100 (CET) Subject: SUSE-CU-2022:2897-1: Security update of bci/nodejs Message-ID: <20221110090035.9BB69FDB8@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2897-1 Container Tags : bci/node:12 , bci/node:12-17.48 , bci/nodejs:12 , bci/nodejs:12-17.48 Container Release : 17.48 Severity : important Type : security References : 1194530 1203681 1204256 CVE-2021-22569 CVE-2022-1941 CVE-2022-3171 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3922-1 Released: Wed Nov 9 09:03:33 2022 Summary: Security update for protobuf Type: security Severity: important References: 1194530,1203681,1204256,CVE-2021-22569,CVE-2022-1941,CVE-2022-3171 This update for protobuf fixes the following issues: - CVE-2021-22569: Fixed Denial of Service in protobuf-java in the parsing procedure for binary data (bsc#1194530). - CVE-2022-1941: Fix a potential DoS issue in protobuf-cpp and protobuf-python (bsc#1203681) - CVE-2022-3171: Fix a potential DoS issue when parsing with binary data in protobuf-java (bsc#1204256) The following package changes have been done: - libprotobuf-lite20-3.9.2-150200.4.19.2 updated - container:sles15-image-15.0.0-17.20.65 updated From sle-updates at lists.suse.com Thu Nov 10 09:08:37 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 10 Nov 2022 10:08:37 +0100 (CET) Subject: SUSE-CU-2022:2898-1: Security update of bci/python Message-ID: <20221110090837.989DBFDB8@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2898-1 Container Tags : bci/python:3 , bci/python:3.9 , bci/python:3.9-20.23 Container Release : 20.23 Severity : important Type : security References : 1194530 1203681 1204256 CVE-2021-22569 CVE-2022-1941 CVE-2022-3171 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3922-1 Released: Wed Nov 9 09:03:33 2022 Summary: Security update for protobuf Type: security Severity: important References: 1194530,1203681,1204256,CVE-2021-22569,CVE-2022-1941,CVE-2022-3171 This update for protobuf fixes the following issues: - CVE-2021-22569: Fixed Denial of Service in protobuf-java in the parsing procedure for binary data (bsc#1194530). - CVE-2022-1941: Fix a potential DoS issue in protobuf-cpp and protobuf-python (bsc#1203681) - CVE-2022-3171: Fix a potential DoS issue when parsing with binary data in protobuf-java (bsc#1204256) The following package changes have been done: - libprotobuf-lite20-3.9.2-150200.4.19.2 updated - container:sles15-image-15.0.0-17.20.65 updated From sle-updates at lists.suse.com Thu Nov 10 09:20:26 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 10 Nov 2022 10:20:26 +0100 (CET) Subject: SUSE-CU-2022:2899-1: Security update of suse/sle15 Message-ID: <20221110092026.E6225FDB8@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2899-1 Container Tags : bci/bci-base:15.3 , bci/bci-base:15.3.17.20.65 , suse/sle15:15.3 , suse/sle15:15.3.17.20.65 Container Release : 17.20.65 Severity : important Type : security References : 1194530 1203681 1204256 CVE-2021-22569 CVE-2022-1941 CVE-2022-3171 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3922-1 Released: Wed Nov 9 09:03:33 2022 Summary: Security update for protobuf Type: security Severity: important References: 1194530,1203681,1204256,CVE-2021-22569,CVE-2022-1941,CVE-2022-3171 This update for protobuf fixes the following issues: - CVE-2021-22569: Fixed Denial of Service in protobuf-java in the parsing procedure for binary data (bsc#1194530). - CVE-2022-1941: Fix a potential DoS issue in protobuf-cpp and protobuf-python (bsc#1203681) - CVE-2022-3171: Fix a potential DoS issue when parsing with binary data in protobuf-java (bsc#1204256) The following package changes have been done: - libprotobuf-lite20-3.9.2-150200.4.19.2 updated From sle-updates at lists.suse.com Thu Nov 10 09:29:36 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 10 Nov 2022 10:29:36 +0100 (CET) Subject: SUSE-CU-2022:2904-1: Recommended update of bci/dotnet-sdk Message-ID: <20221110092936.16B55FDB8@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-sdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2904-1 Container Tags : bci/dotnet-sdk:3.1 , bci/dotnet-sdk:3.1-47.20 , bci/dotnet-sdk:3.1.30 , bci/dotnet-sdk:3.1.30-47.20 Container Release : 47.20 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container bci/dotnet-sdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3910-1 Released: Tue Nov 8 13:05:04 2022 Summary: Recommended update for pam Type: recommended Severity: moderate References: This update for pam fixes the following issue: - Update pam_motd to the most current version. (PED-1712) The following package changes have been done: - pam-1.3.0-150000.6.61.1 updated - container:sles15-image-15.0.0-27.14.11 updated From sle-updates at lists.suse.com Thu Nov 10 09:45:10 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 10 Nov 2022 10:45:10 +0100 (CET) Subject: SUSE-CU-2022:2911-1: Recommended update of bci/golang Message-ID: <20221110094510.4C39EFDD6@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2911-1 Container Tags : bci/golang:1.17 , bci/golang:1.17-29.76 Container Release : 29.76 Severity : moderate Type : recommended References : 1192439 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3904-1 Released: Tue Nov 8 10:52:13 2022 Summary: Recommended update for openssh Type: recommended Severity: moderate References: 1192439 This update for openssh fixes the following issue: - Prevent empty messages from being sent. (bsc#1192439) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3910-1 Released: Tue Nov 8 13:05:04 2022 Summary: Recommended update for pam Type: recommended Severity: moderate References: This update for pam fixes the following issue: - Update pam_motd to the most current version. (PED-1712) The following package changes have been done: - pam-1.3.0-150000.6.61.1 updated - openssh-common-8.4p1-150300.3.12.2 updated - openssh-fips-8.4p1-150300.3.12.2 updated - openssh-clients-8.4p1-150300.3.12.2 updated - container:sles15-image-15.0.0-27.14.11 updated From sle-updates at lists.suse.com Thu Nov 10 09:47:25 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 10 Nov 2022 10:47:25 +0100 (CET) Subject: SUSE-CU-2022:2893-1: Recommended update of bci/golang Message-ID: <20221110094725.5608EFDD6@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2893-1 Container Tags : bci/golang:1.18 , bci/golang:1.18-18.21 Container Release : 18.21 Severity : moderate Type : recommended References : 1192439 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3904-1 Released: Tue Nov 8 10:52:13 2022 Summary: Recommended update for openssh Type: recommended Severity: moderate References: 1192439 This update for openssh fixes the following issue: - Prevent empty messages from being sent. (bsc#1192439) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3910-1 Released: Tue Nov 8 13:05:04 2022 Summary: Recommended update for pam Type: recommended Severity: moderate References: This update for pam fixes the following issue: - Update pam_motd to the most current version. (PED-1712) The following package changes have been done: - pam-1.3.0-150000.6.61.1 updated - openssh-common-8.4p1-150300.3.12.2 updated - openssh-fips-8.4p1-150300.3.12.2 updated - openssh-clients-8.4p1-150300.3.12.2 updated - container:sles15-image-15.0.0-27.14.10 updated From sle-updates at lists.suse.com Thu Nov 10 09:49:12 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 10 Nov 2022 10:49:12 +0100 (CET) Subject: SUSE-CU-2022:2913-1: Recommended update of bci/bci-init Message-ID: <20221110094912.9577DFDD6@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-init ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2913-1 Container Tags : bci/bci-init:15.4 , bci/bci-init:15.4.24.22 , bci/bci-init:latest Container Release : 24.22 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container bci/bci-init was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3910-1 Released: Tue Nov 8 13:05:04 2022 Summary: Recommended update for pam Type: recommended Severity: moderate References: This update for pam fixes the following issue: - Update pam_motd to the most current version. (PED-1712) The following package changes have been done: - pam-1.3.0-150000.6.61.1 updated - container:sles15-image-15.0.0-27.14.10 updated From sle-updates at lists.suse.com Thu Nov 10 09:50:53 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 10 Nov 2022 10:50:53 +0100 (CET) Subject: SUSE-CU-2022:2915-1: Recommended update of bci/nodejs Message-ID: <20221110095053.F12E8FDB8@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2915-1 Container Tags : bci/node:14 , bci/node:14-35.19 , bci/nodejs:14 , bci/nodejs:14-35.19 Container Release : 35.19 Severity : moderate Type : recommended References : 1192439 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3904-1 Released: Tue Nov 8 10:52:13 2022 Summary: Recommended update for openssh Type: recommended Severity: moderate References: 1192439 This update for openssh fixes the following issue: - Prevent empty messages from being sent. (bsc#1192439) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3910-1 Released: Tue Nov 8 13:05:04 2022 Summary: Recommended update for pam Type: recommended Severity: moderate References: This update for pam fixes the following issue: - Update pam_motd to the most current version. (PED-1712) The following package changes have been done: - pam-1.3.0-150000.6.61.1 updated - openssh-common-8.4p1-150300.3.12.2 updated - openssh-fips-8.4p1-150300.3.12.2 updated - openssh-clients-8.4p1-150300.3.12.2 updated - container:sles15-image-15.0.0-27.14.10 updated From sle-updates at lists.suse.com Thu Nov 10 09:51:51 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 10 Nov 2022 10:51:51 +0100 (CET) Subject: SUSE-CU-2022:2917-1: Recommended update of bci/nodejs Message-ID: <20221110095151.9BB6BFDB8@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2917-1 Container Tags : bci/node:16 , bci/node:16-11.19 , bci/node:latest , bci/nodejs:16 , bci/nodejs:16-11.19 , bci/nodejs:latest Container Release : 11.19 Severity : moderate Type : recommended References : 1192439 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3904-1 Released: Tue Nov 8 10:52:13 2022 Summary: Recommended update for openssh Type: recommended Severity: moderate References: 1192439 This update for openssh fixes the following issue: - Prevent empty messages from being sent. (bsc#1192439) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3910-1 Released: Tue Nov 8 13:05:04 2022 Summary: Recommended update for pam Type: recommended Severity: moderate References: This update for pam fixes the following issue: - Update pam_motd to the most current version. (PED-1712) The following package changes have been done: - pam-1.3.0-150000.6.61.1 updated - openssh-common-8.4p1-150300.3.12.2 updated - openssh-fips-8.4p1-150300.3.12.2 updated - openssh-clients-8.4p1-150300.3.12.2 updated - container:sles15-image-15.0.0-27.14.10 updated From sle-updates at lists.suse.com Thu Nov 10 09:54:48 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 10 Nov 2022 10:54:48 +0100 (CET) Subject: SUSE-CU-2022:2919-1: Security update of bci/openjdk-devel Message-ID: <20221110095448.1B3BCFDB8@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2919-1 Container Tags : bci/openjdk-devel:11 , bci/openjdk-devel:11-36.43 , bci/openjdk-devel:latest Container Release : 36.43 Severity : important Type : security References : 1190651 1191546 1192439 1198980 1201298 1202148 1202870 1204708 1204729 CVE-2022-43680 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3870-1 Released: Fri Nov 4 11:12:08 2022 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1190651,1202148 This update for openssl-1_1 fixes the following issues: - FIPS: Add a missing dependency on jitterentropy-devel for libopenssl-1_1-devel (bsc#1202148) - FIPS: OpenSSL service-level indicator: Allow AES XTS 256 (bsc#1190651) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3873-1 Released: Fri Nov 4 14:58:08 2022 Summary: Recommended update for mozilla-nspr, mozilla-nss Type: recommended Severity: moderate References: 1191546,1198980,1201298,1202870,1204729 This update for mozilla-nspr, mozilla-nss fixes the following issues: mozilla-nspr was updated to version 4.34.1: * add file descriptor sanity checks in the NSPR poll function. mozilla-nss was updated to NSS 3.79.2 (bsc#1204729): * Bump minimum NSPR version to 4.34.1. * Gracefully handle null nickname in CERT_GetCertNicknameWithValidity. Other fixes that were applied: - FIPS: Allow the use of DSA keys (verification only) (bsc#1201298). - FIPS: Add sftk_FIPSRepeatIntegrityCheck() to softoken's .def file (bsc#1198980). - FIPS: Allow the use of longer symmetric keys via the service level indicator (bsc#1191546). - FIPS: Prevent TLS sessions from getting flagged as non-FIPS (bsc#1191546). - FIPS: Mark DSA keygen unapproved (bsc#1191546, bsc#1201298). - FIPS: Use libjitterentropy for entropy (bsc#1202870). - FIPS: Fixed an abort() when both NSS_FIPS and /proc FIPS mode are enabled. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3884-1 Released: Mon Nov 7 10:59:26 2022 Summary: Security update for expat Type: security Severity: important References: 1204708,CVE-2022-43680 This update for expat fixes the following issues: - CVE-2022-43680: Fixed use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate (bsc#1204708). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3904-1 Released: Tue Nov 8 10:52:13 2022 Summary: Recommended update for openssh Type: recommended Severity: moderate References: 1192439 This update for openssh fixes the following issue: - Prevent empty messages from being sent. (bsc#1192439) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3910-1 Released: Tue Nov 8 13:05:04 2022 Summary: Recommended update for pam Type: recommended Severity: moderate References: This update for pam fixes the following issue: - Update pam_motd to the most current version. (PED-1712) The following package changes have been done: - libopenssl1_1-1.1.1l-150400.7.13.1 updated - libopenssl1_1-hmac-1.1.1l-150400.7.13.1 updated - pam-1.3.0-150000.6.61.1 updated - openssl-1_1-1.1.1l-150400.7.13.1 updated - libexpat1-2.4.4-150400.3.12.1 updated - mozilla-nspr-4.34.1-150000.3.26.1 updated - openssh-common-8.4p1-150300.3.12.2 updated - openssh-fips-8.4p1-150300.3.12.2 updated - openssh-clients-8.4p1-150300.3.12.2 updated - container:bci-openjdk-11-15.4-32.20 updated From sle-updates at lists.suse.com Thu Nov 10 09:57:08 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 10 Nov 2022 10:57:08 +0100 (CET) Subject: SUSE-CU-2022:2921-1: Recommended update of suse/pcp Message-ID: <20221110095708.74731FDB8@maintenance.suse.de> SUSE Container Update Advisory: suse/pcp ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2921-1 Container Tags : suse/pcp:5 , suse/pcp:5.2 , suse/pcp:5.2.2 , suse/pcp:5.2.2-11.54 , suse/pcp:latest Container Release : 11.54 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container suse/pcp was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3910-1 Released: Tue Nov 8 13:05:04 2022 Summary: Recommended update for pam Type: recommended Severity: moderate References: This update for pam fixes the following issue: - Update pam_motd to the most current version. (PED-1712) The following package changes have been done: - pam-1.3.0-150000.6.61.1 updated - container:bci-bci-init-15.4-15.4-24.22 updated From sle-updates at lists.suse.com Thu Nov 10 09:58:32 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 10 Nov 2022 10:58:32 +0100 (CET) Subject: SUSE-CU-2022:2923-1: Recommended update of bci/python Message-ID: <20221110095832.DA498FDB8@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2923-1 Container Tags : bci/python:3 , bci/python:3.10 , bci/python:3.10-7.19 , bci/python:latest Container Release : 7.19 Severity : moderate Type : recommended References : 1192439 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3904-1 Released: Tue Nov 8 10:52:13 2022 Summary: Recommended update for openssh Type: recommended Severity: moderate References: 1192439 This update for openssh fixes the following issue: - Prevent empty messages from being sent. (bsc#1192439) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3910-1 Released: Tue Nov 8 13:05:04 2022 Summary: Recommended update for pam Type: recommended Severity: moderate References: This update for pam fixes the following issue: - Update pam_motd to the most current version. (PED-1712) The following package changes have been done: - pam-1.3.0-150000.6.61.1 updated - openssh-common-8.4p1-150300.3.12.2 updated - openssh-fips-8.4p1-150300.3.12.2 updated - openssh-clients-8.4p1-150300.3.12.2 updated - container:sles15-image-15.0.0-27.14.10 updated From sle-updates at lists.suse.com Thu Nov 10 10:00:06 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 10 Nov 2022 11:00:06 +0100 (CET) Subject: SUSE-CU-2022:2925-1: Recommended update of bci/python Message-ID: <20221110100006.491D4FDD6@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2925-1 Container Tags : bci/python:3 , bci/python:3.6 , bci/python:3.6-30.19 Container Release : 30.19 Severity : moderate Type : recommended References : 1192439 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3904-1 Released: Tue Nov 8 10:52:13 2022 Summary: Recommended update for openssh Type: recommended Severity: moderate References: 1192439 This update for openssh fixes the following issue: - Prevent empty messages from being sent. (bsc#1192439) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3910-1 Released: Tue Nov 8 13:05:04 2022 Summary: Recommended update for pam Type: recommended Severity: moderate References: This update for pam fixes the following issue: - Update pam_motd to the most current version. (PED-1712) The following package changes have been done: - pam-1.3.0-150000.6.61.1 updated - openssh-common-8.4p1-150300.3.12.2 updated - openssh-fips-8.4p1-150300.3.12.2 updated - openssh-clients-8.4p1-150300.3.12.2 updated - container:sles15-image-15.0.0-27.14.10 updated From sle-updates at lists.suse.com Thu Nov 10 10:03:01 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 10 Nov 2022 11:03:01 +0100 (CET) Subject: SUSE-CU-2022:2927-1: Recommended update of bci/ruby Message-ID: <20221110100301.ACDB9FDD6@maintenance.suse.de> SUSE Container Update Advisory: bci/ruby ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2927-1 Container Tags : bci/ruby:2 , bci/ruby:2.5 , bci/ruby:2.5-31.16 , bci/ruby:latest Container Release : 31.16 Severity : moderate Type : recommended References : 1192439 ----------------------------------------------------------------- The container bci/ruby was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3904-1 Released: Tue Nov 8 10:52:13 2022 Summary: Recommended update for openssh Type: recommended Severity: moderate References: 1192439 This update for openssh fixes the following issue: - Prevent empty messages from being sent. (bsc#1192439) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3910-1 Released: Tue Nov 8 13:05:04 2022 Summary: Recommended update for pam Type: recommended Severity: moderate References: This update for pam fixes the following issue: - Update pam_motd to the most current version. (PED-1712) The following package changes have been done: - pam-1.3.0-150000.6.61.1 updated - openssh-common-8.4p1-150300.3.12.2 updated - openssh-fips-8.4p1-150300.3.12.2 updated - openssh-clients-8.4p1-150300.3.12.2 updated - container:sles15-image-15.0.0-27.14.10 updated From sle-updates at lists.suse.com Thu Nov 10 10:04:56 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 10 Nov 2022 11:04:56 +0100 (CET) Subject: SUSE-CU-2022:2929-1: Recommended update of bci/rust Message-ID: <20221110100456.639CBFDD6@maintenance.suse.de> SUSE Container Update Advisory: bci/rust ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2929-1 Container Tags : bci/rust:1.59 , bci/rust:1.59-9.84 Container Release : 9.84 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container bci/rust was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3910-1 Released: Tue Nov 8 13:05:04 2022 Summary: Recommended update for pam Type: recommended Severity: moderate References: This update for pam fixes the following issue: - Update pam_motd to the most current version. (PED-1712) The following package changes have been done: - pam-1.3.0-150000.6.61.1 updated - container:sles15-image-15.0.0-27.14.10 updated From sle-updates at lists.suse.com Thu Nov 10 10:06:39 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 10 Nov 2022 11:06:39 +0100 (CET) Subject: SUSE-CU-2022:2931-1: Recommended update of bci/rust Message-ID: <20221110100639.DE6FEFDD6@maintenance.suse.de> SUSE Container Update Advisory: bci/rust ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2931-1 Container Tags : bci/rust:1.60 , bci/rust:1.60-6.24 Container Release : 6.24 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container bci/rust was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3910-1 Released: Tue Nov 8 13:05:04 2022 Summary: Recommended update for pam Type: recommended Severity: moderate References: This update for pam fixes the following issue: - Update pam_motd to the most current version. (PED-1712) The following package changes have been done: - pam-1.3.0-150000.6.61.1 updated - container:sles15-image-15.0.0-27.14.10 updated From sle-updates at lists.suse.com Thu Nov 10 10:08:15 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 10 Nov 2022 11:08:15 +0100 (CET) Subject: SUSE-CU-2022:2933-1: Recommended update of bci/rust Message-ID: <20221110100815.BA628FDD6@maintenance.suse.de> SUSE Container Update Advisory: bci/rust ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2933-1 Container Tags : bci/rust:1.61 , bci/rust:1.61-7.24 Container Release : 7.24 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container bci/rust was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3910-1 Released: Tue Nov 8 13:05:04 2022 Summary: Recommended update for pam Type: recommended Severity: moderate References: This update for pam fixes the following issue: - Update pam_motd to the most current version. (PED-1712) The following package changes have been done: - pam-1.3.0-150000.6.61.1 updated - container:sles15-image-15.0.0-27.14.10 updated From sle-updates at lists.suse.com Thu Nov 10 10:09:46 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 10 Nov 2022 11:09:46 +0100 (CET) Subject: SUSE-CU-2022:2935-1: Recommended update of bci/rust Message-ID: <20221110100946.F21F3FDD6@maintenance.suse.de> SUSE Container Update Advisory: bci/rust ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2935-1 Container Tags : bci/rust:1.62 , bci/rust:1.62-3.23 , bci/rust:latest Container Release : 3.23 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container bci/rust was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3910-1 Released: Tue Nov 8 13:05:04 2022 Summary: Recommended update for pam Type: recommended Severity: moderate References: This update for pam fixes the following issue: - Update pam_motd to the most current version. (PED-1712) The following package changes have been done: - pam-1.3.0-150000.6.61.1 updated - container:sles15-image-15.0.0-27.14.10 updated From sle-updates at lists.suse.com Thu Nov 10 10:10:24 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 10 Nov 2022 11:10:24 +0100 (CET) Subject: SUSE-CU-2022:2937-1: Recommended update of bci/rust Message-ID: <20221110101025.0085AFDD6@maintenance.suse.de> SUSE Container Update Advisory: bci/rust ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2937-1 Container Tags : bci/rust:1.63 , bci/rust:1.63-3.16 , bci/rust:latest Container Release : 3.16 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container bci/rust was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3910-1 Released: Tue Nov 8 13:05:04 2022 Summary: Recommended update for pam Type: recommended Severity: moderate References: This update for pam fixes the following issue: - Update pam_motd to the most current version. (PED-1712) The following package changes have been done: - pam-1.3.0-150000.6.61.1 updated - container:sles15-image-15.0.0-27.14.10 updated From sle-updates at lists.suse.com Thu Nov 10 14:22:39 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 10 Nov 2022 15:22:39 +0100 (CET) Subject: SUSE-SU-2022:3928-1: important: Security update for xen Message-ID: <20221110142239.05D55FDD6@maintenance.suse.de> SUSE Security Update: Security update for xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3928-1 Rating: important References: #1185104 #1193923 #1199966 #1200762 #1203806 #1203807 #1204482 #1204485 #1204487 #1204488 #1204489 #1204490 #1204494 #1204496 Cross-References: CVE-2021-28689 CVE-2022-26365 CVE-2022-33740 CVE-2022-33741 CVE-2022-33742 CVE-2022-33746 CVE-2022-33748 CVE-2022-42309 CVE-2022-42310 CVE-2022-42311 CVE-2022-42312 CVE-2022-42313 CVE-2022-42314 CVE-2022-42315 CVE-2022-42316 CVE-2022-42317 CVE-2022-42318 CVE-2022-42319 CVE-2022-42320 CVE-2022-42321 CVE-2022-42322 CVE-2022-42323 CVE-2022-42325 CVE-2022-42326 CVSS scores: CVE-2021-28689 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2021-28689 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-26365 (NVD) : 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H CVE-2022-26365 (SUSE): 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H CVE-2022-33740 (NVD) : 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H CVE-2022-33740 (SUSE): 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H CVE-2022-33741 (NVD) : 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H CVE-2022-33741 (SUSE): 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H CVE-2022-33742 (NVD) : 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H CVE-2022-33742 (SUSE): 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H CVE-2022-33746 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2022-33746 (SUSE): 5.3 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H CVE-2022-33748 (NVD) : 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2022-33748 (SUSE): 5.3 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H CVE-2022-42309 (NVD) : 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H CVE-2022-42309 (SUSE): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H CVE-2022-42310 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-42310 (SUSE): 6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H CVE-2022-42311 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-42311 (SUSE): 6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H CVE-2022-42312 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2022-42312 (SUSE): 6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H CVE-2022-42313 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2022-42313 (SUSE): 6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H CVE-2022-42314 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2022-42314 (SUSE): 6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H CVE-2022-42315 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2022-42315 (SUSE): 6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H CVE-2022-42316 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2022-42316 (SUSE): 6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H CVE-2022-42317 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2022-42317 (SUSE): 6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H CVE-2022-42318 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2022-42318 (SUSE): 6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H CVE-2022-42319 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2022-42319 (SUSE): 6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H CVE-2022-42320 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-42320 (SUSE): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H CVE-2022-42321 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2022-42321 (SUSE): 6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H CVE-2022-42322 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-42322 (SUSE): 5.3 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H CVE-2022-42323 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-42323 (SUSE): 5.3 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H CVE-2022-42325 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-42325 (SUSE): 6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H CVE-2022-42326 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-42326 (SUSE): 6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server for SAP 15-SP1 ______________________________________________________________________________ An update that fixes 24 vulnerabilities is now available. Description: This update for xen fixes the following issues: - CVE-2022-33746: Fixed DoS due to excessively long P2M pool freeing (bsc#1203806). - CVE-2022-33748: Fixed DoS due to race in locking (bsc#1203807). - CVE-2021-28689: Fixed speculative vulnerabilities with bare (non-shim) 32-bit PV guests (bsc#1185104). - CVE-2022-42311, CVE-2022-42312, CVE-2022-42313, CVE-2022-42314, CVE-2022-42315, CVE-2022-42316, CVE-2022-42317, CVE-2022-42318: xen: Xenstore: Guests can let xenstored run out of memory (bsc#1204482) - CVE-2022-42309: xen: Xenstore: Guests can crash xenstored (bsc#1204485) - CVE-2022-42310: xen: Xenstore: Guests can create orphaned Xenstore nodes (bsc#1204487) - CVE-2022-42319: xen: Xenstore: Guests can cause Xenstore to not free temporary memory (bsc#1204488) - CVE-2022-42320: xen: Xenstore: Guests can get access to Xenstore nodes of deleted domains (bsc#1204489) - CVE-2022-42321: xen: Xenstore: Guests can crash xenstored via exhausting the stack (bsc#1204490) - CVE-2022-42322,CVE-2022-42323: xen: Xenstore: cooperating guests can create arbitrary numbers of nodes (bsc#1204494) - CVE-2022-42325,CVE-2022-42326: xen: Xenstore: Guests can create arbitray number of nodes via transactions (bsc#1204496) - CVE-2022-26363,CVE-2022-26364: xen: Insufficient care with non-coherent mappings (bsc#1199966). - CVE-2022-26365,CVE-2022-33740,CVE-2022-33741,CVE-2022-33742: xen: Linux disk/nic frontends data leaks (bsc#1200762). - xen: Frontends vulnerable to backends (bsc#1193923). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-3928=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-3928=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-3928=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-3928=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-3928=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-3928=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Linux Enterprise Server for SAP 15-SP1 (x86_64): xen-4.12.4_30-150100.3.80.1 xen-debugsource-4.12.4_30-150100.3.80.1 xen-devel-4.12.4_30-150100.3.80.1 xen-libs-4.12.4_30-150100.3.80.1 xen-libs-debuginfo-4.12.4_30-150100.3.80.1 xen-tools-4.12.4_30-150100.3.80.1 xen-tools-debuginfo-4.12.4_30-150100.3.80.1 xen-tools-domU-4.12.4_30-150100.3.80.1 xen-tools-domU-debuginfo-4.12.4_30-150100.3.80.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (x86_64): xen-4.12.4_30-150100.3.80.1 xen-debugsource-4.12.4_30-150100.3.80.1 xen-devel-4.12.4_30-150100.3.80.1 xen-libs-4.12.4_30-150100.3.80.1 xen-libs-debuginfo-4.12.4_30-150100.3.80.1 xen-tools-4.12.4_30-150100.3.80.1 xen-tools-debuginfo-4.12.4_30-150100.3.80.1 xen-tools-domU-4.12.4_30-150100.3.80.1 xen-tools-domU-debuginfo-4.12.4_30-150100.3.80.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): xen-4.12.4_30-150100.3.80.1 xen-debugsource-4.12.4_30-150100.3.80.1 xen-devel-4.12.4_30-150100.3.80.1 xen-libs-4.12.4_30-150100.3.80.1 xen-libs-debuginfo-4.12.4_30-150100.3.80.1 xen-tools-4.12.4_30-150100.3.80.1 xen-tools-debuginfo-4.12.4_30-150100.3.80.1 xen-tools-domU-4.12.4_30-150100.3.80.1 xen-tools-domU-debuginfo-4.12.4_30-150100.3.80.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (x86_64): xen-4.12.4_30-150100.3.80.1 xen-debugsource-4.12.4_30-150100.3.80.1 xen-devel-4.12.4_30-150100.3.80.1 xen-libs-4.12.4_30-150100.3.80.1 xen-libs-debuginfo-4.12.4_30-150100.3.80.1 xen-tools-4.12.4_30-150100.3.80.1 xen-tools-debuginfo-4.12.4_30-150100.3.80.1 xen-tools-domU-4.12.4_30-150100.3.80.1 xen-tools-domU-debuginfo-4.12.4_30-150100.3.80.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (x86_64): xen-4.12.4_30-150100.3.80.1 xen-debugsource-4.12.4_30-150100.3.80.1 xen-devel-4.12.4_30-150100.3.80.1 xen-libs-4.12.4_30-150100.3.80.1 xen-libs-debuginfo-4.12.4_30-150100.3.80.1 xen-tools-4.12.4_30-150100.3.80.1 xen-tools-debuginfo-4.12.4_30-150100.3.80.1 xen-tools-domU-4.12.4_30-150100.3.80.1 xen-tools-domU-debuginfo-4.12.4_30-150100.3.80.1 - SUSE Enterprise Storage 6 (x86_64): xen-4.12.4_30-150100.3.80.1 xen-debugsource-4.12.4_30-150100.3.80.1 xen-devel-4.12.4_30-150100.3.80.1 xen-libs-4.12.4_30-150100.3.80.1 xen-libs-debuginfo-4.12.4_30-150100.3.80.1 xen-tools-4.12.4_30-150100.3.80.1 xen-tools-debuginfo-4.12.4_30-150100.3.80.1 xen-tools-domU-4.12.4_30-150100.3.80.1 xen-tools-domU-debuginfo-4.12.4_30-150100.3.80.1 - SUSE CaaS Platform 4.0 (x86_64): xen-4.12.4_30-150100.3.80.1 xen-debugsource-4.12.4_30-150100.3.80.1 xen-devel-4.12.4_30-150100.3.80.1 xen-libs-4.12.4_30-150100.3.80.1 xen-libs-debuginfo-4.12.4_30-150100.3.80.1 xen-tools-4.12.4_30-150100.3.80.1 xen-tools-debuginfo-4.12.4_30-150100.3.80.1 xen-tools-domU-4.12.4_30-150100.3.80.1 xen-tools-domU-debuginfo-4.12.4_30-150100.3.80.1 References: https://www.suse.com/security/cve/CVE-2021-28689.html https://www.suse.com/security/cve/CVE-2022-26365.html https://www.suse.com/security/cve/CVE-2022-33740.html https://www.suse.com/security/cve/CVE-2022-33741.html https://www.suse.com/security/cve/CVE-2022-33742.html https://www.suse.com/security/cve/CVE-2022-33746.html https://www.suse.com/security/cve/CVE-2022-33748.html https://www.suse.com/security/cve/CVE-2022-42309.html https://www.suse.com/security/cve/CVE-2022-42310.html https://www.suse.com/security/cve/CVE-2022-42311.html https://www.suse.com/security/cve/CVE-2022-42312.html https://www.suse.com/security/cve/CVE-2022-42313.html https://www.suse.com/security/cve/CVE-2022-42314.html https://www.suse.com/security/cve/CVE-2022-42315.html https://www.suse.com/security/cve/CVE-2022-42316.html https://www.suse.com/security/cve/CVE-2022-42317.html https://www.suse.com/security/cve/CVE-2022-42318.html https://www.suse.com/security/cve/CVE-2022-42319.html https://www.suse.com/security/cve/CVE-2022-42320.html https://www.suse.com/security/cve/CVE-2022-42321.html https://www.suse.com/security/cve/CVE-2022-42322.html https://www.suse.com/security/cve/CVE-2022-42323.html https://www.suse.com/security/cve/CVE-2022-42325.html https://www.suse.com/security/cve/CVE-2022-42326.html https://bugzilla.suse.com/1185104 https://bugzilla.suse.com/1193923 https://bugzilla.suse.com/1199966 https://bugzilla.suse.com/1200762 https://bugzilla.suse.com/1203806 https://bugzilla.suse.com/1203807 https://bugzilla.suse.com/1204482 https://bugzilla.suse.com/1204485 https://bugzilla.suse.com/1204487 https://bugzilla.suse.com/1204488 https://bugzilla.suse.com/1204489 https://bugzilla.suse.com/1204490 https://bugzilla.suse.com/1204494 https://bugzilla.suse.com/1204496 From sle-updates at lists.suse.com Thu Nov 10 14:25:06 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 10 Nov 2022 15:25:06 +0100 (CET) Subject: SUSE-SU-2022:3929-1: important: Security update for the Linux Kernel Message-ID: <20221110142506.AC80EFDD6@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3929-1 Rating: important References: #1032323 #1065729 #1196018 #1198702 #1200465 #1200788 #1201725 #1202686 #1202700 #1203066 #1203098 #1203387 #1203391 #1203496 #1204053 #1204166 #1204168 #1204354 #1204355 #1204382 #1204402 #1204415 #1204417 #1204431 #1204439 #1204470 #1204479 #1204574 #1204575 #1204619 #1204635 #1204637 #1204646 #1204647 #1204653 #1204728 #1204753 #1204754 PED-1931 SLE-13847 SLE-24559 SLE-9246 Cross-References: CVE-2021-4037 CVE-2022-2153 CVE-2022-28748 CVE-2022-2964 CVE-2022-2978 CVE-2022-3176 CVE-2022-3424 CVE-2022-3521 CVE-2022-3524 CVE-2022-3535 CVE-2022-3542 CVE-2022-3545 CVE-2022-3565 CVE-2022-3577 CVE-2022-3586 CVE-2022-3594 CVE-2022-3621 CVE-2022-3625 CVE-2022-3629 CVE-2022-3640 CVE-2022-3646 CVE-2022-3649 CVE-2022-39189 CVE-2022-42703 CVE-2022-43750 CVSS scores: CVE-2021-4037 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-4037 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N CVE-2022-2153 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-2153 (SUSE): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2022-28748 (SUSE): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N CVE-2022-2964 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-2964 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-2978 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-2978 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3176 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3176 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3424 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3521 (NVD) : 2.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L CVE-2022-3521 (SUSE): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-3524 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-3524 (SUSE): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3535 (NVD) : 3.5 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L CVE-2022-3535 (SUSE): 2.3 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L CVE-2022-3542 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3542 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-3545 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3545 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-3565 (NVD) : 8 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3565 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-3577 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3577 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3586 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3586 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3594 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-3594 (SUSE): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-3621 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-3621 (SUSE): 4.3 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3625 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3625 (SUSE): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2022-3629 (NVD) : 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L CVE-2022-3629 (SUSE): 2.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L CVE-2022-3640 (NVD) : 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-3640 (SUSE): 7.1 CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-3646 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2022-3646 (SUSE): 2.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L CVE-2022-3649 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-3649 (SUSE): 3.1 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L CVE-2022-39189 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-39189 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-42703 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-42703 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-43750 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-43750 (SUSE): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Module for Realtime 15-SP3 SUSE Linux Enterprise Real Time 15-SP3 openSUSE Leap Micro 5.2 ______________________________________________________________________________ An update that solves 25 vulnerabilities, contains four features and has 13 fixes is now available. Description: The SUSE Linux Enterprise 15-SP3 RT kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-2964, CVE-2022-28748: Fixed memory corruption issues in ax88179_178a devices (bnc#1202686 bsc#1196018). - CVE-2021-4037: Fixed function logic vulnerability that allowed local users to create files for the XFS file-system with an unintended group ownership and with group execution and SGID permission bits set (bnc#1198702). - CVE-2022-2153: Fixed vulnerability in KVM that could allow an unprivileged local attacker on the host to cause DoS (bnc#1200788). - CVE-2022-3524: Fixed memory leak in ipv6_renew_options() in the IPv6 handler (bnc#1204354). - CVE-2022-2978: Fixed use-after-free in the NILFS file system that could lead to local privilege escalation or DoS (bnc#1202700). - CVE-2022-3176: Fixed use-after-free in io_uring when using POLLFREE (bnc#1203391). - CVE-2022-3521: Fixed race condition in kcm_tx_work() in net/kcm/kcmsock.c (bnc#1204355). - CVE-2022-3424: Fixed use-after-free in gru_set_context_option(), gru_fault() and gru_handle_user_call_os() that could lead to kernel panic (bsc#1204166). - CVE-2022-3535: Fixed memory leak in mvpp2_dbgfs_port_init() in drivers/net/ethernet/marvell/mvpp2/mvpp2_debugfs.c (bnc#1204417). - CVE-2022-3542: Fixed memory leak in bnx2x_tpa_stop() in drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.c (bnc#1204402). - CVE-2022-3545: Fixed use-after-free in area_cache_get() in drivers/net/ethernet/netronome/nfp/nfpcore/nfp_cppcore.c (bnc#1204415). - CVE-2022-3565: Fixed use-after-free in del_timer() in drivers/isdn/mISDN/l1oip_core.c (bnc#1204431). - CVE-2022-3577: Fixed out-of-bounds memory write flaw in bigben device driver that could lead to local privilege escalation or DoS (bnc#1204470). - CVE-2022-3586: Fixed use-after-free in socket buffer (SKB) that could allow a local unprivileged user to cause a denial of service (bnc#1204439). - CVE-2022-3594: Fixed excessive data logging in intr_callback() in drivers/net/usb/r8152.c (bnc#1204479). - CVE-2022-3621: Fixed null pointer dereference in nilfs_bmap_lookup_at_level() in fs/nilfs2/inode.c (bnc#1204574). - CVE-2022-3625: Fixed use-after-free in devlink_param_set()/devlink_param_get() in net/core/devlink.c (bnc#1204637). - CVE-2022-3629: Fixed memory leak in vsock_connect() in net/vmw_vsock/af_vsock.c (bnc#1204635). - CVE-2022-3640: Fixed use-after-free in l2cap_conn_del() in net/bluetooth/l2cap_core.c (bnc#1204619). - CVE-2022-3646: Fixed memory leak in nilfs_attach_log_writer() in fs/nilfs2/segment.c (bnc#1204646). - CVE-2022-3649: Fixed use-after-free in nilfs_new_inode() in fs/nilfs2/inode.c (bnc#1204647). - CVE-2022-39189: Fixed a flaw in the x86 KVM subsystem that could allow unprivileged guest users to compromise the guest kernel via TLB flush operations on preempted vCPU (bnc#1203066). - CVE-2022-42703: Fixed use-after-free in mm/rmap.c related to leaf anon_vma double reuse (bnc#1204168). - CVE-2022-43750: Fixed vulnerability in usbmon that allowed a user-space client to corrupt the monitor's internal memory (bnc#1204653). The following non-security bugs were fixed: - ACPI: APEI: do not add task_work to kernel thread to avoid memory leak (git-fixes). - ACPI: HMAT: Release platform device in case of platform_device_add_data() fails (git-fixes). - ACPI: extlog: Handle multiple records (git-fixes). - ACPI: video: Add Toshiba Satellite/Portege Z830 quirk (git-fixes). - ALSA: Use del_timer_sync() before freeing timer (git-fixes). - ALSA: ac97: fix possible memory leak in snd_ac97_dev_register() (git-fixes). - ALSA: aoa: Fix I2S device accounting (git-fixes). - ALSA: aoa: i2sbus: fix possible memory leak in i2sbus_add_dev() (git-fixes). - ALSA: asihpi - Remove useless code in hpi_meter_get_peak() (git-fixes). - ALSA: au88x0: use explicitly signed char (git-fixes). - ALSA: dmaengine: increment buffer pointer atomically (git-fixes). - ALSA: hda/hdmi: Do not skip notification handling during PM operation (git-fixes). - ALSA: hda/realtek: Add Intel Reference SSID to support headset keys (git-fixes). - ALSA: hda/realtek: Add quirk for ASUS GV601R laptop (git-fixes). - ALSA: hda/realtek: Correct pin configs for ASUS G533Z (git-fixes). - ALSA: hda/realtek: remove ALC289_FIXUP_DUAL_SPK for Dell 5530 (git-fixes). - ALSA: hda: Fix position reporting on Poulsbo (git-fixes). - ALSA: oss: Fix potential deadlock at unregistration (git-fixes). - ALSA: rawmidi: Drop register_mutex in snd_rawmidi_free() (git-fixes). - ALSA: rme9652: use explicitly signed char (git-fixes). - ALSA: usb-audio: Fix NULL dererence at error path (git-fixes). - ALSA: usb-audio: Fix potential memory leaks (git-fixes). - ASoC: eureka-tlv320: Hold reference returned from of_find_xxx API (git-fixes). - ASoC: fsl_sai: Remove unnecessary FIFO reset in ISR (git-fixes). - ASoC: mt6660: Fix PM disable depth imbalance in mt6660_i2c_probe (git-fixes). - ASoC: rsnd: Add check for rsnd_mod_power_on (git-fixes). - ASoC: wcd9335: fix order of Slimbus unprepare/disable (git-fixes). - ASoC: wcd934x: fix order of Slimbus unprepare/disable (git-fixes). - ASoC: wm5102: Fix PM disable depth imbalance in wm5102_probe (git-fixes). - ASoC: wm5110: Fix PM disable depth imbalance in wm5110_probe (git-fixes). - ASoC: wm8997: Fix PM disable depth imbalance in wm8997_probe (git-fixes). - Bluetooth: L2CAP: Fix user-after-free (git-fixes). - Bluetooth: L2CAP: initialize delayed works at l2cap_chan_create() (git-fixes). - Bluetooth: hci_core: Fix not handling link timeouts propertly (git-fixes). - Bluetooth: hci_sysfs: Fix attempting to call device_add multiple times (git-fixes). - HID: hidraw: fix memory leak in hidraw_release() (git-fixes). - HID: magicmouse: Do not set BTN_MOUSE on double report (git-fixes). - HID: multitouch: Add memory barriers (git-fixes). - HID: roccat: Fix use-after-free in roccat_read() (git-fixes). - HSI: omap_ssi: Fix refcount leak in ssi_probe (git-fixes). - HSI: omap_ssi_port: Fix dma_map_sg error check (git-fixes). - IB/cm: Cancel mad on the DREQ event when the state is MRA_REP_RCVD (git-fixes) - IB/cma: Allow XRC INI QPs to set their local ACK timeout (git-fixes) - IB/core: Only update PKEY and GID caches on respective events (git-fixes) - IB/hfi1: Adjust pkey entry in index 0 (git-fixes) - IB/hfi1: Fix abba locking issue with sc_disable() (git-fixes) - IB/hfi1: Fix possible null-pointer dereference in _extend_sdma_tx_descs() (git-fixes) - IB/mlx4: Add support for REJ due to timeout (git-fixes) - IB/mlx4: Use port iterator and validation APIs (git-fixes) - IB/qib: Protect from buffer overflow in struct qib_user_sdma_pkt fields (git-fixes) - IB/rdmavt: Add __init/__exit annotations to module init/exit funcs (git-fixes) - IB/srpt: Remove redundant assignment to ret (git-fixes) - Input: i8042 - fix refount leak on sparc (git-fixes). - Input: xpad - add supported devices as contributed on github (git-fixes). - Input: xpad - fix wireless 360 controller breaking after suspend (git-fixes). - KVM: nVMX: Unconditionally purge queued/injected events on nested "exit" (git-fixes). - KVM: s390: Clarify SIGP orders versus STOP/RESTART (git-fixes). - KVM: s390: VSIE: fix MVPG handling for prefixing and MSO (git-fixes). - KVM: s390: clear kicked_mask before sleeping again (git-fixes). - KVM: s390: preserve deliverable_mask in __airqs_kick_single_vcpu (git-fixes). - KVM: s390: pv: do not present the ecall interrupt twice (git-fixes). - KVM: s390: split kvm_s390_real_to_abs (git-fixes). - KVM: s390x: fix SCK locking (git-fixes). - KVM: x86/emulator: Fix handing of POP SS to correctly set interruptibility (git-fixes). - PCI: Dynamically map ECAM regions (bsc#1204382). - PCI: Fix used_buses calculation in pci_scan_child_bus_extend() (git-fixes). - PCI: Sanitise firmware BAR assignments behind a PCI-PCI bridge (git-fixes). - PM: domains: Fix handling of unavailable/disabled idle states (git-fixes). - PM: hibernate: Allow hybrid sleep to work with s2idle (git-fixes). - RDMA/bnxt_re: Add missing spin lock initialization (git-fixes) - RDMA/bnxt_re: Fix query SRQ failure (git-fixes) - RDMA/cm: Fix memory leak in ib_cm_insert_listen (git-fixes) - RDMA/cma: Ensure rdma_addr_cancel() happens before issuing more requests (git-fixes) - RDMA/cma: Fix arguments order in net device validation (git-fixes) - RDMA/core: Sanitize WQ state received from the userspace (git-fixes) - RDMA/cxgb4: Remove MW support (git-fixes) - RDMA/efa: Free IRQ vectors on error flow (git-fixes) - RDMA/efa: Remove double QP type assignment (git-fixes) - RDMA/efa: Use ib_umem_num_dma_pages() (git-fixes) - RDMA/hfi1: Fix potential integer multiplication overflow errors (git-fixes) - RDMA/hns: Remove unnecessary check for the sgid_attr when modifying QP (git-fixes) - RDMA/i40iw: Use ib_umem_num_dma_pages() (git-fixes) - RDMA/iwcm: Release resources if iw_cm module initialization fails (git-fixes) - RDMA/mlx4: Return missed an error if device does not support steering (git-fixes) - RDMA/mlx5: Add missing check for return value in get namespace flow (git-fixes) - RDMA/mlx5: Block FDB rules when not in switchdev mode (git-fixes) - RDMA/mlx5: Fix memory leak in error flow for subscribe event routine (git-fixes) - RDMA/mlx5: Make mkeys always owned by the kernel's PD when not enabled (git-fixes) - RDMA/mlx5: Set user priority for DCT (git-fixes) - RDMA/mlx5: Use set_mkc_access_pd_addr_fields() in reg_create() (git-fixes) - RDMA/qedr: Fix NULL deref for query_qp on the GSI QP (git-fixes) - RDMA/qedr: Fix potential memory leak in __qedr_alloc_mr() (git-fixes) - RDMA/qedr: Fix reporting QP timeout attribute (git-fixes) - RDMA/qib: Remove superfluous fallthrough statements (git-fixes) - RDMA/rtrs-srv: Pass the correct number of entries for dma mapped SGL (git-fixes) - RDMA/rxe: Do not overwrite errno from ib_umem_get() (git-fixes) - RDMA/rxe: Fix "kernel NULL pointer dereference" error (git-fixes) - RDMA/rxe: Fix error unwind in rxe_create_qp() (git-fixes) - RDMA/rxe: Fix extra copies in build_rdma_network_hdr (git-fixes) - RDMA/rxe: Fix extra copy in prepare_ack_packet (git-fixes) - RDMA/rxe: Fix failure during driver load (git-fixes) - RDMA/rxe: Fix over copying in get_srq_wqe (git-fixes) - RDMA/rxe: Fix redundant call to ip_send_check (git-fixes) - RDMA/rxe: Fix redundant skb_put_zero (git-fixes) - RDMA/rxe: Fix rnr retry behavior (git-fixes) - RDMA/rxe: Fix the error caused by qp->sk (git-fixes) - RDMA/rxe: Fix wrong port_cap_flags (git-fixes) - RDMA/rxe: Generate a completion for unsupported/invalid opcode (git-fixes) - RDMA/rxe: Remove unused pkt->offset (git-fixes) - RDMA/rxe: Return CQE error if invalid lkey was supplied (git-fixes) - RDMA/sa_query: Use strscpy_pad instead of memcpy to copy a string (git-fixes) - RDMA/siw: Always consume all skbuf data in sk_data_ready() upcall. (git-fixes) - RDMA/siw: Fix a condition race issue in MPA request processing (git-fixes) - RDMA/siw: Fix duplicated reported IW_CM_EVENT_CONNECT_REPLY event (git-fixes) - RDMA/siw: Pass a pointer to virt_to_page() (git-fixes) - RDMA/usnic: fix set-but-not-unused variable 'flags' warning (git-fixes) - RDMA: Verify port when creating flow rule (git-fixes) - RDMA: remove useless condition in siw_create_cq() (git-fixes) - RDMa/mthca: Work around -Wenum-conversion warning (git-fixes) - Revert "usb: storage: Add quirk for Samsung Fit flash" (git-fixes). - Revert "usb: storage: Add quirk for Samsung Fit flash" (git-fixes). - USB: serial: console: move mutex_unlock() before usb_serial_put() (git-fixes). - USB: serial: ftdi_sio: fix 300 bps rate for SIO (git-fixes). - USB: serial: qcserial: add new usb-id for Dell branded EM7455 (git-fixes). - USB: serial: qcserial: add new usb-id for Dell branded EM7455 (git-fixes). - arm64: assembler: add cond_yield macro (git-fixes) - ata: fix ata_id_has_devslp() (git-fixes). - ata: fix ata_id_has_dipm() (git-fixes). - ata: fix ata_id_has_ncq_autosense() (git-fixes). - ata: fix ata_id_sense_reporting_enabled() and ata_id_has_sense_reporting() (git-fixes). - ata: libahci_platform: Sanity check the DT child nodes number (git-fixes). - can: bcm: check the result of can_send() in bcm_can_tx() (git-fixes). - can: kvaser_usb: Fix possible completions during init_completion (git-fixes). - can: kvaser_usb: Fix use of uninitialized completion (git-fixes). - can: kvaser_usb_leaf: Fix CAN state after restart (git-fixes). - can: kvaser_usb_leaf: Fix TX queue out of sync after restart (git-fixes). - can: mscan: mpc5xxx: mpc5xxx_can_probe(): add missing put_clock() in error path (git-fixes). - cgroup/cpuset: Enable update_tasks_cpumask() on top_cpuset (bsc#1204753). - clk: bcm2835: Make peripheral PLLC critical (git-fixes). - clk: bcm2835: fix bcm2835_clock_rate_from_divisor declaration (git-fixes). - clk: berlin: Add of_node_put() for of_get_parent() (git-fixes). - clk: mediatek: mt8183: mfgcfg: Propagate rate changes to parent (git-fixes). - clk: oxnas: Hold reference returned by of_get_parent() (git-fixes). - clk: qcom: gcc-msm8916: use ARRAY_SIZE instead of specifying num_parents (git-fixes). - clk: qoriq: Hold reference returned by of_get_parent() (git-fixes). - clk: tegra20: Fix refcount leak in tegra20_clock_init (git-fixes). - clk: tegra: Fix refcount leak in tegra114_clock_init (git-fixes). - clk: tegra: Fix refcount leak in tegra210_clock_init (git-fixes). - clk: ti: dra7-atl: Fix reference leak in of_dra7_atl_clk_probe (git-fixes). - clk: zynqmp: Fix stack-out-of-bounds in strncpy` (git-fixes). - clk: zynqmp: pll: rectify rate rounding in zynqmp_pll_round_rate (git-fixes). - crypto: akcipher - default implementation for setting a private key (git-fixes). - crypto: arm64/sha - fix function types (git-fixes) - crypto: arm64/sha1-ce - simplify NEON yield (git-fixes) - crypto: arm64/sha2-ce - simplify NEON yield (git-fixes) - crypto: arm64/sha3-ce - simplify NEON yield (git-fixes) - crypto: arm64/sha512-ce - simplify NEON yield (git-fixes) - crypto: cavium - prevent integer overflow loading firmware (git-fixes). - crypto: ccp - Release dma channels before dmaengine unrgister (git-fixes). - crypto: hisilicon/zip - fix mismatch in get/set sgl_sge_nr (git-fixes). - device property: Fix documentation for *_match_string() APIs (git-fixes). - dmaengine: ioat: stop mod_timer from resurrecting deleted timer in __cleanup() (git-fixes). - dmaengine: xilinx_dma: Report error in case of dma_set_mask_and_coherent API failure (git-fixes). - dmaengine: xilinx_dma: cleanup for fetching xlnx,num-fstores property (git-fixes). - docs: update mediator information in CoC docs (git-fixes). - drivers: serial: jsm: fix some leaks in probe (git-fixes). - drm/amdgpu: fix initial connector audio value (git-fixes). - drm/bridge: Avoid uninitialized variable warning (git-fixes). - drm/bridge: megachips: Fix a null pointer dereference bug (git-fixes). - drm/bridge: parade-ps8640: Fix regulator supply order (git-fixes). - drm/i915/gvt: fix a memory leak in intel_gvt_init_vgpu_types (git-fixes). - drm/mipi-dsi: Detach devices when removing the host (git-fixes). - drm/msm/dpu: Fix comment typo (git-fixes). - drm/msm/dpu: index dpu_kms->hw_vbif using vbif_idx (git-fixes). - drm/msm/dsi: fix memory corruption with too many bridges (git-fixes). - drm/msm/hdmi: fix memory corruption with too many bridges (git-fixes). - drm/msm: Fix return type of mdp4_lvds_connector_mode_valid (git-fixes). - drm/msm: Make .remove and .shutdown HW shutdown consistent (git-fixes). - drm/nouveau/nouveau_bo: fix potential memory leak in nouveau_bo_alloc() (git-fixes). - drm/nouveau: fix a use-after-free in nouveau_gem_prime_import_sg_table() (git-fixes). - drm/omap: dss: Fix refcount leak bugs (git-fixes). - drm/scheduler: quieten kernel-doc warnings (git-fixes). - drm/udl: Restore display mode on resume (git-fixes). - drm: Prevent drm_copy_field() to attempt copying a NULL pointer (git-fixes). - drm: Use size_t type for len variable in drm_copy_field() (git-fixes). - drm: bridge: adv7511: fix CEC power down control register offset (git-fixes). - drm: fix drm_mipi_dbi build errors (git-fixes). - drm: panel-orientation-quirks: Add quirk for Anbernic Win600 (git-fixes). - drm:pl111: Add of_node_put() when breaking out of for_each_available_child_of_node() (git-fixes). - dyndbg: fix module.dyndbg handling (git-fixes). - dyndbg: let query-modname override actual module name (git-fixes). - efi: Correct Macmini DMI match in uefi cert quirk (git-fixes). - efi: libstub: drop pointless get_memory_map() call (git-fixes). - exfat: Return ENAMETOOLONG consistently for oversized paths (bsc#1204053 bsc#1201725). - fbdev: cyber2000fb: fix missing pci_disable_device() (git-fixes). - fbdev: da8xx-fb: Fix error handling in .remove() (git-fixes). - firmware: arm_scmi: Add SCMI PM driver remove routine (git-fixes). - firmware: google: Test spinlock on panic path to avoid lockups (git-fixes). - fpga: prevent integer overflow in dfl_feature_ioctl_set_irq() (git-fixes). - gpio: rockchip: request GPIO mux to pinctrl when setting direction (git-fixes). - hid: hid-logitech-hidpp: avoid unnecessary assignments in hidpp_connect_event (git-fixes). - hwmon/coretemp: Handle large core ID value (git-fixes). - iio: ABI: Fix wrong format of differential capacitance channel ABI (git-fixes). - iio: adc: ad7923: fix channel readings for some variants (git-fixes). - iio: adc: at91-sama5d2_adc: check return status for pressure and touch (git-fixes). - iio: adc: at91-sama5d2_adc: fix AT91_SAMA5D2_MR_TRACKTIM_MAX (git-fixes). - iio: adc: at91-sama5d2_adc: lock around oversampling and sample freq (git-fixes). - iio: adc: mcp3911: use correct id bits (git-fixes). - iio: dac: ad5593r: Fix i2c read protocol requirements (git-fixes). - iio: inkern: only release the device node when done with it (git-fixes). - iio: light: tsl2583: Fix module unloading (git-fixes). - iio: pressure: dps310: Refactor startup procedure (git-fixes). - iio: pressure: dps310: Reset chip after timeout (git-fixes). - irqchip/ls-extirq: Fix invalid wait context by avoiding to use regmap (git-fixes). - kABI: arm64/crypto/sha512 Preserve function signature (git-fixes). - kbuild: Add skip_encoding_btf_enum64 option to pahole (git-fixes). - kbuild: remove the target in signal traps when interrupted (git-fixes). - kbuild: sink stdout from cmd for silent build (git-fixes). - kbuild: skip per-CPU BTF generation for pahole v1.18-v1.21 (jsc#SLE-24559). - kthread: Extract KTHREAD_IS_PER_CPU (bsc#1204753). - lib/sg_pool: change module_init(sg_pool_init) to subsys_initcall (git-fixes). - locking/csd_lock: Change csdlock_debug from early_param to __setup (git-fixes). - mISDN: fix use-after-free bugs in l1oip timer handlers (git-fixes). - mISDN: hfcpci: Fix use-after-free bug in hfcpci_softirq (git-fixes). - mac802154: Fix LQI recording (git-fixes). - mailbox: bcm-ferxrm-mailbox: Fix error check for dma_map_sg (git-fixes). - media: cedrus: Set the platform driver data earlier (git-fixes). - media: cx88: Fix a null-ptr-deref bug in buffer_prepare() (git-fixes). - media: v4l2-dv-timings: add sanity checks for blanking values (git-fixes). - media: videodev2.h: V4L2_DV_BT_BLANKING_HEIGHT should check 'interlaced' (git-fixes). - media: xilinx: vipp: Fix refcount leak in xvip_graph_dma_init (git-fixes). - memory: of: Fix refcount leak bug in of_get_ddr_timings() (git-fixes). - memory: pl353-smc: Fix refcount leak bug in pl353_smc_probe() (git-fixes). - mfd: fsl-imx25: Fix an error handling path in mx25_tsadc_setup_irq() (git-fixes). - mfd: intel_soc_pmic: Fix an error handling path in intel_soc_pmic_i2c_probe() (git-fixes). - mfd: lp8788: Fix an error handling path in lp8788_irq_init() and lp8788_irq_init() (git-fixes). - mfd: lp8788: Fix an error handling path in lp8788_probe() (git-fixes). - mfd: sm501: Add check for platform_driver_register() (git-fixes). - misc: ocxl: fix possible refcount leak in afu_ioctl() (git-fixes). - mm, memcg: avoid stale protection values when cgroup is above protection (bsc#1204754). - mm/hugetlb: fix races when looking up a CONT-PTE/PMD size hugetlb page (bsc#1204575). - mm: memcontrol: fix occasional OOMs due to proportional memory.low reclaim (bsc#1204754). - mmc: au1xmmc: Fix an error handling path in au1xmmc_probe() (git-fixes). - mmc: core: Fix kernel panic when remove non-standard SDIO card (git-fixes). - mmc: core: Replace with already defined values for readability (git-fixes). - mmc: core: Terminate infinite loop in SD-UHS voltage switch (git-fixes). - mmc: sdhci-msm: add compatible string check for sdm670 (git-fixes). - mmc: sdhci-sprd: Fix minimum clock limit (git-fixes). - mmc: wmt-sdmmc: Fix an error handling path in wmt_mci_probe() (git-fixes). - mtd: devices: docg3: check the return value of devm_ioremap() in the probe (git-fixes). - mtd: rawnand: atmel: Unmap streaming DMA mappings (git-fixes). - mtd: rawnand: marvell: Use correct logic for nand-keep-config (git-fixes). - mtd: rawnand: meson: fix bit map use in meson_nfc_ecc_correct() (git-fixes). - net/ieee802154: fix uninit value bug in dgram_sendmsg (git-fixes). - net: ieee802154: return -EINVAL for unknown addr type (git-fixes). - net: usb: qmi_wwan: Add new usb-id for Dell branded EM7455 (git-fixes). - net: usb: qmi_wwan: Add new usb-id for Dell branded EM7455 (git-fixes). - openvswitch: Fix double reporting of drops in dropwatch (git-fixes). - openvswitch: Fix overreporting of drops in dropwatch (git-fixes). - openvswitch: switch from WARN to pr_warn (git-fixes). - phy: qualcomm: call clk_disable_unprepare in the error handling (git-fixes). - pinctrl: armada-37xx: Add missing GPIO-only pins (git-fixes). - pinctrl: armada-37xx: Checks for errors in gpio_request_enable callback (git-fixes). - pinctrl: armada-37xx: Fix definitions for MPP pins 20-22 (git-fixes). - pinctrl: rockchip: add pinmux_ops.gpio_set_direction callback (git-fixes). - platform/x86: msi-laptop: Change DMI match / alias strings to fix module autoloading (git-fixes). - platform/x86: msi-laptop: Fix old-ec check for backlight registering (git-fixes). - platform/x86: msi-laptop: Fix resource cleanup (git-fixes). - power: supply: adp5061: fix out-of-bounds read in adp5061_get_chg_type() (git-fixes). - powerpc/64: Remove unused SYS_CALL_TABLE symbol (jsc#SLE-9246 git-fixes). - powerpc/fadump: align destination address to pagesize (bsc#1204728 ltc#200074). - powerpc/kprobes: Fix null pointer reference in arch_prepare_kprobe() (jsc#SLE-13847 git-fixes). - powerpc/mm/64s: Drop pgd_huge() (bsc#1065729). - powerpc/mm: remove pmd_huge/pud_huge stubs and include hugetlb.h (bsc#1065729). - powerpc/pci_dn: Add missing of_node_put() (bsc#1065729). - powerpc/powernv: add missing of_node_put() in opal_export_attrs() (bsc#1065729). - powerpc/pseries: Interface to represent PAPR firmware attributes (bsc#1200465 ltc#197256 jsc#PED-1931). - quota: widen timestamps for the fs_disk_quota structure (bsc#1203387). - regulator: qcom_rpm: Fix circular deferral regression (git-fixes). - rpmsg: qcom: glink: replace strncpy() with strscpy_pad() (git-fixes). - rtc: stmp3xxx: Add failure handling for stmp3xxx_wdt_register() (git-fixes). - s390/hypfs: avoid error message under KVM (bsc#1032323). - sbitmap: Avoid leaving waitqueue in invalid state in __sbq_wake_up() (git-fixes). - sbitmap: fix possible io hung due to lost wakeup (git-fixes). - scsi: libsas: Fix use-after-free bug in smp_execute_task_sg() (git-fixes). - scsi: mpt3sas: Fix return value check of dma_get_required_mask() (git-fixes). - scsi: qla2xxx: Fix disk failure to rediscover (git-fixes). - selftest/powerpc: Add PAPR sysfs attributes sniff test (bsc#1200465 ltc#197256 jsc#PED-1931). - selftests/powerpc: Skip energy_scale_info test on older firmware (git-fixes). - soc: qcom: smem_state: Add refcounting for the 'state->of_node' (git-fixes). - soc: qcom: smsm: Fix refcount leak bugs in qcom_smsm_probe() (git-fixes). - soc: sunxi_sram: Make use of the helper function devm_platform_ioremap_resource() (git-fixes). - spi/omap100k:Fix PM disable depth imbalance in omap1_spi100k_probe (git-fixes). - spi: mt7621: Fix an error message in mt7621_spi_probe() (git-fixes). - spi: qup: add missing clk_disable_unprepare on error in spi_qup_pm_resume_runtime() (git-fixes). - spi: qup: add missing clk_disable_unprepare on error in spi_qup_resume() (git-fixes). - spi: s3c64xx: Fix large transfers with DMA (git-fixes). - staging: rtl8723bs: fix a potential memory leak in rtw_init_cmd_priv() (git-fixes). - staging: vt6655: fix potential memory leak (git-fixes). - staging: vt6655: fix some erroneous memory clean-up loops (git-fixes). - struct pci_config_window kABI workaround (bsc#1204382). - thermal: intel_powerclamp: Use first online CPU as control_cpu (git-fixes). - thermal: intel_powerclamp: Use get_cpu() instead of smp_processor_id() to avoid crash (git-fixes). - tty: serial: fsl_lpuart: disable dma rx/tx use flags in lpuart_dma_shutdown (git-fixes). - tty: xilinx_uartps: Fix the ignore_status (git-fixes). - uas: add no-uas quirk for Hiksemi usb_disk (git-fixes). - uas: ignore UAS for Thinkplus chips (git-fixes). - usb-storage: Add Hiksemi USB3-FW to IGNORE_UAS (git-fixes). - usb: add quirks for Lenovo OneLink+ Dock (git-fixes). - usb: bdc: change state when port disconnected (git-fixes). - usb: dwc3: gadget: Do not set IMI for no_interrupt (git-fixes). - usb: dwc3: gadget: Stop processing more requests on IMI (git-fixes). - usb: gadget: function: fix dangling pnp_string in f_printer.c (git-fixes). - usb: host: xhci: Fix potential memory leak in xhci_alloc_stream_info() (git-fixes). - usb: idmouse: fix an uninit-value in idmouse_open (git-fixes). - usb: mon: make mmapped memory read only (git-fixes). - usb: musb: Fix musb_gadget.c rxstate overflow bug (git-fixes). - vhost/vsock: Use kvmalloc/kvfree for larger packets (git-fixes). - watchdog: armada_37xx_wdt: Fix .set_timeout callback (git-fixes). - watchdog: ftwdt010_wdt: fix test for platform_get_irq() failure (git-fixes). - wifi: ath10k: add peer map clean up for peer delete in ath10k_sta_state() (git-fixes). - wifi: ath9k: avoid uninit memory read in ath9k_htc_rx_msg() (git-fixes). - wifi: brcmfmac: fix invalid address access when enabling SCAN log level (git-fixes). - wifi: brcmfmac: fix use-after-free bug in brcmf_netdev_start_xmit() (git-fixes). - wifi: cfg80211: update hidden BSSes to avoid WARN_ON (git-fixes). - wifi: iwlwifi: mvm: fix double list_add at iwl_mvm_mac_wake_tx_queue (other cases) (git-fixes). - wifi: mac80211: allow bw change during channel switch in mesh (git-fixes). - wifi: mac80211: do not drop packets smaller than the LLC-SNAP header on fast-rx (git-fixes). - wifi: mac80211_hwsim: avoid mac80211 warning on bad rate (git-fixes). - wifi: rt2x00: correctly set BBP register 86 for MT7620 (git-fixes). - wifi: rt2x00: do not run Rt5592 IQ calibration on MT7620 (git-fixes). - wifi: rt2x00: set SoC wmac clock register (git-fixes). - wifi: rt2x00: set VGC gain for both chains of MT7620 (git-fixes). - wifi: rt2x00: set correct TX_SW_CFG1 MAC register for MT7620 (git-fixes). - wifi: rtl8xxxu: Fix AIFS written to REG_EDCA_*_PARAM (git-fixes). - wifi: rtl8xxxu: Fix skb misuse in TX queue selection (git-fixes). - wifi: rtl8xxxu: Improve rtl8xxxu_queue_select (git-fixes). - wifi: rtl8xxxu: Remove copy-paste leftover in gen2_update_rate_mask (git-fixes). - wifi: rtl8xxxu: gen2: Fix mistake in path B IQ calibration (git-fixes). - wifi: rtl8xxxu: tighten bounds checking in rtl8xxxu_read_efuse() (git-fixes). - xfs: add missing assert in xfs_fsmap_owner_from_rmap (git-fixes). - xfs: enable big timestamps (bsc#1203387). - xfs: enable new inode btree counters feature (bsc#1203387). - xfs: explicitly define inode timestamp range (bsc#1203387). - xfs: fix memory corruption during remote attr value buffer invalidation (git-fixes). - xfs: fix s_maxbytes computation on 32-bit kernels (git-fixes). - xfs: hoist out xfs_resizefs_init_new_ags() (git-fixes). - xfs: move incore structures out of xfs_da_format.h (git-fixes). - xfs: quota: move to time64_t interfaces (bsc#1203387). - xfs: redefine xfs_ictimestamp_t (bsc#1203387). - xfs: redefine xfs_timestamp_t (bsc#1203387). - xfs: refactor remote attr value buffer invalidation (git-fixes). - xfs: remove obsolete AGF counter debugging (git-fixes). - xfs: rename `new' to `delta' in xfs_growfs_data_private() (git-fixes). - xfs: reserve data and rt quota at the same time (bsc#1203496). - xfs: slightly tweak an assert in xfs_fs_map_blocks (git-fixes). - xfs: store inode btree block counts in AGI header (bsc#1203387). - xfs: streamline xfs_attr3_leaf_inactive (git-fixes). - xfs: use a struct timespec64 for the in-core crtime (bsc#1203387). - xfs: use the finobt block counts to speed up mount times (bsc#1203387). - xfs: widen ondisk inode timestamps to deal with y2038+ (bsc#1203387). - xfs: widen ondisk quota expiration timestamps to handle y2038+ (bsc#1203387). - xhci: Do not show warning for reinit on known broken suspend (git-fixes). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap Micro 5.2: zypper in -t patch openSUSE-Leap-Micro-5.2-2022-3929=1 - SUSE Linux Enterprise Module for Realtime 15-SP3: zypper in -t patch SUSE-SLE-Module-RT-15-SP3-2022-3929=1 - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-3929=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-3929=1 Package List: - openSUSE Leap Micro 5.2 (x86_64): kernel-rt-5.3.18-150300.109.1 kernel-rt-debuginfo-5.3.18-150300.109.1 kernel-rt-debugsource-5.3.18-150300.109.1 - SUSE Linux Enterprise Module for Realtime 15-SP3 (x86_64): cluster-md-kmp-rt-5.3.18-150300.109.1 cluster-md-kmp-rt-debuginfo-5.3.18-150300.109.1 dlm-kmp-rt-5.3.18-150300.109.1 dlm-kmp-rt-debuginfo-5.3.18-150300.109.1 gfs2-kmp-rt-5.3.18-150300.109.1 gfs2-kmp-rt-debuginfo-5.3.18-150300.109.1 kernel-rt-5.3.18-150300.109.1 kernel-rt-debuginfo-5.3.18-150300.109.1 kernel-rt-debugsource-5.3.18-150300.109.1 kernel-rt-devel-5.3.18-150300.109.1 kernel-rt-devel-debuginfo-5.3.18-150300.109.1 kernel-rt_debug-debuginfo-5.3.18-150300.109.1 kernel-rt_debug-debugsource-5.3.18-150300.109.1 kernel-rt_debug-devel-5.3.18-150300.109.1 kernel-rt_debug-devel-debuginfo-5.3.18-150300.109.1 kernel-syms-rt-5.3.18-150300.109.1 ocfs2-kmp-rt-5.3.18-150300.109.1 ocfs2-kmp-rt-debuginfo-5.3.18-150300.109.1 - SUSE Linux Enterprise Module for Realtime 15-SP3 (noarch): kernel-devel-rt-5.3.18-150300.109.1 kernel-source-rt-5.3.18-150300.109.1 - SUSE Linux Enterprise Micro 5.2 (x86_64): kernel-rt-5.3.18-150300.109.1 kernel-rt-debuginfo-5.3.18-150300.109.1 kernel-rt-debugsource-5.3.18-150300.109.1 - SUSE Linux Enterprise Micro 5.1 (x86_64): kernel-rt-5.3.18-150300.109.1 kernel-rt-debuginfo-5.3.18-150300.109.1 kernel-rt-debugsource-5.3.18-150300.109.1 References: https://www.suse.com/security/cve/CVE-2021-4037.html https://www.suse.com/security/cve/CVE-2022-2153.html https://www.suse.com/security/cve/CVE-2022-28748.html https://www.suse.com/security/cve/CVE-2022-2964.html https://www.suse.com/security/cve/CVE-2022-2978.html https://www.suse.com/security/cve/CVE-2022-3176.html https://www.suse.com/security/cve/CVE-2022-3424.html https://www.suse.com/security/cve/CVE-2022-3521.html https://www.suse.com/security/cve/CVE-2022-3524.html https://www.suse.com/security/cve/CVE-2022-3535.html https://www.suse.com/security/cve/CVE-2022-3542.html https://www.suse.com/security/cve/CVE-2022-3545.html https://www.suse.com/security/cve/CVE-2022-3565.html https://www.suse.com/security/cve/CVE-2022-3577.html https://www.suse.com/security/cve/CVE-2022-3586.html https://www.suse.com/security/cve/CVE-2022-3594.html https://www.suse.com/security/cve/CVE-2022-3621.html https://www.suse.com/security/cve/CVE-2022-3625.html https://www.suse.com/security/cve/CVE-2022-3629.html https://www.suse.com/security/cve/CVE-2022-3640.html https://www.suse.com/security/cve/CVE-2022-3646.html https://www.suse.com/security/cve/CVE-2022-3649.html https://www.suse.com/security/cve/CVE-2022-39189.html https://www.suse.com/security/cve/CVE-2022-42703.html https://www.suse.com/security/cve/CVE-2022-43750.html https://bugzilla.suse.com/1032323 https://bugzilla.suse.com/1065729 https://bugzilla.suse.com/1196018 https://bugzilla.suse.com/1198702 https://bugzilla.suse.com/1200465 https://bugzilla.suse.com/1200788 https://bugzilla.suse.com/1201725 https://bugzilla.suse.com/1202686 https://bugzilla.suse.com/1202700 https://bugzilla.suse.com/1203066 https://bugzilla.suse.com/1203098 https://bugzilla.suse.com/1203387 https://bugzilla.suse.com/1203391 https://bugzilla.suse.com/1203496 https://bugzilla.suse.com/1204053 https://bugzilla.suse.com/1204166 https://bugzilla.suse.com/1204168 https://bugzilla.suse.com/1204354 https://bugzilla.suse.com/1204355 https://bugzilla.suse.com/1204382 https://bugzilla.suse.com/1204402 https://bugzilla.suse.com/1204415 https://bugzilla.suse.com/1204417 https://bugzilla.suse.com/1204431 https://bugzilla.suse.com/1204439 https://bugzilla.suse.com/1204470 https://bugzilla.suse.com/1204479 https://bugzilla.suse.com/1204574 https://bugzilla.suse.com/1204575 https://bugzilla.suse.com/1204619 https://bugzilla.suse.com/1204635 https://bugzilla.suse.com/1204637 https://bugzilla.suse.com/1204646 https://bugzilla.suse.com/1204647 https://bugzilla.suse.com/1204653 https://bugzilla.suse.com/1204728 https://bugzilla.suse.com/1204753 https://bugzilla.suse.com/1204754 From sle-updates at lists.suse.com Thu Nov 10 14:29:27 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 10 Nov 2022 15:29:27 +0100 (CET) Subject: SUSE-SU-2022:3931-1: moderate: Security update for git Message-ID: <20221110142927.35D8CFDD6@maintenance.suse.de> SUSE Security Update: Security update for git ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3931-1 Rating: moderate References: #1204455 #1204456 Cross-References: CVE-2022-39253 CVE-2022-39260 CVSS scores: CVE-2022-39253 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N CVE-2022-39253 (SUSE): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N CVE-2022-39260 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-39260 (SUSE): 6.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L Affected Products: SUSE Enterprise Storage 7.1 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Module for Development Tools 15-SP3 SUSE Linux Enterprise Module for Development Tools 15-SP4 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.2 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.2 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.2 SUSE Manager Server 4.3 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for git fixes the following issues: - CVE-2022-39260: Fixed overflow in split_cmdline() (bsc#1204456). - CVE-2022-39253: Fixed dereference issue with symbolic links via the `--local` clone mechanism (bsc#1204455). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-3931=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-3931=1 - SUSE Linux Enterprise Module for Development Tools 15-SP4: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2022-3931=1 - SUSE Linux Enterprise Module for Development Tools 15-SP3: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2022-3931=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-3931=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-3931=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): git-2.35.3-150300.10.18.1 git-arch-2.35.3-150300.10.18.1 git-core-2.35.3-150300.10.18.1 git-core-debuginfo-2.35.3-150300.10.18.1 git-credential-gnome-keyring-2.35.3-150300.10.18.1 git-credential-gnome-keyring-debuginfo-2.35.3-150300.10.18.1 git-credential-libsecret-2.35.3-150300.10.18.1 git-credential-libsecret-debuginfo-2.35.3-150300.10.18.1 git-cvs-2.35.3-150300.10.18.1 git-daemon-2.35.3-150300.10.18.1 git-daemon-debuginfo-2.35.3-150300.10.18.1 git-debuginfo-2.35.3-150300.10.18.1 git-debugsource-2.35.3-150300.10.18.1 git-email-2.35.3-150300.10.18.1 git-gui-2.35.3-150300.10.18.1 git-p4-2.35.3-150300.10.18.1 git-svn-2.35.3-150300.10.18.1 git-web-2.35.3-150300.10.18.1 gitk-2.35.3-150300.10.18.1 perl-Git-2.35.3-150300.10.18.1 - openSUSE Leap 15.4 (noarch): git-doc-2.35.3-150300.10.18.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): git-2.35.3-150300.10.18.1 git-arch-2.35.3-150300.10.18.1 git-core-2.35.3-150300.10.18.1 git-core-debuginfo-2.35.3-150300.10.18.1 git-credential-gnome-keyring-2.35.3-150300.10.18.1 git-credential-gnome-keyring-debuginfo-2.35.3-150300.10.18.1 git-credential-libsecret-2.35.3-150300.10.18.1 git-credential-libsecret-debuginfo-2.35.3-150300.10.18.1 git-cvs-2.35.3-150300.10.18.1 git-daemon-2.35.3-150300.10.18.1 git-daemon-debuginfo-2.35.3-150300.10.18.1 git-debuginfo-2.35.3-150300.10.18.1 git-debugsource-2.35.3-150300.10.18.1 git-email-2.35.3-150300.10.18.1 git-gui-2.35.3-150300.10.18.1 git-p4-2.35.3-150300.10.18.1 git-svn-2.35.3-150300.10.18.1 git-web-2.35.3-150300.10.18.1 gitk-2.35.3-150300.10.18.1 perl-Git-2.35.3-150300.10.18.1 - openSUSE Leap 15.3 (noarch): git-doc-2.35.3-150300.10.18.1 - SUSE Linux Enterprise Module for Development Tools 15-SP4 (aarch64 ppc64le s390x x86_64): git-2.35.3-150300.10.18.1 git-arch-2.35.3-150300.10.18.1 git-cvs-2.35.3-150300.10.18.1 git-daemon-2.35.3-150300.10.18.1 git-daemon-debuginfo-2.35.3-150300.10.18.1 git-debuginfo-2.35.3-150300.10.18.1 git-debugsource-2.35.3-150300.10.18.1 git-email-2.35.3-150300.10.18.1 git-gui-2.35.3-150300.10.18.1 git-svn-2.35.3-150300.10.18.1 git-web-2.35.3-150300.10.18.1 gitk-2.35.3-150300.10.18.1 perl-Git-2.35.3-150300.10.18.1 - SUSE Linux Enterprise Module for Development Tools 15-SP4 (noarch): git-doc-2.35.3-150300.10.18.1 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 ppc64le s390x x86_64): git-2.35.3-150300.10.18.1 git-arch-2.35.3-150300.10.18.1 git-cvs-2.35.3-150300.10.18.1 git-daemon-2.35.3-150300.10.18.1 git-daemon-debuginfo-2.35.3-150300.10.18.1 git-debuginfo-2.35.3-150300.10.18.1 git-debugsource-2.35.3-150300.10.18.1 git-email-2.35.3-150300.10.18.1 git-gui-2.35.3-150300.10.18.1 git-svn-2.35.3-150300.10.18.1 git-web-2.35.3-150300.10.18.1 gitk-2.35.3-150300.10.18.1 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (noarch): git-doc-2.35.3-150300.10.18.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): git-core-2.35.3-150300.10.18.1 git-core-debuginfo-2.35.3-150300.10.18.1 git-debuginfo-2.35.3-150300.10.18.1 git-debugsource-2.35.3-150300.10.18.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): git-core-2.35.3-150300.10.18.1 git-core-debuginfo-2.35.3-150300.10.18.1 git-debuginfo-2.35.3-150300.10.18.1 git-debugsource-2.35.3-150300.10.18.1 perl-Git-2.35.3-150300.10.18.1 References: https://www.suse.com/security/cve/CVE-2022-39253.html https://www.suse.com/security/cve/CVE-2022-39260.html https://bugzilla.suse.com/1204455 https://bugzilla.suse.com/1204456 From sle-updates at lists.suse.com Thu Nov 10 14:30:30 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 10 Nov 2022 15:30:30 +0100 (CET) Subject: SUSE-SU-2022:3930-1: important: Security update for the Linux Kernel Message-ID: <20221110143030.20B0EFDD6@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3930-1 Rating: important References: #1065729 #1198702 #1200788 #1202686 #1202972 #1203387 #1204241 #1204354 #1204355 #1204402 #1204415 #1204431 #1204439 #1204479 #1204574 #1204635 #1204646 #1204647 #1204653 #1204755 #1204868 Cross-References: CVE-2021-4037 CVE-2022-2153 CVE-2022-2964 CVE-2022-3521 CVE-2022-3524 CVE-2022-3542 CVE-2022-3545 CVE-2022-3565 CVE-2022-3586 CVE-2022-3594 CVE-2022-3621 CVE-2022-3628 CVE-2022-3629 CVE-2022-3646 CVE-2022-3649 CVE-2022-43750 CVSS scores: CVE-2021-4037 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-4037 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N CVE-2022-2153 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-2153 (SUSE): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2022-2964 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-2964 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3521 (NVD) : 2.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L CVE-2022-3521 (SUSE): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-3524 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-3524 (SUSE): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3542 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3542 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-3545 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3545 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-3565 (NVD) : 8 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3565 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-3586 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3586 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3594 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-3594 (SUSE): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-3621 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-3621 (SUSE): 4.3 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3628 (SUSE): 4.6 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-3629 (NVD) : 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L CVE-2022-3629 (SUSE): 2.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L CVE-2022-3646 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2022-3646 (SUSE): 2.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L CVE-2022-3649 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-3649 (SUSE): 3.1 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L CVE-2022-43750 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-43750 (SUSE): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Real Time Extension 12-SP5 ______________________________________________________________________________ An update that solves 16 vulnerabilities and has 5 fixes is now available. Description: The SUSE Linux Enterprise 12 SP5 kernel RT was updated. The following security bugs were fixed: - CVE-2022-3628: Fixed potential buffer overflow in brcmf_fweh_event_worker() in wifi/brcmfmac (bsc#1204868). - CVE-2021-4037: Fixed function logic vulnerability that allowed local users to create files for the XFS file-system with an unintended group ownership and with group execution and SGID permission bits set (bnc#1198702). - CVE-2022-2153: Fixed vulnerability in KVM that could allow an unprivileged local attacker on the host to cause DoS (bnc#1200788). - CVE-2022-2964, CVE-2022-28748: Fixed memory corruption issues in ax88179_178a devices (bnc#1202686 bsc#1196018). - CVE-2022-3521: Fixed race condition in kcm_tx_work() in net/kcm/kcmsock.c (bnc#1204355). - CVE-2022-3524: Fixed memory leak in ipv6_renew_options() in the IPv6 handler (bnc#1204354). - CVE-2022-3542: Fixed memory leak in bnx2x_tpa_stop() in drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.c (bnc#1204402). - CVE-2022-3545: Fixed use-after-free in area_cache_get() in drivers/net/ethernet/netronome/nfp/nfpcore/nfp_cppcore.c (bnc#1204415). - CVE-2022-3565: Fixed use-after-free in del_timer() in drivers/isdn/mISDN/l1oip_core.c (bnc#1204431). - CVE-2022-3586: Fixed use-after-free in socket buffer (SKB) that could allow a local unprivileged user to cause a denial of service (bnc#1204439). - CVE-2022-3594: Fixed excessive data logging in intr_callback() in drivers/net/usb/r8152.c (bnc#1204479). - CVE-2022-3621: Fixed null pointer dereference in nilfs_bmap_lookup_at_level() in fs/nilfs2/inode.c (bnc#1204574). - CVE-2022-3629: Fixed memory leak in vsock_connect() in net/vmw_vsock/af_vsock.c (bnc#1204635). - CVE-2022-3646: Fixed memory leak in nilfs_attach_log_writer() in fs/nilfs2/segment.c (bnc#1204646). - CVE-2022-3649: Fixed use-after-free in nilfs_new_inode() in fs/nilfs2/inode.c (bnc#1204647). - CVE-2022-43750: Fixed vulnerability in usbmon that allowed a user-space client to corrupt the monitor's internal memory (bnc#1204653). The following non-security bugs were fixed: - amd-xgbe: Update DMA coherency values (git-fixes). - bnxt: do not lock the tx queue from napi poll (git-fixes). - bnxt_en: Fix RX consumer index logic in the error path (git-fixes). - bnxt_en: reverse order of TX disable and carrier off (git-fixes). - ethernet: sun: niu: fix missing checks of niu_pci_eeprom_read() (git-fixes). - ftrace: Fix char print issue in print_ip_ins() (git-fixes). - i40e: Fix flow for IPv6 next header (extension header) (git-fixes). - i40e: Fix overwriting flow control settings during driver loading (git-fixes). - i40e: improve locking of mac_filter_hash (git-fixes). - input: gscps2 - check return value of ioremap() in gscps2_probe() (git-fixes). - input: xpad - add supported devices as contributed on github (git-fixes). - ip6: fix skb leak in ip6frag_expire_frag_queue (bsc#1202972) - kABI: Fix after adding trace_iterator.wait_index (git-fixes). - memcg, kmem: do not fail __GFP_NOFAIL charges (bsc#1204755). - net/mlx4: Fix EEPROM dump support (git-fixes). - net/mlx4_core: Add missed mlx4_free_cmd_mailbox() (git-fixes). - net/mlx5e: Remove dependency in IPsec initialization flows (git-fixes). - net: amd-xgbe: Fix NETDEV WATCHDOG transmit queue timeout warning (git-fixes). - net: amd-xgbe: Fix network fluctuations when using 1G BELFUSE SFP (git-fixes). - net: amd-xgbe: Reset link when the link never comes back (git-fixes). - net: dsa: mt7530: add the missing RxUnicast MIB counter (git-fixes). - net: ethernet: ezchip: fix UAF in nps_enet_remove (git-fixes). - net: lapbether: Prevent racing when checking whether the netif is running (git-fixes). - net: marvell: fix MVNETA_TX_IN_PRGRS bit number (git-fixes). - net: mvpp2: Put fwnode in error case during ->probe() (git-fixes). - net: stmmac: fix watchdog timeout during suspend/resume stress test (git-fixes). - net: stmmac: stop each tx channel independently (git-fixes). - net: usb: qmi_wwan: Add new usb-id for Dell branded EM7455 (git-fixes). - net: vxge: fix use-after-free in vxge_device_unregister (git-fixes). - nvmem: core: Check input parameter for NULL in nvmem_unregister() (bsc#1204241). - powerpc/mm/64s: Drop pgd_huge() (bsc#1065729). - powerpc/mm: remove pmd_huge/pud_huge stubs and include hugetlb.h (bsc#1065729). - powerpc/pci_dn: Add missing of_node_put() (bsc#1065729). - powerpc/powernv: add missing of_node_put() in opal_export_attrs() (bsc#1065729). - ppp: Fix generating ifname when empty IFLA_IFNAME is specified (git-fixes). - ppp: Fix generating ppp unit id when ifname is not specified (git-fixes). - quota: widen timestamps for the fs_disk_quota structure (bsc#1203387). - r8169: fix jumbo packet handling on RTL8168e (git-fixes). - revert "niu: fix missing checks of niu_pci_eeprom_read" (git-fixes). - ring-buffer: Add ring_buffer_wake_waiters() (git-fixes). - ring-buffer: Check pending waiters when doing wake ups as well (git-fixes). - ring-buffer: Fix race between reset page and reading page (git-fixes). - tracing: Add ioctl() to force ring buffer waiters to wake up (git-fixes). - tracing: Disable interrupt or preemption before acquiring arch_spinlock_t (git-fixes). - tracing: Do not free snapshot if tracer is on cmdline (git-fixes). - tracing: Simplify conditional compilation code in tracing_set_tracer() (git-fixes). - tracing: Wake up ring buffer waiters on closing of the file (git-fixes). - tracing: Wake up waiters when tracing is disabled (git-fixes). - usb: core: Fix RST error in hub.c (git-fixes). - usb: serial: ch341: add basis for quirk detection (git-fixes). - usb: serial: ch341: fix lockup of devices with limited prescaler (git-fixes). - usb: serial: ch341: fix lost character on LCR updates (git-fixes). - usb: serial: ch341: fix receiver regression (git-fixes). - usb: serial: ch341: reimplement line-speed handling (git-fixes). - usb: serial: cp210x: add Decagon UCA device id (git-fixes). - usb: serial: ftdi_sio: add Omron CS1W-CIF31 device id (git-fixes). - usb: serial: option: add Quectel EM060K modem (git-fixes). - usb: serial: option: add support for OPPO R11 diag port (git-fixes). - xfs: account finobt blocks properly in perag reservation (bsc#1203387). - xfs: enable big timestamps (bsc#1203387). - xfs: enable new inode btree counters feature (bsc#1203387). - xfs: explicitly define inode timestamp range (bsc#1203387). - xfs: preserve default grace interval during quotacheck (bsc#1203387). - xfs: quota: move to time64_t interfaces (bsc#1203387). - xfs: redefine xfs_ictimestamp_t (bsc#1203387). - xfs: redefine xfs_timestamp_t (bsc#1203387). - xfs: store inode btree block counts in AGI header (bsc#1203387). - xfs: use a struct timespec64 for the in-core crtime (bsc#1203387). - xfs: use the finobt block counts to speed up mount times (bsc#1203387). - xfs: widen ondisk inode timestamps to deal with y2038+ (bsc#1203387). - xfs: widen ondisk quota expiration timestamps to handle y2038+ (bsc#1203387). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Real Time Extension 12-SP5: zypper in -t patch SUSE-SLE-RT-12-SP5-2022-3930=1 Package List: - SUSE Linux Enterprise Real Time Extension 12-SP5 (noarch): kernel-devel-rt-4.12.14-10.106.1 kernel-source-rt-4.12.14-10.106.1 - SUSE Linux Enterprise Real Time Extension 12-SP5 (x86_64): cluster-md-kmp-rt-4.12.14-10.106.1 cluster-md-kmp-rt-debuginfo-4.12.14-10.106.1 dlm-kmp-rt-4.12.14-10.106.1 dlm-kmp-rt-debuginfo-4.12.14-10.106.1 gfs2-kmp-rt-4.12.14-10.106.1 gfs2-kmp-rt-debuginfo-4.12.14-10.106.1 kernel-rt-4.12.14-10.106.1 kernel-rt-base-4.12.14-10.106.1 kernel-rt-base-debuginfo-4.12.14-10.106.1 kernel-rt-debuginfo-4.12.14-10.106.1 kernel-rt-debugsource-4.12.14-10.106.1 kernel-rt-devel-4.12.14-10.106.1 kernel-rt-devel-debuginfo-4.12.14-10.106.1 kernel-rt_debug-4.12.14-10.106.1 kernel-rt_debug-debuginfo-4.12.14-10.106.1 kernel-rt_debug-debugsource-4.12.14-10.106.1 kernel-rt_debug-devel-4.12.14-10.106.1 kernel-rt_debug-devel-debuginfo-4.12.14-10.106.1 kernel-syms-rt-4.12.14-10.106.1 ocfs2-kmp-rt-4.12.14-10.106.1 ocfs2-kmp-rt-debuginfo-4.12.14-10.106.1 References: https://www.suse.com/security/cve/CVE-2021-4037.html https://www.suse.com/security/cve/CVE-2022-2153.html https://www.suse.com/security/cve/CVE-2022-2964.html https://www.suse.com/security/cve/CVE-2022-3521.html https://www.suse.com/security/cve/CVE-2022-3524.html https://www.suse.com/security/cve/CVE-2022-3542.html https://www.suse.com/security/cve/CVE-2022-3545.html https://www.suse.com/security/cve/CVE-2022-3565.html https://www.suse.com/security/cve/CVE-2022-3586.html https://www.suse.com/security/cve/CVE-2022-3594.html https://www.suse.com/security/cve/CVE-2022-3621.html https://www.suse.com/security/cve/CVE-2022-3628.html https://www.suse.com/security/cve/CVE-2022-3629.html https://www.suse.com/security/cve/CVE-2022-3646.html https://www.suse.com/security/cve/CVE-2022-3649.html https://www.suse.com/security/cve/CVE-2022-43750.html https://bugzilla.suse.com/1065729 https://bugzilla.suse.com/1198702 https://bugzilla.suse.com/1200788 https://bugzilla.suse.com/1202686 https://bugzilla.suse.com/1202972 https://bugzilla.suse.com/1203387 https://bugzilla.suse.com/1204241 https://bugzilla.suse.com/1204354 https://bugzilla.suse.com/1204355 https://bugzilla.suse.com/1204402 https://bugzilla.suse.com/1204415 https://bugzilla.suse.com/1204431 https://bugzilla.suse.com/1204439 https://bugzilla.suse.com/1204479 https://bugzilla.suse.com/1204574 https://bugzilla.suse.com/1204635 https://bugzilla.suse.com/1204646 https://bugzilla.suse.com/1204647 https://bugzilla.suse.com/1204653 https://bugzilla.suse.com/1204755 https://bugzilla.suse.com/1204868 From sle-updates at lists.suse.com Thu Nov 10 14:33:03 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 10 Nov 2022 15:33:03 +0100 (CET) Subject: SUSE-SU-2022:3932-1: moderate: Security update for python-rsa Message-ID: <20221110143303.58854FDD6@maintenance.suse.de> SUSE Security Update: Security update for python-rsa ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3932-1 Rating: moderate References: #1178676 Cross-References: CVE-2020-25658 CVSS scores: CVE-2020-25658 (NVD) : 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2020-25658 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N Affected Products: SUSE Enterprise Storage 7.1 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Micro 5.3 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.2 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.2 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.2 SUSE Manager Server 4.3 openSUSE Leap 15.3 openSUSE Leap 15.4 openSUSE Leap Micro 5.2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for python-rsa fixes the following issues: - CVE-2020-25658: Fixed bleichenbacher timing oracle attack against RSA decryption (bsc#1178676). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap Micro 5.2: zypper in -t patch openSUSE-Leap-Micro-5.2-2022-3932=1 - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-3932=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-3932=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2022-3932=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP3-2022-3932=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-3932=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-3932=1 - SUSE Linux Enterprise Micro 5.3: zypper in -t patch SUSE-SLE-Micro-5.3-2022-3932=1 - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-3932=1 Package List: - openSUSE Leap Micro 5.2 (noarch): python3-rsa-3.4.2-150000.3.7.1 - openSUSE Leap 15.4 (noarch): python3-rsa-3.4.2-150000.3.7.1 - openSUSE Leap 15.3 (noarch): python2-rsa-3.4.2-150000.3.7.1 python3-rsa-3.4.2-150000.3.7.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 (noarch): python2-rsa-3.4.2-150000.3.7.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (noarch): python2-rsa-3.4.2-150000.3.7.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (noarch): python3-rsa-3.4.2-150000.3.7.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch): python3-rsa-3.4.2-150000.3.7.1 - SUSE Linux Enterprise Micro 5.3 (noarch): python3-rsa-3.4.2-150000.3.7.1 - SUSE Linux Enterprise Micro 5.2 (noarch): python3-rsa-3.4.2-150000.3.7.1 References: https://www.suse.com/security/cve/CVE-2020-25658.html https://bugzilla.suse.com/1178676 From sle-updates at lists.suse.com Thu Nov 10 17:21:37 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 10 Nov 2022 18:21:37 +0100 (CET) Subject: SUSE-SU-2022:3939-1: moderate: Security update for rpm Message-ID: <20221110172137.DD107FDD6@maintenance.suse.de> SUSE Security Update: Security update for rpm ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3939-1 Rating: moderate References: #1183543 #1183545 #1183632 #1183659 #1185299 #996280 Cross-References: CVE-2021-20266 CVE-2021-20271 CVE-2021-3421 CVSS scores: CVE-2021-20266 (NVD) : 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CVE-2021-20266 (SUSE): 3.1 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L CVE-2021-20271 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-20271 (SUSE): 3.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:L CVE-2021-3421 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N CVE-2021-3421 (SUSE): 5.3 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N Affected Products: SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 ______________________________________________________________________________ An update that solves three vulnerabilities and has three fixes is now available. Description: This update for rpm fixes the following issues: - Fixed PGP parsing bugs (bsc#1185299). - Fixed various format handling bugs (bsc#996280). - CVE-2021-3421: Fixed vulnerability where unsigned headers could be injected into the rpm database (bsc#1183543). - CVE-2021-20271: Fixed vulnerability where a corrupted rpm could corrupt the rpm database (bsc#1183545). - CVE-2021-20266: Fixed missing bounds check in hdrblobInit (bsc#1183632). Bugfixes: - Fixed deadlock when multiple rpm processes tried to acquire the database lock (bsc#1183659). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-3939=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-3939=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): rpm-debuginfo-4.11.2-16.26.1 rpm-debugsource-4.11.2-16.26.1 rpm-devel-4.11.2-16.26.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): python3-rpm-4.11.2-16.26.1 python3-rpm-debuginfo-4.11.2-16.26.1 python3-rpm-debugsource-4.11.2-16.26.1 rpm-4.11.2-16.26.1 rpm-build-4.11.2-16.26.1 rpm-build-debuginfo-4.11.2-16.26.1 rpm-debuginfo-4.11.2-16.26.1 rpm-debugsource-4.11.2-16.26.1 rpm-python-4.11.2-16.26.1 rpm-python-debuginfo-4.11.2-16.26.1 rpm-python-debugsource-4.11.2-16.26.1 - SUSE Linux Enterprise Server 12-SP5 (s390x x86_64): rpm-32bit-4.11.2-16.26.1 rpm-debuginfo-32bit-4.11.2-16.26.1 References: https://www.suse.com/security/cve/CVE-2021-20266.html https://www.suse.com/security/cve/CVE-2021-20271.html https://www.suse.com/security/cve/CVE-2021-3421.html https://bugzilla.suse.com/1183543 https://bugzilla.suse.com/1183545 https://bugzilla.suse.com/1183632 https://bugzilla.suse.com/1183659 https://bugzilla.suse.com/1185299 https://bugzilla.suse.com/996280 From sle-updates at lists.suse.com Thu Nov 10 17:22:49 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 10 Nov 2022 18:22:49 +0100 (CET) Subject: SUSE-SU-2022:3934-1: moderate: Security update for python3-lxml Message-ID: <20221110172249.1017CFDD6@maintenance.suse.de> SUSE Security Update: Security update for python3-lxml ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3934-1 Rating: moderate References: #1184177 Cross-References: CVE-2021-28957 CVSS scores: CVE-2021-28957 (NVD) : 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVE-2021-28957 (SUSE): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Affected Products: SUSE Linux Enterprise High Performance Computing 12 SUSE Linux Enterprise Module for Public Cloud 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP Applications 12 SUSE Linux Enterprise Server for SAP Applications 12-SP3 SUSE Linux Enterprise Server for SAP Applications 12-SP4 SUSE Linux Enterprise Server for SAP Applications 12-SP5 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for python3-lxml fixes the following issues: - CVE-2021-28957: Fixed XSS due to missing input sanitization for HTML5 attributes (bsc#1184177). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-Unrestricted-12-2022-3934=1 Package List: - SUSE Linux Enterprise Module for Public Cloud 12 (aarch64 ppc64le s390x x86_64): python3-lxml-3.3.5-3.15.1 - SUSE Linux Enterprise Module for Public Cloud 12 (noarch): python3-lxml-doc-3.3.5-3.15.1 References: https://www.suse.com/security/cve/CVE-2021-28957.html https://bugzilla.suse.com/1184177 From sle-updates at lists.suse.com Thu Nov 10 17:24:00 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 10 Nov 2022 18:24:00 +0100 (CET) Subject: SUSE-SU-2022:3938-1: important: Security update for sudo Message-ID: <20221110172400.14FEFFDD6@maintenance.suse.de> SUSE Security Update: Security update for sudo ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3938-1 Rating: important References: #1204986 Cross-References: CVE-2022-43995 CVSS scores: CVE-2022-43995 (NVD) : 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H CVE-2022-43995 (SUSE): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Enterprise Storage 7 SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Manager Proxy 4.1 SUSE Manager Retail Branch Server 4.1 SUSE Manager Server 4.1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for sudo fixes the following issues: - CVE-2022-43995: Fixed a potential heap-based buffer over-read when entering a password of seven characters or fewer and using the crypt() password backend (bsc#1204986). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-3938=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-3938=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-3938=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-3938=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-3938=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-3938=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-3938=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-3938=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-3938=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-3938=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2022-3938=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-3938=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-3938=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-3938=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-3938=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-3938=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-3938=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-3938=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-3938=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Manager Server 4.1 (ppc64le s390x x86_64): sudo-1.8.27-150000.4.30.1 sudo-debuginfo-1.8.27-150000.4.30.1 sudo-debugsource-1.8.27-150000.4.30.1 sudo-devel-1.8.27-150000.4.30.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): sudo-1.8.27-150000.4.30.1 sudo-debuginfo-1.8.27-150000.4.30.1 sudo-debugsource-1.8.27-150000.4.30.1 sudo-devel-1.8.27-150000.4.30.1 - SUSE Manager Proxy 4.1 (x86_64): sudo-1.8.27-150000.4.30.1 sudo-debuginfo-1.8.27-150000.4.30.1 sudo-debugsource-1.8.27-150000.4.30.1 sudo-devel-1.8.27-150000.4.30.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): sudo-1.8.27-150000.4.30.1 sudo-debuginfo-1.8.27-150000.4.30.1 sudo-debugsource-1.8.27-150000.4.30.1 sudo-devel-1.8.27-150000.4.30.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): sudo-1.8.27-150000.4.30.1 sudo-debuginfo-1.8.27-150000.4.30.1 sudo-debugsource-1.8.27-150000.4.30.1 sudo-devel-1.8.27-150000.4.30.1 - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): sudo-1.8.27-150000.4.30.1 sudo-debuginfo-1.8.27-150000.4.30.1 sudo-debugsource-1.8.27-150000.4.30.1 sudo-devel-1.8.27-150000.4.30.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): sudo-1.8.27-150000.4.30.1 sudo-debuginfo-1.8.27-150000.4.30.1 sudo-debugsource-1.8.27-150000.4.30.1 sudo-devel-1.8.27-150000.4.30.1 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): sudo-1.8.27-150000.4.30.1 sudo-debuginfo-1.8.27-150000.4.30.1 sudo-debugsource-1.8.27-150000.4.30.1 sudo-devel-1.8.27-150000.4.30.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): sudo-1.8.27-150000.4.30.1 sudo-debuginfo-1.8.27-150000.4.30.1 sudo-debugsource-1.8.27-150000.4.30.1 sudo-devel-1.8.27-150000.4.30.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): sudo-1.8.27-150000.4.30.1 sudo-debuginfo-1.8.27-150000.4.30.1 sudo-debugsource-1.8.27-150000.4.30.1 sudo-devel-1.8.27-150000.4.30.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): sudo-1.8.27-150000.4.30.1 sudo-debuginfo-1.8.27-150000.4.30.1 sudo-debugsource-1.8.27-150000.4.30.1 sudo-devel-1.8.27-150000.4.30.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): sudo-1.8.27-150000.4.30.1 sudo-debuginfo-1.8.27-150000.4.30.1 sudo-debugsource-1.8.27-150000.4.30.1 sudo-devel-1.8.27-150000.4.30.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): sudo-1.8.27-150000.4.30.1 sudo-debuginfo-1.8.27-150000.4.30.1 sudo-debugsource-1.8.27-150000.4.30.1 sudo-devel-1.8.27-150000.4.30.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): sudo-1.8.27-150000.4.30.1 sudo-debuginfo-1.8.27-150000.4.30.1 sudo-debugsource-1.8.27-150000.4.30.1 sudo-devel-1.8.27-150000.4.30.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): sudo-1.8.27-150000.4.30.1 sudo-debuginfo-1.8.27-150000.4.30.1 sudo-debugsource-1.8.27-150000.4.30.1 sudo-devel-1.8.27-150000.4.30.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): sudo-1.8.27-150000.4.30.1 sudo-debuginfo-1.8.27-150000.4.30.1 sudo-debugsource-1.8.27-150000.4.30.1 sudo-devel-1.8.27-150000.4.30.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): sudo-1.8.27-150000.4.30.1 sudo-debuginfo-1.8.27-150000.4.30.1 sudo-debugsource-1.8.27-150000.4.30.1 sudo-devel-1.8.27-150000.4.30.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): sudo-1.8.27-150000.4.30.1 sudo-debuginfo-1.8.27-150000.4.30.1 sudo-debugsource-1.8.27-150000.4.30.1 sudo-devel-1.8.27-150000.4.30.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): sudo-1.8.27-150000.4.30.1 sudo-debuginfo-1.8.27-150000.4.30.1 sudo-debugsource-1.8.27-150000.4.30.1 sudo-devel-1.8.27-150000.4.30.1 - SUSE CaaS Platform 4.0 (x86_64): sudo-1.8.27-150000.4.30.1 sudo-debuginfo-1.8.27-150000.4.30.1 sudo-debugsource-1.8.27-150000.4.30.1 sudo-devel-1.8.27-150000.4.30.1 References: https://www.suse.com/security/cve/CVE-2022-43995.html https://bugzilla.suse.com/1204986 From sle-updates at lists.suse.com Thu Nov 10 17:25:11 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 10 Nov 2022 18:25:11 +0100 (CET) Subject: SUSE-SU-2022:3941-1: important: Security update for xwayland Message-ID: <20221110172511.602B1FDD6@maintenance.suse.de> SUSE Security Update: Security update for xwayland ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3941-1 Rating: important References: #1204412 #1204416 Cross-References: CVE-2022-3550 CVE-2022-3551 CVSS scores: CVE-2022-3550 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-3550 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3551 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-3551 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Linux Enterprise Workstation Extension 15-SP4 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for xwayland fixes the following issues: - CVE-2022-3550: Fixed out of bounds read/write in _GetCountedString() (bsc#1204412). - CVE-2022-3551: Fixed various leaks of the return value of GetComponentSpec() (bsc#1204416). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-3941=1 - SUSE Linux Enterprise Workstation Extension 15-SP4: zypper in -t patch SUSE-SLE-Product-WE-15-SP4-2022-3941=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): xwayland-21.1.4-150400.3.3.1 xwayland-debuginfo-21.1.4-150400.3.3.1 xwayland-debugsource-21.1.4-150400.3.3.1 xwayland-devel-21.1.4-150400.3.3.1 - SUSE Linux Enterprise Workstation Extension 15-SP4 (x86_64): xwayland-21.1.4-150400.3.3.1 xwayland-debuginfo-21.1.4-150400.3.3.1 xwayland-debugsource-21.1.4-150400.3.3.1 References: https://www.suse.com/security/cve/CVE-2022-3550.html https://www.suse.com/security/cve/CVE-2022-3551.html https://bugzilla.suse.com/1204412 https://bugzilla.suse.com/1204416 From sle-updates at lists.suse.com Thu Nov 10 17:26:02 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 10 Nov 2022 18:26:02 +0100 (CET) Subject: SUSE-SU-2022:3936-1: moderate: Security update for libarchive Message-ID: <20221110172602.2DA1DFDD6@maintenance.suse.de> SUSE Security Update: Security update for libarchive ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3936-1 Rating: moderate References: #1192426 #1192427 Cross-References: CVE-2021-31566 CVSS scores: CVE-2021-31566 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-31566 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Micro 5.3 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Module for Development Tools 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for libarchive fixes the following issues: - CVE-2021-31566: Fixed vulnerability where libarchive modifies file flags of symlink target (bsc#1192426) - Fixed issue where processing fixup entries may follow symbolic links (bsc#1192427). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-3936=1 - SUSE Linux Enterprise Module for Development Tools 15-SP4: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2022-3936=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-3936=1 - SUSE Linux Enterprise Micro 5.3: zypper in -t patch SUSE-SLE-Micro-5.3-2022-3936=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): bsdtar-3.5.1-150400.3.9.1 bsdtar-debuginfo-3.5.1-150400.3.9.1 libarchive-debugsource-3.5.1-150400.3.9.1 libarchive-devel-3.5.1-150400.3.9.1 libarchive13-3.5.1-150400.3.9.1 libarchive13-debuginfo-3.5.1-150400.3.9.1 - openSUSE Leap 15.4 (x86_64): libarchive13-32bit-3.5.1-150400.3.9.1 libarchive13-32bit-debuginfo-3.5.1-150400.3.9.1 - SUSE Linux Enterprise Module for Development Tools 15-SP4 (aarch64 ppc64le s390x x86_64): bsdtar-3.5.1-150400.3.9.1 bsdtar-debuginfo-3.5.1-150400.3.9.1 libarchive-debugsource-3.5.1-150400.3.9.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): libarchive-debugsource-3.5.1-150400.3.9.1 libarchive-devel-3.5.1-150400.3.9.1 libarchive13-3.5.1-150400.3.9.1 libarchive13-debuginfo-3.5.1-150400.3.9.1 - SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64): libarchive-debugsource-3.5.1-150400.3.9.1 libarchive13-3.5.1-150400.3.9.1 libarchive13-debuginfo-3.5.1-150400.3.9.1 References: https://www.suse.com/security/cve/CVE-2021-31566.html https://bugzilla.suse.com/1192426 https://bugzilla.suse.com/1192427 From sle-updates at lists.suse.com Thu Nov 10 17:26:54 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 10 Nov 2022 18:26:54 +0100 (CET) Subject: SUSE-SU-2022:3937-1: moderate: Security update for python3-lxml Message-ID: <20221110172654.1C54CFDD6@maintenance.suse.de> SUSE Security Update: Security update for python3-lxml ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3937-1 Rating: moderate References: #1184177 Cross-References: CVE-2021-28957 CVSS scores: CVE-2021-28957 (NVD) : 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVE-2021-28957 (SUSE): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Affected Products: SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for python3-lxml fixes the following issues: - CVE-2021-28957: Fixed XSS due to missing input sanitization for HTML5 attributes (bsc#1184177). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-3937=1 Package List: - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): python3-lxml-3.6.1-3.6.1 python3-lxml-debuginfo-3.6.1-3.6.1 python3-lxml-debugsource-3.6.1-3.6.1 References: https://www.suse.com/security/cve/CVE-2021-28957.html https://bugzilla.suse.com/1184177 From sle-updates at lists.suse.com Thu Nov 10 17:27:40 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 10 Nov 2022 18:27:40 +0100 (CET) Subject: SUSE-SU-2022:3935-1: moderate: Security update for libarchive Message-ID: <20221110172740.4DBB3FDD6@maintenance.suse.de> SUSE Security Update: Security update for libarchive ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3935-1 Rating: moderate References: #1192426 #1192427 Cross-References: CVE-2021-31566 CVSS scores: CVE-2021-31566 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-31566 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L Affected Products: SUSE Enterprise Storage 7.1 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Development Tools 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for libarchive fixes the following issues: - CVE-2021-31566: Fixed incorrect usage of file flags (bsc#1192426). - Fixed issues where postprocessing alters symlink targets instead of actual file (bsc#1192427). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-3935=1 - SUSE Linux Enterprise Module for Development Tools 15-SP3: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2022-3935=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-3935=1 Package List: - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): bsdtar-3.4.2-150200.4.12.1 bsdtar-debuginfo-3.4.2-150200.4.12.1 libarchive-debugsource-3.4.2-150200.4.12.1 libarchive-devel-3.4.2-150200.4.12.1 libarchive13-3.4.2-150200.4.12.1 libarchive13-debuginfo-3.4.2-150200.4.12.1 - openSUSE Leap 15.3 (x86_64): libarchive13-32bit-3.4.2-150200.4.12.1 libarchive13-32bit-debuginfo-3.4.2-150200.4.12.1 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 ppc64le s390x x86_64): bsdtar-3.4.2-150200.4.12.1 bsdtar-debuginfo-3.4.2-150200.4.12.1 libarchive-debugsource-3.4.2-150200.4.12.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): libarchive-debugsource-3.4.2-150200.4.12.1 libarchive-devel-3.4.2-150200.4.12.1 libarchive13-3.4.2-150200.4.12.1 libarchive13-debuginfo-3.4.2-150200.4.12.1 References: https://www.suse.com/security/cve/CVE-2021-31566.html https://bugzilla.suse.com/1192426 https://bugzilla.suse.com/1192427 From sle-updates at lists.suse.com Thu Nov 10 17:28:29 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 10 Nov 2022 18:28:29 +0100 (CET) Subject: SUSE-SU-2022:3940-1: important: Security update for python Message-ID: <20221110172829.3650EFDD6@maintenance.suse.de> SUSE Security Update: Security update for python ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3940-1 Rating: important References: #1202624 Cross-References: CVE-2021-28861 CVSS scores: CVE-2021-28861 (NVD) : 7.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N CVE-2021-28861 (SUSE): 7.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N Affected Products: SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Server 12-SP3-BCL ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for python fixes the following issues: - CVE-2021-28861: Fixed an open redirection vulnerability in the HTTP server when an URI path starts with // BaseHTTPServer (bsc#1202624). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2022-3940=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2022-3940=1 Package List: - SUSE Linux Enterprise Server 12-SP3-BCL (noarch): python-doc-2.7.18-28.90.1 python-doc-pdf-2.7.18-28.90.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): libpython2_7-1_0-2.7.18-28.90.1 libpython2_7-1_0-32bit-2.7.18-28.90.1 libpython2_7-1_0-debuginfo-2.7.18-28.90.1 libpython2_7-1_0-debuginfo-32bit-2.7.18-28.90.1 python-2.7.18-28.90.1 python-32bit-2.7.18-28.90.1 python-base-2.7.18-28.90.1 python-base-32bit-2.7.18-28.90.1 python-base-debuginfo-2.7.18-28.90.1 python-base-debuginfo-32bit-2.7.18-28.90.1 python-base-debugsource-2.7.18-28.90.1 python-curses-2.7.18-28.90.1 python-curses-debuginfo-2.7.18-28.90.1 python-debuginfo-2.7.18-28.90.1 python-debuginfo-32bit-2.7.18-28.90.1 python-debugsource-2.7.18-28.90.1 python-demo-2.7.18-28.90.1 python-devel-2.7.18-28.90.1 python-gdbm-2.7.18-28.90.1 python-gdbm-debuginfo-2.7.18-28.90.1 python-idle-2.7.18-28.90.1 python-tk-2.7.18-28.90.1 python-tk-debuginfo-2.7.18-28.90.1 python-xml-2.7.18-28.90.1 python-xml-debuginfo-2.7.18-28.90.1 - SUSE Linux Enterprise Server 12-SP2-BCL (noarch): python-doc-2.7.18-28.90.1 python-doc-pdf-2.7.18-28.90.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): libpython2_7-1_0-2.7.18-28.90.1 libpython2_7-1_0-32bit-2.7.18-28.90.1 libpython2_7-1_0-debuginfo-2.7.18-28.90.1 libpython2_7-1_0-debuginfo-32bit-2.7.18-28.90.1 python-2.7.18-28.90.1 python-32bit-2.7.18-28.90.1 python-base-2.7.18-28.90.1 python-base-32bit-2.7.18-28.90.1 python-base-debuginfo-2.7.18-28.90.1 python-base-debuginfo-32bit-2.7.18-28.90.1 python-base-debugsource-2.7.18-28.90.1 python-curses-2.7.18-28.90.1 python-curses-debuginfo-2.7.18-28.90.1 python-debuginfo-2.7.18-28.90.1 python-debuginfo-32bit-2.7.18-28.90.1 python-debugsource-2.7.18-28.90.1 python-demo-2.7.18-28.90.1 python-gdbm-2.7.18-28.90.1 python-gdbm-debuginfo-2.7.18-28.90.1 python-idle-2.7.18-28.90.1 python-tk-2.7.18-28.90.1 python-tk-debuginfo-2.7.18-28.90.1 python-xml-2.7.18-28.90.1 python-xml-debuginfo-2.7.18-28.90.1 References: https://www.suse.com/security/cve/CVE-2021-28861.html https://bugzilla.suse.com/1202624 From sle-updates at lists.suse.com Thu Nov 10 20:20:43 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 10 Nov 2022 21:20:43 +0100 (CET) Subject: SUSE-RU-2022:3945-1: critical: Recommended update for SUSE Manager 4.3.2 Message-ID: <20221110202043.DF503FDD6@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSE Manager 4.3.2 ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:3945-1 Rating: critical References: #1204050 #1204948 Affected Products: SUSE Linux Enterprise Module for SUSE Manager Server 4.3 SUSE Manager Server 4.3 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for SUSE Manager 4.3.2 fixes the following issues: proxy-httpd-image: - Remove chmod and chown of /srv/www/htdocs/pub as this folder does not exist proxy-squid-image: - Update the squid.pid path to /run/squid.squid.pid (bsc#1204948) spacewalk-java: - Version 4.3.40-1 * Fix number of handlers for deleted files managed by taskomatic growing continuously (bsc#1204050) How to apply this update: 1. Log in as root user to the SUSE Manager server. 2. Stop the Spacewalk service: `spacewalk-service stop` 3. Apply the patch using either zypper patch or YaST Online Update. 4. Start the Spacewalk service: `spacewalk-service start` Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for SUSE Manager Server 4.3: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.3-2022-3945=1 Package List: - SUSE Linux Enterprise Module for SUSE Manager Server 4.3 (noarch): spacewalk-java-4.3.40-150400.3.18.2 spacewalk-java-config-4.3.40-150400.3.18.2 spacewalk-java-lib-4.3.40-150400.3.18.2 spacewalk-java-postgresql-4.3.40-150400.3.18.2 spacewalk-taskomatic-4.3.40-150400.3.18.2 References: https://bugzilla.suse.com/1204050 https://bugzilla.suse.com/1204948 From sle-updates at lists.suse.com Thu Nov 10 20:21:25 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 10 Nov 2022 21:21:25 +0100 (CET) Subject: SUSE-SU-2022:3942-1: moderate: Security update for glibc Message-ID: <20221110202125.26BACFDD6@maintenance.suse.de> SUSE Security Update: Security update for glibc ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3942-1 Rating: moderate References: #1193625 #1196852 Cross-References: CVE-2015-8985 CVSS scores: CVE-2015-8985 (NVD) : 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2015-8985 (SUSE): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for glibc fixes the following issues: - CVE-2015-8985: Fixed assertion failure in pop_fail_stack when executing a malformed regexp (bsc#1193625) - x86: fix stack alignment in pthread_cond_[timed]wait (bsc#1196852) - Recognize ppc64p7 arch to build for power7 Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-3942=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-3942=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): glibc-debuginfo-2.22-114.22.1 glibc-debugsource-2.22-114.22.1 glibc-devel-static-2.22-114.22.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (noarch): glibc-info-2.22-114.22.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): glibc-2.22-114.22.1 glibc-debuginfo-2.22-114.22.1 glibc-debugsource-2.22-114.22.1 glibc-devel-2.22-114.22.1 glibc-devel-debuginfo-2.22-114.22.1 glibc-locale-2.22-114.22.1 glibc-locale-debuginfo-2.22-114.22.1 glibc-profile-2.22-114.22.1 nscd-2.22-114.22.1 nscd-debuginfo-2.22-114.22.1 - SUSE Linux Enterprise Server 12-SP5 (s390x x86_64): glibc-32bit-2.22-114.22.1 glibc-debuginfo-32bit-2.22-114.22.1 glibc-devel-32bit-2.22-114.22.1 glibc-devel-debuginfo-32bit-2.22-114.22.1 glibc-locale-32bit-2.22-114.22.1 glibc-locale-debuginfo-32bit-2.22-114.22.1 glibc-profile-32bit-2.22-114.22.1 - SUSE Linux Enterprise Server 12-SP5 (noarch): glibc-html-2.22-114.22.1 glibc-i18ndata-2.22-114.22.1 glibc-info-2.22-114.22.1 References: https://www.suse.com/security/cve/CVE-2015-8985.html https://bugzilla.suse.com/1193625 https://bugzilla.suse.com/1196852 From sle-updates at lists.suse.com Thu Nov 10 20:22:10 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 10 Nov 2022 21:22:10 +0100 (CET) Subject: SUSE-RU-2022:3943-1: moderate: Recommended update for ocfs2-tools Message-ID: <20221110202210.07DB8FDD6@maintenance.suse.de> SUSE Recommended Update: Recommended update for ocfs2-tools ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:3943-1 Rating: moderate References: #1191084 Affected Products: SUSE Linux Enterprise High Availability 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for ocfs2-tools fixes the following issues: - ocfs2-tools: finish UsrMerge, install to /usr (bsc#1191084) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-3943=1 - SUSE Linux Enterprise High Availability 15-SP4: zypper in -t patch SUSE-SLE-Product-HA-15-SP4-2022-3943=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): ocfs2-tools-1.8.7-150400.6.3.1 ocfs2-tools-debuginfo-1.8.7-150400.6.3.1 ocfs2-tools-debugsource-1.8.7-150400.6.3.1 ocfs2-tools-devel-1.8.7-150400.6.3.1 ocfs2-tools-devel-static-1.8.7-150400.6.3.1 ocfs2-tools-o2cb-1.8.7-150400.6.3.1 ocfs2-tools-o2cb-debuginfo-1.8.7-150400.6.3.1 - SUSE Linux Enterprise High Availability 15-SP4 (aarch64 ppc64le s390x x86_64): ocfs2-tools-1.8.7-150400.6.3.1 ocfs2-tools-debuginfo-1.8.7-150400.6.3.1 ocfs2-tools-debugsource-1.8.7-150400.6.3.1 ocfs2-tools-o2cb-1.8.7-150400.6.3.1 ocfs2-tools-o2cb-debuginfo-1.8.7-150400.6.3.1 References: https://bugzilla.suse.com/1191084 From sle-updates at lists.suse.com Thu Nov 10 20:22:44 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 10 Nov 2022 21:22:44 +0100 (CET) Subject: SUSE-RU-2022:3944-1: moderate: Recommended update for runc Message-ID: <20221110202244.51D22FDD6@maintenance.suse.de> SUSE Recommended Update: Recommended update for runc ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:3944-1 Rating: moderate References: #1202021 #1202821 Affected Products: SUSE Linux Enterprise High Performance Computing 12 SUSE Linux Enterprise Module for Containers 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP Applications 12 SUSE Linux Enterprise Server for SAP Applications 12-SP3 SUSE Linux Enterprise Server for SAP Applications 12-SP4 SUSE Linux Enterprise Server for SAP Applications 12-SP5 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for runc fixes the following issues: - Update to runc v1.1.4 (bsc#1202021) - Fix failed exec after systemctl daemon-reload (bsc#1202821) - Fix mounting via wrong proc - Fix "permission denied" error from runc run on noexec filesystem Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Containers 12: zypper in -t patch SUSE-SLE-Module-Containers-12-2022-3944=1 Package List: - SUSE Linux Enterprise Module for Containers 12 (ppc64le s390x x86_64): runc-1.1.4-16.24.1 runc-debuginfo-1.1.4-16.24.1 References: https://bugzilla.suse.com/1202021 https://bugzilla.suse.com/1202821 From sle-updates at lists.suse.com Fri Nov 11 13:08:20 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 11 Nov 2022 14:08:20 +0100 (CET) Subject: SUSE-CU-2022:2938-1: Security update of suse/sles12sp4 Message-ID: <20221111130820.524D7FDF3@maintenance.suse.de> SUSE Container Update Advisory: suse/sles12sp4 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2938-1 Container Tags : suse/sles12sp4:26.529 , suse/sles12sp4:latest Container Release : 26.529 Severity : moderate Type : security References : 1183543 1183545 1183632 1183659 1185299 1193625 1196852 996280 CVE-2015-8985 CVE-2021-20266 CVE-2021-20271 CVE-2021-3421 ----------------------------------------------------------------- The container suse/sles12sp4 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3939-1 Released: Thu Nov 10 14:32:05 2022 Summary: Security update for rpm Type: security Severity: moderate References: 1183543,1183545,1183632,1183659,1185299,996280,CVE-2021-20266,CVE-2021-20271,CVE-2021-3421 This update for rpm fixes the following issues: - Fixed PGP parsing bugs (bsc#1185299). - Fixed various format handling bugs (bsc#996280). - CVE-2021-3421: Fixed vulnerability where unsigned headers could be injected into the rpm database (bsc#1183543). - CVE-2021-20271: Fixed vulnerability where a corrupted rpm could corrupt the rpm database (bsc#1183545). - CVE-2021-20266: Fixed missing bounds check in hdrblobInit (bsc#1183632). Bugfixes: - Fixed deadlock when multiple rpm processes tried to acquire the database lock (bsc#1183659). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3942-1 Released: Thu Nov 10 15:58:47 2022 Summary: Security update for glibc Type: security Severity: moderate References: 1193625,1196852,CVE-2015-8985 This update for glibc fixes the following issues: - CVE-2015-8985: Fixed assertion failure in pop_fail_stack when executing a malformed regexp (bsc#1193625) - x86: fix stack alignment in pthread_cond_[timed]wait (bsc#1196852) - Recognize ppc64p7 arch to build for power7 The following package changes have been done: - base-container-licenses-3.0-1.326 updated - container-suseconnect-2.0.0-1.211 updated - glibc-2.22-114.22.1 updated - rpm-4.11.2-16.26.1 updated From sle-updates at lists.suse.com Fri Nov 11 13:17:58 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 11 Nov 2022 14:17:58 +0100 (CET) Subject: SUSE-CU-2022:2939-1: Security update of bci/nodejs Message-ID: <20221111131758.50E74FDF3@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2939-1 Container Tags : bci/node:12 , bci/node:12-17.49 , bci/nodejs:12 , bci/nodejs:12-17.49 Container Release : 17.49 Severity : moderate Type : security References : 1204455 1204456 CVE-2022-39253 CVE-2022-39260 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3931-1 Released: Thu Nov 10 11:26:01 2022 Summary: Security update for git Type: security Severity: moderate References: 1204455,1204456,CVE-2022-39253,CVE-2022-39260 This update for git fixes the following issues: - CVE-2022-39260: Fixed overflow in split_cmdline() (bsc#1204456). - CVE-2022-39253: Fixed dereference issue with symbolic links via the `--local` clone mechanism (bsc#1204455). The following package changes have been done: - git-core-2.35.3-150300.10.18.1 updated From sle-updates at lists.suse.com Fri Nov 11 13:26:32 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 11 Nov 2022 14:26:32 +0100 (CET) Subject: SUSE-CU-2022:2940-1: Security update of bci/python Message-ID: <20221111132632.ECA1CFDDE@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2940-1 Container Tags : bci/python:3 , bci/python:3.9 , bci/python:3.9-20.24 Container Release : 20.24 Severity : moderate Type : security References : 1204455 1204456 CVE-2022-39253 CVE-2022-39260 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3931-1 Released: Thu Nov 10 11:26:01 2022 Summary: Security update for git Type: security Severity: moderate References: 1204455,1204456,CVE-2022-39253,CVE-2022-39260 This update for git fixes the following issues: - CVE-2022-39260: Fixed overflow in split_cmdline() (bsc#1204456). - CVE-2022-39253: Fixed dereference issue with symbolic links via the `--local` clone mechanism (bsc#1204455). The following package changes have been done: - git-core-2.35.3-150300.10.18.1 updated From sle-updates at lists.suse.com Fri Nov 11 13:29:43 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 11 Nov 2022 14:29:43 +0100 (CET) Subject: SUSE-CU-2022:2941-1: Security update of bci/golang Message-ID: <20221111132943.2C768FDDE@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2941-1 Container Tags : bci/golang:1.16 , bci/golang:1.16-30.77 Container Release : 30.77 Severity : moderate Type : security References : 1204455 1204456 CVE-2022-39253 CVE-2022-39260 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3931-1 Released: Thu Nov 10 11:26:01 2022 Summary: Security update for git Type: security Severity: moderate References: 1204455,1204456,CVE-2022-39253,CVE-2022-39260 This update for git fixes the following issues: - CVE-2022-39260: Fixed overflow in split_cmdline() (bsc#1204456). - CVE-2022-39253: Fixed dereference issue with symbolic links via the `--local` clone mechanism (bsc#1204455). The following package changes have been done: - git-core-2.35.3-150300.10.18.1 updated From sle-updates at lists.suse.com Fri Nov 11 13:32:53 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 11 Nov 2022 14:32:53 +0100 (CET) Subject: SUSE-CU-2022:2942-1: Security update of bci/golang Message-ID: <20221111133253.417A3FDDE@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2942-1 Container Tags : bci/golang:1.17 , bci/golang:1.17-29.77 Container Release : 29.77 Severity : moderate Type : security References : 1204455 1204456 CVE-2022-39253 CVE-2022-39260 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3931-1 Released: Thu Nov 10 11:26:01 2022 Summary: Security update for git Type: security Severity: moderate References: 1204455,1204456,CVE-2022-39253,CVE-2022-39260 This update for git fixes the following issues: - CVE-2022-39260: Fixed overflow in split_cmdline() (bsc#1204456). - CVE-2022-39253: Fixed dereference issue with symbolic links via the `--local` clone mechanism (bsc#1204455). The following package changes have been done: - git-core-2.35.3-150300.10.18.1 updated From sle-updates at lists.suse.com Fri Nov 11 13:35:31 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 11 Nov 2022 14:35:31 +0100 (CET) Subject: SUSE-CU-2022:2943-1: Security update of bci/golang Message-ID: <20221111133531.8B52EFDDE@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2943-1 Container Tags : bci/golang:1.18 , bci/golang:1.18-18.23 Container Release : 18.23 Severity : moderate Type : security References : 1204455 1204456 CVE-2022-39253 CVE-2022-39260 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3931-1 Released: Thu Nov 10 11:26:01 2022 Summary: Security update for git Type: security Severity: moderate References: 1204455,1204456,CVE-2022-39253,CVE-2022-39260 This update for git fixes the following issues: - CVE-2022-39260: Fixed overflow in split_cmdline() (bsc#1204456). - CVE-2022-39253: Fixed dereference issue with symbolic links via the `--local` clone mechanism (bsc#1204455). The following package changes have been done: - git-core-2.35.3-150300.10.18.1 updated From sle-updates at lists.suse.com Fri Nov 11 13:37:25 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 11 Nov 2022 14:37:25 +0100 (CET) Subject: SUSE-CU-2022:2944-1: Security update of bci/nodejs Message-ID: <20221111133725.F3C24FDDE@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2944-1 Container Tags : bci/node:14 , bci/node:14-35.21 , bci/nodejs:14 , bci/nodejs:14-35.21 Container Release : 35.21 Severity : moderate Type : security References : 1204455 1204456 CVE-2022-39253 CVE-2022-39260 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3931-1 Released: Thu Nov 10 11:26:01 2022 Summary: Security update for git Type: security Severity: moderate References: 1204455,1204456,CVE-2022-39253,CVE-2022-39260 This update for git fixes the following issues: - CVE-2022-39260: Fixed overflow in split_cmdline() (bsc#1204456). - CVE-2022-39253: Fixed dereference issue with symbolic links via the `--local` clone mechanism (bsc#1204455). The following package changes have been done: - git-core-2.35.3-150300.10.18.1 updated From sle-updates at lists.suse.com Fri Nov 11 13:38:43 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 11 Nov 2022 14:38:43 +0100 (CET) Subject: SUSE-CU-2022:2945-1: Security update of bci/nodejs Message-ID: <20221111133843.3C63BFDDE@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2945-1 Container Tags : bci/node:16 , bci/node:16-11.21 , bci/node:latest , bci/nodejs:16 , bci/nodejs:16-11.21 , bci/nodejs:latest Container Release : 11.21 Severity : moderate Type : security References : 1204455 1204456 CVE-2022-39253 CVE-2022-39260 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3931-1 Released: Thu Nov 10 11:26:01 2022 Summary: Security update for git Type: security Severity: moderate References: 1204455,1204456,CVE-2022-39253,CVE-2022-39260 This update for git fixes the following issues: - CVE-2022-39260: Fixed overflow in split_cmdline() (bsc#1204456). - CVE-2022-39253: Fixed dereference issue with symbolic links via the `--local` clone mechanism (bsc#1204455). The following package changes have been done: - git-core-2.35.3-150300.10.18.1 updated From sle-updates at lists.suse.com Fri Nov 11 13:42:17 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 11 Nov 2022 14:42:17 +0100 (CET) Subject: SUSE-CU-2022:2946-1: Security update of bci/openjdk-devel Message-ID: <20221111134217.6FE65FDF3@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2946-1 Container Tags : bci/openjdk-devel:11 , bci/openjdk-devel:11-36.45 , bci/openjdk-devel:latest Container Release : 36.45 Severity : moderate Type : security References : 1204455 1204456 CVE-2022-39253 CVE-2022-39260 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3931-1 Released: Thu Nov 10 11:26:01 2022 Summary: Security update for git Type: security Severity: moderate References: 1204455,1204456,CVE-2022-39253,CVE-2022-39260 This update for git fixes the following issues: - CVE-2022-39260: Fixed overflow in split_cmdline() (bsc#1204456). - CVE-2022-39253: Fixed dereference issue with symbolic links via the `--local` clone mechanism (bsc#1204455). The following package changes have been done: - git-core-2.35.3-150300.10.18.1 updated From sle-updates at lists.suse.com Fri Nov 11 13:45:05 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 11 Nov 2022 14:45:05 +0100 (CET) Subject: SUSE-CU-2022:2947-1: Security update of bci/openjdk Message-ID: <20221111134505.A8199FDDE@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2947-1 Container Tags : bci/openjdk:11 , bci/openjdk:11-32.21 , bci/openjdk:latest Container Release : 32.21 Severity : important Type : security References : 1190651 1191546 1198980 1201298 1202148 1202870 1204708 1204729 CVE-2022-43680 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3870-1 Released: Fri Nov 4 11:12:08 2022 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1190651,1202148 This update for openssl-1_1 fixes the following issues: - FIPS: Add a missing dependency on jitterentropy-devel for libopenssl-1_1-devel (bsc#1202148) - FIPS: OpenSSL service-level indicator: Allow AES XTS 256 (bsc#1190651) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3873-1 Released: Fri Nov 4 14:58:08 2022 Summary: Recommended update for mozilla-nspr, mozilla-nss Type: recommended Severity: moderate References: 1191546,1198980,1201298,1202870,1204729 This update for mozilla-nspr, mozilla-nss fixes the following issues: mozilla-nspr was updated to version 4.34.1: * add file descriptor sanity checks in the NSPR poll function. mozilla-nss was updated to NSS 3.79.2 (bsc#1204729): * Bump minimum NSPR version to 4.34.1. * Gracefully handle null nickname in CERT_GetCertNicknameWithValidity. Other fixes that were applied: - FIPS: Allow the use of DSA keys (verification only) (bsc#1201298). - FIPS: Add sftk_FIPSRepeatIntegrityCheck() to softoken's .def file (bsc#1198980). - FIPS: Allow the use of longer symmetric keys via the service level indicator (bsc#1191546). - FIPS: Prevent TLS sessions from getting flagged as non-FIPS (bsc#1191546). - FIPS: Mark DSA keygen unapproved (bsc#1191546, bsc#1201298). - FIPS: Use libjitterentropy for entropy (bsc#1202870). - FIPS: Fixed an abort() when both NSS_FIPS and /proc FIPS mode are enabled. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3884-1 Released: Mon Nov 7 10:59:26 2022 Summary: Security update for expat Type: security Severity: important References: 1204708,CVE-2022-43680 This update for expat fixes the following issues: - CVE-2022-43680: Fixed use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate (bsc#1204708). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3910-1 Released: Tue Nov 8 13:05:04 2022 Summary: Recommended update for pam Type: recommended Severity: moderate References: This update for pam fixes the following issue: - Update pam_motd to the most current version. (PED-1712) The following package changes have been done: - libopenssl1_1-1.1.1l-150400.7.13.1 updated - libopenssl1_1-hmac-1.1.1l-150400.7.13.1 updated - pam-1.3.0-150000.6.61.1 updated - openssl-1_1-1.1.1l-150400.7.13.1 updated - libexpat1-2.4.4-150400.3.12.1 updated - mozilla-nspr-4.34.1-150000.3.26.1 updated - container:sles15-image-15.0.0-27.14.11 updated From sle-updates at lists.suse.com Fri Nov 11 13:46:38 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 11 Nov 2022 14:46:38 +0100 (CET) Subject: SUSE-CU-2022:2948-1: Security update of bci/python Message-ID: <20221111134638.7D327FDDE@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2948-1 Container Tags : bci/python:3 , bci/python:3.10 , bci/python:3.10-7.21 , bci/python:latest Container Release : 7.21 Severity : moderate Type : security References : 1204455 1204456 CVE-2022-39253 CVE-2022-39260 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3931-1 Released: Thu Nov 10 11:26:01 2022 Summary: Security update for git Type: security Severity: moderate References: 1204455,1204456,CVE-2022-39253,CVE-2022-39260 This update for git fixes the following issues: - CVE-2022-39260: Fixed overflow in split_cmdline() (bsc#1204456). - CVE-2022-39253: Fixed dereference issue with symbolic links via the `--local` clone mechanism (bsc#1204455). The following package changes have been done: - git-core-2.35.3-150300.10.18.1 updated From sle-updates at lists.suse.com Fri Nov 11 13:48:26 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 11 Nov 2022 14:48:26 +0100 (CET) Subject: SUSE-CU-2022:2949-1: Security update of bci/python Message-ID: <20221111134826.A3748FDDE@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2949-1 Container Tags : bci/python:3 , bci/python:3.6 , bci/python:3.6-30.21 Container Release : 30.21 Severity : moderate Type : security References : 1204455 1204456 CVE-2022-39253 CVE-2022-39260 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3931-1 Released: Thu Nov 10 11:26:01 2022 Summary: Security update for git Type: security Severity: moderate References: 1204455,1204456,CVE-2022-39253,CVE-2022-39260 This update for git fixes the following issues: - CVE-2022-39260: Fixed overflow in split_cmdline() (bsc#1204456). - CVE-2022-39253: Fixed dereference issue with symbolic links via the `--local` clone mechanism (bsc#1204455). The following package changes have been done: - git-core-2.35.3-150300.10.18.1 updated From sle-updates at lists.suse.com Fri Nov 11 13:51:31 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 11 Nov 2022 14:51:31 +0100 (CET) Subject: SUSE-CU-2022:2950-1: Security update of bci/ruby Message-ID: <20221111135131.840D4FDDE@maintenance.suse.de> SUSE Container Update Advisory: bci/ruby ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2950-1 Container Tags : bci/ruby:2 , bci/ruby:2.5 , bci/ruby:2.5-31.18 , bci/ruby:latest Container Release : 31.18 Severity : moderate Type : security References : 1204455 1204456 CVE-2022-39253 CVE-2022-39260 ----------------------------------------------------------------- The container bci/ruby was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3931-1 Released: Thu Nov 10 11:26:01 2022 Summary: Security update for git Type: security Severity: moderate References: 1204455,1204456,CVE-2022-39253,CVE-2022-39260 This update for git fixes the following issues: - CVE-2022-39260: Fixed overflow in split_cmdline() (bsc#1204456). - CVE-2022-39253: Fixed dereference issue with symbolic links via the `--local` clone mechanism (bsc#1204455). The following package changes have been done: - git-core-2.35.3-150300.10.18.1 updated From sle-updates at lists.suse.com Fri Nov 11 13:52:06 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 11 Nov 2022 14:52:06 +0100 (CET) Subject: SUSE-CU-2022:2937-1: Recommended update of bci/rust Message-ID: <20221111135206.559ABFDDE@maintenance.suse.de> SUSE Container Update Advisory: bci/rust ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2937-1 Container Tags : bci/rust:1.63 , bci/rust:1.63-3.16 , bci/rust:latest Container Release : 3.16 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container bci/rust was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3910-1 Released: Tue Nov 8 13:05:04 2022 Summary: Recommended update for pam Type: recommended Severity: moderate References: This update for pam fixes the following issue: - Update pam_motd to the most current version. (PED-1712) The following package changes have been done: - pam-1.3.0-150000.6.61.1 updated - container:sles15-image-15.0.0-27.14.10 updated From sle-updates at lists.suse.com Fri Nov 11 13:54:00 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 11 Nov 2022 14:54:00 +0100 (CET) Subject: SUSE-CU-2022:2953-1: Recommended update of suse/sle15 Message-ID: <20221111135400.C7932FDDE@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2953-1 Container Tags : bci/bci-base:15.4 , bci/bci-base:15.4.27.14.10 , suse/sle15:15.4 , suse/sle15:15.4.27.14.10 Container Release : 27.14.10 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3910-1 Released: Tue Nov 8 13:05:04 2022 Summary: Recommended update for pam Type: recommended Severity: moderate References: This update for pam fixes the following issue: - Update pam_motd to the most current version. (PED-1712) The following package changes have been done: - pam-1.3.0-150000.6.61.1 updated From sle-updates at lists.suse.com Fri Nov 11 13:54:05 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 11 Nov 2022 14:54:05 +0100 (CET) Subject: SUSE-CU-2022:2954-1: Security update of suse/sle15 Message-ID: <20221111135405.3C85CFDDE@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2954-1 Container Tags : bci/bci-base:15.4 , bci/bci-base:15.4.27.14.11 , suse/sle15:15.4 , suse/sle15:15.4.27.14.11 Container Release : 27.14.11 Severity : important Type : security References : 1194530 1203681 1204256 CVE-2021-22569 CVE-2022-1941 CVE-2022-3171 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3922-1 Released: Wed Nov 9 09:03:33 2022 Summary: Security update for protobuf Type: security Severity: important References: 1194530,1203681,1204256,CVE-2021-22569,CVE-2022-1941,CVE-2022-3171 This update for protobuf fixes the following issues: - CVE-2021-22569: Fixed Denial of Service in protobuf-java in the parsing procedure for binary data (bsc#1194530). - CVE-2022-1941: Fix a potential DoS issue in protobuf-cpp and protobuf-python (bsc#1203681) - CVE-2022-3171: Fix a potential DoS issue when parsing with binary data in protobuf-java (bsc#1204256) The following package changes have been done: - libprotobuf-lite20-3.9.2-150200.4.19.2 updated From sle-updates at lists.suse.com Fri Nov 11 13:54:38 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 11 Nov 2022 14:54:38 +0100 (CET) Subject: SUSE-CU-2022:2955-1: Security update of suse/manager/4.3/proxy-httpd Message-ID: <20221111135438.360CEFDDE@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-httpd ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2955-1 Container Tags : suse/manager/4.3/proxy-httpd:4.3.2 , suse/manager/4.3/proxy-httpd:4.3.2.9.10.8 , suse/manager/4.3/proxy-httpd:latest Container Release : 9.10.8 Severity : important Type : security References : 1087072 1190651 1194047 1202148 1203911 1204111 1204112 1204113 1204383 1204386 1204708 CVE-2022-32221 CVE-2022-42010 CVE-2022-42011 CVE-2022-42012 CVE-2022-42916 CVE-2022-43680 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-httpd was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3785-1 Released: Wed Oct 26 20:20:19 2022 Summary: Security update for curl Type: security Severity: important References: 1204383,1204386,CVE-2022-32221,CVE-2022-42916 This update for curl fixes the following issues: - CVE-2022-32221: Fixed POST following PUT confusion (bsc#1204383). - CVE-2022-42916: Fixed HSTS bypass via IDN (bsc#1204386). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3787-1 Released: Thu Oct 27 04:41:09 2022 Summary: Recommended update for permissions Type: recommended Severity: important References: 1194047,1203911 This update for permissions fixes the following issues: - Fix regression introduced by backport of security fix (bsc#1203911) - Add permissions for enlightenment helper on 32bit arches (bsc#1194047) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3806-1 Released: Thu Oct 27 17:21:11 2022 Summary: Security update for dbus-1 Type: security Severity: important References: 1087072,1204111,1204112,1204113,CVE-2022-42010,CVE-2022-42011,CVE-2022-42012 This update for dbus-1 fixes the following issues: - CVE-2022-42010: Fixed potential crash that could be triggered by an invalid signature (bsc#1204111). - CVE-2022-42011: Fixed an out of bounds read caused by a fixed length array (bsc#1204112). - CVE-2022-42012: Fixed a use-after-free that could be trigged by a message in non-native endianness with out-of-band Unix file descriptor (bsc#1204113). Bugfixes: - Disable asserts (bsc#1087072). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3870-1 Released: Fri Nov 4 11:12:08 2022 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1190651,1202148 This update for openssl-1_1 fixes the following issues: - FIPS: Add a missing dependency on jitterentropy-devel for libopenssl-1_1-devel (bsc#1202148) - FIPS: OpenSSL service-level indicator: Allow AES XTS 256 (bsc#1190651) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3884-1 Released: Mon Nov 7 10:59:26 2022 Summary: Security update for expat Type: security Severity: important References: 1204708,CVE-2022-43680 This update for expat fixes the following issues: - CVE-2022-43680: Fixed use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate (bsc#1204708). The following package changes have been done: - libopenssl1_1-1.1.1l-150400.7.13.1 updated - libopenssl1_1-hmac-1.1.1l-150400.7.13.1 updated - libcurl4-7.79.1-150400.5.9.1 updated - permissions-20201225-150400.5.16.1 updated - curl-7.79.1-150400.5.9.1 updated - libdbus-1-3-1.12.2-150400.18.5.1 updated - libexpat1-2.4.4-150400.3.12.1 updated - dbus-1-1.12.2-150400.18.5.1 updated From sle-updates at lists.suse.com Fri Nov 11 13:54:47 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 11 Nov 2022 14:54:47 +0100 (CET) Subject: SUSE-CU-2022:2957-1: Security update of suse/manager/4.3/proxy-httpd Message-ID: <20221111135447.C8769FDDE@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-httpd ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2957-1 Container Tags : suse/manager/4.3/proxy-httpd:4.3.2 , suse/manager/4.3/proxy-httpd:4.3.2.9.14.2 , suse/manager/4.3/proxy-httpd:latest Container Release : 9.14.2 Severity : important Type : security References : 1194530 1203681 1204256 CVE-2021-22569 CVE-2022-1941 CVE-2022-3171 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-httpd was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3910-1 Released: Tue Nov 8 13:05:04 2022 Summary: Recommended update for pam Type: recommended Severity: moderate References: This update for pam fixes the following issue: - Update pam_motd to the most current version. (PED-1712) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3922-1 Released: Wed Nov 9 09:03:33 2022 Summary: Security update for protobuf Type: security Severity: important References: 1194530,1203681,1204256,CVE-2021-22569,CVE-2022-1941,CVE-2022-3171 This update for protobuf fixes the following issues: - CVE-2021-22569: Fixed Denial of Service in protobuf-java in the parsing procedure for binary data (bsc#1194530). - CVE-2022-1941: Fix a potential DoS issue in protobuf-cpp and protobuf-python (bsc#1203681) - CVE-2022-3171: Fix a potential DoS issue when parsing with binary data in protobuf-java (bsc#1204256) The following package changes have been done: - libprotobuf-lite20-3.9.2-150200.4.19.2 updated - pam-1.3.0-150000.6.61.1 updated From sle-updates at lists.suse.com Fri Nov 11 13:55:08 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 11 Nov 2022 14:55:08 +0100 (CET) Subject: SUSE-CU-2022:2959-1: Security update of suse/manager/4.3/proxy-squid Message-ID: <20221111135508.46378FDDE@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-squid ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2959-1 Container Tags : suse/manager/4.3/proxy-squid:4.3.2 , suse/manager/4.3/proxy-squid:4.3.2.9.9.8 , suse/manager/4.3/proxy-squid:latest Container Release : 9.9.8 Severity : important Type : security References : 1190651 1194047 1202148 1203911 1204383 1204386 CVE-2022-32221 CVE-2022-42916 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-squid was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3785-1 Released: Wed Oct 26 20:20:19 2022 Summary: Security update for curl Type: security Severity: important References: 1204383,1204386,CVE-2022-32221,CVE-2022-42916 This update for curl fixes the following issues: - CVE-2022-32221: Fixed POST following PUT confusion (bsc#1204383). - CVE-2022-42916: Fixed HSTS bypass via IDN (bsc#1204386). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3787-1 Released: Thu Oct 27 04:41:09 2022 Summary: Recommended update for permissions Type: recommended Severity: important References: 1194047,1203911 This update for permissions fixes the following issues: - Fix regression introduced by backport of security fix (bsc#1203911) - Add permissions for enlightenment helper on 32bit arches (bsc#1194047) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3870-1 Released: Fri Nov 4 11:12:08 2022 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1190651,1202148 This update for openssl-1_1 fixes the following issues: - FIPS: Add a missing dependency on jitterentropy-devel for libopenssl-1_1-devel (bsc#1202148) - FIPS: OpenSSL service-level indicator: Allow AES XTS 256 (bsc#1190651) The following package changes have been done: - libopenssl1_1-1.1.1l-150400.7.13.1 updated - libopenssl1_1-hmac-1.1.1l-150400.7.13.1 updated - libcurl4-7.79.1-150400.5.9.1 updated - permissions-20201225-150400.5.16.1 updated From sle-updates at lists.suse.com Fri Nov 11 13:55:18 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 11 Nov 2022 14:55:18 +0100 (CET) Subject: SUSE-CU-2022:2962-1: Recommended update of suse/manager/4.3/proxy-squid Message-ID: <20221111135518.92F86FDDE@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-squid ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2962-1 Container Tags : suse/manager/4.3/proxy-squid:4.3.2 , suse/manager/4.3/proxy-squid:4.3.2.9.13.2 , suse/manager/4.3/proxy-squid:latest Container Release : 9.13.2 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container suse/manager/4.3/proxy-squid was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3910-1 Released: Tue Nov 8 13:05:04 2022 Summary: Recommended update for pam Type: recommended Severity: moderate References: This update for pam fixes the following issue: - Update pam_motd to the most current version. (PED-1712) The following package changes have been done: - pam-1.3.0-150000.6.61.1 updated From sle-updates at lists.suse.com Fri Nov 11 13:57:03 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 11 Nov 2022 14:57:03 +0100 (CET) Subject: SUSE-CU-2022:2963-1: Security update of suse/sle-micro/5.1/toolbox Message-ID: <20221111135703.BDF1AFDD6@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.1/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2963-1 Container Tags : suse/sle-micro/5.1/toolbox:11.1 , suse/sle-micro/5.1/toolbox:11.1-2.2.310 , suse/sle-micro/5.1/toolbox:latest Container Release : 2.2.310 Severity : important Type : security References : 1196840 1199492 1199918 1199926 1199927 1204708 CVE-2022-43680 ----------------------------------------------------------------- The container suse/sle-micro/5.1/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3905-1 Released: Tue Nov 8 12:23:17 2022 Summary: Recommended update for aaa_base Type: recommended Severity: important References: 1196840,1199492,1199918,1199926,1199927 This update for aaa_base and iputils fixes the following issues: aaa_base: - Failures in ping for SUSE Linux Enterprise 15 and 15 SP1 due to sysctl setting for ping_group_range (bsc#1199926, bsc#1199927) - The wrapper rootsh is not a restricted shell (bsc#1199492) iputils: - Fix device binding on ping6 for ICMP datagram socket. (bsc#1196840, bsc#1199918, bsc#1199926, bsc#1199927) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3912-1 Released: Tue Nov 8 13:38:11 2022 Summary: Security update for expat Type: security Severity: important References: 1204708,CVE-2022-43680 This update for expat fixes the following issues: - CVE-2022-43680: Fixed use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate (bsc#1204708). The following package changes have been done: - iputils-s20161105-150000.8.6.1 updated - libexpat1-2.2.5-150000.3.25.1 updated From sle-updates at lists.suse.com Fri Nov 11 20:45:51 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 11 Nov 2022 21:45:51 +0100 (CET) Subject: SUSE-SU-2022:3954-1: moderate: Security update for python-numpy Message-ID: <20221111204551.2ED25FDDE@maintenance.suse.de> SUSE Security Update: Security update for python-numpy ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3954-1 Rating: moderate References: #1053963 #1199500 Cross-References: CVE-2017-12852 CVSS scores: CVE-2017-12852 (NVD) : 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2017-12852 (SUSE): 6.2 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for python-numpy fixes the following issues: - CVE-2017-12852: Fixed missing input validation leading to infinite loops (bsc#1053963). Bugfixes: - Use update-alternatives for /usr/bin/f2py (bsc#1199500). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-3954=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-3954=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): python-numpy-debuginfo-1.8.0-5.19.1 python-numpy-debugsource-1.8.0-5.19.1 python-numpy-devel-1.8.0-5.19.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): python-numpy-1.8.0-5.19.1 python-numpy-debuginfo-1.8.0-5.19.1 python-numpy-debugsource-1.8.0-5.19.1 References: https://www.suse.com/security/cve/CVE-2017-12852.html https://bugzilla.suse.com/1053963 https://bugzilla.suse.com/1199500 From sle-updates at lists.suse.com Fri Nov 11 20:46:42 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 11 Nov 2022 21:46:42 +0100 (CET) Subject: SUSE-RU-2022:3958-1: moderate: Recommended update for mozilla-nss Message-ID: <20221111204642.605B9FDDE@maintenance.suse.de> SUSE Recommended Update: Recommended update for mozilla-nss ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:3958-1 Rating: moderate References: #1191546 #1198980 #1201298 #1202870 #1204729 Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Micro 5.3 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has 5 recommended fixes can now be installed. Description: This update for mozilla-nss fixes the following issues: mozilla-nss was updated to NSS 3.79.2 (bsc#1204729) * Bump minimum NSPR version to 4.34.1. * Gracefully handle null nickname in CERT_GetCertNicknameWithValidity. - FIPS: Allow the use of DSA keys (verification only) (bsc#1201298). - FIPS: Add sftk_FIPSRepeatIntegrityCheck() to softoken's .def file (bsc#1198980). - FIPS: Allow the use of longer symmetric keys via the service level indicator (bsc#1191546). - FIPS: Export sftk_FIPSRepeatIntegrityCheck() correctly (bsc#1198980). - FIPS: Prevent sessions from getting flagged as non-FIPS (bsc#1191546). - FIPS: Mark DSA keygen unapproved (bsc#1191546, bsc#1201298). - FIPS: Enable userspace entropy gathering via libjitterentropy (bsc#1202870). - FIPS: Prevent keys from getting flagged as non-FIPS and add remaining TLS mechanisms. - FIPS: Use libjitterentropy for entropy. - FIPS: Fixed an abort() when both NSS_FIPS and /proc FIPS mode are enabled. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-3958=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-3958=1 - SUSE Linux Enterprise Micro 5.3: zypper in -t patch SUSE-SLE-Micro-5.3-2022-3958=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): libfreebl3-3.79.2-150400.3.15.1 libfreebl3-debuginfo-3.79.2-150400.3.15.1 libfreebl3-hmac-3.79.2-150400.3.15.1 libsoftokn3-3.79.2-150400.3.15.1 libsoftokn3-debuginfo-3.79.2-150400.3.15.1 libsoftokn3-hmac-3.79.2-150400.3.15.1 mozilla-nss-3.79.2-150400.3.15.1 mozilla-nss-certs-3.79.2-150400.3.15.1 mozilla-nss-certs-debuginfo-3.79.2-150400.3.15.1 mozilla-nss-debuginfo-3.79.2-150400.3.15.1 mozilla-nss-debugsource-3.79.2-150400.3.15.1 mozilla-nss-devel-3.79.2-150400.3.15.1 mozilla-nss-sysinit-3.79.2-150400.3.15.1 mozilla-nss-sysinit-debuginfo-3.79.2-150400.3.15.1 mozilla-nss-tools-3.79.2-150400.3.15.1 mozilla-nss-tools-debuginfo-3.79.2-150400.3.15.1 - openSUSE Leap 15.4 (x86_64): libfreebl3-32bit-3.79.2-150400.3.15.1 libfreebl3-32bit-debuginfo-3.79.2-150400.3.15.1 libfreebl3-hmac-32bit-3.79.2-150400.3.15.1 libsoftokn3-32bit-3.79.2-150400.3.15.1 libsoftokn3-32bit-debuginfo-3.79.2-150400.3.15.1 libsoftokn3-hmac-32bit-3.79.2-150400.3.15.1 mozilla-nss-32bit-3.79.2-150400.3.15.1 mozilla-nss-32bit-debuginfo-3.79.2-150400.3.15.1 mozilla-nss-certs-32bit-3.79.2-150400.3.15.1 mozilla-nss-certs-32bit-debuginfo-3.79.2-150400.3.15.1 mozilla-nss-sysinit-32bit-3.79.2-150400.3.15.1 mozilla-nss-sysinit-32bit-debuginfo-3.79.2-150400.3.15.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): libfreebl3-3.79.2-150400.3.15.1 libfreebl3-debuginfo-3.79.2-150400.3.15.1 libfreebl3-hmac-3.79.2-150400.3.15.1 libsoftokn3-3.79.2-150400.3.15.1 libsoftokn3-debuginfo-3.79.2-150400.3.15.1 libsoftokn3-hmac-3.79.2-150400.3.15.1 mozilla-nss-3.79.2-150400.3.15.1 mozilla-nss-certs-3.79.2-150400.3.15.1 mozilla-nss-certs-debuginfo-3.79.2-150400.3.15.1 mozilla-nss-debuginfo-3.79.2-150400.3.15.1 mozilla-nss-debugsource-3.79.2-150400.3.15.1 mozilla-nss-devel-3.79.2-150400.3.15.1 mozilla-nss-sysinit-3.79.2-150400.3.15.1 mozilla-nss-sysinit-debuginfo-3.79.2-150400.3.15.1 mozilla-nss-tools-3.79.2-150400.3.15.1 mozilla-nss-tools-debuginfo-3.79.2-150400.3.15.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (x86_64): libfreebl3-32bit-3.79.2-150400.3.15.1 libfreebl3-32bit-debuginfo-3.79.2-150400.3.15.1 libfreebl3-hmac-32bit-3.79.2-150400.3.15.1 libsoftokn3-32bit-3.79.2-150400.3.15.1 libsoftokn3-32bit-debuginfo-3.79.2-150400.3.15.1 libsoftokn3-hmac-32bit-3.79.2-150400.3.15.1 mozilla-nss-32bit-3.79.2-150400.3.15.1 mozilla-nss-32bit-debuginfo-3.79.2-150400.3.15.1 mozilla-nss-certs-32bit-3.79.2-150400.3.15.1 mozilla-nss-certs-32bit-debuginfo-3.79.2-150400.3.15.1 - SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64): libfreebl3-3.79.2-150400.3.15.1 libfreebl3-debuginfo-3.79.2-150400.3.15.1 libfreebl3-hmac-3.79.2-150400.3.15.1 libsoftokn3-3.79.2-150400.3.15.1 libsoftokn3-debuginfo-3.79.2-150400.3.15.1 libsoftokn3-hmac-3.79.2-150400.3.15.1 mozilla-nss-3.79.2-150400.3.15.1 mozilla-nss-certs-3.79.2-150400.3.15.1 mozilla-nss-certs-debuginfo-3.79.2-150400.3.15.1 mozilla-nss-debuginfo-3.79.2-150400.3.15.1 mozilla-nss-debugsource-3.79.2-150400.3.15.1 mozilla-nss-tools-3.79.2-150400.3.15.1 mozilla-nss-tools-debuginfo-3.79.2-150400.3.15.1 References: https://bugzilla.suse.com/1191546 https://bugzilla.suse.com/1198980 https://bugzilla.suse.com/1201298 https://bugzilla.suse.com/1202870 https://bugzilla.suse.com/1204729 From sle-updates at lists.suse.com Fri Nov 11 20:47:44 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 11 Nov 2022 21:47:44 +0100 (CET) Subject: SUSE-SU-2022:3952-1: moderate: Security update for xterm Message-ID: <20221111204744.3DCFEFDDE@maintenance.suse.de> SUSE Security Update: Security update for xterm ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3952-1 Rating: moderate References: #1195387 Cross-References: CVE-2022-24130 CVSS scores: CVE-2022-24130 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2022-24130 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for xterm fixes the following issues: - CVE-2022-24130: Fixed buffer overflow in set_sixel when Sixel support is enabled. (bsc#1195387) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-3952=1 Package List: - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): xterm-308-5.6.1 xterm-debuginfo-308-5.6.1 xterm-debugsource-308-5.6.1 References: https://www.suse.com/security/cve/CVE-2022-24130.html https://bugzilla.suse.com/1195387 From sle-updates at lists.suse.com Fri Nov 11 20:48:26 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 11 Nov 2022 21:48:26 +0100 (CET) Subject: SUSE-SU-2022:3949-1: moderate: Security update for rustup Message-ID: <20221111204826.80536FDDE@maintenance.suse.de> SUSE Security Update: Security update for rustup ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3949-1 Rating: moderate References: #1194119 #1196972 Cross-References: CVE-2021-45710 CVE-2022-24713 CVSS scores: CVE-2021-45710 (NVD) : 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-45710 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2022-24713 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-24713 (SUSE): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L Affected Products: SUSE Enterprise Storage 7.1 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Module for Development Tools 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for rustup fixes the following issues: Updated to version 1.25.1~0: - CVE-2022-24713: Fixed Regex denial of service (bsc#1196972). - CVE-2021-45710: Fixed tokio data race with memory corruption (bsc#1194119). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-3949=1 - SUSE Linux Enterprise Module for Development Tools 15-SP3: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2022-3949=1 Package List: - openSUSE Leap 15.3 (aarch64 x86_64): rustup-1.25.1~0-150300.7.13.2 rustup-debuginfo-1.25.1~0-150300.7.13.2 rustup-debugsource-1.25.1~0-150300.7.13.2 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 x86_64): rustup-1.25.1~0-150300.7.13.2 rustup-debuginfo-1.25.1~0-150300.7.13.2 rustup-debugsource-1.25.1~0-150300.7.13.2 References: https://www.suse.com/security/cve/CVE-2021-45710.html https://www.suse.com/security/cve/CVE-2022-24713.html https://bugzilla.suse.com/1194119 https://bugzilla.suse.com/1196972 From sle-updates at lists.suse.com Fri Nov 11 20:49:55 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 11 Nov 2022 21:49:55 +0100 (CET) Subject: SUSE-SU-2022:3953-1: moderate: Security update for xterm Message-ID: <20221111204955.52711FDD6@maintenance.suse.de> SUSE Security Update: Security update for xterm ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3953-1 Rating: moderate References: #1195387 Cross-References: CVE-2022-24130 CVSS scores: CVE-2022-24130 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2022-24130 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Affected Products: SUSE Enterprise Storage 7.1 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.2 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.2 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.2 SUSE Manager Server 4.3 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for xterm fixes the following issues: - CVE-2022-24130: Fixed buffer overflow in set_sixel when Sixel support is enabled (bsc#1195387). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-3953=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-3953=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-3953=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-3953=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): xterm-330-150200.11.6.1 xterm-bin-330-150200.11.6.1 xterm-bin-debuginfo-330-150200.11.6.1 xterm-debugsource-330-150200.11.6.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): xterm-330-150200.11.6.1 xterm-bin-330-150200.11.6.1 xterm-bin-debuginfo-330-150200.11.6.1 xterm-debugsource-330-150200.11.6.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): xterm-330-150200.11.6.1 xterm-bin-330-150200.11.6.1 xterm-bin-debuginfo-330-150200.11.6.1 xterm-debugsource-330-150200.11.6.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): xterm-330-150200.11.6.1 xterm-bin-330-150200.11.6.1 xterm-bin-debuginfo-330-150200.11.6.1 xterm-debugsource-330-150200.11.6.1 References: https://www.suse.com/security/cve/CVE-2022-24130.html https://bugzilla.suse.com/1195387 From sle-updates at lists.suse.com Fri Nov 11 20:50:40 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 11 Nov 2022 21:50:40 +0100 (CET) Subject: SUSE-FU-2022:3948-1: important: Feature update for cni-plugin-dnsname Message-ID: <20221111205040.BE9F0FDD6@maintenance.suse.de> SUSE Feature Update: Feature update for cni-plugin-dnsname ______________________________________________________________________________ Announcement ID: SUSE-FU-2022:3948-1 Rating: important References: SMO-129 SMO-63 Affected Products: SUSE Linux Enterprise Micro 5.2 openSUSE Leap Micro 5.2 ______________________________________________________________________________ An update that has 0 feature fixes and contains two features can now be installed. Description: This update for cni-plugin-dnsname fixes the following issues: - Provide package cni-plugin-dnsname to SUSE Linux Enteprise Micro 5.2 (jsc#SMO-129, jsc#SMO-63) Patch Instructions: To install this SUSE Feature Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap Micro 5.2: zypper in -t patch openSUSE-Leap-Micro-5.2-2022-3948=1 - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-3948=1 Package List: - openSUSE Leap Micro 5.2 (aarch64 ppc64le s390x x86_64): cni-plugin-dnsname-1.3.1-150300.1.3.1 cni-plugin-dnsname-debuginfo-1.3.1-150300.1.3.1 - SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64): cni-plugin-dnsname-1.3.1-150300.1.3.1 cni-plugin-dnsname-debuginfo-1.3.1-150300.1.3.1 References: From sle-updates at lists.suse.com Fri Nov 11 20:51:19 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 11 Nov 2022 21:51:19 +0100 (CET) Subject: SUSE-SU-2022:3957-1: moderate: Security update for php72 Message-ID: <20221111205119.A2A0FFDD6@maintenance.suse.de> SUSE Security Update: Security update for php72 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3957-1 Rating: moderate References: #1203867 #1203870 Cross-References: CVE-2022-31628 CVE-2022-31629 CVSS scores: CVE-2022-31628 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-31628 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CVE-2022-31629 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N Affected Products: SUSE Linux Enterprise High Performance Computing 12 SUSE Linux Enterprise Module for Web Scripting 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP Applications 12 SUSE Linux Enterprise Server for SAP Applications 12-SP3 SUSE Linux Enterprise Server for SAP Applications 12-SP4 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for php72 fixes the following issues: - CVE-2022-31628: Fixed an uncontrolled recursion in the phar uncompressor while decompressing "quines" gzip files. (bsc#1203867) - CVE-2022-31629: Fixed a bug which could lead an attacker to set an insecure cookie that will treated as secure in the victim's browser. (bsc#1203870) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-3957=1 - SUSE Linux Enterprise Module for Web Scripting 12: zypper in -t patch SUSE-SLE-Module-Web-Scripting-12-2022-3957=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): php72-debuginfo-7.2.5-1.84.1 php72-debugsource-7.2.5-1.84.1 php72-devel-7.2.5-1.84.1 - SUSE Linux Enterprise Module for Web Scripting 12 (aarch64 ppc64le s390x x86_64): apache2-mod_php72-7.2.5-1.84.1 apache2-mod_php72-debuginfo-7.2.5-1.84.1 php72-7.2.5-1.84.1 php72-bcmath-7.2.5-1.84.1 php72-bcmath-debuginfo-7.2.5-1.84.1 php72-bz2-7.2.5-1.84.1 php72-bz2-debuginfo-7.2.5-1.84.1 php72-calendar-7.2.5-1.84.1 php72-calendar-debuginfo-7.2.5-1.84.1 php72-ctype-7.2.5-1.84.1 php72-ctype-debuginfo-7.2.5-1.84.1 php72-curl-7.2.5-1.84.1 php72-curl-debuginfo-7.2.5-1.84.1 php72-dba-7.2.5-1.84.1 php72-dba-debuginfo-7.2.5-1.84.1 php72-debuginfo-7.2.5-1.84.1 php72-debugsource-7.2.5-1.84.1 php72-dom-7.2.5-1.84.1 php72-dom-debuginfo-7.2.5-1.84.1 php72-enchant-7.2.5-1.84.1 php72-enchant-debuginfo-7.2.5-1.84.1 php72-exif-7.2.5-1.84.1 php72-exif-debuginfo-7.2.5-1.84.1 php72-fastcgi-7.2.5-1.84.1 php72-fastcgi-debuginfo-7.2.5-1.84.1 php72-fileinfo-7.2.5-1.84.1 php72-fileinfo-debuginfo-7.2.5-1.84.1 php72-fpm-7.2.5-1.84.1 php72-fpm-debuginfo-7.2.5-1.84.1 php72-ftp-7.2.5-1.84.1 php72-ftp-debuginfo-7.2.5-1.84.1 php72-gd-7.2.5-1.84.1 php72-gd-debuginfo-7.2.5-1.84.1 php72-gettext-7.2.5-1.84.1 php72-gettext-debuginfo-7.2.5-1.84.1 php72-gmp-7.2.5-1.84.1 php72-gmp-debuginfo-7.2.5-1.84.1 php72-iconv-7.2.5-1.84.1 php72-iconv-debuginfo-7.2.5-1.84.1 php72-imap-7.2.5-1.84.1 php72-imap-debuginfo-7.2.5-1.84.1 php72-intl-7.2.5-1.84.1 php72-intl-debuginfo-7.2.5-1.84.1 php72-json-7.2.5-1.84.1 php72-json-debuginfo-7.2.5-1.84.1 php72-ldap-7.2.5-1.84.1 php72-ldap-debuginfo-7.2.5-1.84.1 php72-mbstring-7.2.5-1.84.1 php72-mbstring-debuginfo-7.2.5-1.84.1 php72-mysql-7.2.5-1.84.1 php72-mysql-debuginfo-7.2.5-1.84.1 php72-odbc-7.2.5-1.84.1 php72-odbc-debuginfo-7.2.5-1.84.1 php72-opcache-7.2.5-1.84.1 php72-opcache-debuginfo-7.2.5-1.84.1 php72-openssl-7.2.5-1.84.1 php72-openssl-debuginfo-7.2.5-1.84.1 php72-pcntl-7.2.5-1.84.1 php72-pcntl-debuginfo-7.2.5-1.84.1 php72-pdo-7.2.5-1.84.1 php72-pdo-debuginfo-7.2.5-1.84.1 php72-pgsql-7.2.5-1.84.1 php72-pgsql-debuginfo-7.2.5-1.84.1 php72-phar-7.2.5-1.84.1 php72-phar-debuginfo-7.2.5-1.84.1 php72-posix-7.2.5-1.84.1 php72-posix-debuginfo-7.2.5-1.84.1 php72-pspell-7.2.5-1.84.1 php72-pspell-debuginfo-7.2.5-1.84.1 php72-readline-7.2.5-1.84.1 php72-readline-debuginfo-7.2.5-1.84.1 php72-shmop-7.2.5-1.84.1 php72-shmop-debuginfo-7.2.5-1.84.1 php72-snmp-7.2.5-1.84.1 php72-snmp-debuginfo-7.2.5-1.84.1 php72-soap-7.2.5-1.84.1 php72-soap-debuginfo-7.2.5-1.84.1 php72-sockets-7.2.5-1.84.1 php72-sockets-debuginfo-7.2.5-1.84.1 php72-sodium-7.2.5-1.84.1 php72-sodium-debuginfo-7.2.5-1.84.1 php72-sqlite-7.2.5-1.84.1 php72-sqlite-debuginfo-7.2.5-1.84.1 php72-sysvmsg-7.2.5-1.84.1 php72-sysvmsg-debuginfo-7.2.5-1.84.1 php72-sysvsem-7.2.5-1.84.1 php72-sysvsem-debuginfo-7.2.5-1.84.1 php72-sysvshm-7.2.5-1.84.1 php72-sysvshm-debuginfo-7.2.5-1.84.1 php72-tidy-7.2.5-1.84.1 php72-tidy-debuginfo-7.2.5-1.84.1 php72-tokenizer-7.2.5-1.84.1 php72-tokenizer-debuginfo-7.2.5-1.84.1 php72-wddx-7.2.5-1.84.1 php72-wddx-debuginfo-7.2.5-1.84.1 php72-xmlreader-7.2.5-1.84.1 php72-xmlreader-debuginfo-7.2.5-1.84.1 php72-xmlrpc-7.2.5-1.84.1 php72-xmlrpc-debuginfo-7.2.5-1.84.1 php72-xmlwriter-7.2.5-1.84.1 php72-xmlwriter-debuginfo-7.2.5-1.84.1 php72-xsl-7.2.5-1.84.1 php72-xsl-debuginfo-7.2.5-1.84.1 php72-zip-7.2.5-1.84.1 php72-zip-debuginfo-7.2.5-1.84.1 php72-zlib-7.2.5-1.84.1 php72-zlib-debuginfo-7.2.5-1.84.1 - SUSE Linux Enterprise Module for Web Scripting 12 (noarch): php72-pear-7.2.5-1.84.1 php72-pear-Archive_Tar-7.2.5-1.84.1 References: https://www.suse.com/security/cve/CVE-2022-31628.html https://www.suse.com/security/cve/CVE-2022-31629.html https://bugzilla.suse.com/1203867 https://bugzilla.suse.com/1203870 From sle-updates at lists.suse.com Fri Nov 11 20:52:40 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 11 Nov 2022 21:52:40 +0100 (CET) Subject: SUSE-SU-2022:3960-1: important: Security update for xen Message-ID: <20221111205240.2A054FDD6@maintenance.suse.de> SUSE Security Update: Security update for xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3960-1 Rating: important References: #1204482 #1204485 #1204487 #1204488 #1204489 #1204490 #1204494 #1204496 Cross-References: CVE-2022-42309 CVE-2022-42310 CVE-2022-42311 CVE-2022-42312 CVE-2022-42313 CVE-2022-42314 CVE-2022-42315 CVE-2022-42316 CVE-2022-42317 CVE-2022-42318 CVE-2022-42319 CVE-2022-42320 CVE-2022-42321 CVE-2022-42322 CVE-2022-42323 CVE-2022-42325 CVE-2022-42326 CVSS scores: CVE-2022-42309 (NVD) : 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H CVE-2022-42309 (SUSE): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H CVE-2022-42310 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-42310 (SUSE): 6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H CVE-2022-42311 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-42311 (SUSE): 6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H CVE-2022-42312 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2022-42312 (SUSE): 6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H CVE-2022-42313 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2022-42313 (SUSE): 6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H CVE-2022-42314 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2022-42314 (SUSE): 6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H CVE-2022-42315 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2022-42315 (SUSE): 6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H CVE-2022-42316 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2022-42316 (SUSE): 6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H CVE-2022-42317 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2022-42317 (SUSE): 6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H CVE-2022-42318 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2022-42318 (SUSE): 6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H CVE-2022-42319 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2022-42319 (SUSE): 6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H CVE-2022-42320 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-42320 (SUSE): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H CVE-2022-42321 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2022-42321 (SUSE): 6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H CVE-2022-42322 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-42322 (SUSE): 5.3 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H CVE-2022-42323 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-42323 (SUSE): 5.3 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H CVE-2022-42325 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-42325 (SUSE): 6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H CVE-2022-42326 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-42326 (SUSE): 6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Server 12-SP3-BCL ______________________________________________________________________________ An update that fixes 17 vulnerabilities is now available. Description: This update for xen fixes the following issues: - CVE-2022-42311, CVE-2022-42312, CVE-2022-42313, CVE-2022-42314, CVE-2022-42315, CVE-2022-42316, CVE-2022-42317, CVE-2022-42318: xen: Xenstore: Guests can let xenstored run out of memory (bsc#1204482) - CVE-2022-42309: xen: Xenstore: Guests can crash xenstored (bsc#1204485) - CVE-2022-42310: xen: Xenstore: Guests can create orphaned Xenstore nodes (bsc#1204487) - CVE-2022-42319: xen: Xenstore: Guests can cause Xenstore to not free temporary memory (bsc#1204488) - CVE-2022-42320: xen: Xenstore: Guests can get access to Xenstore nodes of deleted domains (bsc#1204489) - CVE-2022-42321: xen: Xenstore: Guests can crash xenstored via exhausting the stack (bsc#1204490) - CVE-2022-42322,CVE-2022-42323: xen: Xenstore: cooperating guests can create arbitrary numbers of nodes (bsc#1204494) - CVE-2022-42325,CVE-2022-42326: xen: Xenstore: Guests can create arbitrary number of nodes via transactions (bsc#1204496) Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2022-3960=1 Package List: - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): xen-4.9.4_34-3.114.1 xen-debugsource-4.9.4_34-3.114.1 xen-doc-html-4.9.4_34-3.114.1 xen-libs-32bit-4.9.4_34-3.114.1 xen-libs-4.9.4_34-3.114.1 xen-libs-debuginfo-32bit-4.9.4_34-3.114.1 xen-libs-debuginfo-4.9.4_34-3.114.1 xen-tools-4.9.4_34-3.114.1 xen-tools-debuginfo-4.9.4_34-3.114.1 xen-tools-domU-4.9.4_34-3.114.1 xen-tools-domU-debuginfo-4.9.4_34-3.114.1 References: https://www.suse.com/security/cve/CVE-2022-42309.html https://www.suse.com/security/cve/CVE-2022-42310.html https://www.suse.com/security/cve/CVE-2022-42311.html https://www.suse.com/security/cve/CVE-2022-42312.html https://www.suse.com/security/cve/CVE-2022-42313.html https://www.suse.com/security/cve/CVE-2022-42314.html https://www.suse.com/security/cve/CVE-2022-42315.html https://www.suse.com/security/cve/CVE-2022-42316.html https://www.suse.com/security/cve/CVE-2022-42317.html https://www.suse.com/security/cve/CVE-2022-42318.html https://www.suse.com/security/cve/CVE-2022-42319.html https://www.suse.com/security/cve/CVE-2022-42320.html https://www.suse.com/security/cve/CVE-2022-42321.html https://www.suse.com/security/cve/CVE-2022-42322.html https://www.suse.com/security/cve/CVE-2022-42323.html https://www.suse.com/security/cve/CVE-2022-42325.html https://www.suse.com/security/cve/CVE-2022-42326.html https://bugzilla.suse.com/1204482 https://bugzilla.suse.com/1204485 https://bugzilla.suse.com/1204487 https://bugzilla.suse.com/1204488 https://bugzilla.suse.com/1204489 https://bugzilla.suse.com/1204490 https://bugzilla.suse.com/1204494 https://bugzilla.suse.com/1204496 From sle-updates at lists.suse.com Fri Nov 11 20:54:30 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 11 Nov 2022 21:54:30 +0100 (CET) Subject: SUSE-RU-2022:3950-1: moderate: Recommended update for sysstat Message-ID: <20221111205430.A31B5FDD6@maintenance.suse.de> SUSE Recommended Update: Recommended update for sysstat ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:3950-1 Rating: moderate References: #1202473 Affected Products: SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for sysstat fixes the following issues: - Add cron as required dependency for sysstat (bsc#1202473) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-3950=1 Package List: - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): sysstat-12.0.2-20.20.1 sysstat-debuginfo-12.0.2-20.20.1 sysstat-debugsource-12.0.2-20.20.1 sysstat-isag-12.0.2-20.20.1 References: https://bugzilla.suse.com/1202473 From sle-updates at lists.suse.com Fri Nov 11 20:55:31 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 11 Nov 2022 21:55:31 +0100 (CET) Subject: SUSE-SU-2022:3959-1: important: Security update for busybox Message-ID: <20221111205531.F283BFDD6@maintenance.suse.de> SUSE Security Update: Security update for busybox ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3959-1 Rating: important References: #1064976 #1064978 #1069412 #1099260 #1099263 #1102912 #1121426 #1121428 #1184522 #1192869 #951562 #970662 #970663 #991940 Cross-References: CVE-2011-5325 CVE-2015-9261 CVE-2016-2147 CVE-2016-2148 CVE-2016-6301 CVE-2017-15873 CVE-2017-15874 CVE-2017-16544 CVE-2018-1000500 CVE-2018-1000517 CVE-2018-20679 CVE-2019-5747 CVE-2021-28831 CVE-2021-42373 CVE-2021-42374 CVE-2021-42375 CVE-2021-42376 CVE-2021-42377 CVE-2021-42378 CVE-2021-42379 CVE-2021-42380 CVE-2021-42381 CVE-2021-42382 CVE-2021-42383 CVE-2021-42384 CVE-2021-42385 CVE-2021-42386 CVSS scores: CVE-2011-5325 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVE-2015-9261 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2015-9261 (SUSE): 5.5 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2016-2147 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2016-2148 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2016-6301 (NVD) : 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2017-15873 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2017-15873 (SUSE): 7.8 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2017-15874 (NVD) : 5.5 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2017-15874 (SUSE): 3.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2017-16544 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2017-16544 (SUSE): 7.8 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2018-1000500 (NVD) : 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2018-1000500 (SUSE): 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVE-2018-1000517 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2018-1000517 (SUSE): 5.6 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L CVE-2018-20679 (NVD) : 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2018-20679 (SUSE): 5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVE-2019-5747 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2019-5747 (SUSE): 3.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N CVE-2021-28831 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-28831 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-42373 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-42373 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-42374 (NVD) : 5.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H CVE-2021-42374 (SUSE): 5.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H CVE-2021-42375 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-42375 (SUSE): 4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H CVE-2021-42376 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-42376 (SUSE): 4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H CVE-2021-42377 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-42377 (SUSE): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2021-42378 (NVD) : 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2021-42378 (SUSE): 6.6 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2021-42379 (NVD) : 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2021-42379 (SUSE): 6.6 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2021-42380 (NVD) : 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2021-42380 (SUSE): 6.6 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2021-42381 (NVD) : 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2021-42381 (SUSE): 6.6 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2021-42382 (NVD) : 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2021-42382 (SUSE): 6.6 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2021-42383 (NVD) : 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2021-42383 (SUSE): 6.6 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2021-42384 (NVD) : 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2021-42384 (SUSE): 6.6 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2021-42385 (NVD) : 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2021-42385 (SUSE): 6.6 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2021-42386 (NVD) : 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2021-42386 (SUSE): 6.6 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes 27 vulnerabilities is now available. Description: This update for busybox fixes the following issues: - Enable switch_root With this change virtme --force-initramfs works as expected. - Enable udhcpc busybox was updated to 1.35.0 - Adjust busybox.config for new features in find, date and cpio - Annotate CVEs already fixed in upstream, but not mentioned in .changes yet: * CVE-2017-16544 (bsc#1069412): Insufficient sanitization of filenames when autocompleting * CVE-2015-9261 (bsc#1102912): huft_build misuses a pointer, causing segfaults * CVE-2016-2147 (bsc#970663): out of bounds write (heap) due to integer underflow in udhcpc * CVE-2016-2148 (bsc#970662): heap-based buffer overflow in OPTION_6RD parsing * CVE-2016-6301 (bsc#991940): NTP server denial of service flaw * CVE-2017-15873 (bsc#1064976): The get_next_block function in archival/libarchive/decompress_bunzip2.c has an Integer Overflow * CVE-2017-15874 (bsc#1064978): archival/libarchive/decompress_unlzma.c has an Integer Underflow * CVE-2019-5747 (bsc#1121428): out of bounds read in udhcp components * CVE-2021-42373, CVE-2021-42374, CVE-2021-42375, CVE-2021-42376, CVE-2021-42377, CVE-2021-42378, CVE-2021-42379, CVE-2021-42380, CVE-2021-42381, CVE-2021-42382, CVE-2021-42383, CVE-2021-42384, CVE-2021-42385, CVE-2021-42386 (bsc#1192869) : v1.34.0 bugfixes * CVE-2021-28831 (bsc#1184522): invalid free or segmentation fault via malformed gzip data * CVE-2018-20679 (bsc#1121426): out of bounds read in udhcp * CVE-2018-1000517 (bsc#1099260): Heap-based buffer overflow in the retrieve_file_data() * CVE-2011-5325 (bsc#951562): tar directory traversal * CVE-2018-1000500 (bsc#1099263): wget: Missing SSL certificate validation Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-3959=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-3959=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): busybox-1.35.0-150400.3.3.1 busybox-static-1.35.0-150400.3.3.1 busybox-testsuite-1.35.0-150400.3.3.1 - openSUSE Leap 15.4 (aarch64 x86_64): busybox-warewulf3-1.35.0-150400.3.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): busybox-1.35.0-150400.3.3.1 busybox-static-1.35.0-150400.3.3.1 References: https://www.suse.com/security/cve/CVE-2011-5325.html https://www.suse.com/security/cve/CVE-2015-9261.html https://www.suse.com/security/cve/CVE-2016-2147.html https://www.suse.com/security/cve/CVE-2016-2148.html https://www.suse.com/security/cve/CVE-2016-6301.html https://www.suse.com/security/cve/CVE-2017-15873.html https://www.suse.com/security/cve/CVE-2017-15874.html https://www.suse.com/security/cve/CVE-2017-16544.html https://www.suse.com/security/cve/CVE-2018-1000500.html https://www.suse.com/security/cve/CVE-2018-1000517.html https://www.suse.com/security/cve/CVE-2018-20679.html https://www.suse.com/security/cve/CVE-2019-5747.html https://www.suse.com/security/cve/CVE-2021-28831.html https://www.suse.com/security/cve/CVE-2021-42373.html https://www.suse.com/security/cve/CVE-2021-42374.html https://www.suse.com/security/cve/CVE-2021-42375.html https://www.suse.com/security/cve/CVE-2021-42376.html https://www.suse.com/security/cve/CVE-2021-42377.html https://www.suse.com/security/cve/CVE-2021-42378.html https://www.suse.com/security/cve/CVE-2021-42379.html https://www.suse.com/security/cve/CVE-2021-42380.html https://www.suse.com/security/cve/CVE-2021-42381.html https://www.suse.com/security/cve/CVE-2021-42382.html https://www.suse.com/security/cve/CVE-2021-42383.html https://www.suse.com/security/cve/CVE-2021-42384.html https://www.suse.com/security/cve/CVE-2021-42385.html https://www.suse.com/security/cve/CVE-2021-42386.html https://bugzilla.suse.com/1064976 https://bugzilla.suse.com/1064978 https://bugzilla.suse.com/1069412 https://bugzilla.suse.com/1099260 https://bugzilla.suse.com/1099263 https://bugzilla.suse.com/1102912 https://bugzilla.suse.com/1121426 https://bugzilla.suse.com/1121428 https://bugzilla.suse.com/1184522 https://bugzilla.suse.com/1192869 https://bugzilla.suse.com/951562 https://bugzilla.suse.com/970662 https://bugzilla.suse.com/970663 https://bugzilla.suse.com/991940 From sle-updates at lists.suse.com Fri Nov 11 20:57:38 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 11 Nov 2022 21:57:38 +0100 (CET) Subject: SUSE-RU-2022:3946-1: moderate: Recommended update for wireplumber Message-ID: <20221111205738.AAD77FDD6@maintenance.suse.de> SUSE Recommended Update: Recommended update for wireplumber ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:3946-1 Rating: moderate References: #1200485 #1202008 Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Desktop Applications 15-SP4 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for wireplumber fixes the following issues: - Fix to automatically enable wireplumber user service in new and current installations (bsc#1200485, bsc#1202008) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-3946=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2022-3946=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP4: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP4-2022-3946=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): libwireplumber-0_4-0-0.4.9-150400.3.3.2 libwireplumber-0_4-0-debuginfo-0.4.9-150400.3.3.2 typelib-1_0-Wp-0_4-0.4.9-150400.3.3.2 wireplumber-0.4.9-150400.3.3.2 wireplumber-debuginfo-0.4.9-150400.3.3.2 wireplumber-debugsource-0.4.9-150400.3.3.2 wireplumber-devel-0.4.9-150400.3.3.2 - openSUSE Leap 15.4 (noarch): wireplumber-audio-0.4.9-150400.3.3.2 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 (aarch64 ppc64le s390x x86_64): wireplumber-debuginfo-0.4.9-150400.3.3.2 wireplumber-debugsource-0.4.9-150400.3.3.2 wireplumber-devel-0.4.9-150400.3.3.2 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 (noarch): wireplumber-audio-0.4.9-150400.3.3.2 - SUSE Linux Enterprise Module for Desktop Applications 15-SP4 (aarch64 ppc64le s390x x86_64): libwireplumber-0_4-0-0.4.9-150400.3.3.2 libwireplumber-0_4-0-debuginfo-0.4.9-150400.3.3.2 wireplumber-0.4.9-150400.3.3.2 wireplumber-debuginfo-0.4.9-150400.3.3.2 wireplumber-debugsource-0.4.9-150400.3.3.2 References: https://bugzilla.suse.com/1200485 https://bugzilla.suse.com/1202008 From sle-updates at lists.suse.com Fri Nov 11 20:58:40 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 11 Nov 2022 21:58:40 +0100 (CET) Subject: SUSE-SU-2022:3955-1: important: Security update for samba Message-ID: <20221111205840.C8B0EFDD6@maintenance.suse.de> SUSE Security Update: Security update for samba ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3955-1 Rating: important References: #1200102 #1202803 #1202976 Cross-References: CVE-2022-1615 CVE-2022-32743 CVSS scores: CVE-2022-1615 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-1615 (SUSE): 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-32743 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVE-2022-32743 (SUSE): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N Affected Products: SUSE Enterprise Storage 7.1 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Availability 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Python2 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 openSUSE Leap Micro 5.2 ______________________________________________________________________________ An update that solves two vulnerabilities and has one errata is now available. Description: This update for samba fixes the following issues: - CVE-2022-1615: Fixed error handling in random number generation (bso#15103)(bsc#1202976). - CVE-2022-32743: Implement validated dnsHostName write rights (bso#14833)(bsc#1202803). Bugfixes: - Fixed use after free when iterating smbd_server_connection->connections after tree disconnect failure (bso#15128)(bsc#1200102). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap Micro 5.2: zypper in -t patch openSUSE-Leap-Micro-5.2-2022-3955=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-3955=1 - SUSE Linux Enterprise Module for Python2 15-SP3: zypper in -t patch SUSE-SLE-Module-Python2-15-SP3-2022-3955=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-3955=1 - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-3955=1 - SUSE Linux Enterprise High Availability 15-SP3: zypper in -t patch SUSE-SLE-Product-HA-15-SP3-2022-3955=1 - SUSE Enterprise Storage 7.1: zypper in -t patch SUSE-Storage-7.1-2022-3955=1 Package List: - openSUSE Leap Micro 5.2 (aarch64 x86_64): samba-client-libs-4.15.8+git.527.8d0c05d313e-150300.3.40.2 samba-client-libs-debuginfo-4.15.8+git.527.8d0c05d313e-150300.3.40.2 samba-debuginfo-4.15.8+git.527.8d0c05d313e-150300.3.40.2 samba-debugsource-4.15.8+git.527.8d0c05d313e-150300.3.40.2 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): ctdb-4.15.8+git.527.8d0c05d313e-150300.3.40.2 ctdb-debuginfo-4.15.8+git.527.8d0c05d313e-150300.3.40.2 ctdb-pcp-pmda-4.15.8+git.527.8d0c05d313e-150300.3.40.2 ctdb-pcp-pmda-debuginfo-4.15.8+git.527.8d0c05d313e-150300.3.40.2 libsamba-policy-devel-4.15.8+git.527.8d0c05d313e-150300.3.40.2 libsamba-policy-python3-devel-4.15.8+git.527.8d0c05d313e-150300.3.40.2 libsamba-policy0-python3-4.15.8+git.527.8d0c05d313e-150300.3.40.2 libsamba-policy0-python3-debuginfo-4.15.8+git.527.8d0c05d313e-150300.3.40.2 samba-4.15.8+git.527.8d0c05d313e-150300.3.40.2 samba-ad-dc-4.15.8+git.527.8d0c05d313e-150300.3.40.2 samba-ad-dc-debuginfo-4.15.8+git.527.8d0c05d313e-150300.3.40.2 samba-ad-dc-libs-4.15.8+git.527.8d0c05d313e-150300.3.40.2 samba-ad-dc-libs-debuginfo-4.15.8+git.527.8d0c05d313e-150300.3.40.2 samba-client-4.15.8+git.527.8d0c05d313e-150300.3.40.2 samba-client-debuginfo-4.15.8+git.527.8d0c05d313e-150300.3.40.2 samba-client-libs-4.15.8+git.527.8d0c05d313e-150300.3.40.2 samba-client-libs-debuginfo-4.15.8+git.527.8d0c05d313e-150300.3.40.2 samba-debuginfo-4.15.8+git.527.8d0c05d313e-150300.3.40.2 samba-debugsource-4.15.8+git.527.8d0c05d313e-150300.3.40.2 samba-devel-4.15.8+git.527.8d0c05d313e-150300.3.40.2 samba-dsdb-modules-4.15.8+git.527.8d0c05d313e-150300.3.40.2 samba-dsdb-modules-debuginfo-4.15.8+git.527.8d0c05d313e-150300.3.40.2 samba-gpupdate-4.15.8+git.527.8d0c05d313e-150300.3.40.2 samba-ldb-ldap-4.15.8+git.527.8d0c05d313e-150300.3.40.2 samba-ldb-ldap-debuginfo-4.15.8+git.527.8d0c05d313e-150300.3.40.2 samba-libs-4.15.8+git.527.8d0c05d313e-150300.3.40.2 samba-libs-debuginfo-4.15.8+git.527.8d0c05d313e-150300.3.40.2 samba-libs-python3-4.15.8+git.527.8d0c05d313e-150300.3.40.2 samba-libs-python3-debuginfo-4.15.8+git.527.8d0c05d313e-150300.3.40.2 samba-python3-4.15.8+git.527.8d0c05d313e-150300.3.40.2 samba-python3-debuginfo-4.15.8+git.527.8d0c05d313e-150300.3.40.2 samba-test-4.15.8+git.527.8d0c05d313e-150300.3.40.2 samba-test-debuginfo-4.15.8+git.527.8d0c05d313e-150300.3.40.2 samba-tool-4.15.8+git.527.8d0c05d313e-150300.3.40.2 samba-winbind-4.15.8+git.527.8d0c05d313e-150300.3.40.2 samba-winbind-debuginfo-4.15.8+git.527.8d0c05d313e-150300.3.40.2 samba-winbind-libs-4.15.8+git.527.8d0c05d313e-150300.3.40.2 samba-winbind-libs-debuginfo-4.15.8+git.527.8d0c05d313e-150300.3.40.2 - openSUSE Leap 15.3 (aarch64 x86_64): samba-ceph-4.15.8+git.527.8d0c05d313e-150300.3.40.2 samba-ceph-debuginfo-4.15.8+git.527.8d0c05d313e-150300.3.40.2 - openSUSE Leap 15.3 (aarch64_ilp32): libsamba-policy0-python3-64bit-4.15.8+git.527.8d0c05d313e-150300.3.40.2 libsamba-policy0-python3-64bit-debuginfo-4.15.8+git.527.8d0c05d313e-150300.3.40.2 samba-client-64bit-4.15.8+git.527.8d0c05d313e-150300.3.40.2 samba-client-64bit-debuginfo-4.15.8+git.527.8d0c05d313e-150300.3.40.2 samba-libs-64bit-4.15.8+git.527.8d0c05d313e-150300.3.40.2 samba-libs-64bit-debuginfo-4.15.8+git.527.8d0c05d313e-150300.3.40.2 samba-libs-python3-64bit-4.15.8+git.527.8d0c05d313e-150300.3.40.2 samba-libs-python3-64bit-debuginfo-4.15.8+git.527.8d0c05d313e-150300.3.40.2 - openSUSE Leap 15.3 (x86_64): libsamba-policy0-python3-32bit-4.15.8+git.527.8d0c05d313e-150300.3.40.2 libsamba-policy0-python3-32bit-debuginfo-4.15.8+git.527.8d0c05d313e-150300.3.40.2 samba-ad-dc-libs-32bit-4.15.8+git.527.8d0c05d313e-150300.3.40.2 samba-ad-dc-libs-32bit-debuginfo-4.15.8+git.527.8d0c05d313e-150300.3.40.2 samba-client-32bit-4.15.8+git.527.8d0c05d313e-150300.3.40.2 samba-client-32bit-debuginfo-4.15.8+git.527.8d0c05d313e-150300.3.40.2 samba-client-libs-32bit-4.15.8+git.527.8d0c05d313e-150300.3.40.2 samba-client-libs-32bit-debuginfo-4.15.8+git.527.8d0c05d313e-150300.3.40.2 samba-devel-32bit-4.15.8+git.527.8d0c05d313e-150300.3.40.2 samba-libs-32bit-4.15.8+git.527.8d0c05d313e-150300.3.40.2 samba-libs-32bit-debuginfo-4.15.8+git.527.8d0c05d313e-150300.3.40.2 samba-libs-python3-32bit-4.15.8+git.527.8d0c05d313e-150300.3.40.2 samba-libs-python3-32bit-debuginfo-4.15.8+git.527.8d0c05d313e-150300.3.40.2 samba-winbind-libs-32bit-4.15.8+git.527.8d0c05d313e-150300.3.40.2 samba-winbind-libs-32bit-debuginfo-4.15.8+git.527.8d0c05d313e-150300.3.40.2 - openSUSE Leap 15.3 (noarch): samba-doc-4.15.8+git.527.8d0c05d313e-150300.3.40.2 - SUSE Linux Enterprise Module for Python2 15-SP3 (aarch64 ppc64le s390x x86_64): samba-ad-dc-4.15.8+git.527.8d0c05d313e-150300.3.40.2 samba-ad-dc-debuginfo-4.15.8+git.527.8d0c05d313e-150300.3.40.2 samba-debuginfo-4.15.8+git.527.8d0c05d313e-150300.3.40.2 samba-debugsource-4.15.8+git.527.8d0c05d313e-150300.3.40.2 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): libsamba-policy-devel-4.15.8+git.527.8d0c05d313e-150300.3.40.2 libsamba-policy-python3-devel-4.15.8+git.527.8d0c05d313e-150300.3.40.2 libsamba-policy0-python3-4.15.8+git.527.8d0c05d313e-150300.3.40.2 libsamba-policy0-python3-debuginfo-4.15.8+git.527.8d0c05d313e-150300.3.40.2 samba-4.15.8+git.527.8d0c05d313e-150300.3.40.2 samba-ad-dc-libs-4.15.8+git.527.8d0c05d313e-150300.3.40.2 samba-ad-dc-libs-debuginfo-4.15.8+git.527.8d0c05d313e-150300.3.40.2 samba-client-4.15.8+git.527.8d0c05d313e-150300.3.40.2 samba-client-debuginfo-4.15.8+git.527.8d0c05d313e-150300.3.40.2 samba-client-libs-4.15.8+git.527.8d0c05d313e-150300.3.40.2 samba-client-libs-debuginfo-4.15.8+git.527.8d0c05d313e-150300.3.40.2 samba-debuginfo-4.15.8+git.527.8d0c05d313e-150300.3.40.2 samba-debugsource-4.15.8+git.527.8d0c05d313e-150300.3.40.2 samba-devel-4.15.8+git.527.8d0c05d313e-150300.3.40.2 samba-dsdb-modules-4.15.8+git.527.8d0c05d313e-150300.3.40.2 samba-dsdb-modules-debuginfo-4.15.8+git.527.8d0c05d313e-150300.3.40.2 samba-gpupdate-4.15.8+git.527.8d0c05d313e-150300.3.40.2 samba-ldb-ldap-4.15.8+git.527.8d0c05d313e-150300.3.40.2 samba-ldb-ldap-debuginfo-4.15.8+git.527.8d0c05d313e-150300.3.40.2 samba-libs-4.15.8+git.527.8d0c05d313e-150300.3.40.2 samba-libs-debuginfo-4.15.8+git.527.8d0c05d313e-150300.3.40.2 samba-libs-python3-4.15.8+git.527.8d0c05d313e-150300.3.40.2 samba-libs-python3-debuginfo-4.15.8+git.527.8d0c05d313e-150300.3.40.2 samba-python3-4.15.8+git.527.8d0c05d313e-150300.3.40.2 samba-python3-debuginfo-4.15.8+git.527.8d0c05d313e-150300.3.40.2 samba-tool-4.15.8+git.527.8d0c05d313e-150300.3.40.2 samba-winbind-4.15.8+git.527.8d0c05d313e-150300.3.40.2 samba-winbind-debuginfo-4.15.8+git.527.8d0c05d313e-150300.3.40.2 samba-winbind-libs-4.15.8+git.527.8d0c05d313e-150300.3.40.2 samba-winbind-libs-debuginfo-4.15.8+git.527.8d0c05d313e-150300.3.40.2 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 x86_64): samba-ceph-4.15.8+git.527.8d0c05d313e-150300.3.40.2 samba-ceph-debuginfo-4.15.8+git.527.8d0c05d313e-150300.3.40.2 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (x86_64): samba-ad-dc-libs-32bit-4.15.8+git.527.8d0c05d313e-150300.3.40.2 samba-ad-dc-libs-32bit-debuginfo-4.15.8+git.527.8d0c05d313e-150300.3.40.2 samba-client-32bit-4.15.8+git.527.8d0c05d313e-150300.3.40.2 samba-client-32bit-debuginfo-4.15.8+git.527.8d0c05d313e-150300.3.40.2 samba-client-libs-32bit-4.15.8+git.527.8d0c05d313e-150300.3.40.2 samba-client-libs-32bit-debuginfo-4.15.8+git.527.8d0c05d313e-150300.3.40.2 samba-devel-32bit-4.15.8+git.527.8d0c05d313e-150300.3.40.2 samba-libs-32bit-4.15.8+git.527.8d0c05d313e-150300.3.40.2 samba-libs-32bit-debuginfo-4.15.8+git.527.8d0c05d313e-150300.3.40.2 samba-winbind-libs-32bit-4.15.8+git.527.8d0c05d313e-150300.3.40.2 samba-winbind-libs-32bit-debuginfo-4.15.8+git.527.8d0c05d313e-150300.3.40.2 - SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64): samba-client-libs-4.15.8+git.527.8d0c05d313e-150300.3.40.2 samba-client-libs-debuginfo-4.15.8+git.527.8d0c05d313e-150300.3.40.2 samba-debuginfo-4.15.8+git.527.8d0c05d313e-150300.3.40.2 samba-debugsource-4.15.8+git.527.8d0c05d313e-150300.3.40.2 - SUSE Linux Enterprise High Availability 15-SP3 (aarch64 ppc64le s390x x86_64): ctdb-4.15.8+git.527.8d0c05d313e-150300.3.40.2 ctdb-debuginfo-4.15.8+git.527.8d0c05d313e-150300.3.40.2 samba-debuginfo-4.15.8+git.527.8d0c05d313e-150300.3.40.2 samba-debugsource-4.15.8+git.527.8d0c05d313e-150300.3.40.2 - SUSE Enterprise Storage 7.1 (aarch64 x86_64): ctdb-4.15.8+git.527.8d0c05d313e-150300.3.40.2 ctdb-debuginfo-4.15.8+git.527.8d0c05d313e-150300.3.40.2 samba-4.15.8+git.527.8d0c05d313e-150300.3.40.2 samba-ceph-4.15.8+git.527.8d0c05d313e-150300.3.40.2 samba-ceph-debuginfo-4.15.8+git.527.8d0c05d313e-150300.3.40.2 samba-client-4.15.8+git.527.8d0c05d313e-150300.3.40.2 samba-client-debuginfo-4.15.8+git.527.8d0c05d313e-150300.3.40.2 samba-debuginfo-4.15.8+git.527.8d0c05d313e-150300.3.40.2 samba-debugsource-4.15.8+git.527.8d0c05d313e-150300.3.40.2 samba-libs-4.15.8+git.527.8d0c05d313e-150300.3.40.2 samba-libs-debuginfo-4.15.8+git.527.8d0c05d313e-150300.3.40.2 samba-libs-python3-4.15.8+git.527.8d0c05d313e-150300.3.40.2 samba-libs-python3-debuginfo-4.15.8+git.527.8d0c05d313e-150300.3.40.2 samba-winbind-4.15.8+git.527.8d0c05d313e-150300.3.40.2 samba-winbind-debuginfo-4.15.8+git.527.8d0c05d313e-150300.3.40.2 References: https://www.suse.com/security/cve/CVE-2022-1615.html https://www.suse.com/security/cve/CVE-2022-32743.html https://bugzilla.suse.com/1200102 https://bugzilla.suse.com/1202803 https://bugzilla.suse.com/1202976 From sle-updates at lists.suse.com Fri Nov 11 20:59:57 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 11 Nov 2022 21:59:57 +0100 (CET) Subject: SUSE-SU-2022:3947-1: important: Security update for xen Message-ID: <20221111205957.B721DFDD6@maintenance.suse.de> SUSE Security Update: Security update for xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3947-1 Rating: important References: #1027519 #1193923 #1203806 #1203807 #1204482 #1204485 #1204487 #1204488 #1204489 #1204490 #1204494 #1204496 Cross-References: CVE-2022-33746 CVE-2022-33747 CVE-2022-33748 CVE-2022-42309 CVE-2022-42310 CVE-2022-42311 CVE-2022-42312 CVE-2022-42313 CVE-2022-42314 CVE-2022-42315 CVE-2022-42316 CVE-2022-42317 CVE-2022-42318 CVE-2022-42319 CVE-2022-42320 CVE-2022-42321 CVE-2022-42322 CVE-2022-42323 CVE-2022-42325 CVE-2022-42326 CVSS scores: CVE-2022-33746 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2022-33746 (SUSE): 5.3 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H CVE-2022-33747 (NVD) : 3.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L CVE-2022-33748 (NVD) : 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2022-33748 (SUSE): 5.3 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H CVE-2022-42309 (NVD) : 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H CVE-2022-42309 (SUSE): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H CVE-2022-42310 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-42310 (SUSE): 6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H CVE-2022-42311 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-42311 (SUSE): 6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H CVE-2022-42312 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2022-42312 (SUSE): 6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H CVE-2022-42313 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2022-42313 (SUSE): 6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H CVE-2022-42314 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2022-42314 (SUSE): 6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H CVE-2022-42315 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2022-42315 (SUSE): 6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H CVE-2022-42316 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2022-42316 (SUSE): 6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H CVE-2022-42317 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2022-42317 (SUSE): 6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H CVE-2022-42318 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2022-42318 (SUSE): 6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H CVE-2022-42319 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2022-42319 (SUSE): 6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H CVE-2022-42320 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-42320 (SUSE): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H CVE-2022-42321 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2022-42321 (SUSE): 6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H CVE-2022-42322 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-42322 (SUSE): 5.3 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H CVE-2022-42323 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-42323 (SUSE): 5.3 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H CVE-2022-42325 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-42325 (SUSE): 6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H CVE-2022-42326 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-42326 (SUSE): 6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H Affected Products: SUSE Enterprise Storage 7.1 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Server Applications 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 openSUSE Leap Micro 5.2 ______________________________________________________________________________ An update that fixes 20 vulnerabilities is now available. Description: This update for xen fixes the following issues: - CVE-2022-33746: Fixed DoS due to excessively long P2M pool freeing (bsc#1203806) - CVE-2022-33748: Fixed DoS due to race in locking (bsc#1203807) - CVE-2022-42311, CVE-2022-42312, CVE-2022-42313, CVE-2022-42314, CVE-2022-42315, CVE-2022-42316, CVE-2022-42317, CVE-2022-42318: xen: Xenstore: Guests can let xenstored run out of memory (bsc#1204482) - CVE-2022-42309: xen: Xenstore: Guests can crash xenstored (bsc#1204485) - CVE-2022-42310: xen: Xenstore: Guests can create orphaned Xenstore nodes (bsc#1204487) - CVE-2022-42319: xen: Xenstore: Guests can cause Xenstore to not free temporary memory (bsc#1204488) - CVE-2022-42320: xen: Xenstore: Guests can get access to Xenstore nodes of deleted domains (bsc#1204489) - CVE-2022-42321: xen: Xenstore: Guests can crash xenstored via exhausting the stack (bsc#1204490) - CVE-2022-42322,CVE-2022-42323: xen: Xenstore: cooperating guests can create arbitrary numbers of nodes (bsc#1204494) - CVE-2022-42325,CVE-2022-42326: xen: Xenstore: Guests can create arbitrary number of nodes via transactions (bsc#1204496) - xen: Frontends vulnerable to backends (bsc#1193923) Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap Micro 5.2: zypper in -t patch openSUSE-Leap-Micro-5.2-2022-3947=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-3947=1 - SUSE Linux Enterprise Module for Server Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP3-2022-3947=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-3947=1 - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-3947=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-3947=1 Package List: - openSUSE Leap Micro 5.2 (x86_64): xen-debugsource-4.14.5_08-150300.3.40.1 xen-libs-4.14.5_08-150300.3.40.1 xen-libs-debuginfo-4.14.5_08-150300.3.40.1 - openSUSE Leap 15.3 (aarch64 x86_64): xen-4.14.5_08-150300.3.40.1 xen-debugsource-4.14.5_08-150300.3.40.1 xen-devel-4.14.5_08-150300.3.40.1 xen-doc-html-4.14.5_08-150300.3.40.1 xen-libs-4.14.5_08-150300.3.40.1 xen-libs-debuginfo-4.14.5_08-150300.3.40.1 xen-tools-4.14.5_08-150300.3.40.1 xen-tools-debuginfo-4.14.5_08-150300.3.40.1 xen-tools-domU-4.14.5_08-150300.3.40.1 xen-tools-domU-debuginfo-4.14.5_08-150300.3.40.1 - openSUSE Leap 15.3 (x86_64): xen-libs-32bit-4.14.5_08-150300.3.40.1 xen-libs-32bit-debuginfo-4.14.5_08-150300.3.40.1 - openSUSE Leap 15.3 (noarch): xen-tools-xendomains-wait-disk-4.14.5_08-150300.3.40.1 - SUSE Linux Enterprise Module for Server Applications 15-SP3 (noarch): xen-tools-xendomains-wait-disk-4.14.5_08-150300.3.40.1 - SUSE Linux Enterprise Module for Server Applications 15-SP3 (x86_64): xen-4.14.5_08-150300.3.40.1 xen-debugsource-4.14.5_08-150300.3.40.1 xen-devel-4.14.5_08-150300.3.40.1 xen-tools-4.14.5_08-150300.3.40.1 xen-tools-debuginfo-4.14.5_08-150300.3.40.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (x86_64): xen-debugsource-4.14.5_08-150300.3.40.1 xen-libs-4.14.5_08-150300.3.40.1 xen-libs-debuginfo-4.14.5_08-150300.3.40.1 xen-tools-domU-4.14.5_08-150300.3.40.1 xen-tools-domU-debuginfo-4.14.5_08-150300.3.40.1 - SUSE Linux Enterprise Micro 5.2 (x86_64): xen-debugsource-4.14.5_08-150300.3.40.1 xen-libs-4.14.5_08-150300.3.40.1 xen-libs-debuginfo-4.14.5_08-150300.3.40.1 - SUSE Linux Enterprise Micro 5.1 (x86_64): xen-debugsource-4.14.5_08-150300.3.40.1 xen-libs-4.14.5_08-150300.3.40.1 xen-libs-debuginfo-4.14.5_08-150300.3.40.1 References: https://www.suse.com/security/cve/CVE-2022-33746.html https://www.suse.com/security/cve/CVE-2022-33747.html https://www.suse.com/security/cve/CVE-2022-33748.html https://www.suse.com/security/cve/CVE-2022-42309.html https://www.suse.com/security/cve/CVE-2022-42310.html https://www.suse.com/security/cve/CVE-2022-42311.html https://www.suse.com/security/cve/CVE-2022-42312.html https://www.suse.com/security/cve/CVE-2022-42313.html https://www.suse.com/security/cve/CVE-2022-42314.html https://www.suse.com/security/cve/CVE-2022-42315.html https://www.suse.com/security/cve/CVE-2022-42316.html https://www.suse.com/security/cve/CVE-2022-42317.html https://www.suse.com/security/cve/CVE-2022-42318.html https://www.suse.com/security/cve/CVE-2022-42319.html https://www.suse.com/security/cve/CVE-2022-42320.html https://www.suse.com/security/cve/CVE-2022-42321.html https://www.suse.com/security/cve/CVE-2022-42322.html https://www.suse.com/security/cve/CVE-2022-42323.html https://www.suse.com/security/cve/CVE-2022-42325.html https://www.suse.com/security/cve/CVE-2022-42326.html https://bugzilla.suse.com/1027519 https://bugzilla.suse.com/1193923 https://bugzilla.suse.com/1203806 https://bugzilla.suse.com/1203807 https://bugzilla.suse.com/1204482 https://bugzilla.suse.com/1204485 https://bugzilla.suse.com/1204487 https://bugzilla.suse.com/1204488 https://bugzilla.suse.com/1204489 https://bugzilla.suse.com/1204490 https://bugzilla.suse.com/1204494 https://bugzilla.suse.com/1204496 From sle-updates at lists.suse.com Sat Nov 12 08:30:38 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 12 Nov 2022 09:30:38 +0100 (CET) Subject: SUSE-CU-2022:2965-1: Recommended update of suse/389-ds Message-ID: <20221112083038.7D968FDF3@maintenance.suse.de> SUSE Container Update Advisory: suse/389-ds ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2965-1 Container Tags : suse/389-ds:2.0 , suse/389-ds:2.0-17.34 , suse/389-ds:latest Container Release : 17.34 Severity : moderate Type : recommended References : 1191546 1198980 1201298 1202870 1204729 ----------------------------------------------------------------- The container suse/389-ds was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3958-1 Released: Fri Nov 11 15:20:45 2022 Summary: Recommended update for mozilla-nss Type: recommended Severity: moderate References: 1191546,1198980,1201298,1202870,1204729 This update for mozilla-nss fixes the following issues: mozilla-nss was updated to NSS 3.79.2 (bsc#1204729) * Bump minimum NSPR version to 4.34.1. * Gracefully handle null nickname in CERT_GetCertNicknameWithValidity. - FIPS: Allow the use of DSA keys (verification only) (bsc#1201298). - FIPS: Add sftk_FIPSRepeatIntegrityCheck() to softoken's .def file (bsc#1198980). - FIPS: Allow the use of longer symmetric keys via the service level indicator (bsc#1191546). - FIPS: Export sftk_FIPSRepeatIntegrityCheck() correctly (bsc#1198980). - FIPS: Prevent sessions from getting flagged as non-FIPS (bsc#1191546). - FIPS: Mark DSA keygen unapproved (bsc#1191546, bsc#1201298). - FIPS: Enable userspace entropy gathering via libjitterentropy (bsc#1202870). - FIPS: Prevent keys from getting flagged as non-FIPS and add remaining TLS mechanisms. - FIPS: Use libjitterentropy for entropy. - FIPS: Fixed an abort() when both NSS_FIPS and /proc FIPS mode are enabled. The following package changes have been done: - libfreebl3-3.79.2-150400.3.15.1 updated - libfreebl3-hmac-3.79.2-150400.3.15.1 updated - mozilla-nss-certs-3.79.2-150400.3.15.1 updated - libsoftokn3-3.79.2-150400.3.15.1 updated - mozilla-nss-3.79.2-150400.3.15.1 updated - mozilla-nss-tools-3.79.2-150400.3.15.1 updated - libsoftokn3-hmac-3.79.2-150400.3.15.1 updated From sle-updates at lists.suse.com Sat Nov 12 08:32:37 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 12 Nov 2022 09:32:37 +0100 (CET) Subject: SUSE-CU-2022:2966-1: Security update of bci/golang Message-ID: <20221112083237.4A187FDF3@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2966-1 Container Tags : bci/golang:1.19 , bci/golang:1.19-18.22 , bci/golang:latest Container Release : 18.22 Severity : important Type : security References : 1190651 1192439 1202148 1204455 1204456 1204708 CVE-2022-39253 CVE-2022-39260 CVE-2022-43680 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3870-1 Released: Fri Nov 4 11:12:08 2022 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1190651,1202148 This update for openssl-1_1 fixes the following issues: - FIPS: Add a missing dependency on jitterentropy-devel for libopenssl-1_1-devel (bsc#1202148) - FIPS: OpenSSL service-level indicator: Allow AES XTS 256 (bsc#1190651) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3884-1 Released: Mon Nov 7 10:59:26 2022 Summary: Security update for expat Type: security Severity: important References: 1204708,CVE-2022-43680 This update for expat fixes the following issues: - CVE-2022-43680: Fixed use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate (bsc#1204708). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3904-1 Released: Tue Nov 8 10:52:13 2022 Summary: Recommended update for openssh Type: recommended Severity: moderate References: 1192439 This update for openssh fixes the following issue: - Prevent empty messages from being sent. (bsc#1192439) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3910-1 Released: Tue Nov 8 13:05:04 2022 Summary: Recommended update for pam Type: recommended Severity: moderate References: This update for pam fixes the following issue: - Update pam_motd to the most current version. (PED-1712) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3931-1 Released: Thu Nov 10 11:26:01 2022 Summary: Security update for git Type: security Severity: moderate References: 1204455,1204456,CVE-2022-39253,CVE-2022-39260 This update for git fixes the following issues: - CVE-2022-39260: Fixed overflow in split_cmdline() (bsc#1204456). - CVE-2022-39253: Fixed dereference issue with symbolic links via the `--local` clone mechanism (bsc#1204455). The following package changes have been done: - libopenssl1_1-1.1.1l-150400.7.13.1 updated - libopenssl1_1-hmac-1.1.1l-150400.7.13.1 updated - pam-1.3.0-150000.6.61.1 updated - libexpat1-2.4.4-150400.3.12.1 updated - openssh-common-8.4p1-150300.3.12.2 updated - openssh-fips-8.4p1-150300.3.12.2 updated - openssh-clients-8.4p1-150300.3.12.2 updated - git-core-2.35.3-150300.10.18.1 updated - container:sles15-image-15.0.0-27.14.11 updated From sle-updates at lists.suse.com Sat Nov 12 08:36:33 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 12 Nov 2022 09:36:33 +0100 (CET) Subject: SUSE-CU-2022:2967-1: Recommended update of bci/openjdk-devel Message-ID: <20221112083633.CF6EFFDF3@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2967-1 Container Tags : bci/openjdk-devel:11 , bci/openjdk-devel:11-36.47 , bci/openjdk-devel:latest Container Release : 36.47 Severity : moderate Type : recommended References : 1191546 1198980 1201298 1202870 1204729 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3958-1 Released: Fri Nov 11 15:20:45 2022 Summary: Recommended update for mozilla-nss Type: recommended Severity: moderate References: 1191546,1198980,1201298,1202870,1204729 This update for mozilla-nss fixes the following issues: mozilla-nss was updated to NSS 3.79.2 (bsc#1204729) * Bump minimum NSPR version to 4.34.1. * Gracefully handle null nickname in CERT_GetCertNicknameWithValidity. - FIPS: Allow the use of DSA keys (verification only) (bsc#1201298). - FIPS: Add sftk_FIPSRepeatIntegrityCheck() to softoken's .def file (bsc#1198980). - FIPS: Allow the use of longer symmetric keys via the service level indicator (bsc#1191546). - FIPS: Export sftk_FIPSRepeatIntegrityCheck() correctly (bsc#1198980). - FIPS: Prevent sessions from getting flagged as non-FIPS (bsc#1191546). - FIPS: Mark DSA keygen unapproved (bsc#1191546, bsc#1201298). - FIPS: Enable userspace entropy gathering via libjitterentropy (bsc#1202870). - FIPS: Prevent keys from getting flagged as non-FIPS and add remaining TLS mechanisms. - FIPS: Use libjitterentropy for entropy. - FIPS: Fixed an abort() when both NSS_FIPS and /proc FIPS mode are enabled. The following package changes have been done: - libfreebl3-3.79.2-150400.3.15.1 updated - libfreebl3-hmac-3.79.2-150400.3.15.1 updated - mozilla-nss-certs-3.79.2-150400.3.15.1 updated - libsoftokn3-3.79.2-150400.3.15.1 updated - mozilla-nss-3.79.2-150400.3.15.1 updated - libsoftokn3-hmac-3.79.2-150400.3.15.1 updated - container:bci-openjdk-11-15.4-32.22 updated From sle-updates at lists.suse.com Sat Nov 12 08:39:44 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 12 Nov 2022 09:39:44 +0100 (CET) Subject: SUSE-CU-2022:2968-1: Recommended update of bci/openjdk Message-ID: <20221112083944.6AAEFFDF3@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2968-1 Container Tags : bci/openjdk:11 , bci/openjdk:11-32.22 , bci/openjdk:latest Container Release : 32.22 Severity : moderate Type : recommended References : 1191546 1198980 1201298 1202870 1204729 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3958-1 Released: Fri Nov 11 15:20:45 2022 Summary: Recommended update for mozilla-nss Type: recommended Severity: moderate References: 1191546,1198980,1201298,1202870,1204729 This update for mozilla-nss fixes the following issues: mozilla-nss was updated to NSS 3.79.2 (bsc#1204729) * Bump minimum NSPR version to 4.34.1. * Gracefully handle null nickname in CERT_GetCertNicknameWithValidity. - FIPS: Allow the use of DSA keys (verification only) (bsc#1201298). - FIPS: Add sftk_FIPSRepeatIntegrityCheck() to softoken's .def file (bsc#1198980). - FIPS: Allow the use of longer symmetric keys via the service level indicator (bsc#1191546). - FIPS: Export sftk_FIPSRepeatIntegrityCheck() correctly (bsc#1198980). - FIPS: Prevent sessions from getting flagged as non-FIPS (bsc#1191546). - FIPS: Mark DSA keygen unapproved (bsc#1191546, bsc#1201298). - FIPS: Enable userspace entropy gathering via libjitterentropy (bsc#1202870). - FIPS: Prevent keys from getting flagged as non-FIPS and add remaining TLS mechanisms. - FIPS: Use libjitterentropy for entropy. - FIPS: Fixed an abort() when both NSS_FIPS and /proc FIPS mode are enabled. The following package changes have been done: - libfreebl3-3.79.2-150400.3.15.1 updated - libfreebl3-hmac-3.79.2-150400.3.15.1 updated - mozilla-nss-certs-3.79.2-150400.3.15.1 updated - libsoftokn3-3.79.2-150400.3.15.1 updated - mozilla-nss-3.79.2-150400.3.15.1 updated - libsoftokn3-hmac-3.79.2-150400.3.15.1 updated From sle-updates at lists.suse.com Sat Nov 12 08:42:43 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 12 Nov 2022 09:42:43 +0100 (CET) Subject: SUSE-CU-2022:2969-1: Recommended update of suse/pcp Message-ID: <20221112084243.E4CF1FDF3@maintenance.suse.de> SUSE Container Update Advisory: suse/pcp ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2969-1 Container Tags : suse/pcp:5 , suse/pcp:5.2 , suse/pcp:5.2.2 , suse/pcp:5.2.2-11.56 , suse/pcp:latest Container Release : 11.56 Severity : moderate Type : recommended References : 1191546 1198980 1201298 1202870 1204729 ----------------------------------------------------------------- The container suse/pcp was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3958-1 Released: Fri Nov 11 15:20:45 2022 Summary: Recommended update for mozilla-nss Type: recommended Severity: moderate References: 1191546,1198980,1201298,1202870,1204729 This update for mozilla-nss fixes the following issues: mozilla-nss was updated to NSS 3.79.2 (bsc#1204729) * Bump minimum NSPR version to 4.34.1. * Gracefully handle null nickname in CERT_GetCertNicknameWithValidity. - FIPS: Allow the use of DSA keys (verification only) (bsc#1201298). - FIPS: Add sftk_FIPSRepeatIntegrityCheck() to softoken's .def file (bsc#1198980). - FIPS: Allow the use of longer symmetric keys via the service level indicator (bsc#1191546). - FIPS: Export sftk_FIPSRepeatIntegrityCheck() correctly (bsc#1198980). - FIPS: Prevent sessions from getting flagged as non-FIPS (bsc#1191546). - FIPS: Mark DSA keygen unapproved (bsc#1191546, bsc#1201298). - FIPS: Enable userspace entropy gathering via libjitterentropy (bsc#1202870). - FIPS: Prevent keys from getting flagged as non-FIPS and add remaining TLS mechanisms. - FIPS: Use libjitterentropy for entropy. - FIPS: Fixed an abort() when both NSS_FIPS and /proc FIPS mode are enabled. The following package changes have been done: - libfreebl3-3.79.2-150400.3.15.1 updated - libfreebl3-hmac-3.79.2-150400.3.15.1 updated - mozilla-nss-certs-3.79.2-150400.3.15.1 updated - libsoftokn3-3.79.2-150400.3.15.1 updated - mozilla-nss-3.79.2-150400.3.15.1 updated - libsoftokn3-hmac-3.79.2-150400.3.15.1 updated From sle-updates at lists.suse.com Sat Nov 12 08:44:46 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 12 Nov 2022 09:44:46 +0100 (CET) Subject: SUSE-CU-2022:2963-1: Security update of suse/sle-micro/5.1/toolbox Message-ID: <20221112084446.767AEFDF3@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.1/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2963-1 Container Tags : suse/sle-micro/5.1/toolbox:11.1 , suse/sle-micro/5.1/toolbox:11.1-2.2.310 , suse/sle-micro/5.1/toolbox:latest Container Release : 2.2.310 Severity : important Type : security References : 1196840 1199492 1199918 1199926 1199927 1204708 CVE-2022-43680 ----------------------------------------------------------------- The container suse/sle-micro/5.1/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3905-1 Released: Tue Nov 8 12:23:17 2022 Summary: Recommended update for aaa_base Type: recommended Severity: important References: 1196840,1199492,1199918,1199926,1199927 This update for aaa_base and iputils fixes the following issues: aaa_base: - Failures in ping for SUSE Linux Enterprise 15 and 15 SP1 due to sysctl setting for ping_group_range (bsc#1199926, bsc#1199927) - The wrapper rootsh is not a restricted shell (bsc#1199492) iputils: - Fix device binding on ping6 for ICMP datagram socket. (bsc#1196840, bsc#1199918, bsc#1199926, bsc#1199927) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3912-1 Released: Tue Nov 8 13:38:11 2022 Summary: Security update for expat Type: security Severity: important References: 1204708,CVE-2022-43680 This update for expat fixes the following issues: - CVE-2022-43680: Fixed use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate (bsc#1204708). The following package changes have been done: - iputils-s20161105-150000.8.6.1 updated - libexpat1-2.2.5-150000.3.25.1 updated From sle-updates at lists.suse.com Sat Nov 12 08:53:31 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 12 Nov 2022 09:53:31 +0100 (CET) Subject: SUSE-CU-2022:2972-1: Security update of suse/sle-micro/5.2/toolbox Message-ID: <20221112085331.94CE1FDF3@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.2/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2972-1 Container Tags : suse/sle-micro/5.2/toolbox:11.1 , suse/sle-micro/5.2/toolbox:11.1-6.2.131 , suse/sle-micro/5.2/toolbox:latest Container Release : 6.2.131 Severity : important Type : security References : 1196840 1199492 1199918 1199926 1199927 1204708 CVE-2022-43680 ----------------------------------------------------------------- The container suse/sle-micro/5.2/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3905-1 Released: Tue Nov 8 12:23:17 2022 Summary: Recommended update for aaa_base Type: recommended Severity: important References: 1196840,1199492,1199918,1199926,1199927 This update for aaa_base and iputils fixes the following issues: aaa_base: - Failures in ping for SUSE Linux Enterprise 15 and 15 SP1 due to sysctl setting for ping_group_range (bsc#1199926, bsc#1199927) - The wrapper rootsh is not a restricted shell (bsc#1199492) iputils: - Fix device binding on ping6 for ICMP datagram socket. (bsc#1196840, bsc#1199918, bsc#1199926, bsc#1199927) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3912-1 Released: Tue Nov 8 13:38:11 2022 Summary: Security update for expat Type: security Severity: important References: 1204708,CVE-2022-43680 This update for expat fixes the following issues: - CVE-2022-43680: Fixed use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate (bsc#1204708). The following package changes have been done: - iputils-s20161105-150000.8.6.1 updated - libexpat1-2.2.5-150000.3.25.1 updated From sle-updates at lists.suse.com Mon Nov 14 11:22:35 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 14 Nov 2022 12:22:35 +0100 (CET) Subject: SUSE-RU-2022:3962-1: important: Recommended update for zlib Message-ID: <20221114112235.C5F03FD9D@maintenance.suse.de> SUSE Recommended Update: Recommended update for zlib ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:3962-1 Rating: important References: #1203652 Affected Products: SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for zlib fixes the following issues: - Fix updating strm.adler with inflate() if DFLTCC is used (bsc#1203652) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-3962=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-3962=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): zlib-debugsource-1.2.11-11.25.1 zlib-devel-1.2.11-11.25.1 zlib-devel-static-1.2.11-11.25.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (s390x x86_64): zlib-devel-32bit-1.2.11-11.25.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): libz1-1.2.11-11.25.1 libz1-debuginfo-1.2.11-11.25.1 zlib-debugsource-1.2.11-11.25.1 zlib-devel-1.2.11-11.25.1 zlib-devel-static-1.2.11-11.25.1 - SUSE Linux Enterprise Server 12-SP5 (s390x x86_64): libz1-32bit-1.2.11-11.25.1 libz1-debuginfo-32bit-1.2.11-11.25.1 zlib-devel-32bit-1.2.11-11.25.1 References: https://bugzilla.suse.com/1203652 From sle-updates at lists.suse.com Mon Nov 14 11:23:33 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 14 Nov 2022 12:23:33 +0100 (CET) Subject: SUSE-RU-2022:3961-1: important: Recommended update for zlib Message-ID: <20221114112333.72F26FD9D@maintenance.suse.de> SUSE Recommended Update: Recommended update for zlib ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:3961-1 Rating: important References: #1203652 Affected Products: SUSE Enterprise Storage 7.1 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Micro 5.3 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Module for Development Tools 15-SP3 SUSE Linux Enterprise Module for Development Tools 15-SP4 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.2 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.2 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.2 SUSE Manager Server 4.3 openSUSE Leap 15.3 openSUSE Leap 15.4 openSUSE Leap Micro 5.2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for zlib fixes the following issues: - Fix updating strm.adler with inflate() if DFLTCC is used (bsc#1203652) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap Micro 5.2: zypper in -t patch openSUSE-Leap-Micro-5.2-2022-3961=1 - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-3961=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-3961=1 - SUSE Linux Enterprise Module for Development Tools 15-SP4: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2022-3961=1 - SUSE Linux Enterprise Module for Development Tools 15-SP3: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2022-3961=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-3961=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-3961=1 - SUSE Linux Enterprise Micro 5.3: zypper in -t patch SUSE-SLE-Micro-5.3-2022-3961=1 - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-3961=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-3961=1 Package List: - openSUSE Leap Micro 5.2 (aarch64 x86_64): libz1-1.2.11-150000.3.36.1 libz1-debuginfo-1.2.11-150000.3.36.1 zlib-debugsource-1.2.11-150000.3.36.1 - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): libminizip1-1.2.11-150000.3.36.1 libminizip1-debuginfo-1.2.11-150000.3.36.1 libz1-1.2.11-150000.3.36.1 libz1-debuginfo-1.2.11-150000.3.36.1 minizip-devel-1.2.11-150000.3.36.1 zlib-debugsource-1.2.11-150000.3.36.1 zlib-devel-1.2.11-150000.3.36.1 zlib-devel-static-1.2.11-150000.3.36.1 - openSUSE Leap 15.4 (x86_64): libminizip1-32bit-1.2.11-150000.3.36.1 libminizip1-32bit-debuginfo-1.2.11-150000.3.36.1 libz1-32bit-1.2.11-150000.3.36.1 libz1-32bit-debuginfo-1.2.11-150000.3.36.1 zlib-devel-32bit-1.2.11-150000.3.36.1 zlib-devel-static-32bit-1.2.11-150000.3.36.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): libminizip1-1.2.11-150000.3.36.1 libminizip1-debuginfo-1.2.11-150000.3.36.1 libz1-1.2.11-150000.3.36.1 libz1-debuginfo-1.2.11-150000.3.36.1 minizip-devel-1.2.11-150000.3.36.1 zlib-debugsource-1.2.11-150000.3.36.1 zlib-devel-1.2.11-150000.3.36.1 zlib-devel-static-1.2.11-150000.3.36.1 - openSUSE Leap 15.3 (x86_64): libminizip1-32bit-1.2.11-150000.3.36.1 libminizip1-32bit-debuginfo-1.2.11-150000.3.36.1 libz1-32bit-1.2.11-150000.3.36.1 libz1-32bit-debuginfo-1.2.11-150000.3.36.1 zlib-devel-32bit-1.2.11-150000.3.36.1 zlib-devel-static-32bit-1.2.11-150000.3.36.1 - SUSE Linux Enterprise Module for Development Tools 15-SP4 (x86_64): zlib-debugsource-1.2.11-150000.3.36.1 zlib-devel-32bit-1.2.11-150000.3.36.1 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (x86_64): zlib-debugsource-1.2.11-150000.3.36.1 zlib-devel-32bit-1.2.11-150000.3.36.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): libminizip1-1.2.11-150000.3.36.1 libminizip1-debuginfo-1.2.11-150000.3.36.1 libz1-1.2.11-150000.3.36.1 libz1-debuginfo-1.2.11-150000.3.36.1 minizip-devel-1.2.11-150000.3.36.1 zlib-debugsource-1.2.11-150000.3.36.1 zlib-devel-1.2.11-150000.3.36.1 zlib-devel-static-1.2.11-150000.3.36.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (x86_64): libz1-32bit-1.2.11-150000.3.36.1 libz1-32bit-debuginfo-1.2.11-150000.3.36.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): libminizip1-1.2.11-150000.3.36.1 libminizip1-debuginfo-1.2.11-150000.3.36.1 libz1-1.2.11-150000.3.36.1 libz1-debuginfo-1.2.11-150000.3.36.1 minizip-devel-1.2.11-150000.3.36.1 zlib-debugsource-1.2.11-150000.3.36.1 zlib-devel-1.2.11-150000.3.36.1 zlib-devel-static-1.2.11-150000.3.36.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (x86_64): libz1-32bit-1.2.11-150000.3.36.1 libz1-32bit-debuginfo-1.2.11-150000.3.36.1 - SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64): libz1-1.2.11-150000.3.36.1 libz1-debuginfo-1.2.11-150000.3.36.1 zlib-debugsource-1.2.11-150000.3.36.1 zlib-devel-1.2.11-150000.3.36.1 - SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64): libz1-1.2.11-150000.3.36.1 libz1-debuginfo-1.2.11-150000.3.36.1 zlib-debugsource-1.2.11-150000.3.36.1 - SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64): libz1-1.2.11-150000.3.36.1 libz1-debuginfo-1.2.11-150000.3.36.1 zlib-debugsource-1.2.11-150000.3.36.1 zlib-devel-1.2.11-150000.3.36.1 References: https://bugzilla.suse.com/1203652 From sle-updates at lists.suse.com Mon Nov 14 11:24:31 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 14 Nov 2022 12:24:31 +0100 (CET) Subject: SUSE-RU-2022:3964-1: moderate: Recommended update for sssd Message-ID: <20221114112431.4C0CBFD9D@maintenance.suse.de> SUSE Recommended Update: Recommended update for sssd ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:3964-1 Rating: moderate References: #1193780 #1202829 Affected Products: SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for sssd fixes the following issues: - Fix sssd startup failure (bsc#1193780) - Improve reliability of tls reconnection on rebind (bsc#1202829) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-3964=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-3964=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): libipa_hbac-devel-1.16.1-7.44.1 libsss_idmap-devel-1.16.1-7.44.1 libsss_nss_idmap-devel-1.16.1-7.44.1 sssd-debugsource-1.16.1-7.44.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): libipa_hbac0-1.16.1-7.44.1 libipa_hbac0-debuginfo-1.16.1-7.44.1 libsss_certmap0-1.16.1-7.44.1 libsss_certmap0-debuginfo-1.16.1-7.44.1 libsss_idmap0-1.16.1-7.44.1 libsss_idmap0-debuginfo-1.16.1-7.44.1 libsss_nss_idmap0-1.16.1-7.44.1 libsss_nss_idmap0-debuginfo-1.16.1-7.44.1 libsss_simpleifp0-1.16.1-7.44.1 libsss_simpleifp0-debuginfo-1.16.1-7.44.1 python-sssd-config-1.16.1-7.44.1 python-sssd-config-debuginfo-1.16.1-7.44.1 sssd-1.16.1-7.44.1 sssd-ad-1.16.1-7.44.1 sssd-ad-debuginfo-1.16.1-7.44.1 sssd-common-1.16.1-7.44.1 sssd-common-debuginfo-1.16.1-7.44.1 sssd-dbus-1.16.1-7.44.1 sssd-dbus-debuginfo-1.16.1-7.44.1 sssd-debugsource-1.16.1-7.44.1 sssd-ipa-1.16.1-7.44.1 sssd-ipa-debuginfo-1.16.1-7.44.1 sssd-krb5-1.16.1-7.44.1 sssd-krb5-common-1.16.1-7.44.1 sssd-krb5-common-debuginfo-1.16.1-7.44.1 sssd-krb5-debuginfo-1.16.1-7.44.1 sssd-ldap-1.16.1-7.44.1 sssd-ldap-debuginfo-1.16.1-7.44.1 sssd-proxy-1.16.1-7.44.1 sssd-proxy-debuginfo-1.16.1-7.44.1 sssd-tools-1.16.1-7.44.1 sssd-tools-debuginfo-1.16.1-7.44.1 - SUSE Linux Enterprise Server 12-SP5 (s390x x86_64): sssd-common-32bit-1.16.1-7.44.1 sssd-common-debuginfo-32bit-1.16.1-7.44.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64): libsss_nss_idmap-devel-1.16.1-7.44.1 References: https://bugzilla.suse.com/1193780 https://bugzilla.suse.com/1202829 From sle-updates at lists.suse.com Mon Nov 14 11:25:25 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 14 Nov 2022 12:25:25 +0100 (CET) Subject: SUSE-RU-2022:3963-1: moderate: Recommended update for sssd Message-ID: <20221114112525.A4509FD9D@maintenance.suse.de> SUSE Recommended Update: Recommended update for sssd ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:3963-1 Rating: moderate References: #1202559 Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Micro 5.3 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for sssd fixes the following issues: - Fix the 'No matching host rule found' error in sdap_access_host (bsc#1202559) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-3963=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-3963=1 - SUSE Linux Enterprise Micro 5.3: zypper in -t patch SUSE-SLE-Micro-5.3-2022-3963=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): libipa_hbac-devel-2.5.2-150400.4.11.1 libipa_hbac0-2.5.2-150400.4.11.1 libipa_hbac0-debuginfo-2.5.2-150400.4.11.1 libnfsidmap-sss-2.5.2-150400.4.11.1 libnfsidmap-sss-debuginfo-2.5.2-150400.4.11.1 libsss_certmap-devel-2.5.2-150400.4.11.1 libsss_certmap0-2.5.2-150400.4.11.1 libsss_certmap0-debuginfo-2.5.2-150400.4.11.1 libsss_idmap-devel-2.5.2-150400.4.11.1 libsss_idmap0-2.5.2-150400.4.11.1 libsss_idmap0-debuginfo-2.5.2-150400.4.11.1 libsss_nss_idmap-devel-2.5.2-150400.4.11.1 libsss_nss_idmap0-2.5.2-150400.4.11.1 libsss_nss_idmap0-debuginfo-2.5.2-150400.4.11.1 libsss_simpleifp-devel-2.5.2-150400.4.11.1 libsss_simpleifp0-2.5.2-150400.4.11.1 libsss_simpleifp0-debuginfo-2.5.2-150400.4.11.1 python3-ipa_hbac-2.5.2-150400.4.11.1 python3-ipa_hbac-debuginfo-2.5.2-150400.4.11.1 python3-sss-murmur-2.5.2-150400.4.11.1 python3-sss-murmur-debuginfo-2.5.2-150400.4.11.1 python3-sss_nss_idmap-2.5.2-150400.4.11.1 python3-sss_nss_idmap-debuginfo-2.5.2-150400.4.11.1 python3-sssd-config-2.5.2-150400.4.11.1 python3-sssd-config-debuginfo-2.5.2-150400.4.11.1 sssd-2.5.2-150400.4.11.1 sssd-ad-2.5.2-150400.4.11.1 sssd-ad-debuginfo-2.5.2-150400.4.11.1 sssd-common-2.5.2-150400.4.11.1 sssd-common-debuginfo-2.5.2-150400.4.11.1 sssd-dbus-2.5.2-150400.4.11.1 sssd-dbus-debuginfo-2.5.2-150400.4.11.1 sssd-debugsource-2.5.2-150400.4.11.1 sssd-ipa-2.5.2-150400.4.11.1 sssd-ipa-debuginfo-2.5.2-150400.4.11.1 sssd-kcm-2.5.2-150400.4.11.1 sssd-kcm-debuginfo-2.5.2-150400.4.11.1 sssd-krb5-2.5.2-150400.4.11.1 sssd-krb5-common-2.5.2-150400.4.11.1 sssd-krb5-common-debuginfo-2.5.2-150400.4.11.1 sssd-krb5-debuginfo-2.5.2-150400.4.11.1 sssd-ldap-2.5.2-150400.4.11.1 sssd-ldap-debuginfo-2.5.2-150400.4.11.1 sssd-proxy-2.5.2-150400.4.11.1 sssd-proxy-debuginfo-2.5.2-150400.4.11.1 sssd-tools-2.5.2-150400.4.11.1 sssd-tools-debuginfo-2.5.2-150400.4.11.1 sssd-winbind-idmap-2.5.2-150400.4.11.1 sssd-winbind-idmap-debuginfo-2.5.2-150400.4.11.1 - openSUSE Leap 15.4 (x86_64): sssd-common-32bit-2.5.2-150400.4.11.1 sssd-common-32bit-debuginfo-2.5.2-150400.4.11.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): libipa_hbac-devel-2.5.2-150400.4.11.1 libipa_hbac0-2.5.2-150400.4.11.1 libipa_hbac0-debuginfo-2.5.2-150400.4.11.1 libsss_certmap-devel-2.5.2-150400.4.11.1 libsss_certmap0-2.5.2-150400.4.11.1 libsss_certmap0-debuginfo-2.5.2-150400.4.11.1 libsss_idmap-devel-2.5.2-150400.4.11.1 libsss_idmap0-2.5.2-150400.4.11.1 libsss_idmap0-debuginfo-2.5.2-150400.4.11.1 libsss_nss_idmap-devel-2.5.2-150400.4.11.1 libsss_nss_idmap0-2.5.2-150400.4.11.1 libsss_nss_idmap0-debuginfo-2.5.2-150400.4.11.1 libsss_simpleifp-devel-2.5.2-150400.4.11.1 libsss_simpleifp0-2.5.2-150400.4.11.1 libsss_simpleifp0-debuginfo-2.5.2-150400.4.11.1 python3-sssd-config-2.5.2-150400.4.11.1 python3-sssd-config-debuginfo-2.5.2-150400.4.11.1 sssd-2.5.2-150400.4.11.1 sssd-ad-2.5.2-150400.4.11.1 sssd-ad-debuginfo-2.5.2-150400.4.11.1 sssd-common-2.5.2-150400.4.11.1 sssd-common-debuginfo-2.5.2-150400.4.11.1 sssd-dbus-2.5.2-150400.4.11.1 sssd-dbus-debuginfo-2.5.2-150400.4.11.1 sssd-debugsource-2.5.2-150400.4.11.1 sssd-ipa-2.5.2-150400.4.11.1 sssd-ipa-debuginfo-2.5.2-150400.4.11.1 sssd-kcm-2.5.2-150400.4.11.1 sssd-kcm-debuginfo-2.5.2-150400.4.11.1 sssd-krb5-2.5.2-150400.4.11.1 sssd-krb5-common-2.5.2-150400.4.11.1 sssd-krb5-common-debuginfo-2.5.2-150400.4.11.1 sssd-krb5-debuginfo-2.5.2-150400.4.11.1 sssd-ldap-2.5.2-150400.4.11.1 sssd-ldap-debuginfo-2.5.2-150400.4.11.1 sssd-proxy-2.5.2-150400.4.11.1 sssd-proxy-debuginfo-2.5.2-150400.4.11.1 sssd-tools-2.5.2-150400.4.11.1 sssd-tools-debuginfo-2.5.2-150400.4.11.1 sssd-winbind-idmap-2.5.2-150400.4.11.1 sssd-winbind-idmap-debuginfo-2.5.2-150400.4.11.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (x86_64): sssd-common-32bit-2.5.2-150400.4.11.1 sssd-common-32bit-debuginfo-2.5.2-150400.4.11.1 - SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64): libsss_certmap0-2.5.2-150400.4.11.1 libsss_certmap0-debuginfo-2.5.2-150400.4.11.1 libsss_idmap0-2.5.2-150400.4.11.1 libsss_idmap0-debuginfo-2.5.2-150400.4.11.1 libsss_nss_idmap0-2.5.2-150400.4.11.1 libsss_nss_idmap0-debuginfo-2.5.2-150400.4.11.1 sssd-2.5.2-150400.4.11.1 sssd-common-2.5.2-150400.4.11.1 sssd-common-debuginfo-2.5.2-150400.4.11.1 sssd-debugsource-2.5.2-150400.4.11.1 sssd-krb5-common-2.5.2-150400.4.11.1 sssd-krb5-common-debuginfo-2.5.2-150400.4.11.1 sssd-ldap-2.5.2-150400.4.11.1 sssd-ldap-debuginfo-2.5.2-150400.4.11.1 References: https://bugzilla.suse.com/1202559 From sle-updates at lists.suse.com Mon Nov 14 17:20:50 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 14 Nov 2022 18:20:50 +0100 (CET) Subject: SUSE-SU-2022:3971-1: important: Security update for xen Message-ID: <20221114172050.5B0F4FD9D@maintenance.suse.de> SUSE Security Update: Security update for xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3971-1 Rating: important References: #1027519 #1167608 #1185104 #1193923 #1199966 #1203806 #1203807 #1204482 #1204485 #1204487 #1204488 #1204489 #1204490 #1204494 #1204496 Cross-References: CVE-2021-28689 CVE-2022-33746 CVE-2022-33748 CVE-2022-42309 CVE-2022-42310 CVE-2022-42311 CVE-2022-42312 CVE-2022-42313 CVE-2022-42314 CVE-2022-42315 CVE-2022-42316 CVE-2022-42317 CVE-2022-42318 CVE-2022-42319 CVE-2022-42320 CVE-2022-42321 CVE-2022-42322 CVE-2022-42323 CVE-2022-42325 CVE-2022-42326 CVSS scores: CVE-2021-28689 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2021-28689 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-33746 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2022-33746 (SUSE): 5.3 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H CVE-2022-33748 (NVD) : 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2022-33748 (SUSE): 5.3 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H CVE-2022-42309 (NVD) : 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H CVE-2022-42309 (SUSE): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H CVE-2022-42310 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-42310 (SUSE): 6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H CVE-2022-42311 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-42311 (SUSE): 6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H CVE-2022-42312 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2022-42312 (SUSE): 6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H CVE-2022-42313 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2022-42313 (SUSE): 6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H CVE-2022-42314 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2022-42314 (SUSE): 6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H CVE-2022-42315 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2022-42315 (SUSE): 6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H CVE-2022-42316 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2022-42316 (SUSE): 6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H CVE-2022-42317 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2022-42317 (SUSE): 6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H CVE-2022-42318 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2022-42318 (SUSE): 6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H CVE-2022-42319 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2022-42319 (SUSE): 6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H CVE-2022-42320 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-42320 (SUSE): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H CVE-2022-42321 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2022-42321 (SUSE): 6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H CVE-2022-42322 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-42322 (SUSE): 5.3 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H CVE-2022-42323 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-42323 (SUSE): 5.3 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H CVE-2022-42325 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-42325 (SUSE): 6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H CVE-2022-42326 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-42326 (SUSE): 6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H Affected Products: SUSE Enterprise Storage 7 SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Manager Proxy 4.1 SUSE Manager Retail Branch Server 4.1 SUSE Manager Server 4.1 ______________________________________________________________________________ An update that fixes 20 vulnerabilities is now available. Description: This update for xen fixes the following issues: - CVE-2022-33746: Fixed DoS due to excessively long P2M pool freeing (bsc#1203806). - CVE-2022-33748: Fixed DoS due to race in locking (bsc#1203807). - CVE-2021-28689: Fixed speculative vulnerabilities with bare (non-shim) 32-bit PV guests (bsc#1185104). - CVE-2022-42311, CVE-2022-42312, CVE-2022-42313, CVE-2022-42314, CVE-2022-42315, CVE-2022-42316, CVE-2022-42317, CVE-2022-42318: xen: Xenstore: Guests can let xenstored run out of memory (bsc#1204482) - CVE-2022-42309: xen: Xenstore: Guests can crash xenstored (bsc#1204485) - CVE-2022-42310: xen: Xenstore: Guests can create orphaned Xenstore nodes (bsc#1204487) - CVE-2022-42319: xen: Xenstore: Guests can cause Xenstore to not free temporary memory (bsc#1204488) - CVE-2022-42320: xen: Xenstore: Guests can get access to Xenstore nodes of deleted domains (bsc#1204489) - CVE-2022-42321: xen: Xenstore: Guests can crash xenstored via exhausting the stack (bsc#1204490) - CVE-2022-42322,CVE-2022-42323: xen: Xenstore: cooperating guests can create arbitrary numbers of nodes (bsc#1204494) - CVE-2022-42325,CVE-2022-42326: xen: Xenstore: Guests can create arbitrary number of nodes via transactions (bsc#1204496) - xen: Frontends vulnerable to backends (bsc#1193923). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-3971=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-3971=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-3971=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-3971=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-3971=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-3971=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-3971=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-3971=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-3971=1 Package List: - SUSE Manager Server 4.1 (noarch): xen-tools-xendomains-wait-disk-4.13.4_16-150200.3.65.1 - SUSE Manager Server 4.1 (x86_64): xen-4.13.4_16-150200.3.65.1 xen-debugsource-4.13.4_16-150200.3.65.1 xen-devel-4.13.4_16-150200.3.65.1 xen-libs-4.13.4_16-150200.3.65.1 xen-libs-debuginfo-4.13.4_16-150200.3.65.1 xen-tools-4.13.4_16-150200.3.65.1 xen-tools-debuginfo-4.13.4_16-150200.3.65.1 xen-tools-domU-4.13.4_16-150200.3.65.1 xen-tools-domU-debuginfo-4.13.4_16-150200.3.65.1 - SUSE Manager Retail Branch Server 4.1 (noarch): xen-tools-xendomains-wait-disk-4.13.4_16-150200.3.65.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): xen-4.13.4_16-150200.3.65.1 xen-debugsource-4.13.4_16-150200.3.65.1 xen-devel-4.13.4_16-150200.3.65.1 xen-libs-4.13.4_16-150200.3.65.1 xen-libs-debuginfo-4.13.4_16-150200.3.65.1 xen-tools-4.13.4_16-150200.3.65.1 xen-tools-debuginfo-4.13.4_16-150200.3.65.1 xen-tools-domU-4.13.4_16-150200.3.65.1 xen-tools-domU-debuginfo-4.13.4_16-150200.3.65.1 - SUSE Manager Proxy 4.1 (x86_64): xen-4.13.4_16-150200.3.65.1 xen-debugsource-4.13.4_16-150200.3.65.1 xen-devel-4.13.4_16-150200.3.65.1 xen-libs-4.13.4_16-150200.3.65.1 xen-libs-debuginfo-4.13.4_16-150200.3.65.1 xen-tools-4.13.4_16-150200.3.65.1 xen-tools-debuginfo-4.13.4_16-150200.3.65.1 xen-tools-domU-4.13.4_16-150200.3.65.1 xen-tools-domU-debuginfo-4.13.4_16-150200.3.65.1 - SUSE Manager Proxy 4.1 (noarch): xen-tools-xendomains-wait-disk-4.13.4_16-150200.3.65.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (noarch): xen-tools-xendomains-wait-disk-4.13.4_16-150200.3.65.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (x86_64): xen-4.13.4_16-150200.3.65.1 xen-debugsource-4.13.4_16-150200.3.65.1 xen-devel-4.13.4_16-150200.3.65.1 xen-libs-4.13.4_16-150200.3.65.1 xen-libs-debuginfo-4.13.4_16-150200.3.65.1 xen-tools-4.13.4_16-150200.3.65.1 xen-tools-debuginfo-4.13.4_16-150200.3.65.1 xen-tools-domU-4.13.4_16-150200.3.65.1 xen-tools-domU-debuginfo-4.13.4_16-150200.3.65.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (noarch): xen-tools-xendomains-wait-disk-4.13.4_16-150200.3.65.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (x86_64): xen-4.13.4_16-150200.3.65.1 xen-debugsource-4.13.4_16-150200.3.65.1 xen-devel-4.13.4_16-150200.3.65.1 xen-libs-4.13.4_16-150200.3.65.1 xen-libs-debuginfo-4.13.4_16-150200.3.65.1 xen-tools-4.13.4_16-150200.3.65.1 xen-tools-debuginfo-4.13.4_16-150200.3.65.1 xen-tools-domU-4.13.4_16-150200.3.65.1 xen-tools-domU-debuginfo-4.13.4_16-150200.3.65.1 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): xen-4.13.4_16-150200.3.65.1 xen-debugsource-4.13.4_16-150200.3.65.1 xen-devel-4.13.4_16-150200.3.65.1 xen-libs-4.13.4_16-150200.3.65.1 xen-libs-debuginfo-4.13.4_16-150200.3.65.1 xen-tools-4.13.4_16-150200.3.65.1 xen-tools-debuginfo-4.13.4_16-150200.3.65.1 xen-tools-domU-4.13.4_16-150200.3.65.1 xen-tools-domU-debuginfo-4.13.4_16-150200.3.65.1 - SUSE Linux Enterprise Server 15-SP2-BCL (noarch): xen-tools-xendomains-wait-disk-4.13.4_16-150200.3.65.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (x86_64): xen-4.13.4_16-150200.3.65.1 xen-debugsource-4.13.4_16-150200.3.65.1 xen-devel-4.13.4_16-150200.3.65.1 xen-libs-4.13.4_16-150200.3.65.1 xen-libs-debuginfo-4.13.4_16-150200.3.65.1 xen-tools-4.13.4_16-150200.3.65.1 xen-tools-debuginfo-4.13.4_16-150200.3.65.1 xen-tools-domU-4.13.4_16-150200.3.65.1 xen-tools-domU-debuginfo-4.13.4_16-150200.3.65.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (noarch): xen-tools-xendomains-wait-disk-4.13.4_16-150200.3.65.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (x86_64): xen-4.13.4_16-150200.3.65.1 xen-debugsource-4.13.4_16-150200.3.65.1 xen-devel-4.13.4_16-150200.3.65.1 xen-libs-4.13.4_16-150200.3.65.1 xen-libs-debuginfo-4.13.4_16-150200.3.65.1 xen-tools-4.13.4_16-150200.3.65.1 xen-tools-debuginfo-4.13.4_16-150200.3.65.1 xen-tools-domU-4.13.4_16-150200.3.65.1 xen-tools-domU-debuginfo-4.13.4_16-150200.3.65.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (noarch): xen-tools-xendomains-wait-disk-4.13.4_16-150200.3.65.1 - SUSE Enterprise Storage 7 (x86_64): xen-4.13.4_16-150200.3.65.1 xen-debugsource-4.13.4_16-150200.3.65.1 xen-devel-4.13.4_16-150200.3.65.1 xen-libs-4.13.4_16-150200.3.65.1 xen-libs-debuginfo-4.13.4_16-150200.3.65.1 xen-tools-4.13.4_16-150200.3.65.1 xen-tools-debuginfo-4.13.4_16-150200.3.65.1 xen-tools-domU-4.13.4_16-150200.3.65.1 xen-tools-domU-debuginfo-4.13.4_16-150200.3.65.1 - SUSE Enterprise Storage 7 (noarch): xen-tools-xendomains-wait-disk-4.13.4_16-150200.3.65.1 References: https://www.suse.com/security/cve/CVE-2021-28689.html https://www.suse.com/security/cve/CVE-2022-33746.html https://www.suse.com/security/cve/CVE-2022-33748.html https://www.suse.com/security/cve/CVE-2022-42309.html https://www.suse.com/security/cve/CVE-2022-42310.html https://www.suse.com/security/cve/CVE-2022-42311.html https://www.suse.com/security/cve/CVE-2022-42312.html https://www.suse.com/security/cve/CVE-2022-42313.html https://www.suse.com/security/cve/CVE-2022-42314.html https://www.suse.com/security/cve/CVE-2022-42315.html https://www.suse.com/security/cve/CVE-2022-42316.html https://www.suse.com/security/cve/CVE-2022-42317.html https://www.suse.com/security/cve/CVE-2022-42318.html https://www.suse.com/security/cve/CVE-2022-42319.html https://www.suse.com/security/cve/CVE-2022-42320.html https://www.suse.com/security/cve/CVE-2022-42321.html https://www.suse.com/security/cve/CVE-2022-42322.html https://www.suse.com/security/cve/CVE-2022-42323.html https://www.suse.com/security/cve/CVE-2022-42325.html https://www.suse.com/security/cve/CVE-2022-42326.html https://bugzilla.suse.com/1027519 https://bugzilla.suse.com/1167608 https://bugzilla.suse.com/1185104 https://bugzilla.suse.com/1193923 https://bugzilla.suse.com/1199966 https://bugzilla.suse.com/1203806 https://bugzilla.suse.com/1203807 https://bugzilla.suse.com/1204482 https://bugzilla.suse.com/1204485 https://bugzilla.suse.com/1204487 https://bugzilla.suse.com/1204488 https://bugzilla.suse.com/1204489 https://bugzilla.suse.com/1204490 https://bugzilla.suse.com/1204494 https://bugzilla.suse.com/1204496 From sle-updates at lists.suse.com Mon Nov 14 17:22:58 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 14 Nov 2022 18:22:58 +0100 (CET) Subject: SUSE-RU-2022:3972-1: Recommended update for p7zip Message-ID: <20221114172258.43916FD9D@maintenance.suse.de> SUSE Recommended Update: Recommended update for p7zip ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:3972-1 Rating: low References: #1203316 Affected Products: SUSE Enterprise Storage 7.1 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.2 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.2 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.2 SUSE Manager Server 4.3 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for p7zip fixes the following issue: - Ship p7zip-full to SLE15-SP3 basesystem (bsc#1203316). Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-3972=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-3972=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-3972=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-3972=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): p7zip-16.02-150200.14.9.2 p7zip-debugsource-16.02-150200.14.9.2 p7zip-full-16.02-150200.14.9.2 p7zip-full-debuginfo-16.02-150200.14.9.2 - openSUSE Leap 15.4 (noarch): p7zip-doc-16.02-150200.14.9.2 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): p7zip-16.02-150200.14.9.2 p7zip-debugsource-16.02-150200.14.9.2 p7zip-full-16.02-150200.14.9.2 p7zip-full-debuginfo-16.02-150200.14.9.2 - openSUSE Leap 15.3 (noarch): p7zip-doc-16.02-150200.14.9.2 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): p7zip-16.02-150200.14.9.2 p7zip-debugsource-16.02-150200.14.9.2 p7zip-full-16.02-150200.14.9.2 p7zip-full-debuginfo-16.02-150200.14.9.2 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): p7zip-16.02-150200.14.9.2 p7zip-debugsource-16.02-150200.14.9.2 p7zip-full-16.02-150200.14.9.2 p7zip-full-debuginfo-16.02-150200.14.9.2 References: https://bugzilla.suse.com/1203316 From sle-updates at lists.suse.com Mon Nov 14 17:23:40 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 14 Nov 2022 18:23:40 +0100 (CET) Subject: SUSE-SU-2022:3968-1: important: Security update for nodejs14 Message-ID: <20221114172340.0E8C9FD9D@maintenance.suse.de> SUSE Security Update: Security update for nodejs14 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3968-1 Rating: important References: #1205119 Cross-References: CVE-2022-43548 CVSS scores: CVE-2022-43548 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Affected Products: SUSE Linux Enterprise High Performance Computing 12 SUSE Linux Enterprise Module for Web Scripting 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP Applications 12 SUSE Linux Enterprise Server for SAP Applications 12-SP3 SUSE Linux Enterprise Server for SAP Applications 12-SP4 SUSE Linux Enterprise Server for SAP Applications 12-SP5 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for nodejs14 fixes the following issues: - Update to 14.21.1: - CVE-2022-43548: Fixed DNS rebinding in --inspect via invalid octal IP address (bsc#1205119). - Update to 14.21.0: - src: add --openssl-shared-config option Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Web Scripting 12: zypper in -t patch SUSE-SLE-Module-Web-Scripting-12-2022-3968=1 Package List: - SUSE Linux Enterprise Module for Web Scripting 12 (aarch64 ppc64le s390x x86_64): nodejs14-14.21.1-6.37.1 nodejs14-debuginfo-14.21.1-6.37.1 nodejs14-debugsource-14.21.1-6.37.1 nodejs14-devel-14.21.1-6.37.1 npm14-14.21.1-6.37.1 - SUSE Linux Enterprise Module for Web Scripting 12 (noarch): nodejs14-docs-14.21.1-6.37.1 References: https://www.suse.com/security/cve/CVE-2022-43548.html https://bugzilla.suse.com/1205119 From sle-updates at lists.suse.com Mon Nov 14 17:24:17 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 14 Nov 2022 18:24:17 +0100 (CET) Subject: SUSE-SU-2022:3967-1: important: Security update for nodejs16 Message-ID: <20221114172417.A502CFD9D@maintenance.suse.de> SUSE Security Update: Security update for nodejs16 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3967-1 Rating: important References: #1205119 Cross-References: CVE-2022-43548 CVSS scores: CVE-2022-43548 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Affected Products: SUSE Linux Enterprise High Performance Computing 12 SUSE Linux Enterprise Module for Web Scripting 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP Applications 12 SUSE Linux Enterprise Server for SAP Applications 12-SP3 SUSE Linux Enterprise Server for SAP Applications 12-SP4 SUSE Linux Enterprise Server for SAP Applications 12-SP5 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for nodejs16 fixes the following issues: - Update to LTS versino 16.18.1. - CVE-2022-43548: Fixed DNS rebinding in --inspect via invalid octal IP address (bsc#1205119). - Update to LTS version 16.18.0: * http: throw error on content-length mismatch * stream: add ReadableByteStream.tee() * deps: npm updated to 8.19.2 Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Web Scripting 12: zypper in -t patch SUSE-SLE-Module-Web-Scripting-12-2022-3967=1 Package List: - SUSE Linux Enterprise Module for Web Scripting 12 (aarch64 ppc64le s390x x86_64): nodejs16-16.18.1-8.17.1 nodejs16-debuginfo-16.18.1-8.17.1 nodejs16-debugsource-16.18.1-8.17.1 nodejs16-devel-16.18.1-8.17.1 npm16-16.18.1-8.17.1 - SUSE Linux Enterprise Module for Web Scripting 12 (noarch): nodejs16-docs-16.18.1-8.17.1 References: https://www.suse.com/security/cve/CVE-2022-43548.html https://bugzilla.suse.com/1205119 From sle-updates at lists.suse.com Mon Nov 14 17:24:55 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 14 Nov 2022 18:24:55 +0100 (CET) Subject: SUSE-SU-2022:3969-1: important: Security update for kubevirt stack Message-ID: <20221114172455.E55C8FD9D@maintenance.suse.de> SUSE Security Update: Security update for kubevirt stack ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3969-1 Rating: important References: Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Micro 5.3 SUSE Linux Enterprise Module for Containers 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update provides rebuilds of the kubevirt containers with up to date base images, fixing various security issues. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-3969=1 - SUSE Linux Enterprise Module for Containers 15-SP4: zypper in -t patch SUSE-SLE-Module-Containers-15-SP4-2022-3969=1 - SUSE Linux Enterprise Micro 5.3: zypper in -t patch SUSE-SLE-Micro-5.3-2022-3969=1 Package List: - openSUSE Leap 15.4 (x86_64): kubevirt-container-disk-0.54.0-150400.3.5.1 kubevirt-container-disk-debuginfo-0.54.0-150400.3.5.1 kubevirt-manifests-0.54.0-150400.3.5.1 kubevirt-tests-0.54.0-150400.3.5.1 kubevirt-tests-debuginfo-0.54.0-150400.3.5.1 kubevirt-virt-api-0.54.0-150400.3.5.1 kubevirt-virt-api-debuginfo-0.54.0-150400.3.5.1 kubevirt-virt-controller-0.54.0-150400.3.5.1 kubevirt-virt-controller-debuginfo-0.54.0-150400.3.5.1 kubevirt-virt-handler-0.54.0-150400.3.5.1 kubevirt-virt-handler-debuginfo-0.54.0-150400.3.5.1 kubevirt-virt-launcher-0.54.0-150400.3.5.1 kubevirt-virt-launcher-debuginfo-0.54.0-150400.3.5.1 kubevirt-virt-operator-0.54.0-150400.3.5.1 kubevirt-virt-operator-debuginfo-0.54.0-150400.3.5.1 kubevirt-virtctl-0.54.0-150400.3.5.1 kubevirt-virtctl-debuginfo-0.54.0-150400.3.5.1 obs-service-kubevirt_containers_meta-0.54.0-150400.3.5.1 - SUSE Linux Enterprise Module for Containers 15-SP4 (x86_64): kubevirt-manifests-0.54.0-150400.3.5.1 kubevirt-virtctl-0.54.0-150400.3.5.1 kubevirt-virtctl-debuginfo-0.54.0-150400.3.5.1 - SUSE Linux Enterprise Micro 5.3 (x86_64): kubevirt-manifests-0.54.0-150400.3.5.1 kubevirt-virtctl-0.54.0-150400.3.5.1 kubevirt-virtctl-debuginfo-0.54.0-150400.3.5.1 References: From sle-updates at lists.suse.com Mon Nov 14 17:25:28 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 14 Nov 2022 18:25:28 +0100 (CET) Subject: SUSE-SU-2022:3970-1: important: Security update for containerized-data-importer Message-ID: <20221114172528.1ADC1FD9D@maintenance.suse.de> SUSE Security Update: Security update for containerized-data-importer ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3970-1 Rating: important References: Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Micro 5.3 SUSE Linux Enterprise Module for Containers 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update rebuilds the current containeried data importer images against current base images, to fix security issues. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-3970=1 - SUSE Linux Enterprise Module for Containers 15-SP4: zypper in -t patch SUSE-SLE-Module-Containers-15-SP4-2022-3970=1 - SUSE Linux Enterprise Micro 5.3: zypper in -t patch SUSE-SLE-Micro-5.3-2022-3970=1 Package List: - openSUSE Leap 15.4 (x86_64): containerized-data-importer-api-1.51.0-150400.4.5.1 containerized-data-importer-api-debuginfo-1.51.0-150400.4.5.1 containerized-data-importer-cloner-1.51.0-150400.4.5.1 containerized-data-importer-cloner-debuginfo-1.51.0-150400.4.5.1 containerized-data-importer-controller-1.51.0-150400.4.5.1 containerized-data-importer-controller-debuginfo-1.51.0-150400.4.5.1 containerized-data-importer-importer-1.51.0-150400.4.5.1 containerized-data-importer-importer-debuginfo-1.51.0-150400.4.5.1 containerized-data-importer-manifests-1.51.0-150400.4.5.1 containerized-data-importer-operator-1.51.0-150400.4.5.1 containerized-data-importer-operator-debuginfo-1.51.0-150400.4.5.1 containerized-data-importer-uploadproxy-1.51.0-150400.4.5.1 containerized-data-importer-uploadproxy-debuginfo-1.51.0-150400.4.5.1 containerized-data-importer-uploadserver-1.51.0-150400.4.5.1 containerized-data-importer-uploadserver-debuginfo-1.51.0-150400.4.5.1 obs-service-cdi_containers_meta-1.51.0-150400.4.5.1 - SUSE Linux Enterprise Module for Containers 15-SP4 (x86_64): containerized-data-importer-manifests-1.51.0-150400.4.5.1 - SUSE Linux Enterprise Micro 5.3 (x86_64): containerized-data-importer-manifests-1.51.0-150400.4.5.1 References: From sle-updates at lists.suse.com Mon Nov 14 20:21:07 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 14 Nov 2022 21:21:07 +0100 (CET) Subject: SUSE-RU-2022:3975-1: moderate: Recommended update for util-linux Message-ID: <20221114202107.C36FFFDD4@maintenance.suse.de> SUSE Recommended Update: Recommended update for util-linux ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:3975-1 Rating: moderate References: #1201959 PED-1150 Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Enterprise Storage 7 SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Manager Proxy 4.1 SUSE Manager Retail Branch Server 4.1 SUSE Manager Server 4.1 ______________________________________________________________________________ An update that has one recommended fix and contains one feature can now be installed. Description: This update for util-linux fixes the following issues: - libuuid improvements (bsc#1201959, PED-1150): libuuid: Fix range when parsing UUIDs. Improve cache handling for short running applications-increment the cache size over runtime. Implement continuous clock handling for time based UUIDs. Check clock value from clock file to provide seamless libuuid. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-3975=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-3975=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-3975=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-3975=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-3975=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-3975=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-3975=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-3975=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-3975=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-3975=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-3975=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-3975=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-3975=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-3975=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-3975=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Manager Server 4.1 (ppc64le s390x x86_64): libblkid-devel-2.33.2-150100.4.27.1 libblkid-devel-static-2.33.2-150100.4.27.1 libblkid1-2.33.2-150100.4.27.1 libblkid1-debuginfo-2.33.2-150100.4.27.1 libfdisk-devel-2.33.2-150100.4.27.1 libfdisk1-2.33.2-150100.4.27.1 libfdisk1-debuginfo-2.33.2-150100.4.27.1 libmount-devel-2.33.2-150100.4.27.1 libmount1-2.33.2-150100.4.27.1 libmount1-debuginfo-2.33.2-150100.4.27.1 libsmartcols-devel-2.33.2-150100.4.27.1 libsmartcols1-2.33.2-150100.4.27.1 libsmartcols1-debuginfo-2.33.2-150100.4.27.1 libuuid-devel-2.33.2-150100.4.27.1 libuuid-devel-static-2.33.2-150100.4.27.1 libuuid1-2.33.2-150100.4.27.1 libuuid1-debuginfo-2.33.2-150100.4.27.1 util-linux-2.33.2-150100.4.27.1 util-linux-debuginfo-2.33.2-150100.4.27.1 util-linux-debugsource-2.33.2-150100.4.27.1 util-linux-systemd-2.33.2-150100.4.27.1 util-linux-systemd-debuginfo-2.33.2-150100.4.27.1 util-linux-systemd-debugsource-2.33.2-150100.4.27.1 uuidd-2.33.2-150100.4.27.1 uuidd-debuginfo-2.33.2-150100.4.27.1 - SUSE Manager Server 4.1 (noarch): util-linux-lang-2.33.2-150100.4.27.1 - SUSE Manager Server 4.1 (x86_64): libblkid1-32bit-2.33.2-150100.4.27.1 libblkid1-32bit-debuginfo-2.33.2-150100.4.27.1 libmount1-32bit-2.33.2-150100.4.27.1 libmount1-32bit-debuginfo-2.33.2-150100.4.27.1 libuuid1-32bit-2.33.2-150100.4.27.1 libuuid1-32bit-debuginfo-2.33.2-150100.4.27.1 - SUSE Manager Retail Branch Server 4.1 (noarch): util-linux-lang-2.33.2-150100.4.27.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): libblkid-devel-2.33.2-150100.4.27.1 libblkid-devel-static-2.33.2-150100.4.27.1 libblkid1-2.33.2-150100.4.27.1 libblkid1-32bit-2.33.2-150100.4.27.1 libblkid1-32bit-debuginfo-2.33.2-150100.4.27.1 libblkid1-debuginfo-2.33.2-150100.4.27.1 libfdisk-devel-2.33.2-150100.4.27.1 libfdisk1-2.33.2-150100.4.27.1 libfdisk1-debuginfo-2.33.2-150100.4.27.1 libmount-devel-2.33.2-150100.4.27.1 libmount1-2.33.2-150100.4.27.1 libmount1-32bit-2.33.2-150100.4.27.1 libmount1-32bit-debuginfo-2.33.2-150100.4.27.1 libmount1-debuginfo-2.33.2-150100.4.27.1 libsmartcols-devel-2.33.2-150100.4.27.1 libsmartcols1-2.33.2-150100.4.27.1 libsmartcols1-debuginfo-2.33.2-150100.4.27.1 libuuid-devel-2.33.2-150100.4.27.1 libuuid-devel-static-2.33.2-150100.4.27.1 libuuid1-2.33.2-150100.4.27.1 libuuid1-32bit-2.33.2-150100.4.27.1 libuuid1-32bit-debuginfo-2.33.2-150100.4.27.1 libuuid1-debuginfo-2.33.2-150100.4.27.1 util-linux-2.33.2-150100.4.27.1 util-linux-debuginfo-2.33.2-150100.4.27.1 util-linux-debugsource-2.33.2-150100.4.27.1 util-linux-systemd-2.33.2-150100.4.27.1 util-linux-systemd-debuginfo-2.33.2-150100.4.27.1 util-linux-systemd-debugsource-2.33.2-150100.4.27.1 uuidd-2.33.2-150100.4.27.1 uuidd-debuginfo-2.33.2-150100.4.27.1 - SUSE Manager Proxy 4.1 (x86_64): libblkid-devel-2.33.2-150100.4.27.1 libblkid-devel-static-2.33.2-150100.4.27.1 libblkid1-2.33.2-150100.4.27.1 libblkid1-32bit-2.33.2-150100.4.27.1 libblkid1-32bit-debuginfo-2.33.2-150100.4.27.1 libblkid1-debuginfo-2.33.2-150100.4.27.1 libfdisk-devel-2.33.2-150100.4.27.1 libfdisk1-2.33.2-150100.4.27.1 libfdisk1-debuginfo-2.33.2-150100.4.27.1 libmount-devel-2.33.2-150100.4.27.1 libmount1-2.33.2-150100.4.27.1 libmount1-32bit-2.33.2-150100.4.27.1 libmount1-32bit-debuginfo-2.33.2-150100.4.27.1 libmount1-debuginfo-2.33.2-150100.4.27.1 libsmartcols-devel-2.33.2-150100.4.27.1 libsmartcols1-2.33.2-150100.4.27.1 libsmartcols1-debuginfo-2.33.2-150100.4.27.1 libuuid-devel-2.33.2-150100.4.27.1 libuuid-devel-static-2.33.2-150100.4.27.1 libuuid1-2.33.2-150100.4.27.1 libuuid1-32bit-2.33.2-150100.4.27.1 libuuid1-32bit-debuginfo-2.33.2-150100.4.27.1 libuuid1-debuginfo-2.33.2-150100.4.27.1 util-linux-2.33.2-150100.4.27.1 util-linux-debuginfo-2.33.2-150100.4.27.1 util-linux-debugsource-2.33.2-150100.4.27.1 util-linux-systemd-2.33.2-150100.4.27.1 util-linux-systemd-debuginfo-2.33.2-150100.4.27.1 util-linux-systemd-debugsource-2.33.2-150100.4.27.1 uuidd-2.33.2-150100.4.27.1 uuidd-debuginfo-2.33.2-150100.4.27.1 - SUSE Manager Proxy 4.1 (noarch): util-linux-lang-2.33.2-150100.4.27.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): libblkid-devel-2.33.2-150100.4.27.1 libblkid-devel-static-2.33.2-150100.4.27.1 libblkid1-2.33.2-150100.4.27.1 libblkid1-debuginfo-2.33.2-150100.4.27.1 libfdisk-devel-2.33.2-150100.4.27.1 libfdisk1-2.33.2-150100.4.27.1 libfdisk1-debuginfo-2.33.2-150100.4.27.1 libmount-devel-2.33.2-150100.4.27.1 libmount1-2.33.2-150100.4.27.1 libmount1-debuginfo-2.33.2-150100.4.27.1 libsmartcols-devel-2.33.2-150100.4.27.1 libsmartcols1-2.33.2-150100.4.27.1 libsmartcols1-debuginfo-2.33.2-150100.4.27.1 libuuid-devel-2.33.2-150100.4.27.1 libuuid-devel-static-2.33.2-150100.4.27.1 libuuid1-2.33.2-150100.4.27.1 libuuid1-debuginfo-2.33.2-150100.4.27.1 util-linux-2.33.2-150100.4.27.1 util-linux-debuginfo-2.33.2-150100.4.27.1 util-linux-debugsource-2.33.2-150100.4.27.1 util-linux-systemd-2.33.2-150100.4.27.1 util-linux-systemd-debuginfo-2.33.2-150100.4.27.1 util-linux-systemd-debugsource-2.33.2-150100.4.27.1 uuidd-2.33.2-150100.4.27.1 uuidd-debuginfo-2.33.2-150100.4.27.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (x86_64): libblkid1-32bit-2.33.2-150100.4.27.1 libblkid1-32bit-debuginfo-2.33.2-150100.4.27.1 libmount1-32bit-2.33.2-150100.4.27.1 libmount1-32bit-debuginfo-2.33.2-150100.4.27.1 libuuid1-32bit-2.33.2-150100.4.27.1 libuuid1-32bit-debuginfo-2.33.2-150100.4.27.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (noarch): util-linux-lang-2.33.2-150100.4.27.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): libblkid-devel-2.33.2-150100.4.27.1 libblkid-devel-static-2.33.2-150100.4.27.1 libblkid1-2.33.2-150100.4.27.1 libblkid1-debuginfo-2.33.2-150100.4.27.1 libfdisk-devel-2.33.2-150100.4.27.1 libfdisk1-2.33.2-150100.4.27.1 libfdisk1-debuginfo-2.33.2-150100.4.27.1 libmount-devel-2.33.2-150100.4.27.1 libmount1-2.33.2-150100.4.27.1 libmount1-debuginfo-2.33.2-150100.4.27.1 libsmartcols-devel-2.33.2-150100.4.27.1 libsmartcols1-2.33.2-150100.4.27.1 libsmartcols1-debuginfo-2.33.2-150100.4.27.1 libuuid-devel-2.33.2-150100.4.27.1 libuuid-devel-static-2.33.2-150100.4.27.1 libuuid1-2.33.2-150100.4.27.1 libuuid1-debuginfo-2.33.2-150100.4.27.1 util-linux-2.33.2-150100.4.27.1 util-linux-debuginfo-2.33.2-150100.4.27.1 util-linux-debugsource-2.33.2-150100.4.27.1 util-linux-systemd-2.33.2-150100.4.27.1 util-linux-systemd-debuginfo-2.33.2-150100.4.27.1 util-linux-systemd-debugsource-2.33.2-150100.4.27.1 uuidd-2.33.2-150100.4.27.1 uuidd-debuginfo-2.33.2-150100.4.27.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (x86_64): libblkid1-32bit-2.33.2-150100.4.27.1 libblkid1-32bit-debuginfo-2.33.2-150100.4.27.1 libmount1-32bit-2.33.2-150100.4.27.1 libmount1-32bit-debuginfo-2.33.2-150100.4.27.1 libuuid1-32bit-2.33.2-150100.4.27.1 libuuid1-32bit-debuginfo-2.33.2-150100.4.27.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (noarch): util-linux-lang-2.33.2-150100.4.27.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): libblkid-devel-2.33.2-150100.4.27.1 libblkid-devel-static-2.33.2-150100.4.27.1 libblkid1-2.33.2-150100.4.27.1 libblkid1-debuginfo-2.33.2-150100.4.27.1 libfdisk-devel-2.33.2-150100.4.27.1 libfdisk1-2.33.2-150100.4.27.1 libfdisk1-debuginfo-2.33.2-150100.4.27.1 libmount-devel-2.33.2-150100.4.27.1 libmount1-2.33.2-150100.4.27.1 libmount1-debuginfo-2.33.2-150100.4.27.1 libsmartcols-devel-2.33.2-150100.4.27.1 libsmartcols1-2.33.2-150100.4.27.1 libsmartcols1-debuginfo-2.33.2-150100.4.27.1 libuuid-devel-2.33.2-150100.4.27.1 libuuid-devel-static-2.33.2-150100.4.27.1 libuuid1-2.33.2-150100.4.27.1 libuuid1-debuginfo-2.33.2-150100.4.27.1 util-linux-2.33.2-150100.4.27.1 util-linux-debuginfo-2.33.2-150100.4.27.1 util-linux-debugsource-2.33.2-150100.4.27.1 util-linux-systemd-2.33.2-150100.4.27.1 util-linux-systemd-debuginfo-2.33.2-150100.4.27.1 util-linux-systemd-debugsource-2.33.2-150100.4.27.1 uuidd-2.33.2-150100.4.27.1 uuidd-debuginfo-2.33.2-150100.4.27.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (noarch): util-linux-lang-2.33.2-150100.4.27.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (x86_64): libblkid1-32bit-2.33.2-150100.4.27.1 libblkid1-32bit-debuginfo-2.33.2-150100.4.27.1 libmount1-32bit-2.33.2-150100.4.27.1 libmount1-32bit-debuginfo-2.33.2-150100.4.27.1 libuuid1-32bit-2.33.2-150100.4.27.1 libuuid1-32bit-debuginfo-2.33.2-150100.4.27.1 - SUSE Linux Enterprise Server 15-SP2-BCL (noarch): util-linux-lang-2.33.2-150100.4.27.1 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): libblkid-devel-2.33.2-150100.4.27.1 libblkid-devel-static-2.33.2-150100.4.27.1 libblkid1-2.33.2-150100.4.27.1 libblkid1-32bit-2.33.2-150100.4.27.1 libblkid1-32bit-debuginfo-2.33.2-150100.4.27.1 libblkid1-debuginfo-2.33.2-150100.4.27.1 libfdisk-devel-2.33.2-150100.4.27.1 libfdisk1-2.33.2-150100.4.27.1 libfdisk1-debuginfo-2.33.2-150100.4.27.1 libmount-devel-2.33.2-150100.4.27.1 libmount1-2.33.2-150100.4.27.1 libmount1-32bit-2.33.2-150100.4.27.1 libmount1-32bit-debuginfo-2.33.2-150100.4.27.1 libmount1-debuginfo-2.33.2-150100.4.27.1 libsmartcols-devel-2.33.2-150100.4.27.1 libsmartcols1-2.33.2-150100.4.27.1 libsmartcols1-debuginfo-2.33.2-150100.4.27.1 libuuid-devel-2.33.2-150100.4.27.1 libuuid-devel-static-2.33.2-150100.4.27.1 libuuid1-2.33.2-150100.4.27.1 libuuid1-32bit-2.33.2-150100.4.27.1 libuuid1-32bit-debuginfo-2.33.2-150100.4.27.1 libuuid1-debuginfo-2.33.2-150100.4.27.1 util-linux-2.33.2-150100.4.27.1 util-linux-debuginfo-2.33.2-150100.4.27.1 util-linux-debugsource-2.33.2-150100.4.27.1 util-linux-systemd-2.33.2-150100.4.27.1 util-linux-systemd-debuginfo-2.33.2-150100.4.27.1 util-linux-systemd-debugsource-2.33.2-150100.4.27.1 uuidd-2.33.2-150100.4.27.1 uuidd-debuginfo-2.33.2-150100.4.27.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): libblkid-devel-2.33.2-150100.4.27.1 libblkid-devel-static-2.33.2-150100.4.27.1 libblkid1-2.33.2-150100.4.27.1 libblkid1-debuginfo-2.33.2-150100.4.27.1 libfdisk-devel-2.33.2-150100.4.27.1 libfdisk1-2.33.2-150100.4.27.1 libfdisk1-debuginfo-2.33.2-150100.4.27.1 libmount-devel-2.33.2-150100.4.27.1 libmount1-2.33.2-150100.4.27.1 libmount1-debuginfo-2.33.2-150100.4.27.1 libsmartcols-devel-2.33.2-150100.4.27.1 libsmartcols1-2.33.2-150100.4.27.1 libsmartcols1-debuginfo-2.33.2-150100.4.27.1 libuuid-devel-2.33.2-150100.4.27.1 libuuid-devel-static-2.33.2-150100.4.27.1 libuuid1-2.33.2-150100.4.27.1 libuuid1-debuginfo-2.33.2-150100.4.27.1 util-linux-2.33.2-150100.4.27.1 util-linux-debuginfo-2.33.2-150100.4.27.1 util-linux-debugsource-2.33.2-150100.4.27.1 util-linux-systemd-2.33.2-150100.4.27.1 util-linux-systemd-debuginfo-2.33.2-150100.4.27.1 util-linux-systemd-debugsource-2.33.2-150100.4.27.1 uuidd-2.33.2-150100.4.27.1 uuidd-debuginfo-2.33.2-150100.4.27.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (x86_64): libblkid1-32bit-2.33.2-150100.4.27.1 libblkid1-32bit-debuginfo-2.33.2-150100.4.27.1 libmount1-32bit-2.33.2-150100.4.27.1 libmount1-32bit-debuginfo-2.33.2-150100.4.27.1 libuuid1-32bit-2.33.2-150100.4.27.1 libuuid1-32bit-debuginfo-2.33.2-150100.4.27.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (noarch): util-linux-lang-2.33.2-150100.4.27.1 - SUSE Linux Enterprise Server 15-SP1-BCL (noarch): util-linux-lang-2.33.2-150100.4.27.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): libblkid-devel-2.33.2-150100.4.27.1 libblkid-devel-static-2.33.2-150100.4.27.1 libblkid1-2.33.2-150100.4.27.1 libblkid1-32bit-2.33.2-150100.4.27.1 libblkid1-32bit-debuginfo-2.33.2-150100.4.27.1 libblkid1-debuginfo-2.33.2-150100.4.27.1 libfdisk-devel-2.33.2-150100.4.27.1 libfdisk1-2.33.2-150100.4.27.1 libfdisk1-debuginfo-2.33.2-150100.4.27.1 libmount-devel-2.33.2-150100.4.27.1 libmount1-2.33.2-150100.4.27.1 libmount1-32bit-2.33.2-150100.4.27.1 libmount1-32bit-debuginfo-2.33.2-150100.4.27.1 libmount1-debuginfo-2.33.2-150100.4.27.1 libsmartcols-devel-2.33.2-150100.4.27.1 libsmartcols1-2.33.2-150100.4.27.1 libsmartcols1-debuginfo-2.33.2-150100.4.27.1 libuuid-devel-2.33.2-150100.4.27.1 libuuid-devel-static-2.33.2-150100.4.27.1 libuuid1-2.33.2-150100.4.27.1 libuuid1-32bit-2.33.2-150100.4.27.1 libuuid1-32bit-debuginfo-2.33.2-150100.4.27.1 libuuid1-debuginfo-2.33.2-150100.4.27.1 util-linux-2.33.2-150100.4.27.1 util-linux-debuginfo-2.33.2-150100.4.27.1 util-linux-debugsource-2.33.2-150100.4.27.1 util-linux-systemd-2.33.2-150100.4.27.1 util-linux-systemd-debuginfo-2.33.2-150100.4.27.1 util-linux-systemd-debugsource-2.33.2-150100.4.27.1 uuidd-2.33.2-150100.4.27.1 uuidd-debuginfo-2.33.2-150100.4.27.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): libblkid-devel-2.33.2-150100.4.27.1 libblkid-devel-static-2.33.2-150100.4.27.1 libblkid1-2.33.2-150100.4.27.1 libblkid1-debuginfo-2.33.2-150100.4.27.1 libfdisk-devel-2.33.2-150100.4.27.1 libfdisk1-2.33.2-150100.4.27.1 libfdisk1-debuginfo-2.33.2-150100.4.27.1 libmount-devel-2.33.2-150100.4.27.1 libmount1-2.33.2-150100.4.27.1 libmount1-debuginfo-2.33.2-150100.4.27.1 libsmartcols-devel-2.33.2-150100.4.27.1 libsmartcols1-2.33.2-150100.4.27.1 libsmartcols1-debuginfo-2.33.2-150100.4.27.1 libuuid-devel-2.33.2-150100.4.27.1 libuuid-devel-static-2.33.2-150100.4.27.1 libuuid1-2.33.2-150100.4.27.1 libuuid1-debuginfo-2.33.2-150100.4.27.1 util-linux-2.33.2-150100.4.27.1 util-linux-debuginfo-2.33.2-150100.4.27.1 util-linux-debugsource-2.33.2-150100.4.27.1 util-linux-systemd-2.33.2-150100.4.27.1 util-linux-systemd-debuginfo-2.33.2-150100.4.27.1 util-linux-systemd-debugsource-2.33.2-150100.4.27.1 uuidd-2.33.2-150100.4.27.1 uuidd-debuginfo-2.33.2-150100.4.27.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (x86_64): libblkid1-32bit-2.33.2-150100.4.27.1 libblkid1-32bit-debuginfo-2.33.2-150100.4.27.1 libmount1-32bit-2.33.2-150100.4.27.1 libmount1-32bit-debuginfo-2.33.2-150100.4.27.1 libuuid1-32bit-2.33.2-150100.4.27.1 libuuid1-32bit-debuginfo-2.33.2-150100.4.27.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (noarch): util-linux-lang-2.33.2-150100.4.27.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): libblkid-devel-2.33.2-150100.4.27.1 libblkid-devel-static-2.33.2-150100.4.27.1 libblkid1-2.33.2-150100.4.27.1 libblkid1-debuginfo-2.33.2-150100.4.27.1 libfdisk-devel-2.33.2-150100.4.27.1 libfdisk1-2.33.2-150100.4.27.1 libfdisk1-debuginfo-2.33.2-150100.4.27.1 libmount-devel-2.33.2-150100.4.27.1 libmount1-2.33.2-150100.4.27.1 libmount1-debuginfo-2.33.2-150100.4.27.1 libsmartcols-devel-2.33.2-150100.4.27.1 libsmartcols1-2.33.2-150100.4.27.1 libsmartcols1-debuginfo-2.33.2-150100.4.27.1 libuuid-devel-2.33.2-150100.4.27.1 libuuid-devel-static-2.33.2-150100.4.27.1 libuuid1-2.33.2-150100.4.27.1 libuuid1-debuginfo-2.33.2-150100.4.27.1 util-linux-2.33.2-150100.4.27.1 util-linux-debuginfo-2.33.2-150100.4.27.1 util-linux-debugsource-2.33.2-150100.4.27.1 util-linux-systemd-2.33.2-150100.4.27.1 util-linux-systemd-debuginfo-2.33.2-150100.4.27.1 util-linux-systemd-debugsource-2.33.2-150100.4.27.1 uuidd-2.33.2-150100.4.27.1 uuidd-debuginfo-2.33.2-150100.4.27.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (x86_64): libblkid1-32bit-2.33.2-150100.4.27.1 libblkid1-32bit-debuginfo-2.33.2-150100.4.27.1 libmount1-32bit-2.33.2-150100.4.27.1 libmount1-32bit-debuginfo-2.33.2-150100.4.27.1 libuuid1-32bit-2.33.2-150100.4.27.1 libuuid1-32bit-debuginfo-2.33.2-150100.4.27.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (noarch): util-linux-lang-2.33.2-150100.4.27.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): libblkid-devel-2.33.2-150100.4.27.1 libblkid-devel-static-2.33.2-150100.4.27.1 libblkid1-2.33.2-150100.4.27.1 libblkid1-debuginfo-2.33.2-150100.4.27.1 libfdisk-devel-2.33.2-150100.4.27.1 libfdisk1-2.33.2-150100.4.27.1 libfdisk1-debuginfo-2.33.2-150100.4.27.1 libmount-devel-2.33.2-150100.4.27.1 libmount1-2.33.2-150100.4.27.1 libmount1-debuginfo-2.33.2-150100.4.27.1 libsmartcols-devel-2.33.2-150100.4.27.1 libsmartcols1-2.33.2-150100.4.27.1 libsmartcols1-debuginfo-2.33.2-150100.4.27.1 libuuid-devel-2.33.2-150100.4.27.1 libuuid-devel-static-2.33.2-150100.4.27.1 libuuid1-2.33.2-150100.4.27.1 libuuid1-debuginfo-2.33.2-150100.4.27.1 util-linux-2.33.2-150100.4.27.1 util-linux-debuginfo-2.33.2-150100.4.27.1 util-linux-debugsource-2.33.2-150100.4.27.1 util-linux-systemd-2.33.2-150100.4.27.1 util-linux-systemd-debuginfo-2.33.2-150100.4.27.1 util-linux-systemd-debugsource-2.33.2-150100.4.27.1 uuidd-2.33.2-150100.4.27.1 uuidd-debuginfo-2.33.2-150100.4.27.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (x86_64): libblkid1-32bit-2.33.2-150100.4.27.1 libblkid1-32bit-debuginfo-2.33.2-150100.4.27.1 libmount1-32bit-2.33.2-150100.4.27.1 libmount1-32bit-debuginfo-2.33.2-150100.4.27.1 libuuid1-32bit-2.33.2-150100.4.27.1 libuuid1-32bit-debuginfo-2.33.2-150100.4.27.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (noarch): util-linux-lang-2.33.2-150100.4.27.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): libblkid-devel-2.33.2-150100.4.27.1 libblkid-devel-static-2.33.2-150100.4.27.1 libblkid1-2.33.2-150100.4.27.1 libblkid1-debuginfo-2.33.2-150100.4.27.1 libfdisk-devel-2.33.2-150100.4.27.1 libfdisk1-2.33.2-150100.4.27.1 libfdisk1-debuginfo-2.33.2-150100.4.27.1 libmount-devel-2.33.2-150100.4.27.1 libmount1-2.33.2-150100.4.27.1 libmount1-debuginfo-2.33.2-150100.4.27.1 libsmartcols-devel-2.33.2-150100.4.27.1 libsmartcols1-2.33.2-150100.4.27.1 libsmartcols1-debuginfo-2.33.2-150100.4.27.1 libuuid-devel-2.33.2-150100.4.27.1 libuuid-devel-static-2.33.2-150100.4.27.1 libuuid1-2.33.2-150100.4.27.1 libuuid1-debuginfo-2.33.2-150100.4.27.1 util-linux-2.33.2-150100.4.27.1 util-linux-debuginfo-2.33.2-150100.4.27.1 util-linux-debugsource-2.33.2-150100.4.27.1 util-linux-systemd-2.33.2-150100.4.27.1 util-linux-systemd-debuginfo-2.33.2-150100.4.27.1 util-linux-systemd-debugsource-2.33.2-150100.4.27.1 uuidd-2.33.2-150100.4.27.1 uuidd-debuginfo-2.33.2-150100.4.27.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (noarch): util-linux-lang-2.33.2-150100.4.27.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (x86_64): libblkid1-32bit-2.33.2-150100.4.27.1 libblkid1-32bit-debuginfo-2.33.2-150100.4.27.1 libmount1-32bit-2.33.2-150100.4.27.1 libmount1-32bit-debuginfo-2.33.2-150100.4.27.1 libuuid1-32bit-2.33.2-150100.4.27.1 libuuid1-32bit-debuginfo-2.33.2-150100.4.27.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): libblkid-devel-2.33.2-150100.4.27.1 libblkid-devel-static-2.33.2-150100.4.27.1 libblkid1-2.33.2-150100.4.27.1 libblkid1-debuginfo-2.33.2-150100.4.27.1 libfdisk-devel-2.33.2-150100.4.27.1 libfdisk1-2.33.2-150100.4.27.1 libfdisk1-debuginfo-2.33.2-150100.4.27.1 libmount-devel-2.33.2-150100.4.27.1 libmount1-2.33.2-150100.4.27.1 libmount1-debuginfo-2.33.2-150100.4.27.1 libsmartcols-devel-2.33.2-150100.4.27.1 libsmartcols1-2.33.2-150100.4.27.1 libsmartcols1-debuginfo-2.33.2-150100.4.27.1 libuuid-devel-2.33.2-150100.4.27.1 libuuid-devel-static-2.33.2-150100.4.27.1 libuuid1-2.33.2-150100.4.27.1 libuuid1-debuginfo-2.33.2-150100.4.27.1 util-linux-2.33.2-150100.4.27.1 util-linux-debuginfo-2.33.2-150100.4.27.1 util-linux-debugsource-2.33.2-150100.4.27.1 util-linux-systemd-2.33.2-150100.4.27.1 util-linux-systemd-debuginfo-2.33.2-150100.4.27.1 util-linux-systemd-debugsource-2.33.2-150100.4.27.1 uuidd-2.33.2-150100.4.27.1 uuidd-debuginfo-2.33.2-150100.4.27.1 - SUSE Enterprise Storage 7 (x86_64): libblkid1-32bit-2.33.2-150100.4.27.1 libblkid1-32bit-debuginfo-2.33.2-150100.4.27.1 libmount1-32bit-2.33.2-150100.4.27.1 libmount1-32bit-debuginfo-2.33.2-150100.4.27.1 libuuid1-32bit-2.33.2-150100.4.27.1 libuuid1-32bit-debuginfo-2.33.2-150100.4.27.1 - SUSE Enterprise Storage 7 (noarch): util-linux-lang-2.33.2-150100.4.27.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): libblkid-devel-2.33.2-150100.4.27.1 libblkid-devel-static-2.33.2-150100.4.27.1 libblkid1-2.33.2-150100.4.27.1 libblkid1-debuginfo-2.33.2-150100.4.27.1 libfdisk-devel-2.33.2-150100.4.27.1 libfdisk1-2.33.2-150100.4.27.1 libfdisk1-debuginfo-2.33.2-150100.4.27.1 libmount-devel-2.33.2-150100.4.27.1 libmount1-2.33.2-150100.4.27.1 libmount1-debuginfo-2.33.2-150100.4.27.1 libsmartcols-devel-2.33.2-150100.4.27.1 libsmartcols1-2.33.2-150100.4.27.1 libsmartcols1-debuginfo-2.33.2-150100.4.27.1 libuuid-devel-2.33.2-150100.4.27.1 libuuid-devel-static-2.33.2-150100.4.27.1 libuuid1-2.33.2-150100.4.27.1 libuuid1-debuginfo-2.33.2-150100.4.27.1 util-linux-2.33.2-150100.4.27.1 util-linux-debuginfo-2.33.2-150100.4.27.1 util-linux-debugsource-2.33.2-150100.4.27.1 util-linux-systemd-2.33.2-150100.4.27.1 util-linux-systemd-debuginfo-2.33.2-150100.4.27.1 util-linux-systemd-debugsource-2.33.2-150100.4.27.1 uuidd-2.33.2-150100.4.27.1 uuidd-debuginfo-2.33.2-150100.4.27.1 - SUSE Enterprise Storage 6 (x86_64): libblkid1-32bit-2.33.2-150100.4.27.1 libblkid1-32bit-debuginfo-2.33.2-150100.4.27.1 libmount1-32bit-2.33.2-150100.4.27.1 libmount1-32bit-debuginfo-2.33.2-150100.4.27.1 libuuid1-32bit-2.33.2-150100.4.27.1 libuuid1-32bit-debuginfo-2.33.2-150100.4.27.1 - SUSE Enterprise Storage 6 (noarch): util-linux-lang-2.33.2-150100.4.27.1 - SUSE CaaS Platform 4.0 (x86_64): libblkid-devel-2.33.2-150100.4.27.1 libblkid-devel-static-2.33.2-150100.4.27.1 libblkid1-2.33.2-150100.4.27.1 libblkid1-32bit-2.33.2-150100.4.27.1 libblkid1-32bit-debuginfo-2.33.2-150100.4.27.1 libblkid1-debuginfo-2.33.2-150100.4.27.1 libfdisk-devel-2.33.2-150100.4.27.1 libfdisk1-2.33.2-150100.4.27.1 libfdisk1-debuginfo-2.33.2-150100.4.27.1 libmount-devel-2.33.2-150100.4.27.1 libmount1-2.33.2-150100.4.27.1 libmount1-32bit-2.33.2-150100.4.27.1 libmount1-32bit-debuginfo-2.33.2-150100.4.27.1 libmount1-debuginfo-2.33.2-150100.4.27.1 libsmartcols-devel-2.33.2-150100.4.27.1 libsmartcols1-2.33.2-150100.4.27.1 libsmartcols1-debuginfo-2.33.2-150100.4.27.1 libuuid-devel-2.33.2-150100.4.27.1 libuuid-devel-static-2.33.2-150100.4.27.1 libuuid1-2.33.2-150100.4.27.1 libuuid1-32bit-2.33.2-150100.4.27.1 libuuid1-32bit-debuginfo-2.33.2-150100.4.27.1 libuuid1-debuginfo-2.33.2-150100.4.27.1 util-linux-2.33.2-150100.4.27.1 util-linux-debuginfo-2.33.2-150100.4.27.1 util-linux-debugsource-2.33.2-150100.4.27.1 util-linux-systemd-2.33.2-150100.4.27.1 util-linux-systemd-debuginfo-2.33.2-150100.4.27.1 util-linux-systemd-debugsource-2.33.2-150100.4.27.1 uuidd-2.33.2-150100.4.27.1 uuidd-debuginfo-2.33.2-150100.4.27.1 - SUSE CaaS Platform 4.0 (noarch): util-linux-lang-2.33.2-150100.4.27.1 References: https://bugzilla.suse.com/1201959 From sle-updates at lists.suse.com Mon Nov 14 20:22:46 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 14 Nov 2022 21:22:46 +0100 (CET) Subject: SUSE-RU-2022:3974-1: moderate: Recommended update for util-linux Message-ID: <20221114202246.1A607FDD4@maintenance.suse.de> SUSE Recommended Update: Recommended update for util-linux ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:3974-1 Rating: moderate References: #1201959 #1204211 PED-1150 Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Micro 5.3 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Module for Server Applications 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has two recommended fixes and contains one feature can now be installed. Description: This update for util-linux fixes the following issues: - Fix file conflict during upgrade (bsc#1204211) - libuuid improvements (bsc#1201959, PED-1150): libuuid: Fix range when parsing UUIDs. Improve cache handling for short running applications-increment the cache size over runtime. Implement continuous clock handling for time based UUIDs. Check clock value from clock file to provide seamless libuuid. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-3974=1 - SUSE Linux Enterprise Module for Server Applications 15-SP4: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP4-2022-3974=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-3974=1 - SUSE Linux Enterprise Micro 5.3: zypper in -t patch SUSE-SLE-Micro-5.3-2022-3974=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): libblkid-devel-2.37.2-150400.8.8.1 libblkid-devel-static-2.37.2-150400.8.8.1 libblkid1-2.37.2-150400.8.8.1 libblkid1-debuginfo-2.37.2-150400.8.8.1 libfdisk-devel-2.37.2-150400.8.8.1 libfdisk-devel-static-2.37.2-150400.8.8.1 libfdisk1-2.37.2-150400.8.8.1 libfdisk1-debuginfo-2.37.2-150400.8.8.1 libmount-devel-2.37.2-150400.8.8.1 libmount-devel-static-2.37.2-150400.8.8.1 libmount1-2.37.2-150400.8.8.1 libmount1-debuginfo-2.37.2-150400.8.8.1 libsmartcols-devel-2.37.2-150400.8.8.1 libsmartcols-devel-static-2.37.2-150400.8.8.1 libsmartcols1-2.37.2-150400.8.8.1 libsmartcols1-debuginfo-2.37.2-150400.8.8.1 libuuid-devel-2.37.2-150400.8.8.1 libuuid-devel-static-2.37.2-150400.8.8.1 libuuid1-2.37.2-150400.8.8.1 libuuid1-debuginfo-2.37.2-150400.8.8.1 python3-libmount-2.37.2-150400.8.8.1 python3-libmount-debuginfo-2.37.2-150400.8.8.1 python3-libmount-debugsource-2.37.2-150400.8.8.1 util-linux-2.37.2-150400.8.8.1 util-linux-debuginfo-2.37.2-150400.8.8.1 util-linux-debugsource-2.37.2-150400.8.8.1 util-linux-systemd-2.37.2-150400.8.8.1 util-linux-systemd-debuginfo-2.37.2-150400.8.8.1 util-linux-systemd-debugsource-2.37.2-150400.8.8.1 uuidd-2.37.2-150400.8.8.1 uuidd-debuginfo-2.37.2-150400.8.8.1 - openSUSE Leap 15.4 (x86_64): libblkid-devel-32bit-2.37.2-150400.8.8.1 libblkid1-32bit-2.37.2-150400.8.8.1 libblkid1-32bit-debuginfo-2.37.2-150400.8.8.1 libfdisk-devel-32bit-2.37.2-150400.8.8.1 libfdisk1-32bit-2.37.2-150400.8.8.1 libfdisk1-32bit-debuginfo-2.37.2-150400.8.8.1 libmount-devel-32bit-2.37.2-150400.8.8.1 libmount1-32bit-2.37.2-150400.8.8.1 libmount1-32bit-debuginfo-2.37.2-150400.8.8.1 libsmartcols-devel-32bit-2.37.2-150400.8.8.1 libsmartcols1-32bit-2.37.2-150400.8.8.1 libsmartcols1-32bit-debuginfo-2.37.2-150400.8.8.1 libuuid-devel-32bit-2.37.2-150400.8.8.1 libuuid1-32bit-2.37.2-150400.8.8.1 libuuid1-32bit-debuginfo-2.37.2-150400.8.8.1 - openSUSE Leap 15.4 (noarch): util-linux-lang-2.37.2-150400.8.8.1 - SUSE Linux Enterprise Module for Server Applications 15-SP4 (aarch64 ppc64le s390x x86_64): util-linux-systemd-debuginfo-2.37.2-150400.8.8.1 util-linux-systemd-debugsource-2.37.2-150400.8.8.1 uuidd-2.37.2-150400.8.8.1 uuidd-debuginfo-2.37.2-150400.8.8.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): libblkid-devel-2.37.2-150400.8.8.1 libblkid-devel-static-2.37.2-150400.8.8.1 libblkid1-2.37.2-150400.8.8.1 libblkid1-debuginfo-2.37.2-150400.8.8.1 libfdisk-devel-2.37.2-150400.8.8.1 libfdisk1-2.37.2-150400.8.8.1 libfdisk1-debuginfo-2.37.2-150400.8.8.1 libmount-devel-2.37.2-150400.8.8.1 libmount1-2.37.2-150400.8.8.1 libmount1-debuginfo-2.37.2-150400.8.8.1 libsmartcols-devel-2.37.2-150400.8.8.1 libsmartcols1-2.37.2-150400.8.8.1 libsmartcols1-debuginfo-2.37.2-150400.8.8.1 libuuid-devel-2.37.2-150400.8.8.1 libuuid-devel-static-2.37.2-150400.8.8.1 libuuid1-2.37.2-150400.8.8.1 libuuid1-debuginfo-2.37.2-150400.8.8.1 util-linux-2.37.2-150400.8.8.1 util-linux-debuginfo-2.37.2-150400.8.8.1 util-linux-debugsource-2.37.2-150400.8.8.1 util-linux-systemd-2.37.2-150400.8.8.1 util-linux-systemd-debuginfo-2.37.2-150400.8.8.1 util-linux-systemd-debugsource-2.37.2-150400.8.8.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (x86_64): libblkid1-32bit-2.37.2-150400.8.8.1 libblkid1-32bit-debuginfo-2.37.2-150400.8.8.1 libmount1-32bit-2.37.2-150400.8.8.1 libmount1-32bit-debuginfo-2.37.2-150400.8.8.1 libuuid1-32bit-2.37.2-150400.8.8.1 libuuid1-32bit-debuginfo-2.37.2-150400.8.8.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (noarch): util-linux-lang-2.37.2-150400.8.8.1 - SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64): libblkid1-2.37.2-150400.8.8.1 libblkid1-debuginfo-2.37.2-150400.8.8.1 libfdisk1-2.37.2-150400.8.8.1 libfdisk1-debuginfo-2.37.2-150400.8.8.1 libmount1-2.37.2-150400.8.8.1 libmount1-debuginfo-2.37.2-150400.8.8.1 libsmartcols1-2.37.2-150400.8.8.1 libsmartcols1-debuginfo-2.37.2-150400.8.8.1 libuuid1-2.37.2-150400.8.8.1 libuuid1-debuginfo-2.37.2-150400.8.8.1 util-linux-2.37.2-150400.8.8.1 util-linux-debuginfo-2.37.2-150400.8.8.1 util-linux-debugsource-2.37.2-150400.8.8.1 util-linux-systemd-2.37.2-150400.8.8.1 util-linux-systemd-debuginfo-2.37.2-150400.8.8.1 util-linux-systemd-debugsource-2.37.2-150400.8.8.1 References: https://bugzilla.suse.com/1201959 https://bugzilla.suse.com/1204211 From sle-updates at lists.suse.com Mon Nov 14 20:23:45 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 14 Nov 2022 21:23:45 +0100 (CET) Subject: SUSE-RU-2022:3973-1: moderate: Recommended update for util-linux Message-ID: <20221114202345.C074EFDD4@maintenance.suse.de> SUSE Recommended Update: Recommended update for util-linux ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:3973-1 Rating: moderate References: #1201959 #1204211 PED-1150 Affected Products: SUSE Enterprise Storage 7.1 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Server Applications 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 openSUSE Leap Micro 5.2 ______________________________________________________________________________ An update that has two recommended fixes and contains one feature can now be installed. Description: This update for util-linux fixes the following issues: - Fix file conflict during upgrade (bsc#1204211) - libuuid improvements (bsc#1201959, PED-1150): libuuid: Fix range when parsing UUIDs. Improve cache handling for short running applications-increment the cache size over runtime. Implement continuous clock handling for time based UUIDs. Check clock value from clock file to provide seamless libuuid. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap Micro 5.2: zypper in -t patch openSUSE-Leap-Micro-5.2-2022-3973=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-3973=1 - SUSE Linux Enterprise Module for Server Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP3-2022-3973=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-3973=1 - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-3973=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-3973=1 Package List: - openSUSE Leap Micro 5.2 (aarch64 x86_64): libblkid1-2.36.2-150300.4.28.1 libblkid1-debuginfo-2.36.2-150300.4.28.1 libfdisk1-2.36.2-150300.4.28.1 libfdisk1-debuginfo-2.36.2-150300.4.28.1 libmount1-2.36.2-150300.4.28.1 libmount1-debuginfo-2.36.2-150300.4.28.1 libsmartcols1-2.36.2-150300.4.28.1 libsmartcols1-debuginfo-2.36.2-150300.4.28.1 libuuid1-2.36.2-150300.4.28.1 libuuid1-debuginfo-2.36.2-150300.4.28.1 util-linux-2.36.2-150300.4.28.1 util-linux-debuginfo-2.36.2-150300.4.28.1 util-linux-debugsource-2.36.2-150300.4.28.1 util-linux-systemd-2.36.2-150300.4.28.1 util-linux-systemd-debuginfo-2.36.2-150300.4.28.1 util-linux-systemd-debugsource-2.36.2-150300.4.28.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): libblkid-devel-2.36.2-150300.4.28.1 libblkid-devel-static-2.36.2-150300.4.28.1 libblkid1-2.36.2-150300.4.28.1 libblkid1-debuginfo-2.36.2-150300.4.28.1 libfdisk-devel-2.36.2-150300.4.28.1 libfdisk-devel-static-2.36.2-150300.4.28.1 libfdisk1-2.36.2-150300.4.28.1 libfdisk1-debuginfo-2.36.2-150300.4.28.1 libmount-devel-2.36.2-150300.4.28.1 libmount-devel-static-2.36.2-150300.4.28.1 libmount1-2.36.2-150300.4.28.1 libmount1-debuginfo-2.36.2-150300.4.28.1 libsmartcols-devel-2.36.2-150300.4.28.1 libsmartcols-devel-static-2.36.2-150300.4.28.1 libsmartcols1-2.36.2-150300.4.28.1 libsmartcols1-debuginfo-2.36.2-150300.4.28.1 libuuid-devel-2.36.2-150300.4.28.1 libuuid-devel-static-2.36.2-150300.4.28.1 libuuid1-2.36.2-150300.4.28.1 libuuid1-debuginfo-2.36.2-150300.4.28.1 python3-libmount-2.36.2-150300.4.28.1 python3-libmount-debuginfo-2.36.2-150300.4.28.1 python3-libmount-debugsource-2.36.2-150300.4.28.1 util-linux-2.36.2-150300.4.28.1 util-linux-debuginfo-2.36.2-150300.4.28.1 util-linux-debugsource-2.36.2-150300.4.28.1 util-linux-systemd-2.36.2-150300.4.28.1 util-linux-systemd-debuginfo-2.36.2-150300.4.28.1 util-linux-systemd-debugsource-2.36.2-150300.4.28.1 uuidd-2.36.2-150300.4.28.1 uuidd-debuginfo-2.36.2-150300.4.28.1 - openSUSE Leap 15.3 (noarch): util-linux-lang-2.36.2-150300.4.28.1 - openSUSE Leap 15.3 (x86_64): libblkid-devel-32bit-2.36.2-150300.4.28.1 libblkid1-32bit-2.36.2-150300.4.28.1 libblkid1-32bit-debuginfo-2.36.2-150300.4.28.1 libfdisk-devel-32bit-2.36.2-150300.4.28.1 libfdisk1-32bit-2.36.2-150300.4.28.1 libfdisk1-32bit-debuginfo-2.36.2-150300.4.28.1 libmount-devel-32bit-2.36.2-150300.4.28.1 libmount1-32bit-2.36.2-150300.4.28.1 libmount1-32bit-debuginfo-2.36.2-150300.4.28.1 libsmartcols-devel-32bit-2.36.2-150300.4.28.1 libsmartcols1-32bit-2.36.2-150300.4.28.1 libsmartcols1-32bit-debuginfo-2.36.2-150300.4.28.1 libuuid-devel-32bit-2.36.2-150300.4.28.1 libuuid1-32bit-2.36.2-150300.4.28.1 libuuid1-32bit-debuginfo-2.36.2-150300.4.28.1 - SUSE Linux Enterprise Module for Server Applications 15-SP3 (aarch64 ppc64le s390x x86_64): util-linux-systemd-debuginfo-2.36.2-150300.4.28.1 util-linux-systemd-debugsource-2.36.2-150300.4.28.1 uuidd-2.36.2-150300.4.28.1 uuidd-debuginfo-2.36.2-150300.4.28.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): libblkid-devel-2.36.2-150300.4.28.1 libblkid-devel-static-2.36.2-150300.4.28.1 libblkid1-2.36.2-150300.4.28.1 libblkid1-debuginfo-2.36.2-150300.4.28.1 libfdisk-devel-2.36.2-150300.4.28.1 libfdisk1-2.36.2-150300.4.28.1 libfdisk1-debuginfo-2.36.2-150300.4.28.1 libmount-devel-2.36.2-150300.4.28.1 libmount1-2.36.2-150300.4.28.1 libmount1-debuginfo-2.36.2-150300.4.28.1 libsmartcols-devel-2.36.2-150300.4.28.1 libsmartcols1-2.36.2-150300.4.28.1 libsmartcols1-debuginfo-2.36.2-150300.4.28.1 libuuid-devel-2.36.2-150300.4.28.1 libuuid-devel-static-2.36.2-150300.4.28.1 libuuid1-2.36.2-150300.4.28.1 libuuid1-debuginfo-2.36.2-150300.4.28.1 util-linux-2.36.2-150300.4.28.1 util-linux-debuginfo-2.36.2-150300.4.28.1 util-linux-debugsource-2.36.2-150300.4.28.1 util-linux-systemd-2.36.2-150300.4.28.1 util-linux-systemd-debuginfo-2.36.2-150300.4.28.1 util-linux-systemd-debugsource-2.36.2-150300.4.28.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch): util-linux-lang-2.36.2-150300.4.28.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (x86_64): libblkid1-32bit-2.36.2-150300.4.28.1 libblkid1-32bit-debuginfo-2.36.2-150300.4.28.1 libmount1-32bit-2.36.2-150300.4.28.1 libmount1-32bit-debuginfo-2.36.2-150300.4.28.1 libuuid1-32bit-2.36.2-150300.4.28.1 libuuid1-32bit-debuginfo-2.36.2-150300.4.28.1 - SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64): libblkid1-2.36.2-150300.4.28.1 libblkid1-debuginfo-2.36.2-150300.4.28.1 libfdisk1-2.36.2-150300.4.28.1 libfdisk1-debuginfo-2.36.2-150300.4.28.1 libmount1-2.36.2-150300.4.28.1 libmount1-debuginfo-2.36.2-150300.4.28.1 libsmartcols1-2.36.2-150300.4.28.1 libsmartcols1-debuginfo-2.36.2-150300.4.28.1 libuuid1-2.36.2-150300.4.28.1 libuuid1-debuginfo-2.36.2-150300.4.28.1 util-linux-2.36.2-150300.4.28.1 util-linux-debuginfo-2.36.2-150300.4.28.1 util-linux-debugsource-2.36.2-150300.4.28.1 util-linux-systemd-2.36.2-150300.4.28.1 util-linux-systemd-debuginfo-2.36.2-150300.4.28.1 util-linux-systemd-debugsource-2.36.2-150300.4.28.1 - SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64): libblkid1-2.36.2-150300.4.28.1 libblkid1-debuginfo-2.36.2-150300.4.28.1 libfdisk1-2.36.2-150300.4.28.1 libfdisk1-debuginfo-2.36.2-150300.4.28.1 libmount1-2.36.2-150300.4.28.1 libmount1-debuginfo-2.36.2-150300.4.28.1 libsmartcols1-2.36.2-150300.4.28.1 libsmartcols1-debuginfo-2.36.2-150300.4.28.1 libuuid1-2.36.2-150300.4.28.1 libuuid1-debuginfo-2.36.2-150300.4.28.1 util-linux-2.36.2-150300.4.28.1 util-linux-debuginfo-2.36.2-150300.4.28.1 util-linux-debugsource-2.36.2-150300.4.28.1 util-linux-systemd-2.36.2-150300.4.28.1 util-linux-systemd-debuginfo-2.36.2-150300.4.28.1 util-linux-systemd-debugsource-2.36.2-150300.4.28.1 References: https://bugzilla.suse.com/1201959 https://bugzilla.suse.com/1204211 From sle-updates at lists.suse.com Mon Nov 14 23:19:45 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 15 Nov 2022 00:19:45 +0100 (CET) Subject: SUSE-SU-2022:3976-1: important: Security update for the Linux Kernel (Live Patch 3 for SLE 15 SP4) Message-ID: <20221114231945.05E99FDD4@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 3 for SLE 15 SP4) ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3976-1 Rating: important References: #1204289 Cross-References: CVE-2022-42722 CVSS scores: CVE-2022-42722 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-42722 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Live Patching 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for the Linux Kernel 5.14.21-150400_24_21 fixes one issue. The following security issue was fixed: - CVE-2022-42722: Fixed crash in beacon protection for P2P-device. (bsc#1204125) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Live Patching 15-SP4: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2022-3976=1 Package List: - SUSE Linux Enterprise Module for Live Patching 15-SP4 (ppc64le s390x x86_64): kernel-livepatch-5_14_21-150400_24_21-default-4-150400.2.1 kernel-livepatch-5_14_21-150400_24_21-default-debuginfo-4-150400.2.1 kernel-livepatch-SLE15-SP4_Update_3-debugsource-4-150400.2.1 References: https://www.suse.com/security/cve/CVE-2022-42722.html https://bugzilla.suse.com/1204289 From sle-updates at lists.suse.com Tue Nov 15 08:36:02 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 15 Nov 2022 09:36:02 +0100 (CET) Subject: SUSE-CU-2022:2974-1: Security update of suse/sles12sp5 Message-ID: <20221115083602.9178DFD9D@maintenance.suse.de> SUSE Container Update Advisory: suse/sles12sp5 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2974-1 Container Tags : suse/sles12sp5:6.5.400 , suse/sles12sp5:latest Container Release : 6.5.400 Severity : important Type : security References : 1183543 1183545 1183632 1183659 1185299 1193625 1196852 1203652 996280 CVE-2015-8985 CVE-2021-20266 CVE-2021-20271 CVE-2021-3421 ----------------------------------------------------------------- The container suse/sles12sp5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3939-1 Released: Thu Nov 10 14:32:05 2022 Summary: Security update for rpm Type: security Severity: moderate References: 1183543,1183545,1183632,1183659,1185299,996280,CVE-2021-20266,CVE-2021-20271,CVE-2021-3421 This update for rpm fixes the following issues: - Fixed PGP parsing bugs (bsc#1185299). - Fixed various format handling bugs (bsc#996280). - CVE-2021-3421: Fixed vulnerability where unsigned headers could be injected into the rpm database (bsc#1183543). - CVE-2021-20271: Fixed vulnerability where a corrupted rpm could corrupt the rpm database (bsc#1183545). - CVE-2021-20266: Fixed missing bounds check in hdrblobInit (bsc#1183632). Bugfixes: - Fixed deadlock when multiple rpm processes tried to acquire the database lock (bsc#1183659). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3942-1 Released: Thu Nov 10 15:58:47 2022 Summary: Security update for glibc Type: security Severity: moderate References: 1193625,1196852,CVE-2015-8985 This update for glibc fixes the following issues: - CVE-2015-8985: Fixed assertion failure in pop_fail_stack when executing a malformed regexp (bsc#1193625) - x86: fix stack alignment in pthread_cond_[timed]wait (bsc#1196852) - Recognize ppc64p7 arch to build for power7 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3962-1 Released: Mon Nov 14 07:34:23 2022 Summary: Recommended update for zlib Type: recommended Severity: important References: 1203652 This update for zlib fixes the following issues: - Fix updating strm.adler with inflate() if DFLTCC is used (bsc#1203652) The following package changes have been done: - glibc-2.22-114.22.1 updated - libz1-1.2.11-11.25.1 updated - rpm-4.11.2-16.26.1 updated From sle-updates at lists.suse.com Tue Nov 15 08:38:05 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 15 Nov 2022 09:38:05 +0100 (CET) Subject: SUSE-CU-2022:2975-1: Recommended update of bci/dotnet-aspnet Message-ID: <20221115083805.4E6E7FD9D@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-aspnet ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2975-1 Container Tags : bci/dotnet-aspnet:3.1 , bci/dotnet-aspnet:3.1-42.25 , bci/dotnet-aspnet:3.1.30 , bci/dotnet-aspnet:3.1.30-42.25 Container Release : 42.25 Severity : important Type : recommended References : 1201959 1203652 1204211 ----------------------------------------------------------------- The container bci/dotnet-aspnet was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3961-1 Released: Mon Nov 14 07:33:50 2022 Summary: Recommended update for zlib Type: recommended Severity: important References: 1203652 This update for zlib fixes the following issues: - Fix updating strm.adler with inflate() if DFLTCC is used (bsc#1203652) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3974-1 Released: Mon Nov 14 15:39:20 2022 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1201959,1204211 This update for util-linux fixes the following issues: - Fix file conflict during upgrade (bsc#1204211) - libuuid improvements (bsc#1201959, PED-1150): libuuid: Fix range when parsing UUIDs. Improve cache handling for short running applications-increment the cache size over runtime. Implement continuous clock handling for time based UUIDs. Check clock value from clock file to provide seamless libuuid. The following package changes have been done: - libuuid1-2.37.2-150400.8.8.1 updated - libsmartcols1-2.37.2-150400.8.8.1 updated - libblkid1-2.37.2-150400.8.8.1 updated - libfdisk1-2.37.2-150400.8.8.1 updated - libz1-1.2.11-150000.3.36.1 updated - libmount1-2.37.2-150400.8.8.1 updated - util-linux-2.37.2-150400.8.8.1 updated - container:sles15-image-15.0.0-27.14.12 updated From sle-updates at lists.suse.com Tue Nov 15 08:39:28 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 15 Nov 2022 09:39:28 +0100 (CET) Subject: SUSE-CU-2022:2976-1: Recommended update of bci/dotnet-aspnet Message-ID: <20221115083928.D336CFD9D@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-aspnet ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2976-1 Container Tags : bci/dotnet-aspnet:5.0 , bci/dotnet-aspnet:5.0-27.40 , bci/dotnet-aspnet:5.0.17 , bci/dotnet-aspnet:5.0.17-27.40 Container Release : 27.40 Severity : important Type : recommended References : 1201959 1203652 1204211 ----------------------------------------------------------------- The container bci/dotnet-aspnet was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3961-1 Released: Mon Nov 14 07:33:50 2022 Summary: Recommended update for zlib Type: recommended Severity: important References: 1203652 This update for zlib fixes the following issues: - Fix updating strm.adler with inflate() if DFLTCC is used (bsc#1203652) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3974-1 Released: Mon Nov 14 15:39:20 2022 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1201959,1204211 This update for util-linux fixes the following issues: - Fix file conflict during upgrade (bsc#1204211) - libuuid improvements (bsc#1201959, PED-1150): libuuid: Fix range when parsing UUIDs. Improve cache handling for short running applications-increment the cache size over runtime. Implement continuous clock handling for time based UUIDs. Check clock value from clock file to provide seamless libuuid. The following package changes have been done: - libuuid1-2.37.2-150400.8.8.1 updated - libsmartcols1-2.37.2-150400.8.8.1 updated - libblkid1-2.37.2-150400.8.8.1 updated - libfdisk1-2.37.2-150400.8.8.1 updated - libz1-1.2.11-150000.3.36.1 updated - libmount1-2.37.2-150400.8.8.1 updated - util-linux-2.37.2-150400.8.8.1 updated - container:sles15-image-15.0.0-27.14.12 updated From sle-updates at lists.suse.com Tue Nov 15 08:41:00 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 15 Nov 2022 09:41:00 +0100 (CET) Subject: SUSE-CU-2022:2977-1: Recommended update of bci/dotnet-aspnet Message-ID: <20221115084100.2E170FD9D@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-aspnet ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2977-1 Container Tags : bci/dotnet-aspnet:6.0 , bci/dotnet-aspnet:6.0-22.40 , bci/dotnet-aspnet:6.0.9 , bci/dotnet-aspnet:6.0.9-22.40 Container Release : 22.40 Severity : important Type : recommended References : 1201959 1203652 1204211 ----------------------------------------------------------------- The container bci/dotnet-aspnet was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3961-1 Released: Mon Nov 14 07:33:50 2022 Summary: Recommended update for zlib Type: recommended Severity: important References: 1203652 This update for zlib fixes the following issues: - Fix updating strm.adler with inflate() if DFLTCC is used (bsc#1203652) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3974-1 Released: Mon Nov 14 15:39:20 2022 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1201959,1204211 This update for util-linux fixes the following issues: - Fix file conflict during upgrade (bsc#1204211) - libuuid improvements (bsc#1201959, PED-1150): libuuid: Fix range when parsing UUIDs. Improve cache handling for short running applications-increment the cache size over runtime. Implement continuous clock handling for time based UUIDs. Check clock value from clock file to provide seamless libuuid. The following package changes have been done: - libuuid1-2.37.2-150400.8.8.1 updated - libsmartcols1-2.37.2-150400.8.8.1 updated - libblkid1-2.37.2-150400.8.8.1 updated - libfdisk1-2.37.2-150400.8.8.1 updated - libz1-1.2.11-150000.3.36.1 updated - libmount1-2.37.2-150400.8.8.1 updated - util-linux-2.37.2-150400.8.8.1 updated - container:sles15-image-15.0.0-27.14.12 updated From sle-updates at lists.suse.com Tue Nov 15 08:42:45 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 15 Nov 2022 09:42:45 +0100 (CET) Subject: SUSE-CU-2022:2978-1: Recommended update of bci/dotnet-sdk Message-ID: <20221115084245.389E7FD9D@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-sdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2978-1 Container Tags : bci/dotnet-sdk:3.1 , bci/dotnet-sdk:3.1-47.23 , bci/dotnet-sdk:3.1.30 , bci/dotnet-sdk:3.1.30-47.23 Container Release : 47.23 Severity : important Type : recommended References : 1201959 1203652 1204211 ----------------------------------------------------------------- The container bci/dotnet-sdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3961-1 Released: Mon Nov 14 07:33:50 2022 Summary: Recommended update for zlib Type: recommended Severity: important References: 1203652 This update for zlib fixes the following issues: - Fix updating strm.adler with inflate() if DFLTCC is used (bsc#1203652) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3974-1 Released: Mon Nov 14 15:39:20 2022 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1201959,1204211 This update for util-linux fixes the following issues: - Fix file conflict during upgrade (bsc#1204211) - libuuid improvements (bsc#1201959, PED-1150): libuuid: Fix range when parsing UUIDs. Improve cache handling for short running applications-increment the cache size over runtime. Implement continuous clock handling for time based UUIDs. Check clock value from clock file to provide seamless libuuid. The following package changes have been done: - libuuid1-2.37.2-150400.8.8.1 updated - libsmartcols1-2.37.2-150400.8.8.1 updated - libblkid1-2.37.2-150400.8.8.1 updated - libfdisk1-2.37.2-150400.8.8.1 updated - libz1-1.2.11-150000.3.36.1 updated - libmount1-2.37.2-150400.8.8.1 updated - util-linux-2.37.2-150400.8.8.1 updated - container:sles15-image-15.0.0-27.14.12 updated From sle-updates at lists.suse.com Tue Nov 15 08:44:21 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 15 Nov 2022 09:44:21 +0100 (CET) Subject: SUSE-CU-2022:2979-1: Recommended update of bci/dotnet-sdk Message-ID: <20221115084421.EFFEEFD9D@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-sdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2979-1 Container Tags : bci/dotnet-sdk:5.0 , bci/dotnet-sdk:5.0-35.39 , bci/dotnet-sdk:5.0.17 , bci/dotnet-sdk:5.0.17-35.39 Container Release : 35.39 Severity : important Type : recommended References : 1201959 1203652 1204211 ----------------------------------------------------------------- The container bci/dotnet-sdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3961-1 Released: Mon Nov 14 07:33:50 2022 Summary: Recommended update for zlib Type: recommended Severity: important References: 1203652 This update for zlib fixes the following issues: - Fix updating strm.adler with inflate() if DFLTCC is used (bsc#1203652) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3974-1 Released: Mon Nov 14 15:39:20 2022 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1201959,1204211 This update for util-linux fixes the following issues: - Fix file conflict during upgrade (bsc#1204211) - libuuid improvements (bsc#1201959, PED-1150): libuuid: Fix range when parsing UUIDs. Improve cache handling for short running applications-increment the cache size over runtime. Implement continuous clock handling for time based UUIDs. Check clock value from clock file to provide seamless libuuid. The following package changes have been done: - libuuid1-2.37.2-150400.8.8.1 updated - libsmartcols1-2.37.2-150400.8.8.1 updated - libblkid1-2.37.2-150400.8.8.1 updated - libfdisk1-2.37.2-150400.8.8.1 updated - libz1-1.2.11-150000.3.36.1 updated - libmount1-2.37.2-150400.8.8.1 updated - util-linux-2.37.2-150400.8.8.1 updated - container:sles15-image-15.0.0-27.14.12 updated From sle-updates at lists.suse.com Tue Nov 15 08:46:12 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 15 Nov 2022 09:46:12 +0100 (CET) Subject: SUSE-CU-2022:2980-1: Recommended update of bci/dotnet-sdk Message-ID: <20221115084612.C5DD1FD9D@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-sdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2980-1 Container Tags : bci/dotnet-sdk:6.0 , bci/dotnet-sdk:6.0-24.39 , bci/dotnet-sdk:6.0.9 , bci/dotnet-sdk:6.0.9-24.39 Container Release : 24.39 Severity : important Type : recommended References : 1201959 1203652 1204211 ----------------------------------------------------------------- The container bci/dotnet-sdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3961-1 Released: Mon Nov 14 07:33:50 2022 Summary: Recommended update for zlib Type: recommended Severity: important References: 1203652 This update for zlib fixes the following issues: - Fix updating strm.adler with inflate() if DFLTCC is used (bsc#1203652) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3974-1 Released: Mon Nov 14 15:39:20 2022 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1201959,1204211 This update for util-linux fixes the following issues: - Fix file conflict during upgrade (bsc#1204211) - libuuid improvements (bsc#1201959, PED-1150): libuuid: Fix range when parsing UUIDs. Improve cache handling for short running applications-increment the cache size over runtime. Implement continuous clock handling for time based UUIDs. Check clock value from clock file to provide seamless libuuid. The following package changes have been done: - libuuid1-2.37.2-150400.8.8.1 updated - libsmartcols1-2.37.2-150400.8.8.1 updated - libblkid1-2.37.2-150400.8.8.1 updated - libfdisk1-2.37.2-150400.8.8.1 updated - libz1-1.2.11-150000.3.36.1 updated - libmount1-2.37.2-150400.8.8.1 updated - util-linux-2.37.2-150400.8.8.1 updated - container:sles15-image-15.0.0-27.14.12 updated From sle-updates at lists.suse.com Tue Nov 15 08:47:56 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 15 Nov 2022 09:47:56 +0100 (CET) Subject: SUSE-CU-2022:2981-1: Recommended update of bci/dotnet-runtime Message-ID: <20221115084756.222B9FD9D@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-runtime ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2981-1 Container Tags : bci/dotnet-runtime:3.1 , bci/dotnet-runtime:3.1-48.23 , bci/dotnet-runtime:3.1.30 , bci/dotnet-runtime:3.1.30-48.23 Container Release : 48.23 Severity : important Type : recommended References : 1201959 1203652 1204211 ----------------------------------------------------------------- The container bci/dotnet-runtime was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3961-1 Released: Mon Nov 14 07:33:50 2022 Summary: Recommended update for zlib Type: recommended Severity: important References: 1203652 This update for zlib fixes the following issues: - Fix updating strm.adler with inflate() if DFLTCC is used (bsc#1203652) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3974-1 Released: Mon Nov 14 15:39:20 2022 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1201959,1204211 This update for util-linux fixes the following issues: - Fix file conflict during upgrade (bsc#1204211) - libuuid improvements (bsc#1201959, PED-1150): libuuid: Fix range when parsing UUIDs. Improve cache handling for short running applications-increment the cache size over runtime. Implement continuous clock handling for time based UUIDs. Check clock value from clock file to provide seamless libuuid. The following package changes have been done: - libuuid1-2.37.2-150400.8.8.1 updated - libsmartcols1-2.37.2-150400.8.8.1 updated - libblkid1-2.37.2-150400.8.8.1 updated - libfdisk1-2.37.2-150400.8.8.1 updated - libz1-1.2.11-150000.3.36.1 updated - libmount1-2.37.2-150400.8.8.1 updated - util-linux-2.37.2-150400.8.8.1 updated - container:sles15-image-15.0.0-27.14.12 updated From sle-updates at lists.suse.com Tue Nov 15 08:49:33 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 15 Nov 2022 09:49:33 +0100 (CET) Subject: SUSE-CU-2022:2982-1: Recommended update of bci/dotnet-runtime Message-ID: <20221115084933.5E7C7FD9D@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-runtime ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2982-1 Container Tags : bci/dotnet-runtime:5.0 , bci/dotnet-runtime:5.0-34.39 , bci/dotnet-runtime:5.0.17 , bci/dotnet-runtime:5.0.17-34.39 Container Release : 34.39 Severity : important Type : recommended References : 1201959 1203652 1204211 ----------------------------------------------------------------- The container bci/dotnet-runtime was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3961-1 Released: Mon Nov 14 07:33:50 2022 Summary: Recommended update for zlib Type: recommended Severity: important References: 1203652 This update for zlib fixes the following issues: - Fix updating strm.adler with inflate() if DFLTCC is used (bsc#1203652) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3974-1 Released: Mon Nov 14 15:39:20 2022 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1201959,1204211 This update for util-linux fixes the following issues: - Fix file conflict during upgrade (bsc#1204211) - libuuid improvements (bsc#1201959, PED-1150): libuuid: Fix range when parsing UUIDs. Improve cache handling for short running applications-increment the cache size over runtime. Implement continuous clock handling for time based UUIDs. Check clock value from clock file to provide seamless libuuid. The following package changes have been done: - libuuid1-2.37.2-150400.8.8.1 updated - libsmartcols1-2.37.2-150400.8.8.1 updated - libblkid1-2.37.2-150400.8.8.1 updated - libfdisk1-2.37.2-150400.8.8.1 updated - libz1-1.2.11-150000.3.36.1 updated - libmount1-2.37.2-150400.8.8.1 updated - util-linux-2.37.2-150400.8.8.1 updated - container:sles15-image-15.0.0-27.14.12 updated From sle-updates at lists.suse.com Tue Nov 15 08:51:01 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 15 Nov 2022 09:51:01 +0100 (CET) Subject: SUSE-CU-2022:2983-1: Recommended update of bci/dotnet-runtime Message-ID: <20221115085101.87F0AFD9D@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-runtime ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2983-1 Container Tags : bci/dotnet-runtime:6.0 , bci/dotnet-runtime:6.0-21.39 , bci/dotnet-runtime:6.0.9 , bci/dotnet-runtime:6.0.9-21.39 Container Release : 21.39 Severity : important Type : recommended References : 1201959 1203652 1204211 ----------------------------------------------------------------- The container bci/dotnet-runtime was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3961-1 Released: Mon Nov 14 07:33:50 2022 Summary: Recommended update for zlib Type: recommended Severity: important References: 1203652 This update for zlib fixes the following issues: - Fix updating strm.adler with inflate() if DFLTCC is used (bsc#1203652) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3974-1 Released: Mon Nov 14 15:39:20 2022 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1201959,1204211 This update for util-linux fixes the following issues: - Fix file conflict during upgrade (bsc#1204211) - libuuid improvements (bsc#1201959, PED-1150): libuuid: Fix range when parsing UUIDs. Improve cache handling for short running applications-increment the cache size over runtime. Implement continuous clock handling for time based UUIDs. Check clock value from clock file to provide seamless libuuid. The following package changes have been done: - libuuid1-2.37.2-150400.8.8.1 updated - libsmartcols1-2.37.2-150400.8.8.1 updated - libblkid1-2.37.2-150400.8.8.1 updated - libfdisk1-2.37.2-150400.8.8.1 updated - libz1-1.2.11-150000.3.36.1 updated - libmount1-2.37.2-150400.8.8.1 updated - util-linux-2.37.2-150400.8.8.1 updated - container:sles15-image-15.0.0-27.14.12 updated From sle-updates at lists.suse.com Tue Nov 15 08:53:40 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 15 Nov 2022 09:53:40 +0100 (CET) Subject: SUSE-CU-2022:2984-1: Recommended update of bci/golang Message-ID: <20221115085340.58FDAFD9D@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2984-1 Container Tags : bci/golang:1.16 , bci/golang:1.16-30.81 Container Release : 30.81 Severity : important Type : recommended References : 1201959 1203652 1204211 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3961-1 Released: Mon Nov 14 07:33:50 2022 Summary: Recommended update for zlib Type: recommended Severity: important References: 1203652 This update for zlib fixes the following issues: - Fix updating strm.adler with inflate() if DFLTCC is used (bsc#1203652) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3974-1 Released: Mon Nov 14 15:39:20 2022 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1201959,1204211 This update for util-linux fixes the following issues: - Fix file conflict during upgrade (bsc#1204211) - libuuid improvements (bsc#1201959, PED-1150): libuuid: Fix range when parsing UUIDs. Improve cache handling for short running applications-increment the cache size over runtime. Implement continuous clock handling for time based UUIDs. Check clock value from clock file to provide seamless libuuid. The following package changes have been done: - libuuid1-2.37.2-150400.8.8.1 updated - libsmartcols1-2.37.2-150400.8.8.1 updated - libblkid1-2.37.2-150400.8.8.1 updated - libfdisk1-2.37.2-150400.8.8.1 updated - libz1-1.2.11-150000.3.36.1 updated - libmount1-2.37.2-150400.8.8.1 updated - util-linux-2.37.2-150400.8.8.1 updated - container:sles15-image-15.0.0-27.14.12 updated From sle-updates at lists.suse.com Tue Nov 15 08:56:20 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 15 Nov 2022 09:56:20 +0100 (CET) Subject: SUSE-CU-2022:2985-1: Recommended update of bci/golang Message-ID: <20221115085620.A21CEFD9D@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2985-1 Container Tags : bci/golang:1.17 , bci/golang:1.17-29.81 Container Release : 29.81 Severity : important Type : recommended References : 1201959 1203652 1204211 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3961-1 Released: Mon Nov 14 07:33:50 2022 Summary: Recommended update for zlib Type: recommended Severity: important References: 1203652 This update for zlib fixes the following issues: - Fix updating strm.adler with inflate() if DFLTCC is used (bsc#1203652) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3974-1 Released: Mon Nov 14 15:39:20 2022 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1201959,1204211 This update for util-linux fixes the following issues: - Fix file conflict during upgrade (bsc#1204211) - libuuid improvements (bsc#1201959, PED-1150): libuuid: Fix range when parsing UUIDs. Improve cache handling for short running applications-increment the cache size over runtime. Implement continuous clock handling for time based UUIDs. Check clock value from clock file to provide seamless libuuid. The following package changes have been done: - libuuid1-2.37.2-150400.8.8.1 updated - libsmartcols1-2.37.2-150400.8.8.1 updated - libblkid1-2.37.2-150400.8.8.1 updated - libfdisk1-2.37.2-150400.8.8.1 updated - libz1-1.2.11-150000.3.36.1 updated - libmount1-2.37.2-150400.8.8.1 updated - util-linux-2.37.2-150400.8.8.1 updated - container:sles15-image-15.0.0-27.14.12 updated From sle-updates at lists.suse.com Tue Nov 15 08:58:34 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 15 Nov 2022 09:58:34 +0100 (CET) Subject: SUSE-CU-2022:2986-1: Recommended update of bci/golang Message-ID: <20221115085834.0D815FD9D@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2986-1 Container Tags : bci/golang:1.18 , bci/golang:1.18-18.27 Container Release : 18.27 Severity : important Type : recommended References : 1201959 1203652 1204211 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3961-1 Released: Mon Nov 14 07:33:50 2022 Summary: Recommended update for zlib Type: recommended Severity: important References: 1203652 This update for zlib fixes the following issues: - Fix updating strm.adler with inflate() if DFLTCC is used (bsc#1203652) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3974-1 Released: Mon Nov 14 15:39:20 2022 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1201959,1204211 This update for util-linux fixes the following issues: - Fix file conflict during upgrade (bsc#1204211) - libuuid improvements (bsc#1201959, PED-1150): libuuid: Fix range when parsing UUIDs. Improve cache handling for short running applications-increment the cache size over runtime. Implement continuous clock handling for time based UUIDs. Check clock value from clock file to provide seamless libuuid. The following package changes have been done: - libuuid1-2.37.2-150400.8.8.1 updated - libsmartcols1-2.37.2-150400.8.8.1 updated - libblkid1-2.37.2-150400.8.8.1 updated - libfdisk1-2.37.2-150400.8.8.1 updated - libz1-1.2.11-150000.3.36.1 updated - libmount1-2.37.2-150400.8.8.1 updated - util-linux-2.37.2-150400.8.8.1 updated - container:sles15-image-15.0.0-27.14.12 updated From sle-updates at lists.suse.com Tue Nov 15 09:00:11 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 15 Nov 2022 10:00:11 +0100 (CET) Subject: SUSE-CU-2022:2987-1: Recommended update of bci/bci-init Message-ID: <20221115090011.CBBC4FD9D@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-init ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2987-1 Container Tags : bci/bci-init:15.4 , bci/bci-init:15.4.24.26 , bci/bci-init:latest Container Release : 24.26 Severity : important Type : recommended References : 1201959 1203652 1204211 ----------------------------------------------------------------- The container bci/bci-init was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3961-1 Released: Mon Nov 14 07:33:50 2022 Summary: Recommended update for zlib Type: recommended Severity: important References: 1203652 This update for zlib fixes the following issues: - Fix updating strm.adler with inflate() if DFLTCC is used (bsc#1203652) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3974-1 Released: Mon Nov 14 15:39:20 2022 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1201959,1204211 This update for util-linux fixes the following issues: - Fix file conflict during upgrade (bsc#1204211) - libuuid improvements (bsc#1201959, PED-1150): libuuid: Fix range when parsing UUIDs. Improve cache handling for short running applications-increment the cache size over runtime. Implement continuous clock handling for time based UUIDs. Check clock value from clock file to provide seamless libuuid. The following package changes have been done: - libuuid1-2.37.2-150400.8.8.1 updated - libsmartcols1-2.37.2-150400.8.8.1 updated - libblkid1-2.37.2-150400.8.8.1 updated - libfdisk1-2.37.2-150400.8.8.1 updated - libz1-1.2.11-150000.3.36.1 updated - libmount1-2.37.2-150400.8.8.1 updated - util-linux-2.37.2-150400.8.8.1 updated - container:sles15-image-15.0.0-27.14.12 updated From sle-updates at lists.suse.com Tue Nov 15 09:00:40 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 15 Nov 2022 10:00:40 +0100 (CET) Subject: SUSE-CU-2022:2988-1: Recommended update of bci/bci-minimal Message-ID: <20221115090040.5B2C7FD9D@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-minimal ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2988-1 Container Tags : bci/bci-minimal:15.4 , bci/bci-minimal:15.4.16.3 , bci/bci-minimal:latest Container Release : 16.3 Severity : important Type : recommended References : 1203652 ----------------------------------------------------------------- The container bci/bci-minimal was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3961-1 Released: Mon Nov 14 07:33:50 2022 Summary: Recommended update for zlib Type: recommended Severity: important References: 1203652 This update for zlib fixes the following issues: - Fix updating strm.adler with inflate() if DFLTCC is used (bsc#1203652) The following package changes have been done: - libz1-1.2.11-150000.3.36.1 updated From sle-updates at lists.suse.com Tue Nov 15 09:02:28 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 15 Nov 2022 10:02:28 +0100 (CET) Subject: SUSE-CU-2022:2989-1: Recommended update of bci/nodejs Message-ID: <20221115090228.C9F9BFD9D@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2989-1 Container Tags : bci/node:14 , bci/node:14-35.24 , bci/nodejs:14 , bci/nodejs:14-35.24 Container Release : 35.24 Severity : important Type : recommended References : 1201959 1203652 1204211 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3961-1 Released: Mon Nov 14 07:33:50 2022 Summary: Recommended update for zlib Type: recommended Severity: important References: 1203652 This update for zlib fixes the following issues: - Fix updating strm.adler with inflate() if DFLTCC is used (bsc#1203652) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3974-1 Released: Mon Nov 14 15:39:20 2022 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1201959,1204211 This update for util-linux fixes the following issues: - Fix file conflict during upgrade (bsc#1204211) - libuuid improvements (bsc#1201959, PED-1150): libuuid: Fix range when parsing UUIDs. Improve cache handling for short running applications-increment the cache size over runtime. Implement continuous clock handling for time based UUIDs. Check clock value from clock file to provide seamless libuuid. The following package changes have been done: - libuuid1-2.37.2-150400.8.8.1 updated - libsmartcols1-2.37.2-150400.8.8.1 updated - libblkid1-2.37.2-150400.8.8.1 updated - libfdisk1-2.37.2-150400.8.8.1 updated - libz1-1.2.11-150000.3.36.1 updated - libmount1-2.37.2-150400.8.8.1 updated - util-linux-2.37.2-150400.8.8.1 updated - container:sles15-image-15.0.0-27.14.12 updated From sle-updates at lists.suse.com Tue Nov 15 09:03:29 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 15 Nov 2022 10:03:29 +0100 (CET) Subject: SUSE-CU-2022:2990-1: Recommended update of bci/nodejs Message-ID: <20221115090329.8EC70FD9D@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2990-1 Container Tags : bci/node:16 , bci/node:16-11.24 , bci/node:latest , bci/nodejs:16 , bci/nodejs:16-11.24 , bci/nodejs:latest Container Release : 11.24 Severity : important Type : recommended References : 1201959 1203652 1204211 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3961-1 Released: Mon Nov 14 07:33:50 2022 Summary: Recommended update for zlib Type: recommended Severity: important References: 1203652 This update for zlib fixes the following issues: - Fix updating strm.adler with inflate() if DFLTCC is used (bsc#1203652) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3974-1 Released: Mon Nov 14 15:39:20 2022 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1201959,1204211 This update for util-linux fixes the following issues: - Fix file conflict during upgrade (bsc#1204211) - libuuid improvements (bsc#1201959, PED-1150): libuuid: Fix range when parsing UUIDs. Improve cache handling for short running applications-increment the cache size over runtime. Implement continuous clock handling for time based UUIDs. Check clock value from clock file to provide seamless libuuid. The following package changes have been done: - libuuid1-2.37.2-150400.8.8.1 updated - libsmartcols1-2.37.2-150400.8.8.1 updated - libblkid1-2.37.2-150400.8.8.1 updated - libfdisk1-2.37.2-150400.8.8.1 updated - libz1-1.2.11-150000.3.36.1 updated - libmount1-2.37.2-150400.8.8.1 updated - util-linux-2.37.2-150400.8.8.1 updated - container:sles15-image-15.0.0-27.14.12 updated From sle-updates at lists.suse.com Tue Nov 15 09:06:28 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 15 Nov 2022 10:06:28 +0100 (CET) Subject: SUSE-CU-2022:2991-1: Recommended update of bci/openjdk-devel Message-ID: <20221115090628.B3D70FD9D@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2991-1 Container Tags : bci/openjdk-devel:11 , bci/openjdk-devel:11-36.55 , bci/openjdk-devel:latest Container Release : 36.55 Severity : important Type : recommended References : 1201959 1203652 1204211 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3961-1 Released: Mon Nov 14 07:33:50 2022 Summary: Recommended update for zlib Type: recommended Severity: important References: 1203652 This update for zlib fixes the following issues: - Fix updating strm.adler with inflate() if DFLTCC is used (bsc#1203652) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3974-1 Released: Mon Nov 14 15:39:20 2022 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1201959,1204211 This update for util-linux fixes the following issues: - Fix file conflict during upgrade (bsc#1204211) - libuuid improvements (bsc#1201959, PED-1150): libuuid: Fix range when parsing UUIDs. Improve cache handling for short running applications-increment the cache size over runtime. Implement continuous clock handling for time based UUIDs. Check clock value from clock file to provide seamless libuuid. The following package changes have been done: - libuuid1-2.37.2-150400.8.8.1 updated - libsmartcols1-2.37.2-150400.8.8.1 updated - libblkid1-2.37.2-150400.8.8.1 updated - libfdisk1-2.37.2-150400.8.8.1 updated - libz1-1.2.11-150000.3.36.1 updated - libmount1-2.37.2-150400.8.8.1 updated - util-linux-2.37.2-150400.8.8.1 updated - container:bci-openjdk-11-15.4-32.25 updated From sle-updates at lists.suse.com Tue Nov 15 09:08:43 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 15 Nov 2022 10:08:43 +0100 (CET) Subject: SUSE-CU-2022:2992-1: Recommended update of bci/openjdk Message-ID: <20221115090843.0A10DF37F@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2992-1 Container Tags : bci/openjdk:11 , bci/openjdk:11-32.25 , bci/openjdk:latest Container Release : 32.25 Severity : important Type : recommended References : 1201959 1203652 1204211 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3961-1 Released: Mon Nov 14 07:33:50 2022 Summary: Recommended update for zlib Type: recommended Severity: important References: 1203652 This update for zlib fixes the following issues: - Fix updating strm.adler with inflate() if DFLTCC is used (bsc#1203652) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3974-1 Released: Mon Nov 14 15:39:20 2022 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1201959,1204211 This update for util-linux fixes the following issues: - Fix file conflict during upgrade (bsc#1204211) - libuuid improvements (bsc#1201959, PED-1150): libuuid: Fix range when parsing UUIDs. Improve cache handling for short running applications-increment the cache size over runtime. Implement continuous clock handling for time based UUIDs. Check clock value from clock file to provide seamless libuuid. The following package changes have been done: - libuuid1-2.37.2-150400.8.8.1 updated - libsmartcols1-2.37.2-150400.8.8.1 updated - libblkid1-2.37.2-150400.8.8.1 updated - libfdisk1-2.37.2-150400.8.8.1 updated - libz1-1.2.11-150000.3.36.1 updated - libmount1-2.37.2-150400.8.8.1 updated - util-linux-2.37.2-150400.8.8.1 updated - container:sles15-image-15.0.0-27.14.12 updated From sle-updates at lists.suse.com Tue Nov 15 09:10:41 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 15 Nov 2022 10:10:41 +0100 (CET) Subject: SUSE-CU-2022:2993-1: Recommended update of suse/pcp Message-ID: <20221115091041.11F8FF37F@maintenance.suse.de> SUSE Container Update Advisory: suse/pcp ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2993-1 Container Tags : suse/pcp:5 , suse/pcp:5.2 , suse/pcp:5.2.2 , suse/pcp:5.2.2-11.62 , suse/pcp:latest Container Release : 11.62 Severity : important Type : recommended References : 1201959 1203652 1204211 ----------------------------------------------------------------- The container suse/pcp was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3961-1 Released: Mon Nov 14 07:33:50 2022 Summary: Recommended update for zlib Type: recommended Severity: important References: 1203652 This update for zlib fixes the following issues: - Fix updating strm.adler with inflate() if DFLTCC is used (bsc#1203652) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3974-1 Released: Mon Nov 14 15:39:20 2022 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1201959,1204211 This update for util-linux fixes the following issues: - Fix file conflict during upgrade (bsc#1204211) - libuuid improvements (bsc#1201959, PED-1150): libuuid: Fix range when parsing UUIDs. Improve cache handling for short running applications-increment the cache size over runtime. Implement continuous clock handling for time based UUIDs. Check clock value from clock file to provide seamless libuuid. The following package changes have been done: - libuuid1-2.37.2-150400.8.8.1 updated - libsmartcols1-2.37.2-150400.8.8.1 updated - libblkid1-2.37.2-150400.8.8.1 updated - libfdisk1-2.37.2-150400.8.8.1 updated - libz1-1.2.11-150000.3.36.1 updated - libmount1-2.37.2-150400.8.8.1 updated - util-linux-2.37.2-150400.8.8.1 updated - util-linux-systemd-2.37.2-150400.8.8.1 updated - container:bci-bci-init-15.4-15.4-24.25 updated From sle-updates at lists.suse.com Tue Nov 15 09:11:52 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 15 Nov 2022 10:11:52 +0100 (CET) Subject: SUSE-CU-2022:2994-1: Recommended update of bci/python Message-ID: <20221115091152.63AF5F37F@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2994-1 Container Tags : bci/python:3 , bci/python:3.10 , bci/python:3.10-7.24 , bci/python:latest Container Release : 7.24 Severity : important Type : recommended References : 1201959 1203652 1204211 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3961-1 Released: Mon Nov 14 07:33:50 2022 Summary: Recommended update for zlib Type: recommended Severity: important References: 1203652 This update for zlib fixes the following issues: - Fix updating strm.adler with inflate() if DFLTCC is used (bsc#1203652) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3974-1 Released: Mon Nov 14 15:39:20 2022 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1201959,1204211 This update for util-linux fixes the following issues: - Fix file conflict during upgrade (bsc#1204211) - libuuid improvements (bsc#1201959, PED-1150): libuuid: Fix range when parsing UUIDs. Improve cache handling for short running applications-increment the cache size over runtime. Implement continuous clock handling for time based UUIDs. Check clock value from clock file to provide seamless libuuid. The following package changes have been done: - libuuid1-2.37.2-150400.8.8.1 updated - libsmartcols1-2.37.2-150400.8.8.1 updated - libblkid1-2.37.2-150400.8.8.1 updated - libfdisk1-2.37.2-150400.8.8.1 updated - libz1-1.2.11-150000.3.36.1 updated - libmount1-2.37.2-150400.8.8.1 updated - util-linux-2.37.2-150400.8.8.1 updated - container:sles15-image-15.0.0-27.14.12 updated From sle-updates at lists.suse.com Tue Nov 15 11:21:13 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 15 Nov 2022 12:21:13 +0100 (CET) Subject: SUSE-SU-2022:3977-1: moderate: Security update for python-Werkzeug Message-ID: <20221115112113.B5118FD9D@maintenance.suse.de> SUSE Security Update: Security update for python-Werkzeug ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3977-1 Rating: moderate References: #1145383 Cross-References: CVE-2019-14806 CVSS scores: CVE-2019-14806 (NVD) : 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2019-14806 (SUSE): 6.2 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Affected Products: SUSE Linux Enterprise High Performance Computing 12 SUSE Linux Enterprise Module for Public Cloud 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP Applications 12 SUSE Linux Enterprise Server for SAP Applications 12-SP3 SUSE Linux Enterprise Server for SAP Applications 12-SP4 SUSE Linux Enterprise Server for SAP Applications 12-SP5 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for python-Werkzeug fixes the following issues: - CVE-2019-14806: Fixed insufficient debugger PIN randomness when running the development server in Docker containers (bsc#1145383). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2022-3977=1 Package List: - SUSE Linux Enterprise Module for Public Cloud 12 (noarch): python-Werkzeug-0.12.2-10.10.1 python3-Werkzeug-0.12.2-10.10.1 References: https://www.suse.com/security/cve/CVE-2019-14806.html https://bugzilla.suse.com/1145383 From sle-updates at lists.suse.com Tue Nov 15 14:31:08 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 15 Nov 2022 15:31:08 +0100 (CET) Subject: SUSE-RU-2022:3980-1: important: Recommended update for util-linux Message-ID: <20221115143108.6D506F3D4@maintenance.suse.de> SUSE Recommended Update: Recommended update for util-linux ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:3980-1 Rating: important References: #1081947 #1201354 Affected Products: SUSE Linux Enterprise Desktop 12-SP5 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Workstation Extension 12-SP5 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for util-linux fixes the following issues: - Integrate pam_keyinit PAM module (bsc#1201354, bsc#1081947) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP5: zypper in -t patch SUSE-SLE-WE-12-SP5-2022-3980=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-3980=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-3980=1 Package List: - SUSE Linux Enterprise Workstation Extension 12-SP5 (x86_64): libuuid-devel-2.33.2-4.24.1 util-linux-debuginfo-2.33.2-4.24.1 util-linux-debugsource-2.33.2-4.24.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): libblkid-devel-2.33.2-4.24.1 libmount-devel-2.33.2-4.24.1 libsmartcols-devel-2.33.2-4.24.1 libuuid-devel-2.33.2-4.24.1 util-linux-debuginfo-2.33.2-4.24.1 util-linux-debugsource-2.33.2-4.24.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): libblkid1-2.33.2-4.24.1 libblkid1-debuginfo-2.33.2-4.24.1 libfdisk1-2.33.2-4.24.1 libfdisk1-debuginfo-2.33.2-4.24.1 libmount1-2.33.2-4.24.1 libmount1-debuginfo-2.33.2-4.24.1 libsmartcols1-2.33.2-4.24.1 libsmartcols1-debuginfo-2.33.2-4.24.1 libuuid1-2.33.2-4.24.1 libuuid1-debuginfo-2.33.2-4.24.1 python-libmount-2.33.2-4.24.1 python-libmount-debuginfo-2.33.2-4.24.1 python-libmount-debugsource-2.33.2-4.24.1 util-linux-2.33.2-4.24.1 util-linux-debuginfo-2.33.2-4.24.1 util-linux-debugsource-2.33.2-4.24.1 util-linux-systemd-2.33.2-4.24.1 util-linux-systemd-debuginfo-2.33.2-4.24.1 util-linux-systemd-debugsource-2.33.2-4.24.1 uuidd-2.33.2-4.24.1 uuidd-debuginfo-2.33.2-4.24.1 - SUSE Linux Enterprise Server 12-SP5 (s390x x86_64): libblkid1-32bit-2.33.2-4.24.1 libblkid1-debuginfo-32bit-2.33.2-4.24.1 libmount1-32bit-2.33.2-4.24.1 libmount1-debuginfo-32bit-2.33.2-4.24.1 libuuid1-32bit-2.33.2-4.24.1 libuuid1-debuginfo-32bit-2.33.2-4.24.1 - SUSE Linux Enterprise Server 12-SP5 (noarch): util-linux-lang-2.33.2-4.24.1 References: https://bugzilla.suse.com/1081947 https://bugzilla.suse.com/1201354 From sle-updates at lists.suse.com Tue Nov 15 14:32:10 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 15 Nov 2022 15:32:10 +0100 (CET) Subject: SUSE-SU-2022:3981-1: moderate: Security update for bluez Message-ID: <20221115143210.626BCF3D4@maintenance.suse.de> SUSE Security Update: Security update for bluez ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3981-1 Rating: moderate References: #1188859 #1192394 Cross-References: CVE-2021-3658 CVE-2021-43400 CVSS scores: CVE-2021-3658 (NVD) : 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2021-3658 (SUSE): 4.6 CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L CVE-2021-43400 (NVD) : 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N CVE-2021-43400 (SUSE): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N Affected Products: SUSE Enterprise Storage 7.1 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Desktop Applications 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Workstation Extension 15-SP3 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for bluez fixes the following issues: - CVE-2021-43400: Fixed use-after-free in gatt-database.c (bsc#1192394). - CVE-2021-3658: Fixed adapter incorrectly restoring discoverable state after powered down (bsc#1188859). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-3981=1 - SUSE Linux Enterprise Workstation Extension 15-SP3: zypper in -t patch SUSE-SLE-Product-WE-15-SP3-2022-3981=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP3-2022-3981=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-3981=1 Package List: - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): bluez-5.55-150300.3.14.1 bluez-cups-5.55-150300.3.14.1 bluez-cups-debuginfo-5.55-150300.3.14.1 bluez-debuginfo-5.55-150300.3.14.1 bluez-debugsource-5.55-150300.3.14.1 bluez-deprecated-5.55-150300.3.14.1 bluez-deprecated-debuginfo-5.55-150300.3.14.1 bluez-devel-5.55-150300.3.14.1 bluez-test-5.55-150300.3.14.1 bluez-test-debuginfo-5.55-150300.3.14.1 libbluetooth3-5.55-150300.3.14.1 libbluetooth3-debuginfo-5.55-150300.3.14.1 - openSUSE Leap 15.3 (noarch): bluez-auto-enable-devices-5.55-150300.3.14.1 - openSUSE Leap 15.3 (x86_64): bluez-devel-32bit-5.55-150300.3.14.1 libbluetooth3-32bit-5.55-150300.3.14.1 libbluetooth3-32bit-debuginfo-5.55-150300.3.14.1 - SUSE Linux Enterprise Workstation Extension 15-SP3 (x86_64): bluez-cups-5.55-150300.3.14.1 bluez-cups-debuginfo-5.55-150300.3.14.1 bluez-debuginfo-5.55-150300.3.14.1 bluez-debugsource-5.55-150300.3.14.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (aarch64 ppc64le s390x x86_64): bluez-debuginfo-5.55-150300.3.14.1 bluez-debugsource-5.55-150300.3.14.1 bluez-devel-5.55-150300.3.14.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): bluez-5.55-150300.3.14.1 bluez-debuginfo-5.55-150300.3.14.1 bluez-debugsource-5.55-150300.3.14.1 bluez-deprecated-5.55-150300.3.14.1 bluez-deprecated-debuginfo-5.55-150300.3.14.1 libbluetooth3-5.55-150300.3.14.1 libbluetooth3-debuginfo-5.55-150300.3.14.1 References: https://www.suse.com/security/cve/CVE-2021-3658.html https://www.suse.com/security/cve/CVE-2021-43400.html https://bugzilla.suse.com/1188859 https://bugzilla.suse.com/1192394 From sle-updates at lists.suse.com Tue Nov 15 14:32:59 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 15 Nov 2022 15:32:59 +0100 (CET) Subject: SUSE-SU-2022:3982-1: moderate: Security update for freerdp Message-ID: <20221115143259.619F5F3D4@maintenance.suse.de> SUSE Security Update: Security update for freerdp ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3982-1 Rating: moderate References: #1204257 #1204258 Cross-References: CVE-2022-39282 CVE-2022-39283 CVSS scores: CVE-2022-39282 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2022-39282 (SUSE): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N CVE-2022-39283 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2022-39283 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L Affected Products: SUSE Enterprise Storage 7.1 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Workstation Extension 15-SP3 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for freerdp fixes the following issues: - CVE-2022-39282: Fix to init data read by `/parallel` command line switch. (bsc#1204258) - CVE-2022-39283: Fix to prevent video channel from reading uninitialized data. (bsc#1204257) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-3982=1 - SUSE Linux Enterprise Workstation Extension 15-SP3: zypper in -t patch SUSE-SLE-Product-WE-15-SP3-2022-3982=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP3-2022-3982=1 Package List: - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): freerdp-2.1.2-150200.15.21.1 freerdp-debuginfo-2.1.2-150200.15.21.1 freerdp-debugsource-2.1.2-150200.15.21.1 freerdp-devel-2.1.2-150200.15.21.1 freerdp-proxy-2.1.2-150200.15.21.1 freerdp-proxy-debuginfo-2.1.2-150200.15.21.1 freerdp-server-2.1.2-150200.15.21.1 freerdp-server-debuginfo-2.1.2-150200.15.21.1 freerdp-wayland-2.1.2-150200.15.21.1 freerdp-wayland-debuginfo-2.1.2-150200.15.21.1 libfreerdp2-2.1.2-150200.15.21.1 libfreerdp2-debuginfo-2.1.2-150200.15.21.1 libuwac0-0-2.1.2-150200.15.21.1 libuwac0-0-debuginfo-2.1.2-150200.15.21.1 libwinpr2-2.1.2-150200.15.21.1 libwinpr2-debuginfo-2.1.2-150200.15.21.1 uwac0-0-devel-2.1.2-150200.15.21.1 winpr2-devel-2.1.2-150200.15.21.1 - SUSE Linux Enterprise Workstation Extension 15-SP3 (x86_64): freerdp-2.1.2-150200.15.21.1 freerdp-debuginfo-2.1.2-150200.15.21.1 freerdp-debugsource-2.1.2-150200.15.21.1 freerdp-devel-2.1.2-150200.15.21.1 freerdp-proxy-2.1.2-150200.15.21.1 freerdp-proxy-debuginfo-2.1.2-150200.15.21.1 libfreerdp2-2.1.2-150200.15.21.1 libfreerdp2-debuginfo-2.1.2-150200.15.21.1 libwinpr2-2.1.2-150200.15.21.1 libwinpr2-debuginfo-2.1.2-150200.15.21.1 winpr2-devel-2.1.2-150200.15.21.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (aarch64 ppc64le s390x): freerdp-2.1.2-150200.15.21.1 freerdp-debuginfo-2.1.2-150200.15.21.1 freerdp-debugsource-2.1.2-150200.15.21.1 freerdp-devel-2.1.2-150200.15.21.1 freerdp-proxy-2.1.2-150200.15.21.1 freerdp-proxy-debuginfo-2.1.2-150200.15.21.1 libfreerdp2-2.1.2-150200.15.21.1 libfreerdp2-debuginfo-2.1.2-150200.15.21.1 libwinpr2-2.1.2-150200.15.21.1 libwinpr2-debuginfo-2.1.2-150200.15.21.1 winpr2-devel-2.1.2-150200.15.21.1 References: https://www.suse.com/security/cve/CVE-2022-39282.html https://www.suse.com/security/cve/CVE-2022-39283.html https://bugzilla.suse.com/1204257 https://bugzilla.suse.com/1204258 From sle-updates at lists.suse.com Tue Nov 15 14:33:45 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 15 Nov 2022 15:33:45 +0100 (CET) Subject: SUSE-SU-2022:3983-1: moderate: Security update for freerdp Message-ID: <20221115143345.9D6F3F3D4@maintenance.suse.de> SUSE Security Update: Security update for freerdp ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3983-1 Rating: moderate References: #1204257 #1204258 Cross-References: CVE-2022-39282 CVE-2022-39283 CVSS scores: CVE-2022-39282 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2022-39282 (SUSE): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N CVE-2022-39283 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2022-39283 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Linux Enterprise Workstation Extension 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for freerdp fixes the following issues: - CVE-2022-39282: Fix to init data read by `/parallel` command line switch. (bsc#1204258) - CVE-2022-39283: Fix to prevent video channel from reading uninitialized data. (bsc#1204257) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-3983=1 - SUSE Linux Enterprise Workstation Extension 15-SP4: zypper in -t patch SUSE-SLE-Product-WE-15-SP4-2022-3983=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2022-3983=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): freerdp-2.4.0-150400.3.9.1 freerdp-debuginfo-2.4.0-150400.3.9.1 freerdp-debugsource-2.4.0-150400.3.9.1 freerdp-devel-2.4.0-150400.3.9.1 freerdp-proxy-2.4.0-150400.3.9.1 freerdp-proxy-debuginfo-2.4.0-150400.3.9.1 freerdp-server-2.4.0-150400.3.9.1 freerdp-server-debuginfo-2.4.0-150400.3.9.1 freerdp-wayland-2.4.0-150400.3.9.1 freerdp-wayland-debuginfo-2.4.0-150400.3.9.1 libfreerdp2-2.4.0-150400.3.9.1 libfreerdp2-debuginfo-2.4.0-150400.3.9.1 libuwac0-0-2.4.0-150400.3.9.1 libuwac0-0-debuginfo-2.4.0-150400.3.9.1 libwinpr2-2.4.0-150400.3.9.1 libwinpr2-debuginfo-2.4.0-150400.3.9.1 uwac0-0-devel-2.4.0-150400.3.9.1 winpr2-devel-2.4.0-150400.3.9.1 - SUSE Linux Enterprise Workstation Extension 15-SP4 (x86_64): freerdp-2.4.0-150400.3.9.1 freerdp-debuginfo-2.4.0-150400.3.9.1 freerdp-debugsource-2.4.0-150400.3.9.1 freerdp-devel-2.4.0-150400.3.9.1 freerdp-proxy-2.4.0-150400.3.9.1 freerdp-proxy-debuginfo-2.4.0-150400.3.9.1 libfreerdp2-2.4.0-150400.3.9.1 libfreerdp2-debuginfo-2.4.0-150400.3.9.1 libwinpr2-2.4.0-150400.3.9.1 libwinpr2-debuginfo-2.4.0-150400.3.9.1 winpr2-devel-2.4.0-150400.3.9.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 (aarch64 ppc64le s390x): freerdp-2.4.0-150400.3.9.1 freerdp-debuginfo-2.4.0-150400.3.9.1 freerdp-debugsource-2.4.0-150400.3.9.1 freerdp-devel-2.4.0-150400.3.9.1 freerdp-proxy-2.4.0-150400.3.9.1 freerdp-proxy-debuginfo-2.4.0-150400.3.9.1 libfreerdp2-2.4.0-150400.3.9.1 libfreerdp2-debuginfo-2.4.0-150400.3.9.1 libwinpr2-2.4.0-150400.3.9.1 libwinpr2-debuginfo-2.4.0-150400.3.9.1 winpr2-devel-2.4.0-150400.3.9.1 References: https://www.suse.com/security/cve/CVE-2022-39282.html https://www.suse.com/security/cve/CVE-2022-39283.html https://bugzilla.suse.com/1204257 https://bugzilla.suse.com/1204258 From sle-updates at lists.suse.com Tue Nov 15 14:34:42 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 15 Nov 2022 15:34:42 +0100 (CET) Subject: SUSE-SU-2022:3979-1: moderate: Security update for python-Mako Message-ID: <20221115143442.40E99F3D4@maintenance.suse.de> SUSE Security Update: Security update for python-Mako ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3979-1 Rating: moderate References: #1203246 Cross-References: CVE-2022-40023 CVSS scores: CVE-2022-40023 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-40023 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE Enterprise Storage 7.1 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.2 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.2 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.2 SUSE Manager Server 4.3 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for python-Mako fixes the following issues: - CVE-2022-40023: Fixed regular expression Denial of Service when using the Lexer class to parse (bsc#1203246). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-3979=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-3979=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2022-3979=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP3-2022-3979=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-3979=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-3979=1 Package List: - openSUSE Leap 15.4 (noarch): python3-Mako-1.0.7-150000.3.3.1 - openSUSE Leap 15.3 (noarch): python2-Mako-1.0.7-150000.3.3.1 python3-Mako-1.0.7-150000.3.3.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 (noarch): python2-Mako-1.0.7-150000.3.3.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (noarch): python2-Mako-1.0.7-150000.3.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (noarch): python3-Mako-1.0.7-150000.3.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch): python3-Mako-1.0.7-150000.3.3.1 References: https://www.suse.com/security/cve/CVE-2022-40023.html https://bugzilla.suse.com/1203246 From sle-updates at lists.suse.com Tue Nov 15 14:35:33 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 15 Nov 2022 15:35:33 +0100 (CET) Subject: SUSE-SU-2022:3984-1: moderate: Security update for freerdp Message-ID: <20221115143533.F1E02F3D4@maintenance.suse.de> SUSE Security Update: Security update for freerdp ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3984-1 Rating: moderate References: #1204257 #1204258 Cross-References: CVE-2022-39282 CVE-2022-39283 CVSS scores: CVE-2022-39282 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2022-39282 (SUSE): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N CVE-2022-39283 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2022-39283 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L Affected Products: SUSE Linux Enterprise Desktop 12-SP5 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Workstation Extension 12-SP5 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for freerdp fixes the following issues: - CVE-2022-39282: Fix to init data read by `/parallel` command line switch. (bsc#1204258) - CVE-2022-39283: Fix to prevent video channel from reading uninitialized data. (bsc#1204257) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP5: zypper in -t patch SUSE-SLE-WE-12-SP5-2022-3984=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-3984=1 Package List: - SUSE Linux Enterprise Workstation Extension 12-SP5 (x86_64): freerdp-2.1.2-12.29.1 freerdp-debuginfo-2.1.2-12.29.1 freerdp-debugsource-2.1.2-12.29.1 freerdp-proxy-2.1.2-12.29.1 freerdp-server-2.1.2-12.29.1 libfreerdp2-2.1.2-12.29.1 libfreerdp2-debuginfo-2.1.2-12.29.1 libwinpr2-2.1.2-12.29.1 libwinpr2-debuginfo-2.1.2-12.29.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): freerdp-debuginfo-2.1.2-12.29.1 freerdp-debugsource-2.1.2-12.29.1 freerdp-devel-2.1.2-12.29.1 libfreerdp2-2.1.2-12.29.1 libfreerdp2-debuginfo-2.1.2-12.29.1 libwinpr2-2.1.2-12.29.1 libwinpr2-debuginfo-2.1.2-12.29.1 winpr2-devel-2.1.2-12.29.1 References: https://www.suse.com/security/cve/CVE-2022-39282.html https://www.suse.com/security/cve/CVE-2022-39283.html https://bugzilla.suse.com/1204257 https://bugzilla.suse.com/1204258 From sle-updates at lists.suse.com Tue Nov 15 14:36:18 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 15 Nov 2022 15:36:18 +0100 (CET) Subject: SUSE-RU-2022:3978-1: moderate: Security update for rpmlint-mini Message-ID: <20221115143618.4EC01F3D4@maintenance.suse.de> SUSE Recommended Update: Security update for rpmlint-mini ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:3978-1 Rating: moderate References: #1201207 Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Development Tools 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for rpmlint-mini fixes the following issues: - NetworkManager: update nm-priv-helper whitelisting (bsc#1201207) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-3978=1 - SUSE Linux Enterprise Module for Development Tools 15-SP4: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2022-3978=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): rpmlint-mini-1.10-150400.23.4.1 - SUSE Linux Enterprise Module for Development Tools 15-SP4 (aarch64 ppc64le s390x x86_64): rpmlint-mini-1.10-150400.23.4.1 rpmlint-mini-debuginfo-1.10-150400.23.4.1 rpmlint-mini-debugsource-1.10-150400.23.4.1 References: https://bugzilla.suse.com/1201207 From sle-updates at lists.suse.com Tue Nov 15 17:20:43 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 15 Nov 2022 18:20:43 +0100 (CET) Subject: SUSE-RU-2022:3985-1: moderate: Recommended update for python-apipkg Message-ID: <20221115172043.A8CA1F3D4@maintenance.suse.de> SUSE Recommended Update: Recommended update for python-apipkg ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:3985-1 Rating: moderate References: #1204145 Affected Products: SUSE Enterprise Storage 7.1 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Micro 5.3 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Module for Python2 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.2 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.2 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.2 SUSE Manager Server 4.3 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update fixes for python3-apipkg the following issues: Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-3985=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-3985=1 - SUSE Linux Enterprise Module for Python2 15-SP3: zypper in -t patch SUSE-SLE-Module-Python2-15-SP3-2022-3985=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-3985=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-3985=1 - SUSE Linux Enterprise Micro 5.3: zypper in -t patch SUSE-SLE-Micro-5.3-2022-3985=1 Package List: - openSUSE Leap 15.4 (noarch): python3-apipkg-1.4-150000.3.4.1 python3-iniconfig-1.1.1-150000.1.9.1 - openSUSE Leap 15.3 (noarch): python2-apipkg-1.4-150000.3.4.1 python2-iniconfig-1.1.1-150000.1.9.1 python3-apipkg-1.4-150000.3.4.1 python3-iniconfig-1.1.1-150000.1.9.1 - SUSE Linux Enterprise Module for Python2 15-SP3 (noarch): python2-apipkg-1.4-150000.3.4.1 python2-iniconfig-1.1.1-150000.1.9.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (noarch): python3-apipkg-1.4-150000.3.4.1 python3-iniconfig-1.1.1-150000.1.9.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch): python3-apipkg-1.4-150000.3.4.1 python3-iniconfig-1.1.1-150000.1.9.1 - SUSE Linux Enterprise Micro 5.3 (noarch): python3-apipkg-1.4-150000.3.4.1 python3-iniconfig-1.1.1-150000.1.9.1 References: https://bugzilla.suse.com/1204145 From sle-updates at lists.suse.com Tue Nov 15 17:21:40 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 15 Nov 2022 18:21:40 +0100 (CET) Subject: SUSE-SU-2022:3986-1: moderate: Security update for libX11 Message-ID: <20221115172140.6F02BF3D4@maintenance.suse.de> SUSE Security Update: Security update for libX11 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3986-1 Rating: moderate References: #1204422 #1204425 Cross-References: CVE-2022-3554 CVE-2022-3555 CVSS scores: CVE-2022-3554 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-3554 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3555 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-3555 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE Enterprise Storage 7.1 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Micro 5.3 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.2 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.2 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.2 SUSE Manager Server 4.3 openSUSE Leap 15.3 openSUSE Leap 15.4 openSUSE Leap Micro 5.2 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for libX11 fixes the following issues: - CVE-2022-3554: Fixed memory leak in XRegisterIMInstantiateCallback() (bsc#1204422). - CVE-2022-3555: Fixed memory leak in _XFreeX11XCBStructure() (bsc#1204425). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap Micro 5.2: zypper in -t patch openSUSE-Leap-Micro-5.2-2022-3986=1 - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-3986=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-3986=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-3986=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-3986=1 - SUSE Linux Enterprise Micro 5.3: zypper in -t patch SUSE-SLE-Micro-5.3-2022-3986=1 - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-3986=1 Package List: - openSUSE Leap Micro 5.2 (aarch64 x86_64): libX11-6-1.6.5-150000.3.24.1 libX11-6-debuginfo-1.6.5-150000.3.24.1 libX11-debugsource-1.6.5-150000.3.24.1 libX11-xcb1-1.6.5-150000.3.24.1 libX11-xcb1-debuginfo-1.6.5-150000.3.24.1 - openSUSE Leap Micro 5.2 (noarch): libX11-data-1.6.5-150000.3.24.1 - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): libX11-6-1.6.5-150000.3.24.1 libX11-6-debuginfo-1.6.5-150000.3.24.1 libX11-debugsource-1.6.5-150000.3.24.1 libX11-devel-1.6.5-150000.3.24.1 libX11-xcb1-1.6.5-150000.3.24.1 libX11-xcb1-debuginfo-1.6.5-150000.3.24.1 - openSUSE Leap 15.4 (noarch): libX11-data-1.6.5-150000.3.24.1 - openSUSE Leap 15.4 (x86_64): libX11-6-32bit-1.6.5-150000.3.24.1 libX11-6-32bit-debuginfo-1.6.5-150000.3.24.1 libX11-devel-32bit-1.6.5-150000.3.24.1 libX11-xcb1-32bit-1.6.5-150000.3.24.1 libX11-xcb1-32bit-debuginfo-1.6.5-150000.3.24.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): libX11-6-1.6.5-150000.3.24.1 libX11-6-debuginfo-1.6.5-150000.3.24.1 libX11-debugsource-1.6.5-150000.3.24.1 libX11-devel-1.6.5-150000.3.24.1 libX11-xcb1-1.6.5-150000.3.24.1 libX11-xcb1-debuginfo-1.6.5-150000.3.24.1 - openSUSE Leap 15.3 (noarch): libX11-data-1.6.5-150000.3.24.1 - openSUSE Leap 15.3 (x86_64): libX11-6-32bit-1.6.5-150000.3.24.1 libX11-6-32bit-debuginfo-1.6.5-150000.3.24.1 libX11-devel-32bit-1.6.5-150000.3.24.1 libX11-xcb1-32bit-1.6.5-150000.3.24.1 libX11-xcb1-32bit-debuginfo-1.6.5-150000.3.24.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): libX11-6-1.6.5-150000.3.24.1 libX11-6-debuginfo-1.6.5-150000.3.24.1 libX11-debugsource-1.6.5-150000.3.24.1 libX11-devel-1.6.5-150000.3.24.1 libX11-xcb1-1.6.5-150000.3.24.1 libX11-xcb1-debuginfo-1.6.5-150000.3.24.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (noarch): libX11-data-1.6.5-150000.3.24.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (x86_64): libX11-6-32bit-1.6.5-150000.3.24.1 libX11-6-32bit-debuginfo-1.6.5-150000.3.24.1 libX11-xcb1-32bit-1.6.5-150000.3.24.1 libX11-xcb1-32bit-debuginfo-1.6.5-150000.3.24.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): libX11-6-1.6.5-150000.3.24.1 libX11-6-debuginfo-1.6.5-150000.3.24.1 libX11-debugsource-1.6.5-150000.3.24.1 libX11-devel-1.6.5-150000.3.24.1 libX11-xcb1-1.6.5-150000.3.24.1 libX11-xcb1-debuginfo-1.6.5-150000.3.24.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch): libX11-data-1.6.5-150000.3.24.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (x86_64): libX11-6-32bit-1.6.5-150000.3.24.1 libX11-6-32bit-debuginfo-1.6.5-150000.3.24.1 libX11-xcb1-32bit-1.6.5-150000.3.24.1 libX11-xcb1-32bit-debuginfo-1.6.5-150000.3.24.1 - SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64): libX11-6-1.6.5-150000.3.24.1 libX11-6-debuginfo-1.6.5-150000.3.24.1 libX11-debugsource-1.6.5-150000.3.24.1 libX11-xcb1-1.6.5-150000.3.24.1 libX11-xcb1-debuginfo-1.6.5-150000.3.24.1 - SUSE Linux Enterprise Micro 5.3 (noarch): libX11-data-1.6.5-150000.3.24.1 - SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64): libX11-6-1.6.5-150000.3.24.1 libX11-6-debuginfo-1.6.5-150000.3.24.1 libX11-debugsource-1.6.5-150000.3.24.1 libX11-xcb1-1.6.5-150000.3.24.1 libX11-xcb1-debuginfo-1.6.5-150000.3.24.1 - SUSE Linux Enterprise Micro 5.2 (noarch): libX11-data-1.6.5-150000.3.24.1 References: https://www.suse.com/security/cve/CVE-2022-3554.html https://www.suse.com/security/cve/CVE-2022-3555.html https://bugzilla.suse.com/1204422 https://bugzilla.suse.com/1204425 From sle-updates at lists.suse.com Tue Nov 15 17:22:31 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 15 Nov 2022 18:22:31 +0100 (CET) Subject: SUSE-SU-2022:3989-1: important: Security update for nodejs12 Message-ID: <20221115172231.50F76F3D4@maintenance.suse.de> SUSE Security Update: Security update for nodejs12 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3989-1 Rating: important References: #1205119 Cross-References: CVE-2022-43548 CVSS scores: CVE-2022-43548 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Affected Products: SUSE Linux Enterprise High Performance Computing 12 SUSE Linux Enterprise Module for Web Scripting 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP Applications 12 SUSE Linux Enterprise Server for SAP Applications 12-SP3 SUSE Linux Enterprise Server for SAP Applications 12-SP4 SUSE Linux Enterprise Server for SAP Applications 12-SP5 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for nodejs12 fixes the following issues: - CVE-2022-43548: Fixed DNS rebinding in --inspect via invalid octal IP address (bsc#1205119). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Web Scripting 12: zypper in -t patch SUSE-SLE-Module-Web-Scripting-12-2022-3989=1 Package List: - SUSE Linux Enterprise Module for Web Scripting 12 (aarch64 ppc64le s390x x86_64): nodejs12-12.22.12-1.57.1 nodejs12-debuginfo-12.22.12-1.57.1 nodejs12-debugsource-12.22.12-1.57.1 nodejs12-devel-12.22.12-1.57.1 npm12-12.22.12-1.57.1 - SUSE Linux Enterprise Module for Web Scripting 12 (noarch): nodejs12-docs-12.22.12-1.57.1 References: https://www.suse.com/security/cve/CVE-2022-43548.html https://bugzilla.suse.com/1205119 From sle-updates at lists.suse.com Tue Nov 15 17:23:18 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 15 Nov 2022 18:23:18 +0100 (CET) Subject: SUSE-SU-2022:3991-1: moderate: Security update for dhcp Message-ID: <20221115172318.B8DACF3D4@maintenance.suse.de> SUSE Security Update: Security update for dhcp ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3991-1 Rating: moderate References: #1203988 #1203989 Cross-References: CVE-2022-2928 CVE-2022-2929 CVSS scores: CVE-2022-2928 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-2928 (SUSE): 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-2929 (NVD) : 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-2929 (SUSE): 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE Enterprise Storage 7.1 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Module for Server Applications 15-SP3 SUSE Linux Enterprise Module for Server Applications 15-SP4 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.2 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.2 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.2 SUSE Manager Server 4.3 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for dhcp fixes the following issues: - CVE-2022-2928: Fixed an option refcount overflow (bsc#1203988). - CVE-2022-2929: Fixed a DHCP memory leak (bsc#1203989). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-3991=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-3991=1 - SUSE Linux Enterprise Module for Server Applications 15-SP4: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP4-2022-3991=1 - SUSE Linux Enterprise Module for Server Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP3-2022-3991=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-3991=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-3991=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): dhcp-4.3.6.P1-150000.6.17.1 dhcp-client-4.3.6.P1-150000.6.17.1 dhcp-client-debuginfo-4.3.6.P1-150000.6.17.1 dhcp-debuginfo-4.3.6.P1-150000.6.17.1 dhcp-debugsource-4.3.6.P1-150000.6.17.1 dhcp-devel-4.3.6.P1-150000.6.17.1 dhcp-doc-4.3.6.P1-150000.6.17.1 dhcp-relay-4.3.6.P1-150000.6.17.1 dhcp-relay-debuginfo-4.3.6.P1-150000.6.17.1 dhcp-server-4.3.6.P1-150000.6.17.1 dhcp-server-debuginfo-4.3.6.P1-150000.6.17.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): dhcp-4.3.6.P1-150000.6.17.1 dhcp-client-4.3.6.P1-150000.6.17.1 dhcp-client-debuginfo-4.3.6.P1-150000.6.17.1 dhcp-debuginfo-4.3.6.P1-150000.6.17.1 dhcp-debugsource-4.3.6.P1-150000.6.17.1 dhcp-devel-4.3.6.P1-150000.6.17.1 dhcp-doc-4.3.6.P1-150000.6.17.1 dhcp-relay-4.3.6.P1-150000.6.17.1 dhcp-relay-debuginfo-4.3.6.P1-150000.6.17.1 dhcp-server-4.3.6.P1-150000.6.17.1 dhcp-server-debuginfo-4.3.6.P1-150000.6.17.1 - SUSE Linux Enterprise Module for Server Applications 15-SP4 (aarch64 ppc64le s390x x86_64): dhcp-debuginfo-4.3.6.P1-150000.6.17.1 dhcp-debugsource-4.3.6.P1-150000.6.17.1 dhcp-relay-4.3.6.P1-150000.6.17.1 dhcp-relay-debuginfo-4.3.6.P1-150000.6.17.1 dhcp-server-4.3.6.P1-150000.6.17.1 dhcp-server-debuginfo-4.3.6.P1-150000.6.17.1 - SUSE Linux Enterprise Module for Server Applications 15-SP3 (aarch64 ppc64le s390x x86_64): dhcp-debuginfo-4.3.6.P1-150000.6.17.1 dhcp-debugsource-4.3.6.P1-150000.6.17.1 dhcp-relay-4.3.6.P1-150000.6.17.1 dhcp-relay-debuginfo-4.3.6.P1-150000.6.17.1 dhcp-server-4.3.6.P1-150000.6.17.1 dhcp-server-debuginfo-4.3.6.P1-150000.6.17.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): dhcp-4.3.6.P1-150000.6.17.1 dhcp-client-4.3.6.P1-150000.6.17.1 dhcp-client-debuginfo-4.3.6.P1-150000.6.17.1 dhcp-debuginfo-4.3.6.P1-150000.6.17.1 dhcp-debugsource-4.3.6.P1-150000.6.17.1 dhcp-devel-4.3.6.P1-150000.6.17.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): dhcp-4.3.6.P1-150000.6.17.1 dhcp-client-4.3.6.P1-150000.6.17.1 dhcp-client-debuginfo-4.3.6.P1-150000.6.17.1 dhcp-debuginfo-4.3.6.P1-150000.6.17.1 dhcp-debugsource-4.3.6.P1-150000.6.17.1 dhcp-devel-4.3.6.P1-150000.6.17.1 References: https://www.suse.com/security/cve/CVE-2022-2928.html https://www.suse.com/security/cve/CVE-2022-2929.html https://bugzilla.suse.com/1203988 https://bugzilla.suse.com/1203989 From sle-updates at lists.suse.com Tue Nov 15 17:24:15 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 15 Nov 2022 18:24:15 +0100 (CET) Subject: SUSE-SU-2022:3990-1: moderate: Security update for LibVNCServer Message-ID: <20221115172415.C7C1EF3D4@maintenance.suse.de> SUSE Security Update: Security update for LibVNCServer ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3990-1 Rating: moderate References: #1203106 Cross-References: CVE-2020-29260 CVSS scores: CVE-2020-29260 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2020-29260 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Affected Products: SUSE Enterprise Storage 7.1 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Linux Enterprise Workstation Extension 15-SP3 SUSE Manager Proxy 4.2 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.2 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.2 SUSE Manager Server 4.3 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for LibVNCServer fixes the following issues: - CVE-2020-29260: Fixed memory leakage via rfbClientCleanup() (bsc#1203106). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-3990=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-3990=1 - SUSE Linux Enterprise Workstation Extension 15-SP3: zypper in -t patch SUSE-SLE-Product-WE-15-SP3-2022-3990=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2022-3990=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP3-2022-3990=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): libvncclient0-0.9.10-150000.4.29.1 libvncclient0-debuginfo-0.9.10-150000.4.29.1 libvncserver0-0.9.10-150000.4.29.1 libvncserver0-debuginfo-0.9.10-150000.4.29.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): LibVNCServer-debugsource-0.9.10-150000.4.29.1 LibVNCServer-devel-0.9.10-150000.4.29.1 libvncclient0-0.9.10-150000.4.29.1 libvncclient0-debuginfo-0.9.10-150000.4.29.1 libvncserver0-0.9.10-150000.4.29.1 libvncserver0-debuginfo-0.9.10-150000.4.29.1 - SUSE Linux Enterprise Workstation Extension 15-SP3 (x86_64): LibVNCServer-debugsource-0.9.10-150000.4.29.1 libvncclient0-0.9.10-150000.4.29.1 libvncclient0-debuginfo-0.9.10-150000.4.29.1 libvncserver0-0.9.10-150000.4.29.1 libvncserver0-debuginfo-0.9.10-150000.4.29.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 (aarch64 ppc64le s390x x86_64): LibVNCServer-debugsource-0.9.10-150000.4.29.1 libvncserver0-0.9.10-150000.4.29.1 libvncserver0-debuginfo-0.9.10-150000.4.29.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (aarch64 ppc64le s390x x86_64): LibVNCServer-debugsource-0.9.10-150000.4.29.1 libvncserver0-0.9.10-150000.4.29.1 libvncserver0-debuginfo-0.9.10-150000.4.29.1 References: https://www.suse.com/security/cve/CVE-2020-29260.html https://bugzilla.suse.com/1203106 From sle-updates at lists.suse.com Tue Nov 15 17:24:59 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 15 Nov 2022 18:24:59 +0100 (CET) Subject: SUSE-SU-2022:3992-1: moderate: Security update for dhcp Message-ID: <20221115172459.32633F3D4@maintenance.suse.de> SUSE Security Update: Security update for dhcp ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3992-1 Rating: moderate References: #1203988 #1203989 Cross-References: CVE-2022-2928 CVE-2022-2929 CVSS scores: CVE-2022-2928 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-2928 (SUSE): 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-2929 (NVD) : 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-2929 (SUSE): 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for dhcp fixes the following issues: - CVE-2022-2928: Fixed an option refcount overflow (bsc#1203988). - CVE-2022-2929: Fixed a DHCP memory leak (bsc#1203989). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-3992=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-3992=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): dhcp-debuginfo-4.3.3-10.28.1 dhcp-debugsource-4.3.3-10.28.1 dhcp-devel-4.3.3-10.28.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): dhcp-4.3.3-10.28.1 dhcp-client-4.3.3-10.28.1 dhcp-client-debuginfo-4.3.3-10.28.1 dhcp-debuginfo-4.3.3-10.28.1 dhcp-debugsource-4.3.3-10.28.1 dhcp-relay-4.3.3-10.28.1 dhcp-relay-debuginfo-4.3.3-10.28.1 dhcp-server-4.3.3-10.28.1 dhcp-server-debuginfo-4.3.3-10.28.1 References: https://www.suse.com/security/cve/CVE-2022-2928.html https://www.suse.com/security/cve/CVE-2022-2929.html https://bugzilla.suse.com/1203988 https://bugzilla.suse.com/1203989 From sle-updates at lists.suse.com Tue Nov 15 17:25:46 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 15 Nov 2022 18:25:46 +0100 (CET) Subject: SUSE-SU-2022:3987-1: moderate: Security update for libX11 Message-ID: <20221115172546.51B1DF3D4@maintenance.suse.de> SUSE Security Update: Security update for libX11 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3987-1 Rating: moderate References: #1204422 #1204425 Cross-References: CVE-2022-3554 CVE-2022-3555 CVSS scores: CVE-2022-3554 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-3554 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3555 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-3555 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for libX11 fixes the following issues: - CVE-2022-3554: Fixed memory leak in XRegisterIMInstantiateCallback() (bsc#1204422). - CVE-2022-3555: Fixed memory leak in _XFreeX11XCBStructure() (bsc#1204425). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-3987=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-3987=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): libX11-debugsource-1.6.2-12.24.1 libX11-devel-1.6.2-12.24.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): libX11-6-1.6.2-12.24.1 libX11-6-debuginfo-1.6.2-12.24.1 libX11-debugsource-1.6.2-12.24.1 libX11-xcb1-1.6.2-12.24.1 libX11-xcb1-debuginfo-1.6.2-12.24.1 - SUSE Linux Enterprise Server 12-SP5 (s390x x86_64): libX11-6-32bit-1.6.2-12.24.1 libX11-6-debuginfo-32bit-1.6.2-12.24.1 libX11-xcb1-32bit-1.6.2-12.24.1 libX11-xcb1-debuginfo-32bit-1.6.2-12.24.1 - SUSE Linux Enterprise Server 12-SP5 (noarch): libX11-data-1.6.2-12.24.1 References: https://www.suse.com/security/cve/CVE-2022-3554.html https://www.suse.com/security/cve/CVE-2022-3555.html https://bugzilla.suse.com/1204422 https://bugzilla.suse.com/1204425 From sle-updates at lists.suse.com Tue Nov 15 20:19:57 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 15 Nov 2022 21:19:57 +0100 (CET) Subject: SUSE-RU-2022:3994-1: critical: Recommended update for SUSE Manager Server 4.3 Message-ID: <20221115201957.31D54F3D4@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSE Manager Server 4.3 ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:3994-1 Rating: critical References: #1203478 Affected Products: SUSE Linux Enterprise Module for SUSE Manager Server 4.3 SUSE Manager Server 4.3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for SUSE Manager Server 4.3 fixes the following issues: cobbler: - Fix problem for the migration of "autoinstall" collection attribute. - Update v2 to v3 migration script to allow migration of collections that contains settings from Cobbler 2 (bsc#1203478) spacewalk-setup: - Version 4.3.14-1 * Fix possible wrong autoinstall value from Cobbler collections (bsc#1203478) - Version 4.3.13-1 * Execute migration of Cobbler version 2 collections (bsc#1203478) How to apply this update: 1. Log in as root user to the SUSE Manager server. 2. Stop the Spacewalk service: `spacewalk-service stop` 3. Apply the patch using either zypper patch or YaST Online Update. 4. Start the Spacewalk service: `spacewalk-service start` Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for SUSE Manager Server 4.3: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.3-2022-3994=1 Package List: - SUSE Linux Enterprise Module for SUSE Manager Server 4.3 (noarch): cobbler-3.3.3-150400.5.14.1 spacewalk-setup-4.3.14-150400.3.15.1 References: https://bugzilla.suse.com/1203478 From sle-updates at lists.suse.com Tue Nov 15 20:20:35 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 15 Nov 2022 21:20:35 +0100 (CET) Subject: SUSE-SU-2022:3999-1: moderate: Security update for systemd Message-ID: <20221115202035.EFB0CF3D4@maintenance.suse.de> SUSE Security Update: Security update for systemd ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3999-1 Rating: moderate References: #1204179 #1204968 Cross-References: CVE-2022-3821 CVSS scores: CVE-2022-3821 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3821 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Micro 5.3 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for systemd fixes the following issues: - CVE-2022-3821: Fixed buffer overrun in format_timespan() function (bsc#1204968). - Import commit 0cd50eedcc0692c1f907b24424215f8db7d3b428 * 0469b9f2bc pstore: do not try to load all known pstore modules * ad05f54439 pstore: Run after modules are loaded * ccad817445 core: Add trigger limit for path units * 281d818fe3 core/mount: also add default before dependency for automount mount units * ffe5b4afa8 logind: fix crash in logind on user-specified message string - Document udev naming scheme (bsc#1204179) - Make "sle15-sp3" net naming scheme still available for backward compatibility reason Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-3999=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-3999=1 - SUSE Linux Enterprise Micro 5.3: zypper in -t patch SUSE-SLE-Micro-5.3-2022-3999=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): libsystemd0-249.12-150400.8.13.1 libsystemd0-debuginfo-249.12-150400.8.13.1 libudev1-249.12-150400.8.13.1 libudev1-debuginfo-249.12-150400.8.13.1 nss-myhostname-249.12-150400.8.13.1 nss-myhostname-debuginfo-249.12-150400.8.13.1 nss-systemd-249.12-150400.8.13.1 nss-systemd-debuginfo-249.12-150400.8.13.1 systemd-249.12-150400.8.13.1 systemd-container-249.12-150400.8.13.1 systemd-container-debuginfo-249.12-150400.8.13.1 systemd-coredump-249.12-150400.8.13.1 systemd-coredump-debuginfo-249.12-150400.8.13.1 systemd-debuginfo-249.12-150400.8.13.1 systemd-debugsource-249.12-150400.8.13.1 systemd-devel-249.12-150400.8.13.1 systemd-doc-249.12-150400.8.13.1 systemd-experimental-249.12-150400.8.13.1 systemd-experimental-debuginfo-249.12-150400.8.13.1 systemd-journal-remote-249.12-150400.8.13.1 systemd-journal-remote-debuginfo-249.12-150400.8.13.1 systemd-network-249.12-150400.8.13.1 systemd-network-debuginfo-249.12-150400.8.13.1 systemd-portable-249.12-150400.8.13.1 systemd-portable-debuginfo-249.12-150400.8.13.1 systemd-sysvinit-249.12-150400.8.13.1 systemd-testsuite-249.12-150400.8.13.1 systemd-testsuite-debuginfo-249.12-150400.8.13.1 udev-249.12-150400.8.13.1 udev-debuginfo-249.12-150400.8.13.1 - openSUSE Leap 15.4 (noarch): systemd-lang-249.12-150400.8.13.1 - openSUSE Leap 15.4 (x86_64): libsystemd0-32bit-249.12-150400.8.13.1 libsystemd0-32bit-debuginfo-249.12-150400.8.13.1 libudev1-32bit-249.12-150400.8.13.1 libudev1-32bit-debuginfo-249.12-150400.8.13.1 nss-myhostname-32bit-249.12-150400.8.13.1 nss-myhostname-32bit-debuginfo-249.12-150400.8.13.1 systemd-32bit-249.12-150400.8.13.1 systemd-32bit-debuginfo-249.12-150400.8.13.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): libsystemd0-249.12-150400.8.13.1 libsystemd0-debuginfo-249.12-150400.8.13.1 libudev1-249.12-150400.8.13.1 libudev1-debuginfo-249.12-150400.8.13.1 systemd-249.12-150400.8.13.1 systemd-container-249.12-150400.8.13.1 systemd-container-debuginfo-249.12-150400.8.13.1 systemd-coredump-249.12-150400.8.13.1 systemd-coredump-debuginfo-249.12-150400.8.13.1 systemd-debuginfo-249.12-150400.8.13.1 systemd-debugsource-249.12-150400.8.13.1 systemd-devel-249.12-150400.8.13.1 systemd-doc-249.12-150400.8.13.1 systemd-sysvinit-249.12-150400.8.13.1 udev-249.12-150400.8.13.1 udev-debuginfo-249.12-150400.8.13.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (noarch): systemd-lang-249.12-150400.8.13.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (x86_64): libsystemd0-32bit-249.12-150400.8.13.1 libsystemd0-32bit-debuginfo-249.12-150400.8.13.1 libudev1-32bit-249.12-150400.8.13.1 libudev1-32bit-debuginfo-249.12-150400.8.13.1 systemd-32bit-249.12-150400.8.13.1 systemd-32bit-debuginfo-249.12-150400.8.13.1 - SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64): libsystemd0-249.12-150400.8.13.1 libsystemd0-debuginfo-249.12-150400.8.13.1 libudev1-249.12-150400.8.13.1 libudev1-debuginfo-249.12-150400.8.13.1 systemd-249.12-150400.8.13.1 systemd-container-249.12-150400.8.13.1 systemd-container-debuginfo-249.12-150400.8.13.1 systemd-debuginfo-249.12-150400.8.13.1 systemd-debugsource-249.12-150400.8.13.1 systemd-journal-remote-249.12-150400.8.13.1 systemd-journal-remote-debuginfo-249.12-150400.8.13.1 systemd-sysvinit-249.12-150400.8.13.1 udev-249.12-150400.8.13.1 udev-debuginfo-249.12-150400.8.13.1 References: https://www.suse.com/security/cve/CVE-2022-3821.html https://bugzilla.suse.com/1204179 https://bugzilla.suse.com/1204968 From sle-updates at lists.suse.com Tue Nov 15 20:21:56 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 15 Nov 2022 21:21:56 +0100 (CET) Subject: SUSE-SU-2022:3998-1: important: Security update for the Linux Kernel Message-ID: <20221115202156.F4009F3D4@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3998-1 Rating: important References: #1065729 #1071995 #1152472 #1152489 #1188238 #1194869 #1196018 #1196632 #1199904 #1200567 #1200692 #1200788 #1202187 #1202686 #1202700 #1202914 #1203098 #1203229 #1203290 #1203435 #1203514 #1203699 #1203701 #1203767 #1203770 #1203802 #1203922 #1203979 #1204017 #1204051 #1204059 #1204060 #1204125 #1204142 #1204166 #1204168 #1204171 #1204241 #1204353 #1204354 #1204355 #1204402 #1204413 #1204415 #1204417 #1204428 #1204431 #1204439 #1204470 #1204479 #1204498 #1204533 #1204569 #1204574 #1204575 #1204619 #1204635 #1204637 #1204646 #1204647 #1204650 #1204653 #1204693 #1204705 #1204719 #1204728 #1204753 #1204868 #1204926 #1204933 #1204934 #1204947 #1204957 #1204963 #1204970 PED-1082 PED-1084 PED-1085 PED-1096 PED-1211 PED-1649 PED-634 PED-676 PED-678 PED-679 PED-707 PED-732 PED-813 PED-817 PED-822 PED-825 PED-833 PED-842 PED-846 PED-850 PED-851 PED-856 PED-857 SLE-13847 SLE-9246 Cross-References: CVE-2022-1882 CVE-2022-2153 CVE-2022-28748 CVE-2022-2964 CVE-2022-2978 CVE-2022-3169 CVE-2022-33981 CVE-2022-3424 CVE-2022-3435 CVE-2022-3521 CVE-2022-3524 CVE-2022-3526 CVE-2022-3535 CVE-2022-3542 CVE-2022-3545 CVE-2022-3565 CVE-2022-3577 CVE-2022-3586 CVE-2022-3594 CVE-2022-3619 CVE-2022-3621 CVE-2022-3625 CVE-2022-3628 CVE-2022-3629 CVE-2022-3633 CVE-2022-3640 CVE-2022-3646 CVE-2022-3649 CVE-2022-40476 CVE-2022-40768 CVE-2022-41674 CVE-2022-42703 CVE-2022-42719 CVE-2022-42720 CVE-2022-42721 CVE-2022-42722 CVE-2022-43750 CVSS scores: CVE-2022-1882 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-1882 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-2153 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-2153 (SUSE): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2022-28748 (SUSE): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N CVE-2022-2964 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-2964 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-2978 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-2978 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3169 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3169 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-33981 (NVD) : 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L CVE-2022-33981 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3424 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3435 (NVD) : 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVE-2022-3435 (SUSE): 5.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H CVE-2022-3521 (NVD) : 2.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L CVE-2022-3521 (SUSE): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-3524 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-3524 (SUSE): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3526 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-3526 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-3535 (NVD) : 3.5 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L CVE-2022-3535 (SUSE): 2.3 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L CVE-2022-3542 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3542 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-3545 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3545 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-3565 (NVD) : 8 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3565 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-3577 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3577 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3586 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3586 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3594 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-3594 (SUSE): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-3619 (NVD) : 4.3 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2022-3619 (SUSE): 5.3 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-3621 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-3621 (SUSE): 4.3 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3625 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3625 (SUSE): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2022-3628 (SUSE): 4.6 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-3629 (NVD) : 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L CVE-2022-3629 (SUSE): 2.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L CVE-2022-3633 (NVD) : 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L CVE-2022-3633 (SUSE): 2.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L CVE-2022-3640 (NVD) : 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-3640 (SUSE): 7.1 CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-3646 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2022-3646 (SUSE): 2.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L CVE-2022-3649 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-3649 (SUSE): 3.1 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L CVE-2022-40476 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-40476 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-40768 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-40768 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-41674 (NVD) : 8.1 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H CVE-2022-41674 (SUSE): 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-42703 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-42703 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-42719 (NVD) : 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-42719 (SUSE): 7.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-42720 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-42720 (SUSE): 7.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-42721 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-42721 (SUSE): 7.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-42722 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-42722 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-43750 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-43750 (SUSE): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Public Cloud 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that solves 37 vulnerabilities, contains 25 features and has 38 fixes is now available. Description: The SUSE Linux Enterprise 15-SP4 Azure kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-1882: Fixed a use-after-free flaw in free_pipe_info() that could allow a local user to crash or potentially escalate their privileges on the system (bsc#1199904). - CVE-2022-2153: Fixed vulnerability in KVM that could allow an unprivileged local attacker on the host to cause DoS (bnc#1200788). - CVE-2022-2964, CVE-2022-28748: Fixed memory corruption issues in ax88179_178a devices (bnc#1202686 bsc#1196018). - CVE-2022-2978: Fixed use-after-free in the NILFS file system that could lead to local privilege escalation or DoS (bnc#1202700). - CVE-2022-3169: Fixed a denial of service flaw which occurs when consecutive requests to NVME_IOCTL_RESET and the NVME_IOCTL_SUBSYS_RESET are sent (bnc#1203290). - CVE-2022-33981: Fixed a use-after-free in floppy driver (bnc#1200692). - CVE-2022-3424: Fixed use-after-free in gru_set_context_option(), gru_fault() and gru_handle_user_call_os() that could lead to kernel panic (bsc#1204166). - CVE-2022-3435: Fixed an out-of-bounds read in fib_nh_match() of the file net/ipv4/fib_semantics.c (bsc#1204171). - CVE-2022-3521: Fixed race condition in kcm_tx_work() in net/kcm/kcmsock.c (bnc#1204355). - CVE-2022-3524: Fixed memory leak in ipv6_renew_options() in the IPv6 handler (bnc#1204354). - CVE-2022-3526: Fixed a memory leak in macvlan_handle_frame() from drivers/net/macvlan.c (bnc#1204353). - CVE-2022-3535: Fixed memory leak in mvpp2_dbgfs_port_init() in drivers/net/ethernet/marvell/mvpp2/mvpp2_debugfs.c (bnc#1204417). - CVE-2022-3542: Fixed memory leak in bnx2x_tpa_stop() in drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.c (bnc#1204402). - CVE-2022-3545: Fixed use-after-free in area_cache_get() in drivers/net/ethernet/netronome/nfp/nfpcore/nfp_cppcore.c (bnc#1204415). - CVE-2022-3565: Fixed use-after-free in del_timer() in drivers/isdn/mISDN/l1oip_core.c (bnc#1204431). - CVE-2022-3577: Fixed out-of-bounds memory write flaw in bigben device driver that could lead to local privilege escalation or DoS (bnc#1204470). - CVE-2022-3586: Fixed use-after-free in socket buffer (SKB) that could allow a local unprivileged user to cause a denial of service (bnc#1204439). - CVE-2022-3594: Fixed excessive data logging in intr_callback() in drivers/net/usb/r8152.c (bnc#1204479). - CVE-2022-3619: Fixed memory leak in l2cap_recv_acldata() in net/bluetooth/l2cap_core.c of the component (bnc#1204569). - CVE-2022-3621: Fixed null pointer dereference in nilfs_bmap_lookup_at_level() in fs/nilfs2/inode.c (bnc#1204574). - CVE-2022-3625: Fixed use-after-free in devlink_param_set()/devlink_param_get() in net/core/devlink.c (bnc#1204637). - CVE-2022-3628: Fixed potential buffer overflow in brcmf_fweh_event_worker() in wifi/brcmfmac (bsc#1204868). - CVE-2022-3629: Fixed memory leak in vsock_connect() in net/vmw_vsock/af_vsock.c (bnc#1204635). - CVE-2022-3633: Fixed memory leak in j1939_session_destroy() in net/can/j1939/transport.c (bnc#1204650). - CVE-2022-3640: Fixed use-after-free in l2cap_conn_del() in net/bluetooth/l2cap_core.c (bnc#1204619). - CVE-2022-3646: Fixed memory leak in nilfs_attach_log_writer() in fs/nilfs2/segment.c (bnc#1204646). - CVE-2022-3649: Fixed use-after-free in nilfs_new_inode() in fs/nilfs2/inode.c (bnc#1204647). - CVE-2022-40476: Fixed a null pointer dereference in fs/io_uring.c (bnc#1203435). - CVE-2022-40768: Fixed information leak in the scsi driver which allowed local users to obtain sensitive information from kernel memory (bnc#1203514). - CVE-2022-41674: Fixed a DoS issue where kernel can crash on the reception of specific WiFi Frames (bsc#1203770). - CVE-2022-42703: Fixed use-after-free in mm/rmap.c related to leaf anon_vma double reuse (bnc#1204168). - CVE-2022-42719: Fixed MBSSID parsing use-after-free. (bsc#1204051) - CVE-2022-42720: Fixed BSS refcounting bugs. (bsc#1204059) - CVE-2022-42721: Avoid nontransmitted BSS list corruption. (bsc#1204060) - CVE-2022-42722: Fixed crash in beacon protection for P2P-device. (bsc#1204125) - CVE-2022-43750: Fixed vulnerability in usbmon that allowed a user-space client to corrupt the monitor's internal memory (bnc#1204653). The following non-security bugs were fixed: - ACPI: APEI: do not add task_work to kernel thread to avoid memory leak (git-fixes). - ACPI: HMAT: Release platform device in case of platform_device_add_data() fails (git-fixes). - ACPI: extlog: Handle multiple records (git-fixes). - ACPI: tables: FPDT: Do not call acpi_os_map_memory() on invalid phys address (git-fixes). - ACPI: video: Add Toshiba Satellite/Portege Z830 quirk (git-fixes). - ACPI: video: Make backlight class device registration a separate step (v2) (git-fixes). - ACPI: x86: Add a quirk for Dell Inspiron 14 2-in-1 for StorageD3Enable (git-fixes). - ALSA: Use del_timer_sync() before freeing timer (git-fixes). - ALSA: ac97: fix possible memory leak in snd_ac97_dev_register() (git-fixes). - ALSA: aoa: Fix I2S device accounting (git-fixes). - ALSA: aoa: i2sbus: fix possible memory leak in i2sbus_add_dev() (git-fixes). - ALSA: asihpi - Remove useless code in hpi_meter_get_peak() (git-fixes). - ALSA: au88x0: use explicitly signed char (git-fixes). - ALSA: dmaengine: increment buffer pointer atomically (git-fixes). - ALSA: hda/cs_dsp_ctl: Fix mutex inversion when creating controls (bsc#1203699). - ALSA: hda/hdmi: Do not skip notification handling during PM operation (git-fixes). - ALSA: hda/hdmi: Fix the converter allocation for the silent stream (git-fixes). - ALSA: hda/hdmi: Fix the converter reuse for the silent stream (git-fixes). - ALSA: hda/hdmi: change type for the 'assigned' variable (git-fixes). - ALSA: hda/realtek: Add Intel Reference SSID to support headset keys (git-fixes). - ALSA: hda/realtek: Add another HP ZBook G9 model quirks (bsc#1203699). - ALSA: hda/realtek: Add quirk for ASUS GV601R laptop (git-fixes). - ALSA: hda/realtek: Add quirk for ASUS Zenbook using CS35L41 (bsc#1203922). - ALSA: hda/realtek: Correct pin configs for ASUS G533Z (git-fixes). - ALSA: hda/realtek: remove ALC289_FIXUP_DUAL_SPK for Dell 5530 (git-fixes). - ALSA: hda: Fix position reporting on Poulsbo (git-fixes). - ALSA: hda: cs35l41: Remove suspend/resume hda hooks (bsc#1203699). - ALSA: hda: cs35l41: Support System Suspend (bsc#1203699). - ALSA: hda: hda_cs_dsp_ctl: Ensure pwr_lock is held before reading/writing controls (bsc#1203699). - ALSA: hda: hda_cs_dsp_ctl: Minor clean and redundant code removal (bsc#1203699). - ALSA: hiface: fix repeated words in comments (git-fixes). - ALSA: line6: Replace sprintf() with sysfs_emit() (git-fixes). - ALSA: line6: remove line6_set_raw declaration (git-fixes). - ALSA: oss: Fix potential deadlock at unregistration (git-fixes). - ALSA: rawmidi: Drop register_mutex in snd_rawmidi_free() (git-fixes). - ALSA: rme9652: use explicitly signed char (git-fixes). - ALSA: scarlett2: Add Focusrite Clarett+ 8Pre support (git-fixes). - ALSA: scarlett2: Add support for the internal "standalone" switch (git-fixes). - ALSA: scarlett2: Split scarlett2_config_items[] into 3 sections (git-fixes). - ALSA: usb-audio: Add mixer mapping for Gigabyte B450/550 Mobos (git-fixes). - ALSA: usb-audio: Add quirk to enable Avid Mbox 3 support (git-fixes). - ALSA: usb-audio: Add quirks for M-Audio Fast Track C400/600 (git-fixes). - ALSA: usb-audio: Fix NULL dererence at error path (git-fixes). - ALSA: usb-audio: Fix last interface check for registration (git-fixes). - ALSA: usb-audio: Fix potential memory leaks (git-fixes). - ALSA: usb-audio: Fix regression with Dell Dock jack detection (bsc#1204719). - ALSA: usb-audio: Register card at the last interface (git-fixes). - ALSA: usb-audio: make read-only array marker static const (git-fixes). - ALSA: usb-audio: remove redundant assignment to variable c (git-fixes). - ALSA: usb-audio: scarlett2: Use struct_size() helper in scarlett2_usb() (git-fixes). - ALSA: usb/6fire: fix repeated words in comments (git-fixes). - ARM: 9242/1: kasan: Only map modules if CONFIG_KASAN_VMALLOC=n (git-fixes). - ARM: 9244/1: dump: Fix wrong pg_level in walk_pmd() (git-fixes). - ARM: 9247/1: mm: set readonly for MT_MEMORY_RO with ARM_LPAE (git-fixes). - ARM: Drop CMDLINE_* dependency on ATAGS (git-fixes). - ARM: decompressor: Include .data.rel.ro.local (git-fixes). - ARM: defconfig: clean up multi_v4t and multi_v5 configs (git-fixes). - ARM: defconfig: drop CONFIG_PTP_1588_CLOCK=y (git-fixes). - ARM: defconfig: drop CONFIG_SERIAL_OMAP references (git-fixes). - ARM: defconfig: drop CONFIG_USB_FSL_USB2 (git-fixes). - ARM: dts: armada-38x: Add gpio-ranges for pin muxing (git-fixes). - ARM: dts: exynos: correct s5k6a3 reset polarity on Midas family (git-fixes). - ARM: dts: exynos: fix polarity of VBUS GPIO of Origen (git-fixes). - ARM: dts: fix Moxa SDIO 'compatible', remove 'sdhci' misnomer (git-fixes). - ARM: dts: imx6dl: add missing properties for sram (git-fixes). - ARM: dts: imx6q: add missing properties for sram (git-fixes). - ARM: dts: imx6qdl-gw59{10,13}: fix user pushbutton GPIO offset (git-fixes). - ARM: dts: imx6qdl-kontron-samx6i: hook up DDC i2c bus (git-fixes). - ARM: dts: imx6qp: add missing properties for sram (git-fixes). - ARM: dts: imx6sl: add missing properties for sram (git-fixes). - ARM: dts: imx6sll: add missing properties for sram (git-fixes). - ARM: dts: imx6sx: add missing properties for sram (git-fixes). - ARM: dts: imx7d-sdb: config the max pressure for tsc2046 (git-fixes). - ARM: dts: integrator: Tag PCI host with device_type (git-fixes). - ARM: dts: kirkwood: lsxl: fix serial line (git-fixes). - ARM: dts: kirkwood: lsxl: remove first ethernet port (git-fixes). - ARM: dts: turris-omnia: Add label for wan port (git-fixes). - ARM: dts: turris-omnia: Fix mpp26 pin name and comment (git-fixes). - ASoC: SOF: pci: Change DMI match info to support all Chrome platforms (git-fixes). - ASoC: codecs: tx-macro: fix kcontrol put (git-fixes). - ASoC: da7219: Fix an error handling path in da7219_register_dai_clks() (git-fixes). - ASoC: eureka-tlv320: Hold reference returned from of_find_xxx API (git-fixes). - ASoC: fsl_sai: Remove unnecessary FIFO reset in ISR (git-fixes). - ASoC: mt6359: fix tests for platform_get_irq() failure (git-fixes). - ASoC: mt6660: Fix PM disable depth imbalance in mt6660_i2c_probe (git-fixes). - ASoC: qcom: lpass-cpu: Mark HDMI TX parity register as volatile (git-fixes). - ASoC: qcom: lpass-cpu: mark HDMI TX registers as volatile (git-fixes). - ASoC: rsnd: Add check for rsnd_mod_power_on (git-fixes). - ASoC: tas2764: Allow mono streams (git-fixes). - ASoC: tas2764: Drop conflicting set_bias_level power setting (git-fixes). - ASoC: tas2764: Fix mute/unmute (git-fixes). - ASoC: wcd9335: fix order of Slimbus unprepare/disable (git-fixes). - ASoC: wcd934x: fix order of Slimbus unprepare/disable (git-fixes). - ASoC: wm5102: Fix PM disable depth imbalance in wm5102_probe (git-fixes). - ASoC: wm5110: Fix PM disable depth imbalance in wm5110_probe (git-fixes). - ASoC: wm8997: Fix PM disable depth imbalance in wm8997_probe (git-fixes). - ASoC: wm_adsp: Handle optional legacy support (git-fixes). - Bluetooth: L2CAP: Fix use-after-free caused by l2cap_reassemble_sdu (git-fixes). - Bluetooth: L2CAP: Fix user-after-free (git-fixes). - Bluetooth: L2CAP: initialize delayed works at l2cap_chan_create() (git-fixes). - Bluetooth: RFCOMM: Fix possible deadlock on socket shutdown/release (git-fixes). - Bluetooth: btintel: Mark Intel controller to support LE_STATES quirk (git-fixes). - Bluetooth: hci_sysfs: Fix attempting to call device_add multiple times (git-fixes). - Bluetooth: virtio_bt: Use skb_put to set length (git-fixes). - Documentation: devres: add missing I2C helper (git-fixes). - Drivers: hv: vmbus: Fix handling of messages with transaction ID of zero (bsc#1204017). - Drivers: hv: vmbus: Introduce vmbus_request_addr_match() (bsc#1204017). - Drivers: hv: vmbus: Introduce vmbus_sendpacket_getid() (bsc#1204017). - Drivers: hv: vmbus: Introduce {lock,unlock}_requestor() (bsc#1204017). - Drop verbose nvme logging feature (bsc#1200567). - HID: hidraw: fix memory leak in hidraw_release() (git-fixes). - HID: magicmouse: Do not set BTN_MOUSE on double report (git-fixes). - HID: multitouch: Add memory barriers (git-fixes). - HID: roccat: Fix use-after-free in roccat_read() (git-fixes). - HSI: omap_ssi: Fix refcount leak in ssi_probe (git-fixes). - HSI: omap_ssi_port: Fix dma_map_sg error check (git-fixes). - IB/core: Fix a nested dead lock as part of ODP flow (git-fixes) - IB/rdmavt: Add __init/__exit annotations to module init/exit funcs (git-fixes) - Input: i8042 - fix refount leak on sparc (git-fixes). - Input: synaptics-rmi4 - fix firmware update operations with bootloader v8 (git-fixes). - Input: xpad - add supported devices as contributed on github (git-fixes). - Input: xpad - fix wireless 360 controller breaking after suspend (git-fixes). - KVM: SVM: Exit to userspace on ENOMEM/EFAULT GHCB errors (git-fixes). - KVM: VMX: Inject #PF on ENCLS as "emulated" #PF (git-fixes). - KVM: fix avic_set_running for preemptable kernels (git-fixes). - KVM: nVMX: Ignore SIPI that arrives in L2 when vCPU is not in WFS (git-fixes). - KVM: nVMX: Unconditionally purge queued/injected events on nested "exit" (git-fixes). - KVM: s390: Clarify SIGP orders versus STOP/RESTART (git-fixes). - KVM: s390: pv: do not present the ecall interrupt twice (bsc#1203229 LTC#199905). - KVM: s390x: fix SCK locking (git-fixes). - KVM: x86/emulator: Fix handing of POP SS to correctly set interruptibility (git-fixes). - KVM: x86/mmu: Do not advance iterator after restart due to yielding (git-fixes). - KVM: x86/mmu: Retry page fault if root is invalidated by memslot update (git-fixes). - KVM: x86/pmu: Add pmc->intr to refactor kvm_perf_overflow{_intr}() (git-fixes). - KVM: x86/pmu: Do not truncate the PerfEvtSeln MSR when creating a perf event (git-fixes). - KVM: x86/pmu: Fix available_event_types check for REF_CPU_CYCLES event (git-fixes). - KVM: x86/pmu: Refactoring find_arch_event() to pmc_perf_hw_id() (git-fixes). - KVM: x86: Add KVM_CAP_ENABLE_CAP to x86 (git-fixes). - KVM: x86: Add compat handler for KVM_X86_SET_MSR_FILTER (git-fixes). - KVM: x86: Always set kvm_run->if_flag (git-fixes). - KVM: x86: Forcibly leave nested virt when SMM state is toggled (git-fixes). - KVM: x86: Inject #UD on emulated XSETBV if XSAVES isn't enabled (git-fixes). - KVM: x86: Keep MSR_IA32_XSS unchanged for INIT (git-fixes). - KVM: x86: Register perf callbacks after calling vendor's hardware_setup() (git-fixes). - KVM: x86: Sync the states size with the XCR0/IA32_XSS at, any time (git-fixes). - KVM: x86: Update vPMCs when retiring branch instructions (git-fixes). - KVM: x86: Update vPMCs when retiring instructions (git-fixes). - KVM: x86: do not report preemption if the steal time cache is stale (git-fixes). - KVM: x86: nSVM/nVMX: set nested_run_pending on VM entry which is a result of RSM (git-fixes). - KVM: x86: nSVM: fix potential NULL derefernce on nested migration (git-fixes). - KVM: x86: nSVM: mark vmcb01 as dirty when restoring SMM saved state (git-fixes). - NFS: Fix another fsync() issue after a server reboot (git-fixes). - NFSv4: Fixes for nfs4_inode_return_delegation() (git-fixes). - PCI/ASPM: Correct LTR_L1.2_THRESHOLD computation (git-fixes). - PCI/ASPM: Ignore L1 PM Substates if device lacks capability (git-fixes). - PCI: Fix used_buses calculation in pci_scan_child_bus_extend() (git-fixes). - PCI: Sanitise firmware BAR assignments behind a PCI-PCI bridge (git-fixes). - PCI: hv: Fix synchronization between channel callback and hv_compose_msi_msg() (bsc#1204017). - PCI: hv: Fix synchronization between channel callback and hv_pci_bus_exit() (bsc#1204017). - PCI: hv: Use vmbus_requestor to generate transaction IDs for VMbus hardening (bsc#1204017). - PCI: mediatek-gen3: Change driver name to mtk-pcie-gen3 (git-fixes). - PM: domains: Fix handling of unavailable/disabled idle states (git-fixes). - PM: hibernate: Allow hybrid sleep to work with s2idle (git-fixes). - RDMA/cma: Fix arguments order in net device validation (git-fixes) - RDMA/hfi1: Fix potential integer multiplication overflow errors (git-fixes) - RDMA/hns: Add the detection for CMDQ status in the device initialization process (git-fixes) - RDMA/irdma: Add support for address handle re-use (git-fixes) - RDMA/irdma: Align AE id codes to correct flush code and event (git-fixes) - RDMA/irdma: Do not advertise 1GB page size for x722 (git-fixes) - RDMA/irdma: Fix VLAN connection with wildcard address (git-fixes) - RDMA/irdma: Fix a window for use-after-free (git-fixes) - RDMA/irdma: Fix setting of QP context err_rq_idx_valid field (git-fixes) - RDMA/irdma: Fix sleep from invalid context BUG (git-fixes) - RDMA/irdma: Move union irdma_sockaddr to header file (git-fixes) - RDMA/irdma: Remove the unnecessary variable saddr (git-fixes) - RDMA/irdma: Report RNR NAK generation in device caps (git-fixes) - RDMA/irdma: Report the correct max cqes from query device (git-fixes) - RDMA/irdma: Return correct WC error for bind operation failure (git-fixes) - RDMA/irdma: Return error on MR deregister CQP failure (git-fixes) - RDMA/irdma: Use net_type to check network type (git-fixes) - RDMA/irdma: Validate udata inlen and outlen (git-fixes) - RDMA/mlx5: Add missing check for return value in get namespace flow (git-fixes) - RDMA/mlx5: Do not compare mkey tags in DEVX indirect mkey (git-fixes) - RDMA/qedr: Fix potential memory leak in __qedr_alloc_mr() (git-fixes) - RDMA/qedr: Fix reporting QP timeout attribute (git-fixes) - RDMA/rxe: Fix "kernel NULL pointer dereference" error (git-fixes) - RDMA/rxe: Fix deadlock in rxe_do_local_ops() (git-fixes) - RDMA/rxe: Fix error unwind in rxe_create_qp() (git-fixes) - RDMA/rxe: Fix mw bind to allow any consumer key portion (git-fixes) - RDMA/rxe: Fix resize_finish() in rxe_queue.c (git-fixes) - RDMA/rxe: Fix rnr retry behavior (git-fixes) - RDMA/rxe: Fix the error caused by qp->sk (git-fixes) - RDMA/rxe: For invalidate compare according to set keys in mr (git-fixes) - RDMA/rxe: Generate a completion for unsupported/invalid opcode (git-fixes) - RDMA/siw: Always consume all skbuf data in sk_data_ready() upcall. (git-fixes) - RDMA/siw: Fix QP destroy to wait for all references dropped. (git-fixes) - RDMA/siw: Fix duplicated reported IW_CM_EVENT_CONNECT_REPLY event (git-fixes) - RDMA/siw: Pass a pointer to virt_to_page() (git-fixes) - RDMA/srp: Fix srp_abort() (git-fixes) - RDMA/srp: Handle dev_set_name() failure (git-fixes) - RDMA/srp: Rework the srp_add_port() error path (git-fixes) - RDMA/srp: Set scmnd->result only when scmnd is not NULL (git-fixes) - RDMA/srp: Support more than 255 rdma ports (git-fixes) - RDMA/srp: Use the attribute group mechanism for sysfs attributes (git-fixes) - RDMA/srpt: Duplicate port name members (git-fixes) - RDMA/srpt: Fix a use-after-free (git-fixes) - RDMA/srpt: Introduce a reference count in struct srpt_device (git-fixes) - RDMA/usnic: fix set-but-not-unused variable 'flags' warning (git-fixes) - RDMA: remove useless condition in siw_create_cq() (git-fixes) - Revert "workqueue: remove unused cancel_work()" (bsc#1204933). - arm64/bti: Disable in kernel BTI when cross section thunks are broken (git-fixes) - arm64/mm: Consolidate TCR_EL1 fields (git-fixes). - arm64: dts: imx8: correct clock order (git-fixes). - arm64: dts: imx8mp: Add snps,gfladj-refclk-lpm-sel quirk to USB nodes (git-fixes). - arm64: dts: imx8mq-librem5: Add bq25895 as max17055's power supply (git-fixes). - arm64: dts: juno: Add thermal critical trip points (git-fixes). - arm64: dts: ls1088a: specify clock frequencies for the MDIO controllers (git-fixes). - arm64: dts: ls208xa: specify clock frequencies for the MDIO controllers (git-fixes). - arm64: dts: lx2160a: specify clock frequencies for the MDIO controllers (git-fixes). - arm64: dts: qcom: sc7280: Cleanup the lpasscc node (git-fixes). - arm64: dts: ti: k3-j7200: fix main pinmux range (git-fixes). - arm64: entry: avoid kprobe recursion (git-fixes). - arm64: ftrace: fix module PLTs with mcount (git-fixes). - arm64: mte: Avoid setting PG_mte_tagged if no tags cleared or restored (git-fixes). - arm64: topology: move store_cpu_topology() to shared code (git-fixes). - ata: ahci-imx: Fix MODULE_ALIAS (git-fixes). - ata: fix ata_id_has_devslp() (git-fixes). - ata: fix ata_id_has_dipm() (git-fixes). - ata: fix ata_id_has_ncq_autosense() (git-fixes). - ata: fix ata_id_sense_reporting_enabled() and ata_id_has_sense_reporting() (git-fixes). - ata: libahci_platform: Sanity check the DT child nodes number (git-fixes). - ata: pata_legacy: fix pdc20230_set_piomode() (git-fixes). - bnxt_en: Fix bnxt_refclk_read() (git-fixes). - bnxt_en: Fix bnxt_reinit_after_abort() code path (git-fixes). - bnxt_en: fix livepatch query (git-fixes). - bnxt_en: reclaim max resources if sriov enable fails (git-fixes). - bonding: 802.3ad: fix no transmission of LACPDUs (git-fixes). - bonding: ARP monitor spams NETDEV_NOTIFY_PEERS notifiers (git-fixes). - build mlx in arm64/azure as modules again (bsc#1203701) There is little gain by having the drivers built into the kernel. Having them as modules allows easy replacement by third party drivers. Change mlx4, mlx5 and mlxfw from built-in to module. - can: bcm: check the result of can_send() in bcm_can_tx() (git-fixes). - can: j1939: transport: j1939_session_skb_drop_old(): spin_unlock_irqrestore() before kfree_skb() (git-fixes). - can: kvaser_usb: Fix possible completions during init_completion (git-fixes). - can: kvaser_usb: Fix use of uninitialized completion (git-fixes). - can: kvaser_usb: kvaser_usb_leaf: fix CAN clock frequency regression (git-fixes). - can: kvaser_usb: replace run-time checks with struct kvaser_usb_driver_info (git-fixes). - can: kvaser_usb_leaf: Fix CAN state after restart (git-fixes). - can: kvaser_usb_leaf: Fix TX queue out of sync after restart (git-fixes). - can: mcp251x: mcp251x_can_probe(): add missing unregister_candev() in error path (git-fixes). - can: mcp251xfd: mcp251xfd_register_get_dev_id(): fix endianness conversion (git-fixes). - can: mcp251xfd: mcp251xfd_register_get_dev_id(): use correct length to read dev_id (git-fixes). - can: mscan: mpc5xxx: mpc5xxx_can_probe(): add missing put_clock() in error path (git-fixes). - cgroup/cpuset: Enable update_tasks_cpumask() on top_cpuset (bsc#1204753). - clk: ast2600: BCLK comes from EPLL (git-fixes). - clk: at91: fix the build with binutils 2.27 (git-fixes). - clk: baikal-t1: Add SATA internal ref clock buffer (git-fixes). - clk: baikal-t1: Add shared xGMAC ref/ptp clocks internal parent (git-fixes). - clk: baikal-t1: Fix invalid xGMAC PTP clock divider (git-fixes). - clk: bcm2835: Make peripheral PLLC critical (git-fixes). - clk: bcm2835: Round UART input clock up (bsc#1188238) - clk: bcm2835: fix bcm2835_clock_rate_from_divisor declaration (git-fixes). - clk: bcm: rpi: Add support for VEC clock (bsc#1196632) - clk: berlin: Add of_node_put() for of_get_parent() (git-fixes). - clk: imx: scu: fix memleak on platform_device_add() fails (git-fixes). - clk: mediatek: mt8183: mfgcfg: Propagate rate changes to parent (git-fixes). - clk: meson: Hold reference returned by of_get_parent() (git-fixes). - clk: oxnas: Hold reference returned by of_get_parent() (git-fixes). - clk: qcom: apss-ipq6018: mark apcs_alias0_core_clk as critical (git-fixes). - clk: qcom: gcc-msm8916: use ARRAY_SIZE instead of specifying num_parents (git-fixes). - clk: qoriq: Hold reference returned by of_get_parent() (git-fixes). - clk: sprd: Hold reference returned by of_get_parent() (git-fixes). - clk: tegra20: Fix refcount leak in tegra20_clock_init (git-fixes). - clk: tegra: Fix refcount leak in tegra114_clock_init (git-fixes). - clk: tegra: Fix refcount leak in tegra210_clock_init (git-fixes). - clk: ti: dra7-atl: Fix reference leak in of_dra7_atl_clk_probe (git-fixes). - clk: vc5: Fix 5P49V6901 outputs disabling when enabling FOD (git-fixes). - clk: zynqmp: Fix stack-out-of-bounds in strncpy` (git-fixes). - clk: zynqmp: pll: rectify rate rounding in zynqmp_pll_round_rate (git-fixes). - cpufreq: qcom: fix memory leak in error path (git-fixes). - cpufreq: qcom: fix writes in read-only memory region (git-fixes). - crypto: akcipher - default implementation for setting a private key (git-fixes). - crypto: cavium - prevent integer overflow loading firmware (git-fixes). - crypto: ccp - Release dma channels before dmaengine unrgister (git-fixes). - crypto: hisilicon/zip - fix mismatch in get/set sgl_sge_nr (git-fixes). - crypto: inside-secure - Change swab to swab32 (git-fixes). - crypto: inside-secure - Replace generic aes with libaes (git-fixes). - crypto: marvell/octeontx - prevent integer overflows (git-fixes). - crypto: qat - fix default value of WDT timer (git-fixes). - crypto: sahara - do not sleep when in softirq (git-fixes). - device property: Fix documentation for *_match_string() APIs (git-fixes). - dmaengine: hisilicon: Add multi-thread support for a DMA channel (git-fixes). - dmaengine: hisilicon: Disable channels when unregister hisi_dma (git-fixes). - dmaengine: hisilicon: Fix CQ head update (git-fixes). - dmaengine: idxd: change bandwidth token to read buffers (jsc#PED-679). - dmaengine: idxd: deprecate token sysfs attributes for read buffers (jsc#PED-679). - dmaengine: idxd: force wq context cleanup on device disable path (git-fixes). - dmaengine: ioat: stop mod_timer from resurrecting deleted timer in __cleanup() (git-fixes). - dmaengine: mxs: use platform_driver_register (git-fixes). - dmaengine: ti: k3-udma: Reset UDMA_CHAN_RT byte counters to prevent overflow (git-fixes). - dmaengine: xilinx_dma: Fix devm_platform_ioremap_resource error handling (git-fixes). - dmaengine: xilinx_dma: Report error in case of dma_set_mask_and_coherent API failure (git-fixes). - dmaengine: xilinx_dma: cleanup for fetching xlnx,num-fstores property (git-fixes). - docs: update mediator information in CoC docs (git-fixes). - dpaa2-eth: trace the allocated address instead of page struct (git-fixes). - drivers: serial: jsm: fix some leaks in probe (git-fixes). - drm/amd/display: Assume an LTTPR is always present on fixed_vs links (git-fixes). - drm/amd/display: Changed pipe split policy to allow for multi-display (bsc#1152472) Backporting notes: * remove changes to non-existing 201 and 31 directories - drm/amd/display: Correct MPC split policy for DCN301 (git-fixes). - drm/amd/display: Fix build breakage with CONFIG_DEBUG_FS=n (git-fixes). - drm/amd/display: Fix double cursor on non-video RGB MPO (git-fixes). - drm/amd/display: Fix vblank refcount in vrr transition (git-fixes). - drm/amd/display: Remove interface for periodic interrupt 1 (git-fixes). - drm/amd/display: skip audio setup when audio stream is enabled (git-fixes). - drm/amd/display: update gamut remap if plane has changed (git-fixes). - drm/amd/pm: smu7_hwmgr: fix potential off-by-one overflow in 'performance_levels' (git-fixes). - drm/amdgpu/display: change pipe policy for DCN 2.0 (git-fixes). - drm/amdgpu/display: change pipe policy for DCN 2.1 (git-fixes). - drm/amdgpu/gfx10: add wraparound gpu counter check for APUs as well (bsc#1152472) - drm/amdgpu/gfx9: switch to golden tsc registers for renoir+ (bsc#1152472) - drm/amdgpu: add missing pci_disable_device() in amdgpu_pmops_runtime_resume() (git-fixes). - drm/amdgpu: fix initial connector audio value (git-fixes). - drm/amdgpu: fix sdma doorbell init ordering on APUs (git-fixes). - drm/amdkfd: Fix memory leak in kfd_mem_dmamap_userptr() (git-fixes). - drm/bridge: Avoid uninitialized variable warning (git-fixes). - drm/bridge: megachips: Fix a null pointer dereference bug (git-fixes). - drm/bridge: parade-ps8640: Fix regulator supply order (git-fixes). - drm/i915/dp: Reset frl trained flag before restarting FRL training (git-fixes). - drm/i915/ehl: Update MOCS table for EHL (git-fixes). - drm/i915/gvt: fix a memory leak in intel_gvt_init_vgpu_types (git-fixes). - drm/i915/hdmi: convert intel_hdmi_to_dev to intel_hdmi_to_i915 (bsc#1152489) - drm/i915: Reject unsupported TMDS rates on ICL+ (git-fixes). - drm/komeda: Fix handling of atomic commit in the atomic_commit_tail hook (git-fixes). - drm/meson: explicitly remove aggregate driver at module unload time (git-fixes). - drm/mipi-dsi: Detach devices when removing the host (git-fixes). - drm/msm/dp: Silence inconsistent indent warning (git-fixes). - drm/msm/dp: correct 1.62G link rate at dp_catalog_ctrl_config_msa() (git-fixes). - drm/msm/dp: fix IRQ lifetime (git-fixes). - drm/msm/dpu: Fix comment typo (git-fixes). - drm/msm/dpu: index dpu_kms->hw_vbif using vbif_idx (git-fixes). - drm/msm/dsi: fix memory corruption with too many bridges (git-fixes). - drm/msm/hdmi: fix memory corruption with too many bridges (git-fixes). - drm/msm: Fix return type of mdp4_lvds_connector_mode_valid (git-fixes). - drm/msm: Make .remove and .shutdown HW shutdown consistent (git-fixes). - drm/msm: fix use-after-free on probe deferral (git-fixes). - drm/nouveau/kms/nv140-: Disable interlacing (git-fixes). - drm/nouveau/nouveau_bo: fix potential memory leak in nouveau_bo_alloc() (git-fixes). - drm/nouveau: fix a use-after-free in nouveau_gem_prime_import_sg_table() (git-fixes). - drm/nouveau: wait for the exclusive fence after the shared ones v2 (bsc#1152472) - drm/omap: dss: Fix refcount leak bugs (git-fixes). - drm/scheduler: quieten kernel-doc warnings (git-fixes). - drm/virtio: Check whether transferred 2D BO is shmem (git-fixes). - drm/virtio: Unlock reservations on virtio_gpu_object_shmem_init() error (git-fixes). - drm: Prevent drm_copy_field() to attempt copying a NULL pointer (git-fixes). - drm: Use size_t type for len variable in drm_copy_field() (git-fixes). - drm: bridge: adv7511: fix CEC power down control register offset (git-fixes). - drm: bridge: dw_hdmi: only trigger hotplug event on link change (git-fixes). - drm: fix drm_mipi_dbi build errors (git-fixes). - drm: panel-orientation-quirks: Add quirk for Anbernic Win600 (git-fixes). - drm:pl111: Add of_node_put() when breaking out of for_each_available_child_of_node() (git-fixes). - dt-bindings: PCI: microchip,pcie-host: fix missing clocks properties (git-fixes). - dt-bindings: PCI: microchip,pcie-host: fix missing dma-ranges (git-fixes). - dt-bindings: crypto: ti,sa2ul: drop dma-coherent property (git-fixes). - dt-bindings: display/msm: dpu-sc7180: add missing DPU opp-table (git-fixes). - dt-bindings: display/msm: dpu-sdm845: add missing DPU opp-table (git-fixes). - dt-bindings: mtd: intel: lgm-nand: Fix compatible string (git-fixes). - dt-bindings: mtd: intel: lgm-nand: Fix maximum chip select value (git-fixes). - dt-bindings: phy: qcom,qmp-usb3-dp: fix bogus clock-cells property (git-fixes). - dt-bindings: phy: qcom,qmp: fix bogus clock-cells property (git-fixes). - dt-bindings: power: gpcv2: add power-domains property (git-fixes). - dyndbg: fix module.dyndbg handling (git-fixes). - dyndbg: fix static_branch manipulation (git-fixes). - dyndbg: let query-modname override actual module name (git-fixes). - efi/tpm: Pass correct address to memblock_reserve (git-fixes). - efi: Correct Macmini DMI match in uefi cert quirk (git-fixes). - efi: libstub: drop pointless get_memory_map() call (git-fixes). - fbdev: cyber2000fb: fix missing pci_disable_device() (git-fixes). - fbdev: da8xx-fb: Fix error handling in .remove() (git-fixes). - fec: Fix timer capture timing in `fec_ptp_enable_pps()` (git-fixes). - firmware: arm_scmi: Add SCMI PM driver remove routine (git-fixes). - firmware: arm_scmi: Harden accesses to the sensor domains (git-fixes). - firmware: arm_scmi: Improve checks in the info_get operations (git-fixes). - firmware: arm_scmi: Make Rx chan_setup fail on memory errors (git-fixes). - firmware: arm_scmi: Suppress the driver's bind attributes (git-fixes). - firmware: google: Test spinlock on panic path to avoid lockups (git-fixes). - fpga: prevent integer overflow in dfl_feature_ioctl_set_irq() (git-fixes). - fs/binfmt_elf: Fix memory leak in load_elf_binary() (git-fixes). - ftrace: Fix char print issue in print_ip_ins() (git-fixes). - ftrace: Properly unset FTRACE_HASH_FL_MOD (git-fixes). - fuse: fix deadlock between atomic O_TRUNC and page invalidation (bsc#1204533). - gcov: support GCC 12.1 and newer compilers (git-fixes). - gpu: lontium-lt9611: Fix NULL pointer dereference in lt9611_connector_init() (git-fixes). - hid: hid-logitech-hidpp: avoid unnecessary assignments in hidpp_connect_event (git-fixes). - hinic: Avoid some over memory allocation (git-fixes). - hwmon/coretemp: Handle large core ID value (git-fixes). - hwmon: (sht4x) do not overflow clamping operation on 32-bit platforms (git-fixes). - i2c: designware: Fix handling of real but unexpected device interrupts (git-fixes). - i2c: i801: Add support for Intel Ice Lake PCH-N (jsc#PED-634). - i2c: i801: Add support for Intel Meteor Lake-P (jsc#PED-732). - i2c: i801: Add support for Intel Raptor Lake PCH-S (jsc#PED-634). - i2c: i801: Improve handling of chip-specific feature definitions (jsc#PED-634). - i2c: piix4: Fix adapter not be removed in piix4_remove() (git-fixes). - i2c: qcom-cci: Fix ordering of pm_runtime_xx and i2c_add_adapter (git-fixes). - i40e: Fix call trace in setup_tx_descriptors (git-fixes). - i40e: Fix dropped jumbo frames statistics (git-fixes). - i40e: Fix to stop tx_timeout recovery if GLOBR fails (git-fixes). - iavf: Fix adminq error handling (git-fixes). - iavf: Fix handling of dummy receive descriptors (git-fixes). - iavf: Fix reset error handling (git-fixes). - ice: Fix switchdev rules book keeping (git-fixes). - ice: check (DD | EOF) bits on Rx descriptor rather than (EOP | RS) (git-fixes). - ice: do not setup vlan for loopback VSI (git-fixes). - igb: Make DMA faster when CPU is active on the PCIe link (git-fixes). - igb: fix a use-after-free issue in igb_clean_tx_ring (git-fixes). - iio: ABI: Fix wrong format of differential capacitance channel ABI (git-fixes). - iio: adc: ad7923: fix channel readings for some variants (git-fixes). - iio: adc: at91-sama5d2_adc: check return status for pressure and touch (git-fixes). - iio: adc: at91-sama5d2_adc: disable/prepare buffer on suspend/resume (git-fixes). - iio: adc: at91-sama5d2_adc: fix AT91_SAMA5D2_MR_TRACKTIM_MAX (git-fixes). - iio: adc: at91-sama5d2_adc: lock around oversampling and sample freq (git-fixes). - iio: adc: mcp3911: use correct id bits (git-fixes). - iio: adxl372: Fix unsafe buffer attributes (git-fixes). - iio: bmc150-accel-core: Fix unsafe buffer attributes (git-fixes). - iio: dac: ad5593r: Fix i2c read protocol requirements (git-fixes). - iio: inkern: fix return value in devm_of_iio_channel_get_by_name() (git-fixes). - iio: inkern: only release the device node when done with it (git-fixes). - iio: light: tsl2583: Fix module unloading (git-fixes). - iio: ltc2497: Fix reading conversion results (git-fixes). - iio: magnetometer: yas530: Change data type of hard_offsets to signed (git-fixes). - iio: pressure: dps310: Refactor startup procedure (git-fixes). - iio: pressure: dps310: Reset chip after timeout (git-fixes). - iio: temperature: ltc2983: allocate iio channels once (git-fixes). - ima: fix blocking of security.ima xattrs of unsupported algorithms (git-fixes). - increase NR_CPUS on azure and follow kernel-default (bsc#1203979) - iommu/vt-d: Do not falsely log intel_iommu is unsupported kernel option (bsc#1204947). - ip: Fix data-races around sysctl_ip_fwd_update_priority (git-fixes). - ipv4: Fix data-races around sysctl_fib_multipath_hash_policy (git-fixes). - irqchip/ls-extirq: Fix invalid wait context by avoiding to use regmap (git-fixes). - isdn: mISDN: netjet: fix wrong check of device registration (git-fixes). - ixgbe: Add locking to prevent panic when setting sriov_numvfs to zero (git-fixes). - ixgbe: fix bcast packets Rx on VF after promisc removal (git-fixes). - ixgbe: fix unexpected VLAN Rx in promisc mode on VF (git-fixes). - kABI: Fix after adding trace_iterator.wait_index (git-fixes). - kABI: Fix kABI after backport Add pmc->intr to refactor kvm_perf_overflow{_intr}() (git-fixes). - kABI: Fix kABI after backport Always set kvm_run->if_flag (git-fixes). - kABI: Fix kABI after backport Forcibly leave nested virt when SMM state is toggled (git-fixes). - kABI: Fix kABI after backport Refactoring find_arch_event() to pmc_perf_hw_id() (git-fixes). - kABI: Fix kABI after backport Update vPMCs when retiring branch instructions (git-fixes). - kabi/severities: ignore CS35L41-specific exports (bsc#1203699) - kbuild: Add skip_encoding_btf_enum64 option to pahole (git-fixes). - kbuild: remove the target in signal traps when interrupted (git-fixes). - kbuild: rpm-pkg: fix breakage when V=1 is used (git-fixes). - kernfs: fix use-after-free in __kernfs_remove (git-fixes). - kselftest/arm64: Fix validatation termination record after EXTRA_CONTEXT (git-fixes). - lib/sg_pool: change module_init(sg_pool_init) to subsys_initcall (git-fixes). - livepatch: Add a missing newline character in klp_module_coming() (bsc#1071995). - livepatch: fix race between fork and KLP transition (bsc#1071995). - mISDN: fix possible memory leak in mISDN_register_device() (git-fixes). - mISDN: hfcpci: Fix use-after-free bug in hfcpci_softirq (git-fixes). - mac802154: Fix LQI recording (git-fixes). - macvlan: enforce a consistent minimal mtu (git-fixes). - mailbox: bcm-ferxrm-mailbox: Fix error check for dma_map_sg (git-fixes). - mailbox: mpfs: account for mbox offsets while sending (git-fixes). - mailbox: mpfs: fix handling of the reg property (git-fixes). - media: atomisp: prevent integer overflow in sh_css_set_black_frame() (git-fixes). - media: cedrus: Fix endless loop in cedrus_h265_skip_bits() (git-fixes). - media: cedrus: Set the platform driver data earlier (git-fixes). - media: cx88: Fix a null-ptr-deref bug in buffer_prepare() (git-fixes). - media: ipu3-imgu: Fix NULL pointer dereference in active selection access (git-fixes). - media: mceusb: set timeout to at least timeout provided (git-fixes). - media: meson: vdec: add missing clk_disable_unprepare on error in vdec_hevc_start() (git-fixes). - media: uvcvideo: Fix memory leak in uvc_gpio_parse (git-fixes). - media: uvcvideo: Use entity get_cur in uvc_ctrl_set (git-fixes). - media: v4l2-compat-ioctl32.c: zero buffer passed to v4l2_compat_get_array_args() (git-fixes). - media: v4l2-dv-timings: add sanity checks for blanking values (git-fixes). - media: v4l2: Fix v4l2_i2c_subdev_set_name function documentation (git-fixes). - media: venus: dec: Handle the case where find_format fails (git-fixes). - media: videodev2.h: V4L2_DV_BT_BLANKING_HEIGHT should check 'interlaced' (git-fixes). - media: vivid: dev->bitmap_cap wasn't freed in all cases (git-fixes). - media: vivid: s_fbuf: add more sanity checks (git-fixes). - media: vivid: set num_in/outputs to 0 if not supported (git-fixes). - media: xilinx: vipp: Fix refcount leak in xvip_graph_dma_init (git-fixes). - memory: of: Fix refcount leak bug in of_get_ddr_timings() (git-fixes). - memory: of: Fix refcount leak bug in of_lpddr3_get_ddr_timings() (git-fixes). - memory: pl353-smc: Fix refcount leak bug in pl353_smc_probe() (git-fixes). - mfd: fsl-imx25: Fix an error handling path in mx25_tsadc_setup_irq() (git-fixes). - mfd: fsl-imx25: Fix check for platform_get_irq() errors (git-fixes). - mfd: intel-lpss: Add Intel Raptor Lake PCH-S PCI IDs (jsc#PED-634). - mfd: intel_soc_pmic: Fix an error handling path in intel_soc_pmic_i2c_probe() (git-fixes). - mfd: lp8788: Fix an error handling path in lp8788_irq_init() and lp8788_irq_init() (git-fixes). - mfd: lp8788: Fix an error handling path in lp8788_probe() (git-fixes). - mfd: sm501: Add check for platform_driver_register() (git-fixes). - misc: ocxl: fix possible refcount leak in afu_ioctl() (git-fixes). - misc: pci_endpoint_test: Aggregate params checking for xfer (git-fixes). - misc: pci_endpoint_test: Fix pci_endpoint_test_{copy,write,read}() panic (git-fixes). - mlxsw: spectrum: Clear PTP configuration after unregistering the netdevice (git-fixes). - mlxsw: spectrum_cnt: Reorder counter pools (git-fixes). - mlxsw: spectrum_router: Fix IPv4 nexthop gateway indication (git-fixes). - mm/hugetlb: fix races when looking up a CONT-PTE/PMD size hugetlb page (bsc#1204575). - mmc: au1xmmc: Fix an error handling path in au1xmmc_probe() (git-fixes). - mmc: core: Fix kernel panic when remove non-standard SDIO card (git-fixes). - mmc: core: Replace with already defined values for readability (git-fixes). - mmc: core: Terminate infinite loop in SD-UHS voltage switch (git-fixes). - mmc: sdhci-esdhc-imx: Propagate ESDHC_FLAG_HS400* only on 8bit bus (git-fixes). - mmc: sdhci-msm: add compatible string check for sdm670 (git-fixes). - mmc: sdhci-pci-core: Disable ES for ASUS BIOS on Jasper Lake (git-fixes). - mmc: sdhci-sprd: Fix minimum clock limit (git-fixes). - mmc: sdhci_am654: 'select', not 'depends' REGMAP_MMIO (git-fixes). - mmc: wmt-sdmmc: Fix an error handling path in wmt_mci_probe() (git-fixes). - mtd: devices: docg3: check the return value of devm_ioremap() in the probe (git-fixes). - mtd: rawnand: atmel: Unmap streaming DMA mappings (git-fixes). - mtd: rawnand: fsl_elbc: Fix none ECC mode (git-fixes). - mtd: rawnand: intel: Do not re-define NAND_DATA_IFACE_CHECK_ONLY (git-fixes). - mtd: rawnand: intel: Read the chip-select line from the correct OF node (git-fixes). - mtd: rawnand: intel: Remove undocumented compatible string (git-fixes). - mtd: rawnand: marvell: Use correct logic for nand-keep-config (git-fixes). - mtd: rawnand: meson: fix bit map use in meson_nfc_ecc_correct() (git-fixes). - net/dsa/hirschmann: Add missing of_node_get() in hellcreek_led_setup() (git-fixes). - net/ice: fix initializing the bitmap in the switch code (git-fixes). - net/ieee802154: fix uninit value bug in dgram_sendmsg (git-fixes). - net/mlx4_en: Fix wrong return value on ioctl EEPROM query failure (git-fixes). - net/mlx5e: Disable softirq in mlx5e_activate_rq to avoid race condition (git-fixes). - net/mlx5e: Fix enabling sriov while tc nic rules are offloaded (git-fixes). - net/mlx5e: Properly disable vlan strip on non-UL reps (git-fixes). - net/mlx5e: Remove WARN_ON when trying to offload an unsupported TLS cipher/version (git-fixes). - net/mlx5e: Ring the TX doorbell on DMA errors (git-fixes). - net/mlx5e: TC, fix decap fallback to uplink when int port not supported (git-fixes). - net/mlx5e: Update netdev features after changing XDP state (git-fixes). - net/mlx5e: xsk: Account for XSK RQ UMRs when calculating ICOSQ size (git-fixes). - net: altera: Fix refcount leak in altera_tse_mdio_create (git-fixes). - net: atlantic: fix aq_vec index out of range error (git-fixes). - net: bcmgenet: Indicate MAC is in charge of PHY PM (git-fixes). - net: bgmac: Fix a BUG triggered by wrong bytes_compl (git-fixes). - net: bgmac: Fix an erroneous kfree() in bgmac_remove() (git-fixes). - net: bgmac: support MDIO described in DT (git-fixes). - net: bonding: fix possible NULL deref in rlb code (git-fixes). - net: bonding: fix use-after-free after 802.3ad slave unbind (git-fixes). - net: chelsio: cxgb4: Avoid potential negative array offset (git-fixes). - net: dp83822: disable false carrier interrupt (git-fixes). - net: dp83822: disable rx error interrupt (git-fixes). - net: dsa: bcm_sf2: force pause link settings (git-fixes). - net: dsa: ksz9477: port mirror sniffing limited to one port (git-fixes). - net: dsa: lantiq_gswip: Fix refcount leak in gswip_gphy_fw_list (git-fixes). - net: dsa: microchip: ksz9477: fix fdb_dump last invalid entry (git-fixes). - net: dsa: microchip: ksz_common: Fix refcount leak bug (git-fixes). - net: dsa: mv88e6060: prevent crash on an unused port (git-fixes). - net: dsa: mv88e6xxx: use BMSR_ANEGCOMPLETE bit for filling an_complete (git-fixes). - net: dsa: sja1105: fix buffer overflow in sja1105_setup_devlink_regions() (git-fixes). - net: dsa: sja1105: silent spi_device_id warnings (git-fixes). - net: dsa: vitesse-vsc73xx: silent spi_device_id warnings (git-fixes). - net: ethernet: bgmac: Fix refcount leak in bcma_mdio_mii_register (git-fixes). - net: ethernet: ti: am65-cpsw: Fix devlink port register sequence (git-fixes). - net: ethernet: ti: davinci_mdio: Add workaround for errata i2329 (git-fixes). - net: ethernet: ti: davinci_mdio: fix build for mdio bitbang uses (git-fixes). - net: fix IFF_TX_SKB_NO_LINEAR definition (git-fixes). - net: ftgmac100: Hold reference returned by of_get_child_by_name() (git-fixes). - net: hns3: do not push link state to VF if unalive (git-fixes). - net: hns3: set port base vlan tbl_sta to false before removing old vlan (git-fixes). - net: huawei: hinic: Use devm_kcalloc() instead of devm_kzalloc() (git-fixes). - net: ieee802154: return -EINVAL for unknown addr type (git-fixes). - net: ipa: do not assume SMEM is page-aligned (git-fixes). - net: ipvtap - add __init/__exit annotations to module init/exit funcs (git-fixes). - net: moxa: get rid of asymmetry in DMA mapping/unmapping (git-fixes). - net: moxa: pass pdev instead of ndev to DMA functions (git-fixes). - net: mscc: ocelot: fix address of SYS_COUNT_TX_AGING counter (git-fixes). - net: pcs: xpcs: propagate xpcs_read error to xpcs_get_state_c37_sgmii (git-fixes). - net: phy: dp83822: disable MDI crossover status change interrupt (git-fixes). - net: phy: dp83867: Extend RX strap quirk for SGMII mode (git-fixes). - net: stmmac: fix dma queue left shift overflow issue (git-fixes). - net: stmmac: fix leaks in probe (git-fixes). - net: stmmac: fix pm runtime issue in stmmac_dvr_remove() (git-fixes). - net: stmmac: fix unbalanced ptp clock issue in suspend/resume flow (git-fixes). - net: stmmac: remove redunctant disable xPCS EEE call (git-fixes). - net: sungem_phy: Add of_node_put() for reference returned by of_get_parent() (git-fixes). - net: tap: NULL pointer derefence in dev_parse_header_protocol when skb->dev is null (git-fixes). - net: usb: qmi_wwan: Add new usb-id for Dell branded EM7455 (git-fixes). - net: usb: r8152: Add in new Devices that are supported for Mac-Passthru (git-fixes). - netdevsim: fib: Fix reference count leak on route deletion failure (git-fixes). - nfc: fdp: Fix potential memory leak in fdp_nci_send() (git-fixes). - nfc: nfcmrvl: Fix potential memory leak in nfcmrvl_i2c_nci_send() (git-fixes). - nfc: nxp-nci: Fix potential memory leak in nxp_nci_send() (git-fixes). - nfc: s3fwrn5: Fix potential memory leak in s3fwrn5_nci_send() (git-fixes). - nfp: ethtool: fix the display error of `ethtool -m DEVNAME` (git-fixes). - nvme: do not print verbose errors for internal passthrough requests (bsc#1202187). - nvmem: core: Check input parameter for NULL in nvmem_unregister() (bsc#1204241). - octeontx2-af: Apply tx nibble fixup always (git-fixes). - octeontx2-af: Fix key checking for source mac (git-fixes). - octeontx2-af: Fix mcam entry resource leak (git-fixes). - octeontx2-af: suppress external profile loading warning (git-fixes). - octeontx2-pf: Fix NIX_AF_TL3_TL2X_LINKX_CFG register configuration (git-fixes). - octeontx2-pf: Fix UDP/TCP src and dst port tc filters (git-fixes). - octeontx2-pf: cn10k: Fix egress ratelimit configuration (git-fixes). - openvswitch: Fix double reporting of drops in dropwatch (git-fixes). - openvswitch: Fix overreporting of drops in dropwatch (git-fixes). - openvswitch: add nf_ct_is_confirmed check before assigning the helper (git-fixes). - openvswitch: switch from WARN to pr_warn (git-fixes). - overflow.h: restore __ab_c_size (git-fixes). - overflow: Implement size_t saturating arithmetic helpers (jsc#PED-1211). - phy: amlogic: phy-meson-axg-mipi-pcie-analog: Hold reference returned by of_get_parent() (git-fixes). - phy: qualcomm: call clk_disable_unprepare in the error handling (git-fixes). - pinctrl: Ingenic: JZ4755 bug fixes (git-fixes). - pinctrl: alderlake: Add Intel Alder Lake-N pin controller support (jsc#PED-676). - pinctrl: alderlake: Add Raptor Lake-S ACPI ID (jsc#PED-634). - pinctrl: alderlake: Fix register offsets for ADL-N variant (jsc#PED-676). - pinctrl: armada-37xx: Add missing GPIO-only pins (git-fixes). - pinctrl: armada-37xx: Checks for errors in gpio_request_enable callback (git-fixes). - pinctrl: armada-37xx: Fix definitions for MPP pins 20-22 (git-fixes). - pinctrl: microchip-sgpio: Correct the fwnode_irq_get() return value check (git-fixes). - platform/chrome: cros_ec: Notify the PM of wake events during resume (git-fixes). - platform/chrome: cros_ec_proto: Update version on GET_NEXT_EVENT failure (git-fixes). - platform/chrome: cros_ec_typec: Correct alt mode index (git-fixes). - platform/chrome: fix double-free in chromeos_laptop_prepare() (git-fixes). - platform/chrome: fix memory corruption in ioctl (git-fixes). - platform/x86: asus-wmi: Document the dgpu_disable sysfs attribute (git-fixes). - platform/x86: asus-wmi: Document the egpu_enable sysfs attribute (git-fixes). - platform/x86: asus-wmi: Document the panel_od sysfs attribute (git-fixes). - platform/x86: msi-laptop: Change DMI match / alias strings to fix module autoloading (git-fixes). - platform/x86: msi-laptop: Fix old-ec check for backlight registering (git-fixes). - platform/x86: msi-laptop: Fix resource cleanup (git-fixes). - plip: avoid rcu debug splat (git-fixes). - power: supply: adp5061: fix out-of-bounds read in adp5061_get_chg_type() (git-fixes). - powerpc/64: Remove unused SYS_CALL_TABLE symbol (jsc#SLE-9246 git-fixes). - powerpc/64: pcpu setup avoid reading mmu_linear_psize on 64e or radix (bsc#1204413 ltc#200176). - powerpc/64s: Fix build failure when CONFIG_PPC_64S_HASH_MMU is not set (bsc#1204413 ltc#200176). - powerpc/64s: Make flush_and_reload_slb a no-op when radix is enabled (bsc#1204413 ltc#200176). - powerpc/64s: Make hash MMU support configurable (bsc#1204413 ltc#200176). - powerpc/64s: Move and rename do_bad_slb_fault as it is not hash specific (bsc#1204413 ltc#200176). - powerpc/64s: Move hash MMU support code under CONFIG_PPC_64S_HASH_MMU (bsc#1204413 ltc#200176). - powerpc/64s: Rename hash_hugetlbpage.c to hugetlbpage.c (bsc#1204413 ltc#200176). - powerpc/fadump: align destination address to pagesize (bsc#1204728 ltc#200074). - powerpc/kprobes: Fix null pointer reference in arch_prepare_kprobe() (jsc#SLE-13847 git-fixes). - powerpc/mm/64s: Drop pgd_huge() (bsc#1065729). - powerpc/pci_dn: Add missing of_node_put() (bsc#1065729). - powerpc/powernv: add missing of_node_put() in opal_export_attrs() (bsc#1065729). - powerpc/pseries/vas: Add VAS IRQ primary handler (bsc#1204413 ltc#200176). - powerpc/pseries: Stop selecting PPC_HASH_MMU_NATIVE (bsc#1204413 ltc#200176). - powerpc/pseries: lparcfg do not include slb_size line in radix mode (bsc#1204413 ltc#200176). - powerpc: Ignore DSI error caused by the copy/paste instruction (bsc#1204413 ltc#200176). - powerpc: Rename PPC_NATIVE to PPC_HASH_MMU_NATIVE (bsc#1204413 ltc#200176). Update config files. - powerpc: make memremap_compat_align 64s-only (bsc#1204413 ltc#200176). - printk: add missing memory barrier to wake_up_klogd() (bsc#1204934). - printk: use atomic updates for klogd work (bsc#1204934). - printk: wake waiters for safe and NMI contexts (bsc#1204934). - r8152: add PID for the Lenovo OneLink+ Dock (git-fixes). - regulator: core: Prevent integer underflow (git-fixes). - remoteproc: imx_rproc: Simplify some error message (git-fixes). - remove unused CONFIG_MAXSMP from arm64/azure - ring-buffer: Add ring_buffer_wake_waiters() (git-fixes). - ring-buffer: Allow splice to read previous partially read pages (git-fixes). - ring-buffer: Check for NULL cpu_buffer in ring_buffer_wake_waiters() (bsc#1204705). - ring-buffer: Check pending waiters when doing wake ups as well (git-fixes). - ring-buffer: Fix race between reset page and reading page (git-fixes). - ring-buffer: Have the shortest_full queue be the shortest not longest (git-fixes). - rose: Fix NULL pointer dereference in rose_send_frame() (git-fixes). - rpm/check-for-config-changes: loosen pattern for AS_HAS_* This is needed to handle CONFIG_AS_HAS_NON_CONST_LEB128. - rpmsg: qcom: glink: replace strncpy() with strscpy_pad() (git-fixes). - rtc: stmp3xxx: Add failure handling for stmp3xxx_wdt_register() (git-fixes). - s390/dasd: fix Oops in dasd_alias_get_start_dev due to missing pavgroup (git-fixes). - s390/smp: enforce lowcore protection on CPU restart (git-fixes). - sbitmap: Avoid leaving waitqueue in invalid state in __sbq_wake_up() (git-fixes). - sbitmap: fix possible io hung due to lost wakeup (git-fixes). - scsi: libsas: Fix use-after-free bug in smp_execute_task_sg() (git-fixes). - scsi: lpfc: Create a sysfs entry called lpfc_xcvr_data for transceiver info (bsc#1204957). - scsi: lpfc: Fix hard lockup when reading the rx_monitor from debugfs (bsc#1204957). - scsi: lpfc: Fix memory leak in lpfc_create_port() (bsc#1204957). - scsi: lpfc: Fix spelling mistake "unsolicted" -> "unsolicited" (bsc#1204957). - scsi: lpfc: Log when congestion management limits are in effect (bsc#1204957). - scsi: lpfc: Set sli4_param's cmf option to zero when CMF is turned off (bsc#1204957). - scsi: lpfc: Update lpfc version to 14.2.0.8 (bsc#1204957). - scsi: lpfc: Update the obsolete adapter list (bsc#1204142). - scsi: mpi3mr: Schedule IRQ kthreads only on non-RT kernels (bnc#1204498). - scsi: qla2xxx: Fix serialization of DCBX TLV data request (bsc#1204963). - scsi: qla2xxx: Use transport-defined speed mask for supported_speeds (bsc#1204963). - scsi: scsi_transport_fc: Use %u for dev_loss_tmo (bsc#1202914). - scsi: ufs: ufs-pci: Add support for Intel ADL (jsc#PED-707). - scsi: ufs: ufs-pci: Add support for Intel MTL (jsc#PED-732). - selftest: tpm2: Add Client.__del__() to close /dev/tpm* handle (git-fixes). - selftests/livepatch: better synchronize test_klp_callbacks_busy (bsc#1071995). - selftests/pidfd_test: Remove the erroneous ',' (git-fixes). - selftests/powerpc: Skip energy_scale_info test on older firmware (git-fixes). - selftests: netfilter: Fix nft_fib.sh for all.rp_filter=1 (git-fixes). - selinux: allow FIOCLEX and FIONCLEX with policy capability (git-fixes). - selinux: enable use of both GFP_KERNEL and GFP_ATOMIC in convert_context() (git-fixes). - selinux: use "grep -E" instead of "egrep" (git-fixes). - serial: 8250: Fix restoring termios speed after suspend (git-fixes). - serial: core: move RS485 configuration tasks from drivers into core (git-fixes). - sfc: disable softirqs for ptp TX (git-fixes). - sfc: fix kernel panic when creating VF (git-fixes). - sfc: fix use after free when disabling sriov (git-fixes). - signal: break out of wait loops on kthread_stop() (bsc#1204926). - slimbus: qcom-ngd: cleanup in probe error path (git-fixes). - slimbus: qcom-ngd: use correct error in message of pdr_add_lookup() failure (git-fixes). - soc/tegra: fuse: Drop Kconfig dependency on TEGRA20_APB_DMA (git-fixes). - soc: qcom: smem_state: Add refcounting for the 'state->of_node' (git-fixes). - soc: qcom: smsm: Fix refcount leak bugs in qcom_smsm_probe() (git-fixes). - soc: sunxi: sram: Fix probe function ordering issues (git-fixes). - soc: sunxi_sram: Make use of the helper function devm_platform_ioremap_resource() (git-fixes). - soundwire: cadence: Do not overwrite msg->buf during write commands (git-fixes). - soundwire: intel: fix error handling on dai registration issues (git-fixes). - spi: Ensure that sg_table won't be used after being freed (git-fixes). - spi: pxa2xx: Add support for Intel Meteor Lake-P (jsc#PED-732). - spi: pxa2xx: Add support for Intel Raptor Lake PCH-S (jsc#PED-634). - spmi: pmic-arb: correct duplicate APID to PPID mapping logic (git-fixes). - spmi: pmic-arb: do not ack and clear peripheral interrupts in cleanup_irq (git-fixes). - staging: rtl8723bs: fix a potential memory leak in rtw_init_cmd_priv() (git-fixes). - staging: rtl8723bs: fix potential memory leak in rtw_init_drv_sw() (git-fixes). - staging: vt6655: fix potential memory leak (git-fixes). - staging: vt6655: fix some erroneous memory clean-up loops (git-fixes). - stmmac: intel: Add a missing clk_disable_unprepare() call in intel_eth_pci_remove() (git-fixes). - stmmac: intel: Fix an error handling path in intel_eth_pci_probe() (git-fixes). - thermal/drivers/qcom/tsens-v0_1: Fix MSM8939 fourth sensor hw_id (git-fixes). - thermal: cpufreq_cooling: Check the policy first in cpufreq_cooling_register() (git-fixes). - thermal: int340x: Mode setting with new OS handshake (jsc#PED-678). - thermal: int340x: Update OS policy capability handshake (jsc#PED-678). - thermal: intel_powerclamp: Use first online CPU as control_cpu (git-fixes). - thermal: intel_powerclamp: Use get_cpu() instead of smp_processor_id() to avoid crash (git-fixes). - thunderbolt: Add back Intel Falcon Ridge end-to-end flow control workaround (git-fixes). - thunderbolt: Add missing device ID to tb_switch_is_alpine_ridge() (git-fixes). - thunderbolt: Add support for Intel Raptor Lake (jsc#PED-634). - thunderbolt: Disable LTTPR on Intel Titan Ridge (git-fixes). - thunderbolt: Explicitly enable lane adapter hotplug events at startup (git-fixes). - thunderbolt: Explicitly reset plug events delay back to USB4 spec value (git-fixes). - thunderbolt: Fix buffer allocation of devices with no DisplayPort adapters (git-fixes). - tracing/osnoise: Fix possible recursive locking in stop_per_cpu_kthreads (git-fixes). - tracing: Add "(fault)" name injection to kernel probes (git-fixes). - tracing: Add ioctl() to force ring buffer waiters to wake up (git-fixes). - tracing: Disable interrupt or preemption before acquiring arch_spinlock_t (git-fixes). - tracing: Do not free snapshot if tracer is on cmdline (git-fixes). - tracing: Fix reading strings from synthetic events (git-fixes). - tracing: Move duplicate code of trace_kprobe/eprobe.c into header (git-fixes). - tracing: Replace deprecated CPU-hotplug functions (git-fixes). - tracing: Simplify conditional compilation code in tracing_set_tracer() (git-fixes). - tracing: Wake up ring buffer waiters on closing of the file (git-fixes). - tracing: Wake up waiters when tracing is disabled (git-fixes). - tracing: kprobe: Fix kprobe event gen test module on exit (git-fixes). - tracing: kprobe: Make gen test module work in arm and riscv (git-fixes). - tty: serial: fsl_lpuart: disable dma rx/tx use flags in lpuart_dma_shutdown (git-fixes). - tty: xilinx_uartps: Fix the ignore_status (git-fixes). - uas: add no-uas quirk for Hiksemi usb_disk (git-fixes). - uas: ignore UAS for Thinkplus chips (git-fixes). - udmabuf: Set ubuf->sg = NULL if the creation of sg table fails (git-fixes). - usb-storage: Add Hiksemi USB3-FW to IGNORE_UAS (git-fixes). - usb/hcd: Fix dma_map_sg error check (git-fixes). - usb: add RESET_RESUME quirk for NVIDIA Jetson devices in RCM (git-fixes). - usb: add quirks for Lenovo OneLink+ Dock (git-fixes). - usb: bdc: change state when port disconnected (git-fixes). - usb: cdc-wdm: Use skb_put_data() instead of skb_put/memcpy pair (git-fixes). - usb: common: debug: Check non-standard control requests (git-fixes). - usb: dwc3: core: Enable GUCTL1 bit 10 for fixing termination error after resume bug (git-fixes). - usb: dwc3: gadget: Do not set IMI for no_interrupt (git-fixes). - usb: dwc3: gadget: Stop processing more requests on IMI (git-fixes). - usb: ehci: Fix a function name in comments (git-fixes). - usb: gadget: bdc: fix typo in comment (git-fixes). - usb: gadget: f_fs: stricter integer overflow checks (git-fixes). - usb: gadget: function: fix dangling pnp_string in f_printer.c (git-fixes). - usb: host: xhci-plat: suspend and resume clocks (git-fixes). - usb: host: xhci-plat: suspend/resume clks for brcm (git-fixes). - usb: host: xhci: Fix potential memory leak in xhci_alloc_stream_info() (git-fixes). - usb: idmouse: fix an uninit-value in idmouse_open (git-fixes). - usb: mon: make mmapped memory read only (git-fixes). - usb: mtu3: fix failed runtime suspend in host only mode (git-fixes). - usb: musb: Fix musb_gadget.c rxstate overflow bug (git-fixes). - usb: serial: console: move mutex_unlock() before usb_serial_put() (git-fixes). - usb: serial: ftdi_sio: fix 300 bps rate for SIO (git-fixes). - usb: serial: qcserial: add new usb-id for Dell branded EM7455 (git-fixes). - usb: typec: tcpm: fix typo in comment (git-fixes). - usb: xhci: add XHCI_SPURIOUS_SUCCESS to ASM1042 despite being a V0.96 controller (git-fixes). - virt: vbox: convert to use dev_groups (git-fixes). - vsock: fix possible infinite sleep in vsock_connectible_wait_data() (git-fixes). - vsock: remove the unused 'wait' in vsock_connectible_recvmsg() (git-fixes). - watchdog/hpwdt: Include nmi.h only if CONFIG_HPWDT_NMI_DECODING (git-fixes). - watchdog: armada_37xx_wdt: Fix .set_timeout callback (git-fixes). - watchdog: ftwdt010_wdt: fix test for platform_get_irq() failure (git-fixes). - wifi: ath9k: avoid uninit memory read in ath9k_htc_rx_msg() (git-fixes). - wifi: brcmfmac: fix invalid address access when enabling SCAN log level (git-fixes). - wifi: brcmfmac: fix use-after-free bug in brcmf_netdev_start_xmit() (git-fixes). - wifi: cfg80211/mac80211: reject bad MBSSID elements (git-fixes). - wifi: cfg80211: fix ieee80211_data_to_8023_exthdr handling of small packets (git-fixes). - wifi: cfg80211: update hidden BSSes to avoid WARN_ON (git-fixes). - wifi: iwlwifi: mvm: fix double list_add at iwl_mvm_mac_wake_tx_queue (other cases) (git-fixes). - wifi: mac80211: do not drop packets smaller than the LLC-SNAP header on fast-rx (git-fixes). - wifi: mac80211: fix decap offload for stations on AP_VLAN interfaces (git-fixes). - wifi: mac80211: fix probe req HE capabilities access (git-fixes). - wifi: mac80211_hwsim: avoid mac80211 warning on bad rate (git-fixes). - wifi: mt76: mt7921: reset msta->airtime_ac while clearing up hw value (git-fixes). - wifi: rt2x00: correctly set BBP register 86 for MT7620 (git-fixes). - wifi: rt2x00: do not run Rt5592 IQ calibration on MT7620 (git-fixes). - wifi: rt2x00: set SoC wmac clock register (git-fixes). - wifi: rt2x00: set VGC gain for both chains of MT7620 (git-fixes). - wifi: rt2x00: set correct TX_SW_CFG1 MAC register for MT7620 (git-fixes). - wwan_hwsim: fix possible memory leak in wwan_hwsim_dev_new() (git-fixes). - x86/boot: Do not propagate uninitialized boot_params->cc_blob_address (bsc#1204970). - x86/boot: Fix the setup data types max limit (bsc#1204970). - x86/compressed/64: Add identity mappings for setup_data entries (bsc#1204970). - x86/sev: Annotate stack change in the #VC handler (bsc#1204970). - x86/sev: Do not use cc_platform_has() for early SEV-SNP calls (bsc#1204970). - x86/sev: Remove duplicated assignment to variable info (bsc#1204970). - xen/gntdev: Prevent leaking grants (git-fixes). - xhci-pci: Set runtime PM as default policy on all xHC 1.2 or later devices (git-fixes). - xhci: Add quirk to reset host back to default state at shutdown (git-fixes). - xhci: Do not show warning for reinit on known broken suspend (git-fixes). - xhci: Remove device endpoints from bandwidth list when freeing the device (git-fixes). - xhci: dbc: Fix memory leak in xhci_alloc_dbc() (git-fixes). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-3998=1 - SUSE Linux Enterprise Module for Public Cloud 15-SP4: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP4-2022-3998=1 Package List: - openSUSE Leap 15.4 (aarch64 x86_64): cluster-md-kmp-azure-5.14.21-150400.14.21.2 cluster-md-kmp-azure-debuginfo-5.14.21-150400.14.21.2 dlm-kmp-azure-5.14.21-150400.14.21.2 dlm-kmp-azure-debuginfo-5.14.21-150400.14.21.2 gfs2-kmp-azure-5.14.21-150400.14.21.2 gfs2-kmp-azure-debuginfo-5.14.21-150400.14.21.2 kernel-azure-5.14.21-150400.14.21.2 kernel-azure-debuginfo-5.14.21-150400.14.21.2 kernel-azure-debugsource-5.14.21-150400.14.21.2 kernel-azure-devel-5.14.21-150400.14.21.2 kernel-azure-devel-debuginfo-5.14.21-150400.14.21.2 kernel-azure-extra-5.14.21-150400.14.21.2 kernel-azure-extra-debuginfo-5.14.21-150400.14.21.2 kernel-azure-livepatch-devel-5.14.21-150400.14.21.2 kernel-azure-optional-5.14.21-150400.14.21.2 kernel-azure-optional-debuginfo-5.14.21-150400.14.21.2 kernel-syms-azure-5.14.21-150400.14.21.1 kselftests-kmp-azure-5.14.21-150400.14.21.2 kselftests-kmp-azure-debuginfo-5.14.21-150400.14.21.2 ocfs2-kmp-azure-5.14.21-150400.14.21.2 ocfs2-kmp-azure-debuginfo-5.14.21-150400.14.21.2 reiserfs-kmp-azure-5.14.21-150400.14.21.2 reiserfs-kmp-azure-debuginfo-5.14.21-150400.14.21.2 - openSUSE Leap 15.4 (noarch): kernel-devel-azure-5.14.21-150400.14.21.1 kernel-source-azure-5.14.21-150400.14.21.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP4 (aarch64 x86_64): kernel-azure-5.14.21-150400.14.21.2 kernel-azure-debuginfo-5.14.21-150400.14.21.2 kernel-azure-debugsource-5.14.21-150400.14.21.2 kernel-azure-devel-5.14.21-150400.14.21.2 kernel-azure-devel-debuginfo-5.14.21-150400.14.21.2 kernel-syms-azure-5.14.21-150400.14.21.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP4 (noarch): kernel-devel-azure-5.14.21-150400.14.21.1 kernel-source-azure-5.14.21-150400.14.21.1 References: https://www.suse.com/security/cve/CVE-2022-1882.html https://www.suse.com/security/cve/CVE-2022-2153.html https://www.suse.com/security/cve/CVE-2022-28748.html https://www.suse.com/security/cve/CVE-2022-2964.html https://www.suse.com/security/cve/CVE-2022-2978.html https://www.suse.com/security/cve/CVE-2022-3169.html https://www.suse.com/security/cve/CVE-2022-33981.html https://www.suse.com/security/cve/CVE-2022-3424.html https://www.suse.com/security/cve/CVE-2022-3435.html https://www.suse.com/security/cve/CVE-2022-3521.html https://www.suse.com/security/cve/CVE-2022-3524.html https://www.suse.com/security/cve/CVE-2022-3526.html https://www.suse.com/security/cve/CVE-2022-3535.html https://www.suse.com/security/cve/CVE-2022-3542.html https://www.suse.com/security/cve/CVE-2022-3545.html https://www.suse.com/security/cve/CVE-2022-3565.html https://www.suse.com/security/cve/CVE-2022-3577.html https://www.suse.com/security/cve/CVE-2022-3586.html https://www.suse.com/security/cve/CVE-2022-3594.html https://www.suse.com/security/cve/CVE-2022-3619.html https://www.suse.com/security/cve/CVE-2022-3621.html https://www.suse.com/security/cve/CVE-2022-3625.html https://www.suse.com/security/cve/CVE-2022-3628.html https://www.suse.com/security/cve/CVE-2022-3629.html https://www.suse.com/security/cve/CVE-2022-3633.html https://www.suse.com/security/cve/CVE-2022-3640.html https://www.suse.com/security/cve/CVE-2022-3646.html https://www.suse.com/security/cve/CVE-2022-3649.html https://www.suse.com/security/cve/CVE-2022-40476.html https://www.suse.com/security/cve/CVE-2022-40768.html https://www.suse.com/security/cve/CVE-2022-41674.html https://www.suse.com/security/cve/CVE-2022-42703.html https://www.suse.com/security/cve/CVE-2022-42719.html https://www.suse.com/security/cve/CVE-2022-42720.html https://www.suse.com/security/cve/CVE-2022-42721.html https://www.suse.com/security/cve/CVE-2022-42722.html https://www.suse.com/security/cve/CVE-2022-43750.html https://bugzilla.suse.com/1065729 https://bugzilla.suse.com/1071995 https://bugzilla.suse.com/1152472 https://bugzilla.suse.com/1152489 https://bugzilla.suse.com/1188238 https://bugzilla.suse.com/1194869 https://bugzilla.suse.com/1196018 https://bugzilla.suse.com/1196632 https://bugzilla.suse.com/1199904 https://bugzilla.suse.com/1200567 https://bugzilla.suse.com/1200692 https://bugzilla.suse.com/1200788 https://bugzilla.suse.com/1202187 https://bugzilla.suse.com/1202686 https://bugzilla.suse.com/1202700 https://bugzilla.suse.com/1202914 https://bugzilla.suse.com/1203098 https://bugzilla.suse.com/1203229 https://bugzilla.suse.com/1203290 https://bugzilla.suse.com/1203435 https://bugzilla.suse.com/1203514 https://bugzilla.suse.com/1203699 https://bugzilla.suse.com/1203701 https://bugzilla.suse.com/1203767 https://bugzilla.suse.com/1203770 https://bugzilla.suse.com/1203802 https://bugzilla.suse.com/1203922 https://bugzilla.suse.com/1203979 https://bugzilla.suse.com/1204017 https://bugzilla.suse.com/1204051 https://bugzilla.suse.com/1204059 https://bugzilla.suse.com/1204060 https://bugzilla.suse.com/1204125 https://bugzilla.suse.com/1204142 https://bugzilla.suse.com/1204166 https://bugzilla.suse.com/1204168 https://bugzilla.suse.com/1204171 https://bugzilla.suse.com/1204241 https://bugzilla.suse.com/1204353 https://bugzilla.suse.com/1204354 https://bugzilla.suse.com/1204355 https://bugzilla.suse.com/1204402 https://bugzilla.suse.com/1204413 https://bugzilla.suse.com/1204415 https://bugzilla.suse.com/1204417 https://bugzilla.suse.com/1204428 https://bugzilla.suse.com/1204431 https://bugzilla.suse.com/1204439 https://bugzilla.suse.com/1204470 https://bugzilla.suse.com/1204479 https://bugzilla.suse.com/1204498 https://bugzilla.suse.com/1204533 https://bugzilla.suse.com/1204569 https://bugzilla.suse.com/1204574 https://bugzilla.suse.com/1204575 https://bugzilla.suse.com/1204619 https://bugzilla.suse.com/1204635 https://bugzilla.suse.com/1204637 https://bugzilla.suse.com/1204646 https://bugzilla.suse.com/1204647 https://bugzilla.suse.com/1204650 https://bugzilla.suse.com/1204653 https://bugzilla.suse.com/1204693 https://bugzilla.suse.com/1204705 https://bugzilla.suse.com/1204719 https://bugzilla.suse.com/1204728 https://bugzilla.suse.com/1204753 https://bugzilla.suse.com/1204868 https://bugzilla.suse.com/1204926 https://bugzilla.suse.com/1204933 https://bugzilla.suse.com/1204934 https://bugzilla.suse.com/1204947 https://bugzilla.suse.com/1204957 https://bugzilla.suse.com/1204963 https://bugzilla.suse.com/1204970 From sle-updates at lists.suse.com Tue Nov 15 20:28:42 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 15 Nov 2022 21:28:42 +0100 (CET) Subject: SUSE-SU-2022:3996-1: Security update for 389-ds Message-ID: <20221115202842.82ECFF3D4@maintenance.suse.de> SUSE Security Update: Security update for 389-ds ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3996-1 Rating: low References: #1194119 #1204493 #1204748 #1205146 Cross-References: CVE-2021-45710 CVSS scores: CVE-2021-45710 (NVD) : 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-45710 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Server Applications 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that solves one vulnerability and has three fixes is now available. Description: This update for 389-ds fixes the following issues: - CVE-2021-45710: Fixed tokio data race with memory corruption (bsc#1194119). - Update to version 2.0.16~git56.d15a0a7: - Failure to migrate from openldap if pwdPolicyChecker present (bsc#1205146). - Resolve issue with checklist post migration when dds is present (bsc#1204748). - Improve reliability of migrations from openldap when dynamic directory services is configured (bsc#1204493). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-3996=1 - SUSE Linux Enterprise Module for Server Applications 15-SP4: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP4-2022-3996=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): 389-ds-2.0.16~git56.d15a0a7-150400.3.15.1 389-ds-debuginfo-2.0.16~git56.d15a0a7-150400.3.15.1 389-ds-debugsource-2.0.16~git56.d15a0a7-150400.3.15.1 389-ds-devel-2.0.16~git56.d15a0a7-150400.3.15.1 389-ds-snmp-2.0.16~git56.d15a0a7-150400.3.15.1 389-ds-snmp-debuginfo-2.0.16~git56.d15a0a7-150400.3.15.1 lib389-2.0.16~git56.d15a0a7-150400.3.15.1 libsvrcore0-2.0.16~git56.d15a0a7-150400.3.15.1 libsvrcore0-debuginfo-2.0.16~git56.d15a0a7-150400.3.15.1 - SUSE Linux Enterprise Module for Server Applications 15-SP4 (aarch64 ppc64le s390x x86_64): 389-ds-2.0.16~git56.d15a0a7-150400.3.15.1 389-ds-debuginfo-2.0.16~git56.d15a0a7-150400.3.15.1 389-ds-debugsource-2.0.16~git56.d15a0a7-150400.3.15.1 389-ds-devel-2.0.16~git56.d15a0a7-150400.3.15.1 lib389-2.0.16~git56.d15a0a7-150400.3.15.1 libsvrcore0-2.0.16~git56.d15a0a7-150400.3.15.1 libsvrcore0-debuginfo-2.0.16~git56.d15a0a7-150400.3.15.1 References: https://www.suse.com/security/cve/CVE-2021-45710.html https://bugzilla.suse.com/1194119 https://bugzilla.suse.com/1204493 https://bugzilla.suse.com/1204748 https://bugzilla.suse.com/1205146 From sle-updates at lists.suse.com Tue Nov 15 20:29:35 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 15 Nov 2022 21:29:35 +0100 (CET) Subject: SUSE-SU-2022:4000-1: Security update for python-Twisted Message-ID: <20221115202935.9A81DF3D4@maintenance.suse.de> SUSE Security Update: Security update for python-Twisted ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:4000-1 Rating: low References: #1204781 Cross-References: CVE-2022-39348 CVSS scores: CVE-2022-39348 (NVD) : 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2022-39348 (SUSE): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Server Applications 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for python-Twisted fixes the following issues: - CVE-2022-39348: Fixed NameVirtualHost Host header injection (bsc#1204781). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-4000=1 - SUSE Linux Enterprise Module for Server Applications 15-SP4: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP4-2022-4000=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): python-Twisted-doc-22.2.0-150400.5.7.1 python3-Twisted-22.2.0-150400.5.7.1 - SUSE Linux Enterprise Module for Server Applications 15-SP4 (aarch64 ppc64le s390x x86_64): python3-Twisted-22.2.0-150400.5.7.1 References: https://www.suse.com/security/cve/CVE-2022-39348.html https://bugzilla.suse.com/1204781 From sle-updates at lists.suse.com Tue Nov 15 20:30:17 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 15 Nov 2022 21:30:17 +0100 (CET) Subject: SUSE-SU-2022:4005-1: important: Security update for php8 Message-ID: <20221115203017.ABF82F3D4@maintenance.suse.de> SUSE Security Update: Security update for php8 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:4005-1 Rating: important References: #1204577 #1204979 Cross-References: CVE-2022-31630 CVE-2022-37454 CVSS scores: CVE-2022-31630 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVE-2022-37454 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-37454 (SUSE): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Web Scripting 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for php8 fixes the following issues: - CVE-2022-37454: Fixed buffer overflow in hash_update() on long parameter (bug#81738) (bsc#1204577). - CVE-2022-31630: Fixed OOB read due to insufficient input validation in imageloadfont() (bug#81739) (bsc#1204979). - version update to 8.0.25 (27 Oct 2022) * Session: Fixed bug GH-9583 (session_create_id() fails with user defined save handler that doesn't have a validateId() method). * Streams: Fixed bug GH-9590 (stream_select does not abort upon exception or empty valid fd set). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-4005=1 - SUSE Linux Enterprise Module for Web Scripting 15-SP4: zypper in -t patch SUSE-SLE-Module-Web-Scripting-15-SP4-2022-4005=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): apache2-mod_php8-8.0.25-150400.4.17.1 apache2-mod_php8-debuginfo-8.0.25-150400.4.17.1 apache2-mod_php8-debugsource-8.0.25-150400.4.17.1 php8-8.0.25-150400.4.17.1 php8-bcmath-8.0.25-150400.4.17.1 php8-bcmath-debuginfo-8.0.25-150400.4.17.1 php8-bz2-8.0.25-150400.4.17.1 php8-bz2-debuginfo-8.0.25-150400.4.17.1 php8-calendar-8.0.25-150400.4.17.1 php8-calendar-debuginfo-8.0.25-150400.4.17.1 php8-cli-8.0.25-150400.4.17.1 php8-cli-debuginfo-8.0.25-150400.4.17.1 php8-ctype-8.0.25-150400.4.17.1 php8-ctype-debuginfo-8.0.25-150400.4.17.1 php8-curl-8.0.25-150400.4.17.1 php8-curl-debuginfo-8.0.25-150400.4.17.1 php8-dba-8.0.25-150400.4.17.1 php8-dba-debuginfo-8.0.25-150400.4.17.1 php8-debuginfo-8.0.25-150400.4.17.1 php8-debugsource-8.0.25-150400.4.17.1 php8-devel-8.0.25-150400.4.17.1 php8-dom-8.0.25-150400.4.17.1 php8-dom-debuginfo-8.0.25-150400.4.17.1 php8-embed-8.0.25-150400.4.17.1 php8-embed-debuginfo-8.0.25-150400.4.17.1 php8-embed-debugsource-8.0.25-150400.4.17.1 php8-enchant-8.0.25-150400.4.17.1 php8-enchant-debuginfo-8.0.25-150400.4.17.1 php8-exif-8.0.25-150400.4.17.1 php8-exif-debuginfo-8.0.25-150400.4.17.1 php8-fastcgi-8.0.25-150400.4.17.1 php8-fastcgi-debuginfo-8.0.25-150400.4.17.1 php8-fastcgi-debugsource-8.0.25-150400.4.17.1 php8-fileinfo-8.0.25-150400.4.17.1 php8-fileinfo-debuginfo-8.0.25-150400.4.17.1 php8-fpm-8.0.25-150400.4.17.1 php8-fpm-debuginfo-8.0.25-150400.4.17.1 php8-fpm-debugsource-8.0.25-150400.4.17.1 php8-ftp-8.0.25-150400.4.17.1 php8-ftp-debuginfo-8.0.25-150400.4.17.1 php8-gd-8.0.25-150400.4.17.1 php8-gd-debuginfo-8.0.25-150400.4.17.1 php8-gettext-8.0.25-150400.4.17.1 php8-gettext-debuginfo-8.0.25-150400.4.17.1 php8-gmp-8.0.25-150400.4.17.1 php8-gmp-debuginfo-8.0.25-150400.4.17.1 php8-iconv-8.0.25-150400.4.17.1 php8-iconv-debuginfo-8.0.25-150400.4.17.1 php8-intl-8.0.25-150400.4.17.1 php8-intl-debuginfo-8.0.25-150400.4.17.1 php8-ldap-8.0.25-150400.4.17.1 php8-ldap-debuginfo-8.0.25-150400.4.17.1 php8-mbstring-8.0.25-150400.4.17.1 php8-mbstring-debuginfo-8.0.25-150400.4.17.1 php8-mysql-8.0.25-150400.4.17.1 php8-mysql-debuginfo-8.0.25-150400.4.17.1 php8-odbc-8.0.25-150400.4.17.1 php8-odbc-debuginfo-8.0.25-150400.4.17.1 php8-opcache-8.0.25-150400.4.17.1 php8-opcache-debuginfo-8.0.25-150400.4.17.1 php8-openssl-8.0.25-150400.4.17.1 php8-openssl-debuginfo-8.0.25-150400.4.17.1 php8-pcntl-8.0.25-150400.4.17.1 php8-pcntl-debuginfo-8.0.25-150400.4.17.1 php8-pdo-8.0.25-150400.4.17.1 php8-pdo-debuginfo-8.0.25-150400.4.17.1 php8-pgsql-8.0.25-150400.4.17.1 php8-pgsql-debuginfo-8.0.25-150400.4.17.1 php8-phar-8.0.25-150400.4.17.1 php8-phar-debuginfo-8.0.25-150400.4.17.1 php8-posix-8.0.25-150400.4.17.1 php8-posix-debuginfo-8.0.25-150400.4.17.1 php8-readline-8.0.25-150400.4.17.1 php8-readline-debuginfo-8.0.25-150400.4.17.1 php8-shmop-8.0.25-150400.4.17.1 php8-shmop-debuginfo-8.0.25-150400.4.17.1 php8-snmp-8.0.25-150400.4.17.1 php8-snmp-debuginfo-8.0.25-150400.4.17.1 php8-soap-8.0.25-150400.4.17.1 php8-soap-debuginfo-8.0.25-150400.4.17.1 php8-sockets-8.0.25-150400.4.17.1 php8-sockets-debuginfo-8.0.25-150400.4.17.1 php8-sodium-8.0.25-150400.4.17.1 php8-sodium-debuginfo-8.0.25-150400.4.17.1 php8-sqlite-8.0.25-150400.4.17.1 php8-sqlite-debuginfo-8.0.25-150400.4.17.1 php8-sysvmsg-8.0.25-150400.4.17.1 php8-sysvmsg-debuginfo-8.0.25-150400.4.17.1 php8-sysvsem-8.0.25-150400.4.17.1 php8-sysvsem-debuginfo-8.0.25-150400.4.17.1 php8-sysvshm-8.0.25-150400.4.17.1 php8-sysvshm-debuginfo-8.0.25-150400.4.17.1 php8-test-8.0.25-150400.4.17.1 php8-tidy-8.0.25-150400.4.17.1 php8-tidy-debuginfo-8.0.25-150400.4.17.1 php8-tokenizer-8.0.25-150400.4.17.1 php8-tokenizer-debuginfo-8.0.25-150400.4.17.1 php8-xmlreader-8.0.25-150400.4.17.1 php8-xmlreader-debuginfo-8.0.25-150400.4.17.1 php8-xmlwriter-8.0.25-150400.4.17.1 php8-xmlwriter-debuginfo-8.0.25-150400.4.17.1 php8-xsl-8.0.25-150400.4.17.1 php8-xsl-debuginfo-8.0.25-150400.4.17.1 php8-zip-8.0.25-150400.4.17.1 php8-zip-debuginfo-8.0.25-150400.4.17.1 php8-zlib-8.0.25-150400.4.17.1 php8-zlib-debuginfo-8.0.25-150400.4.17.1 - SUSE Linux Enterprise Module for Web Scripting 15-SP4 (aarch64 ppc64le s390x x86_64): apache2-mod_php8-8.0.25-150400.4.17.1 apache2-mod_php8-debuginfo-8.0.25-150400.4.17.1 apache2-mod_php8-debugsource-8.0.25-150400.4.17.1 php8-8.0.25-150400.4.17.1 php8-bcmath-8.0.25-150400.4.17.1 php8-bcmath-debuginfo-8.0.25-150400.4.17.1 php8-bz2-8.0.25-150400.4.17.1 php8-bz2-debuginfo-8.0.25-150400.4.17.1 php8-calendar-8.0.25-150400.4.17.1 php8-calendar-debuginfo-8.0.25-150400.4.17.1 php8-cli-8.0.25-150400.4.17.1 php8-cli-debuginfo-8.0.25-150400.4.17.1 php8-ctype-8.0.25-150400.4.17.1 php8-ctype-debuginfo-8.0.25-150400.4.17.1 php8-curl-8.0.25-150400.4.17.1 php8-curl-debuginfo-8.0.25-150400.4.17.1 php8-dba-8.0.25-150400.4.17.1 php8-dba-debuginfo-8.0.25-150400.4.17.1 php8-debuginfo-8.0.25-150400.4.17.1 php8-debugsource-8.0.25-150400.4.17.1 php8-devel-8.0.25-150400.4.17.1 php8-dom-8.0.25-150400.4.17.1 php8-dom-debuginfo-8.0.25-150400.4.17.1 php8-embed-8.0.25-150400.4.17.1 php8-embed-debuginfo-8.0.25-150400.4.17.1 php8-embed-debugsource-8.0.25-150400.4.17.1 php8-enchant-8.0.25-150400.4.17.1 php8-enchant-debuginfo-8.0.25-150400.4.17.1 php8-exif-8.0.25-150400.4.17.1 php8-exif-debuginfo-8.0.25-150400.4.17.1 php8-fastcgi-8.0.25-150400.4.17.1 php8-fastcgi-debuginfo-8.0.25-150400.4.17.1 php8-fastcgi-debugsource-8.0.25-150400.4.17.1 php8-fileinfo-8.0.25-150400.4.17.1 php8-fileinfo-debuginfo-8.0.25-150400.4.17.1 php8-fpm-8.0.25-150400.4.17.1 php8-fpm-debuginfo-8.0.25-150400.4.17.1 php8-fpm-debugsource-8.0.25-150400.4.17.1 php8-ftp-8.0.25-150400.4.17.1 php8-ftp-debuginfo-8.0.25-150400.4.17.1 php8-gd-8.0.25-150400.4.17.1 php8-gd-debuginfo-8.0.25-150400.4.17.1 php8-gettext-8.0.25-150400.4.17.1 php8-gettext-debuginfo-8.0.25-150400.4.17.1 php8-gmp-8.0.25-150400.4.17.1 php8-gmp-debuginfo-8.0.25-150400.4.17.1 php8-iconv-8.0.25-150400.4.17.1 php8-iconv-debuginfo-8.0.25-150400.4.17.1 php8-intl-8.0.25-150400.4.17.1 php8-intl-debuginfo-8.0.25-150400.4.17.1 php8-ldap-8.0.25-150400.4.17.1 php8-ldap-debuginfo-8.0.25-150400.4.17.1 php8-mbstring-8.0.25-150400.4.17.1 php8-mbstring-debuginfo-8.0.25-150400.4.17.1 php8-mysql-8.0.25-150400.4.17.1 php8-mysql-debuginfo-8.0.25-150400.4.17.1 php8-odbc-8.0.25-150400.4.17.1 php8-odbc-debuginfo-8.0.25-150400.4.17.1 php8-opcache-8.0.25-150400.4.17.1 php8-opcache-debuginfo-8.0.25-150400.4.17.1 php8-openssl-8.0.25-150400.4.17.1 php8-openssl-debuginfo-8.0.25-150400.4.17.1 php8-pcntl-8.0.25-150400.4.17.1 php8-pcntl-debuginfo-8.0.25-150400.4.17.1 php8-pdo-8.0.25-150400.4.17.1 php8-pdo-debuginfo-8.0.25-150400.4.17.1 php8-pgsql-8.0.25-150400.4.17.1 php8-pgsql-debuginfo-8.0.25-150400.4.17.1 php8-phar-8.0.25-150400.4.17.1 php8-phar-debuginfo-8.0.25-150400.4.17.1 php8-posix-8.0.25-150400.4.17.1 php8-posix-debuginfo-8.0.25-150400.4.17.1 php8-readline-8.0.25-150400.4.17.1 php8-readline-debuginfo-8.0.25-150400.4.17.1 php8-shmop-8.0.25-150400.4.17.1 php8-shmop-debuginfo-8.0.25-150400.4.17.1 php8-snmp-8.0.25-150400.4.17.1 php8-snmp-debuginfo-8.0.25-150400.4.17.1 php8-soap-8.0.25-150400.4.17.1 php8-soap-debuginfo-8.0.25-150400.4.17.1 php8-sockets-8.0.25-150400.4.17.1 php8-sockets-debuginfo-8.0.25-150400.4.17.1 php8-sodium-8.0.25-150400.4.17.1 php8-sodium-debuginfo-8.0.25-150400.4.17.1 php8-sqlite-8.0.25-150400.4.17.1 php8-sqlite-debuginfo-8.0.25-150400.4.17.1 php8-sysvmsg-8.0.25-150400.4.17.1 php8-sysvmsg-debuginfo-8.0.25-150400.4.17.1 php8-sysvsem-8.0.25-150400.4.17.1 php8-sysvsem-debuginfo-8.0.25-150400.4.17.1 php8-sysvshm-8.0.25-150400.4.17.1 php8-sysvshm-debuginfo-8.0.25-150400.4.17.1 php8-test-8.0.25-150400.4.17.1 php8-tidy-8.0.25-150400.4.17.1 php8-tidy-debuginfo-8.0.25-150400.4.17.1 php8-tokenizer-8.0.25-150400.4.17.1 php8-tokenizer-debuginfo-8.0.25-150400.4.17.1 php8-xmlreader-8.0.25-150400.4.17.1 php8-xmlreader-debuginfo-8.0.25-150400.4.17.1 php8-xmlwriter-8.0.25-150400.4.17.1 php8-xmlwriter-debuginfo-8.0.25-150400.4.17.1 php8-xsl-8.0.25-150400.4.17.1 php8-xsl-debuginfo-8.0.25-150400.4.17.1 php8-zip-8.0.25-150400.4.17.1 php8-zip-debuginfo-8.0.25-150400.4.17.1 php8-zlib-8.0.25-150400.4.17.1 php8-zlib-debuginfo-8.0.25-150400.4.17.1 References: https://www.suse.com/security/cve/CVE-2022-31630.html https://www.suse.com/security/cve/CVE-2022-37454.html https://bugzilla.suse.com/1204577 https://bugzilla.suse.com/1204979 From sle-updates at lists.suse.com Tue Nov 15 20:31:29 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 15 Nov 2022 21:31:29 +0100 (CET) Subject: SUSE-SU-2022:3995-1: important: Security update for jackson-databind Message-ID: <20221115203129.03522F3D4@maintenance.suse.de> SUSE Security Update: Security update for jackson-databind ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3995-1 Rating: important References: #1204369 #1204370 Cross-References: CVE-2022-42003 CVE-2022-42004 CVSS scores: CVE-2022-42003 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-42003 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-42004 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-42004 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE Enterprise Storage 7 SUSE Enterprise Storage 7.1 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Module for Development Tools 15-SP3 SUSE Linux Enterprise Module for SUSE Manager Server 4.3 SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.1 SUSE Manager Retail Branch Server 4.2 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.1 SUSE Manager Server 4.2 SUSE Manager Server 4.3 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for jackson-databind fixes the following issues: Update to version 2.13.4.2: - CVE-2022-42003: Fixed missing check in primitive value deserializers to avoid deep wrapper array nesting wrt 'UNWRAP_SINGLE_VALUE_ARRAYS' (bsc#1204370). - CVE-2022-42004: Fixed missing check in 'BeanDeserializer._deserializeFromArray()' to prevent use of deeply nested arrays (bsc#1204369). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-3995=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-3995=1 - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-3995=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-3995=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-3995=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-3995=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-3995=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-3995=1 - SUSE Linux Enterprise Module for SUSE Manager Server 4.3: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.3-2022-3995=1 - SUSE Linux Enterprise Module for Development Tools 15-SP3: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2022-3995=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-3995=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-3995=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-3995=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-3995=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-3995=1 Package List: - openSUSE Leap 15.4 (noarch): jackson-databind-2.13.4.2-150200.3.12.1 jackson-databind-javadoc-2.13.4.2-150200.3.12.1 - openSUSE Leap 15.3 (noarch): jackson-databind-2.13.4.2-150200.3.12.1 jackson-databind-javadoc-2.13.4.2-150200.3.12.1 - SUSE Manager Server 4.1 (noarch): jackson-databind-2.13.4.2-150200.3.12.1 - SUSE Manager Retail Branch Server 4.1 (noarch): jackson-databind-2.13.4.2-150200.3.12.1 - SUSE Manager Proxy 4.1 (noarch): jackson-databind-2.13.4.2-150200.3.12.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (noarch): jackson-databind-2.13.4.2-150200.3.12.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (noarch): jackson-databind-2.13.4.2-150200.3.12.1 - SUSE Linux Enterprise Server 15-SP2-BCL (noarch): jackson-databind-2.13.4.2-150200.3.12.1 - SUSE Linux Enterprise Module for SUSE Manager Server 4.3 (noarch): jackson-databind-2.13.4.2-150200.3.12.1 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (noarch): jackson-databind-2.13.4.2-150200.3.12.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (noarch): jackson-databind-2.13.4.2-150200.3.12.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch): jackson-databind-2.13.4.2-150200.3.12.1 jackson-databind-javadoc-2.13.4.2-150200.3.12.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (noarch): jackson-databind-2.13.4.2-150200.3.12.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (noarch): jackson-databind-2.13.4.2-150200.3.12.1 - SUSE Enterprise Storage 7 (noarch): jackson-databind-2.13.4.2-150200.3.12.1 References: https://www.suse.com/security/cve/CVE-2022-42003.html https://www.suse.com/security/cve/CVE-2022-42004.html https://bugzilla.suse.com/1204369 https://bugzilla.suse.com/1204370 From sle-updates at lists.suse.com Tue Nov 15 20:32:46 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 15 Nov 2022 21:32:46 +0100 (CET) Subject: SUSE-SU-2022:3997-1: important: Security update for php7 Message-ID: <20221115203246.F1477F3D4@maintenance.suse.de> SUSE Security Update: Security update for php7 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3997-1 Rating: important References: #1203867 #1203870 #1204577 #1204979 SLE-23639 Cross-References: CVE-2021-21707 CVE-2021-21708 CVE-2022-31625 CVE-2022-31626 CVE-2022-31628 CVE-2022-31629 CVE-2022-31630 CVE-2022-37454 CVSS scores: CVE-2021-21707 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVE-2021-21707 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVE-2021-21708 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-21708 (SUSE): 7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H CVE-2022-31625 (NVD) : 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-31625 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-31626 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-31626 (SUSE): 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-31628 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-31628 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CVE-2022-31629 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N CVE-2022-31630 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVE-2022-37454 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-37454 (SUSE): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise High Performance Computing SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Legacy Software 15-SP4 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 SUSE Linux Enterprise Server SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes 8 vulnerabilities, contains one feature is now available. Description: This update for php7 fixes the following issues: - Version update to 7.4.33: - CVE-2022-31630: Fixed out-of-bounds read due to insufficient input validation in imageloadfont() (bsc#1204979). - CVE-2022-37454: Fixed buffer overflow in hash_update() on long parameter (bsc#1204577). - Version update to 7.4.32 (jsc#SLE-23639) - CVE-2022-31628: Fixed an uncontrolled recursion in the phar uncompressor while decompressing "quines" gzip files. (bsc#1203867) - CVE-2022-31629: Fixed a bug which could lead an attacker to set an insecure cookie that will treated as secure in the victim's browser. (bsc#1203870) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-3997=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2022-3997=1 - SUSE Linux Enterprise Module for Legacy Software 15-SP4: zypper in -t patch SUSE-SLE-Module-Legacy-15-SP4-2022-3997=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): apache2-mod_php7-7.4.33-150400.4.13.1 apache2-mod_php7-debuginfo-7.4.33-150400.4.13.1 apache2-mod_php7-debugsource-7.4.33-150400.4.13.1 php7-7.4.33-150400.4.13.1 php7-bcmath-7.4.33-150400.4.13.1 php7-bcmath-debuginfo-7.4.33-150400.4.13.1 php7-bz2-7.4.33-150400.4.13.1 php7-bz2-debuginfo-7.4.33-150400.4.13.1 php7-calendar-7.4.33-150400.4.13.1 php7-calendar-debuginfo-7.4.33-150400.4.13.1 php7-cli-7.4.33-150400.4.13.1 php7-cli-debuginfo-7.4.33-150400.4.13.1 php7-ctype-7.4.33-150400.4.13.1 php7-ctype-debuginfo-7.4.33-150400.4.13.1 php7-curl-7.4.33-150400.4.13.1 php7-curl-debuginfo-7.4.33-150400.4.13.1 php7-dba-7.4.33-150400.4.13.1 php7-dba-debuginfo-7.4.33-150400.4.13.1 php7-debuginfo-7.4.33-150400.4.13.1 php7-debugsource-7.4.33-150400.4.13.1 php7-devel-7.4.33-150400.4.13.1 php7-dom-7.4.33-150400.4.13.1 php7-dom-debuginfo-7.4.33-150400.4.13.1 php7-embed-7.4.33-150400.4.13.1 php7-embed-debuginfo-7.4.33-150400.4.13.1 php7-embed-debugsource-7.4.33-150400.4.13.1 php7-enchant-7.4.33-150400.4.13.1 php7-enchant-debuginfo-7.4.33-150400.4.13.1 php7-exif-7.4.33-150400.4.13.1 php7-exif-debuginfo-7.4.33-150400.4.13.1 php7-fastcgi-7.4.33-150400.4.13.1 php7-fastcgi-debuginfo-7.4.33-150400.4.13.1 php7-fastcgi-debugsource-7.4.33-150400.4.13.1 php7-fileinfo-7.4.33-150400.4.13.1 php7-fileinfo-debuginfo-7.4.33-150400.4.13.1 php7-fpm-7.4.33-150400.4.13.1 php7-fpm-debuginfo-7.4.33-150400.4.13.1 php7-fpm-debugsource-7.4.33-150400.4.13.1 php7-ftp-7.4.33-150400.4.13.1 php7-ftp-debuginfo-7.4.33-150400.4.13.1 php7-gd-7.4.33-150400.4.13.1 php7-gd-debuginfo-7.4.33-150400.4.13.1 php7-gettext-7.4.33-150400.4.13.1 php7-gettext-debuginfo-7.4.33-150400.4.13.1 php7-gmp-7.4.33-150400.4.13.1 php7-gmp-debuginfo-7.4.33-150400.4.13.1 php7-iconv-7.4.33-150400.4.13.1 php7-iconv-debuginfo-7.4.33-150400.4.13.1 php7-intl-7.4.33-150400.4.13.1 php7-intl-debuginfo-7.4.33-150400.4.13.1 php7-json-7.4.33-150400.4.13.1 php7-json-debuginfo-7.4.33-150400.4.13.1 php7-ldap-7.4.33-150400.4.13.1 php7-ldap-debuginfo-7.4.33-150400.4.13.1 php7-mbstring-7.4.33-150400.4.13.1 php7-mbstring-debuginfo-7.4.33-150400.4.13.1 php7-mysql-7.4.33-150400.4.13.1 php7-mysql-debuginfo-7.4.33-150400.4.13.1 php7-odbc-7.4.33-150400.4.13.1 php7-odbc-debuginfo-7.4.33-150400.4.13.1 php7-opcache-7.4.33-150400.4.13.1 php7-opcache-debuginfo-7.4.33-150400.4.13.1 php7-openssl-7.4.33-150400.4.13.1 php7-openssl-debuginfo-7.4.33-150400.4.13.1 php7-pcntl-7.4.33-150400.4.13.1 php7-pcntl-debuginfo-7.4.33-150400.4.13.1 php7-pdo-7.4.33-150400.4.13.1 php7-pdo-debuginfo-7.4.33-150400.4.13.1 php7-pgsql-7.4.33-150400.4.13.1 php7-pgsql-debuginfo-7.4.33-150400.4.13.1 php7-phar-7.4.33-150400.4.13.1 php7-phar-debuginfo-7.4.33-150400.4.13.1 php7-posix-7.4.33-150400.4.13.1 php7-posix-debuginfo-7.4.33-150400.4.13.1 php7-readline-7.4.33-150400.4.13.1 php7-readline-debuginfo-7.4.33-150400.4.13.1 php7-shmop-7.4.33-150400.4.13.1 php7-shmop-debuginfo-7.4.33-150400.4.13.1 php7-snmp-7.4.33-150400.4.13.1 php7-snmp-debuginfo-7.4.33-150400.4.13.1 php7-soap-7.4.33-150400.4.13.1 php7-soap-debuginfo-7.4.33-150400.4.13.1 php7-sockets-7.4.33-150400.4.13.1 php7-sockets-debuginfo-7.4.33-150400.4.13.1 php7-sodium-7.4.33-150400.4.13.1 php7-sodium-debuginfo-7.4.33-150400.4.13.1 php7-sqlite-7.4.33-150400.4.13.1 php7-sqlite-debuginfo-7.4.33-150400.4.13.1 php7-sysvmsg-7.4.33-150400.4.13.1 php7-sysvmsg-debuginfo-7.4.33-150400.4.13.1 php7-sysvsem-7.4.33-150400.4.13.1 php7-sysvsem-debuginfo-7.4.33-150400.4.13.1 php7-sysvshm-7.4.33-150400.4.13.1 php7-sysvshm-debuginfo-7.4.33-150400.4.13.1 php7-test-7.4.33-150400.4.13.2 php7-tidy-7.4.33-150400.4.13.1 php7-tidy-debuginfo-7.4.33-150400.4.13.1 php7-tokenizer-7.4.33-150400.4.13.1 php7-tokenizer-debuginfo-7.4.33-150400.4.13.1 php7-xmlreader-7.4.33-150400.4.13.1 php7-xmlreader-debuginfo-7.4.33-150400.4.13.1 php7-xmlrpc-7.4.33-150400.4.13.1 php7-xmlrpc-debuginfo-7.4.33-150400.4.13.1 php7-xmlwriter-7.4.33-150400.4.13.1 php7-xmlwriter-debuginfo-7.4.33-150400.4.13.1 php7-xsl-7.4.33-150400.4.13.1 php7-xsl-debuginfo-7.4.33-150400.4.13.1 php7-zip-7.4.33-150400.4.13.1 php7-zip-debuginfo-7.4.33-150400.4.13.1 php7-zlib-7.4.33-150400.4.13.1 php7-zlib-debuginfo-7.4.33-150400.4.13.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 (aarch64 ppc64le s390x x86_64): php7-embed-7.4.33-150400.4.13.1 php7-embed-debuginfo-7.4.33-150400.4.13.1 php7-embed-debugsource-7.4.33-150400.4.13.1 - SUSE Linux Enterprise Module for Legacy Software 15-SP4 (aarch64 ppc64le s390x x86_64): apache2-mod_php7-7.4.33-150400.4.13.1 apache2-mod_php7-debuginfo-7.4.33-150400.4.13.1 apache2-mod_php7-debugsource-7.4.33-150400.4.13.1 php7-7.4.33-150400.4.13.1 php7-bcmath-7.4.33-150400.4.13.1 php7-bcmath-debuginfo-7.4.33-150400.4.13.1 php7-bz2-7.4.33-150400.4.13.1 php7-bz2-debuginfo-7.4.33-150400.4.13.1 php7-calendar-7.4.33-150400.4.13.1 php7-calendar-debuginfo-7.4.33-150400.4.13.1 php7-cli-7.4.33-150400.4.13.1 php7-cli-debuginfo-7.4.33-150400.4.13.1 php7-ctype-7.4.33-150400.4.13.1 php7-ctype-debuginfo-7.4.33-150400.4.13.1 php7-curl-7.4.33-150400.4.13.1 php7-curl-debuginfo-7.4.33-150400.4.13.1 php7-dba-7.4.33-150400.4.13.1 php7-dba-debuginfo-7.4.33-150400.4.13.1 php7-debuginfo-7.4.33-150400.4.13.1 php7-debugsource-7.4.33-150400.4.13.1 php7-devel-7.4.33-150400.4.13.1 php7-dom-7.4.33-150400.4.13.1 php7-dom-debuginfo-7.4.33-150400.4.13.1 php7-enchant-7.4.33-150400.4.13.1 php7-enchant-debuginfo-7.4.33-150400.4.13.1 php7-exif-7.4.33-150400.4.13.1 php7-exif-debuginfo-7.4.33-150400.4.13.1 php7-fastcgi-7.4.33-150400.4.13.1 php7-fastcgi-debuginfo-7.4.33-150400.4.13.1 php7-fastcgi-debugsource-7.4.33-150400.4.13.1 php7-fileinfo-7.4.33-150400.4.13.1 php7-fileinfo-debuginfo-7.4.33-150400.4.13.1 php7-fpm-7.4.33-150400.4.13.1 php7-fpm-debuginfo-7.4.33-150400.4.13.1 php7-fpm-debugsource-7.4.33-150400.4.13.1 php7-ftp-7.4.33-150400.4.13.1 php7-ftp-debuginfo-7.4.33-150400.4.13.1 php7-gd-7.4.33-150400.4.13.1 php7-gd-debuginfo-7.4.33-150400.4.13.1 php7-gettext-7.4.33-150400.4.13.1 php7-gettext-debuginfo-7.4.33-150400.4.13.1 php7-gmp-7.4.33-150400.4.13.1 php7-gmp-debuginfo-7.4.33-150400.4.13.1 php7-iconv-7.4.33-150400.4.13.1 php7-iconv-debuginfo-7.4.33-150400.4.13.1 php7-intl-7.4.33-150400.4.13.1 php7-intl-debuginfo-7.4.33-150400.4.13.1 php7-json-7.4.33-150400.4.13.1 php7-json-debuginfo-7.4.33-150400.4.13.1 php7-ldap-7.4.33-150400.4.13.1 php7-ldap-debuginfo-7.4.33-150400.4.13.1 php7-mbstring-7.4.33-150400.4.13.1 php7-mbstring-debuginfo-7.4.33-150400.4.13.1 php7-mysql-7.4.33-150400.4.13.1 php7-mysql-debuginfo-7.4.33-150400.4.13.1 php7-odbc-7.4.33-150400.4.13.1 php7-odbc-debuginfo-7.4.33-150400.4.13.1 php7-opcache-7.4.33-150400.4.13.1 php7-opcache-debuginfo-7.4.33-150400.4.13.1 php7-openssl-7.4.33-150400.4.13.1 php7-openssl-debuginfo-7.4.33-150400.4.13.1 php7-pcntl-7.4.33-150400.4.13.1 php7-pcntl-debuginfo-7.4.33-150400.4.13.1 php7-pdo-7.4.33-150400.4.13.1 php7-pdo-debuginfo-7.4.33-150400.4.13.1 php7-pgsql-7.4.33-150400.4.13.1 php7-pgsql-debuginfo-7.4.33-150400.4.13.1 php7-phar-7.4.33-150400.4.13.1 php7-phar-debuginfo-7.4.33-150400.4.13.1 php7-posix-7.4.33-150400.4.13.1 php7-posix-debuginfo-7.4.33-150400.4.13.1 php7-readline-7.4.33-150400.4.13.1 php7-readline-debuginfo-7.4.33-150400.4.13.1 php7-shmop-7.4.33-150400.4.13.1 php7-shmop-debuginfo-7.4.33-150400.4.13.1 php7-snmp-7.4.33-150400.4.13.1 php7-snmp-debuginfo-7.4.33-150400.4.13.1 php7-soap-7.4.33-150400.4.13.1 php7-soap-debuginfo-7.4.33-150400.4.13.1 php7-sockets-7.4.33-150400.4.13.1 php7-sockets-debuginfo-7.4.33-150400.4.13.1 php7-sodium-7.4.33-150400.4.13.1 php7-sodium-debuginfo-7.4.33-150400.4.13.1 php7-sqlite-7.4.33-150400.4.13.1 php7-sqlite-debuginfo-7.4.33-150400.4.13.1 php7-sysvmsg-7.4.33-150400.4.13.1 php7-sysvmsg-debuginfo-7.4.33-150400.4.13.1 php7-sysvsem-7.4.33-150400.4.13.1 php7-sysvsem-debuginfo-7.4.33-150400.4.13.1 php7-sysvshm-7.4.33-150400.4.13.1 php7-sysvshm-debuginfo-7.4.33-150400.4.13.1 php7-tidy-7.4.33-150400.4.13.1 php7-tidy-debuginfo-7.4.33-150400.4.13.1 php7-tokenizer-7.4.33-150400.4.13.1 php7-tokenizer-debuginfo-7.4.33-150400.4.13.1 php7-xmlreader-7.4.33-150400.4.13.1 php7-xmlreader-debuginfo-7.4.33-150400.4.13.1 php7-xmlrpc-7.4.33-150400.4.13.1 php7-xmlrpc-debuginfo-7.4.33-150400.4.13.1 php7-xmlwriter-7.4.33-150400.4.13.1 php7-xmlwriter-debuginfo-7.4.33-150400.4.13.1 php7-xsl-7.4.33-150400.4.13.1 php7-xsl-debuginfo-7.4.33-150400.4.13.1 php7-zip-7.4.33-150400.4.13.1 php7-zip-debuginfo-7.4.33-150400.4.13.1 php7-zlib-7.4.33-150400.4.13.1 php7-zlib-debuginfo-7.4.33-150400.4.13.1 References: https://www.suse.com/security/cve/CVE-2021-21707.html https://www.suse.com/security/cve/CVE-2021-21708.html https://www.suse.com/security/cve/CVE-2022-31625.html https://www.suse.com/security/cve/CVE-2022-31626.html https://www.suse.com/security/cve/CVE-2022-31628.html https://www.suse.com/security/cve/CVE-2022-31629.html https://www.suse.com/security/cve/CVE-2022-31630.html https://www.suse.com/security/cve/CVE-2022-37454.html https://bugzilla.suse.com/1203867 https://bugzilla.suse.com/1203870 https://bugzilla.suse.com/1204577 https://bugzilla.suse.com/1204979 From sle-updates at lists.suse.com Tue Nov 15 20:33:52 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 15 Nov 2022 21:33:52 +0100 (CET) Subject: SUSE-SU-2022:4001-1: important: Security update for sudo Message-ID: <20221115203352.4CE42F3D4@maintenance.suse.de> SUSE Security Update: Security update for sudo ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:4001-1 Rating: important References: #1204986 Cross-References: CVE-2022-43995 CVSS scores: CVE-2022-43995 (NVD) : 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H CVE-2022-43995 (SUSE): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Micro 5.3 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for sudo fixes the following issues: - CVE-2022-43995: Fixed a potential heap-based buffer over-read when entering a password of seven characters or fewer and using the crypt() password backend (bsc#1204986). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-4001=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-4001=1 - SUSE Linux Enterprise Micro 5.3: zypper in -t patch SUSE-SLE-Micro-5.3-2022-4001=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): sudo-1.9.9-150400.4.6.1 sudo-debuginfo-1.9.9-150400.4.6.1 sudo-debugsource-1.9.9-150400.4.6.1 sudo-devel-1.9.9-150400.4.6.1 sudo-plugin-python-1.9.9-150400.4.6.1 sudo-plugin-python-debuginfo-1.9.9-150400.4.6.1 sudo-test-1.9.9-150400.4.6.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): sudo-1.9.9-150400.4.6.1 sudo-debuginfo-1.9.9-150400.4.6.1 sudo-debugsource-1.9.9-150400.4.6.1 sudo-devel-1.9.9-150400.4.6.1 sudo-plugin-python-1.9.9-150400.4.6.1 sudo-plugin-python-debuginfo-1.9.9-150400.4.6.1 - SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64): sudo-1.9.9-150400.4.6.1 sudo-debuginfo-1.9.9-150400.4.6.1 sudo-debugsource-1.9.9-150400.4.6.1 References: https://www.suse.com/security/cve/CVE-2022-43995.html https://bugzilla.suse.com/1204986 From sle-updates at lists.suse.com Tue Nov 15 20:34:35 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 15 Nov 2022 21:34:35 +0100 (CET) Subject: SUSE-SU-2022:4004-1: important: Security update for python310 Message-ID: <20221115203435.3D3CAF3D4@maintenance.suse.de> SUSE Security Update: Security update for python310 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:4004-1 Rating: important References: #1204886 #1205244 Cross-References: CVE-2022-42919 CVE-2022-45061 CVSS scores: CVE-2022-42919 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-42919 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-45061 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-45061 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Python3 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for python310 fixes the following issues: Security fixes: - CVE-2022-42919: Fixed local privilege escalation via the multiprocessing forkserver start method (bsc#1204886). - CVE-2022-45061: Fixed a quadratic IDNA decoding time (bsc#1205244). Other fixes: - allow building of documentation with the latest Sphinx 5.3.0 (gh#python/cpython#98366). - Update to 3.10.8: - Fix multiplying a list by an integer (list *= int): detect the integer overflow when the new allocated length is close to the maximum size. - Fix a shell code injection vulnerability in the get-remote-certificate.py example script. The script no longer uses a shell to run openssl commands. (originally filed as CVE-2022-37460, later withdrawn) - Fix command line parsing: reject -X int_max_str_digits option with no value (invalid) when the PYTHONINTMAXSTRDIGITS environment variable is set to a valid limit. - When ValueError is raised if an integer is larger than the limit, mention the sys.set_int_max_str_digits() function in the error message. - The deprecated mailcap module now refuses to inject unsafe text (filenames, MIME types, parameters) into shell commands. Instead of using such text, it will warn and act as if a match was not found (or for test commands, as if the test failed). - os.sched_yield() now release the GIL while calling sched_yield(2). - Bugfix: PyFunction_GetAnnotations() should return a borrowed reference. It was returning a new reference. - Fixed a missing incref/decref pair in Exception.__setstate__(). - Fix overly-broad source position information for chained comparisons used as branching conditions. - Fix undefined behaviour in _testcapimodule.c. - At Python exit, sometimes a thread holding the GIL can wait forever for a thread (usually a daemon thread) which requested to drop the GIL, whereas the thread already exited. To fix the race condition, the thread which requested the GIL drop now resets its request before exiting. - Fix a possible assertion failure, fatal error, or SystemError if a line tracing event raises an exception while opcode tracing is enabled. - Fix undefined behaviour in C code of null pointer arithmetic. - Do not expose KeyWrapper in _functools. - When loading a file with invalid UTF-8 inside a multi-line string, a correct SyntaxError is emitted. - Disable incorrect pickling of the C implemented classmethod descriptors. - Fix AttributeError missing name and obj attributes in . object.__getattribute__() bpo-42316: Document some places . where an assignment expression needs parentheses . - Wrap network errors consistently in urllib FTP support, so the test suite doesn???t fail when a network is available but the public internet is not reachable. - Fixes AttributeError when subprocess.check_output() is used with argument input=None and either of the arguments encoding or errors are used. - Avoid spurious tracebacks from asyncio when default executor cleanup is delayed until after the event loop is closed (e.g. as the result of a keyboard interrupt). - Avoid a crash in the C version of asyncio.Future.remove_done_callback() when an evil argument is passed. - Remove tokenize.NL check from tabnanny. - Make Semaphore run faster. - Fix generation of the default name of tkinter.Checkbutton. Previously, checkbuttons in different parent widgets could have the same short name and share the same state if arguments ???name??? and ???variable??? are not specified. Now they are globally unique. - Update bundled libexpat to 2.4.9 - Fix race condition in asyncio where process_exited() called before the pipe_data_received() leading to inconsistent output. - Fixed check in multiprocessing.resource_tracker that guarantees that the length of a write to a pipe is not greater than PIPE_BUF. - Corrected type annotation for dataclass attribute pstats.FunctionProfile.ncalls to be str. - Fix the faulthandler implementation of faulthandler.register(signal, chain=True) if the sigaction() function is not available: don???t call the previous signal handler if it???s NULL. - In inspect, fix overeager replacement of ???typing.??? in formatting annotations. - Fix asyncio.streams.StreamReaderProtocol to keep a strong reference to the created task, so that it???s not garbage collected - Fix handling compiler warnings (SyntaxWarning and DeprecationWarning) in codeop.compile_command() when checking for incomplete input. Previously it emitted warnings and raised a SyntaxError. Now it always returns None for incomplete input without emitting any warnings. - Fixed flickering of the turtle window when the tracer is turned off. - Allow asyncio.StreamWriter.drain() to be awaited concurrently by multiple tasks. - Fix broken asyncio.Semaphore when acquire is cancelled. - Fix ast.unparse() when ImportFrom.level is None - Improve performance of urllib.request.getproxies_environment when there are many environment variables - Fix ! in c domain ref target syntax via a conf.py patch, so it works as intended to disable ref target resolution. - Clarified the conflicting advice given in the ast documentation about ast.literal_eval() being ???safe??? for use on untrusted input while at the same time warning that it can crash the process. The latter statement is true and is deemed unfixable without a large amount of work unsuitable for a bugfix. So we keep the warning and no longer claim that literal_eval is safe. - Update tutorial introduction output to use 3.10+ SyntaxError invalid range. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-4004=1 - SUSE Linux Enterprise Module for Python3 15-SP4: zypper in -t patch SUSE-SLE-Module-Python3-15-SP4-2022-4004=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): libpython3_10-1_0-3.10.8-150400.4.15.1 libpython3_10-1_0-debuginfo-3.10.8-150400.4.15.1 python310-3.10.8-150400.4.15.1 python310-base-3.10.8-150400.4.15.1 python310-base-debuginfo-3.10.8-150400.4.15.1 python310-core-debugsource-3.10.8-150400.4.15.1 python310-curses-3.10.8-150400.4.15.1 python310-curses-debuginfo-3.10.8-150400.4.15.1 python310-dbm-3.10.8-150400.4.15.1 python310-dbm-debuginfo-3.10.8-150400.4.15.1 python310-debuginfo-3.10.8-150400.4.15.1 python310-debugsource-3.10.8-150400.4.15.1 python310-devel-3.10.8-150400.4.15.1 python310-doc-3.10.8-150400.4.15.1 python310-doc-devhelp-3.10.8-150400.4.15.1 python310-idle-3.10.8-150400.4.15.1 python310-testsuite-3.10.8-150400.4.15.1 python310-testsuite-debuginfo-3.10.8-150400.4.15.1 python310-tk-3.10.8-150400.4.15.1 python310-tk-debuginfo-3.10.8-150400.4.15.1 python310-tools-3.10.8-150400.4.15.1 - openSUSE Leap 15.4 (x86_64): libpython3_10-1_0-32bit-3.10.8-150400.4.15.1 libpython3_10-1_0-32bit-debuginfo-3.10.8-150400.4.15.1 python310-32bit-3.10.8-150400.4.15.1 python310-32bit-debuginfo-3.10.8-150400.4.15.1 python310-base-32bit-3.10.8-150400.4.15.1 python310-base-32bit-debuginfo-3.10.8-150400.4.15.1 - SUSE Linux Enterprise Module for Python3 15-SP4 (aarch64 ppc64le s390x x86_64): libpython3_10-1_0-3.10.8-150400.4.15.1 libpython3_10-1_0-debuginfo-3.10.8-150400.4.15.1 python310-3.10.8-150400.4.15.1 python310-base-3.10.8-150400.4.15.1 python310-base-debuginfo-3.10.8-150400.4.15.1 python310-core-debugsource-3.10.8-150400.4.15.1 python310-curses-3.10.8-150400.4.15.1 python310-curses-debuginfo-3.10.8-150400.4.15.1 python310-dbm-3.10.8-150400.4.15.1 python310-dbm-debuginfo-3.10.8-150400.4.15.1 python310-debuginfo-3.10.8-150400.4.15.1 python310-debugsource-3.10.8-150400.4.15.1 python310-devel-3.10.8-150400.4.15.1 python310-idle-3.10.8-150400.4.15.1 python310-tk-3.10.8-150400.4.15.1 python310-tk-debuginfo-3.10.8-150400.4.15.1 python310-tools-3.10.8-150400.4.15.1 References: https://www.suse.com/security/cve/CVE-2022-42919.html https://www.suse.com/security/cve/CVE-2022-45061.html https://bugzilla.suse.com/1204886 https://bugzilla.suse.com/1205244 From sle-updates at lists.suse.com Tue Nov 15 20:35:22 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 15 Nov 2022 21:35:22 +0100 (CET) Subject: SUSE-RU-2022:4002-1: moderate: Recommended update for gegl, gimp, gnome-photos, libgexiv2 Message-ID: <20221115203522.A4C6FF3D4@maintenance.suse.de> SUSE Recommended Update: Recommended update for gegl, gimp, gnome-photos, libgexiv2 ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:4002-1 Rating: moderate References: PED-1393 Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Desktop Applications 15-SP4 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Linux Enterprise Workstation Extension 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has 0 recommended fixes and contains one feature can now be installed. Description: This update for gegl, gimp, gnome-photos, libgexiv2 has the following changes: - The packages were rebuilt against exiv2 0.27, to allow obsoleting the old 0.26 version. - No other changes were done. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-4002=1 - SUSE Linux Enterprise Workstation Extension 15-SP4: zypper in -t patch SUSE-SLE-Product-WE-15-SP4-2022-4002=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2022-4002=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP4: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP4-2022-4002=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): gegl-0.4.34-150400.3.2.1 gegl-0_4-0.4.34-150400.3.2.1 gegl-0_4-debuginfo-0.4.34-150400.3.2.1 gegl-debuginfo-0.4.34-150400.3.2.1 gegl-debugsource-0.4.34-150400.3.2.1 gegl-devel-0.4.34-150400.3.2.1 gegl-doc-0.4.34-150400.3.2.1 gimp-2.10.30-150400.3.8.2 gimp-debuginfo-2.10.30-150400.3.8.2 gimp-debugsource-2.10.30-150400.3.8.2 gimp-devel-2.10.30-150400.3.8.2 gimp-devel-debuginfo-2.10.30-150400.3.8.2 gimp-plugin-aa-2.10.30-150400.3.8.2 gimp-plugin-aa-debuginfo-2.10.30-150400.3.8.2 gnome-photos-40.0-150400.4.2.1 gnome-photos-debuginfo-40.0-150400.4.2.1 gnome-photos-debugsource-40.0-150400.4.2.1 gnome-shell-search-provider-gnome-photos-40.0-150400.4.2.1 libgegl-0_4-0-0.4.34-150400.3.2.1 libgegl-0_4-0-debuginfo-0.4.34-150400.3.2.1 libgexiv2-2-0.14.0-150400.4.2.1 libgexiv2-2-debuginfo-0.14.0-150400.4.2.1 libgexiv2-debugsource-0.14.0-150400.4.2.1 libgexiv2-devel-0.14.0-150400.4.2.1 libgimp-2_0-0-2.10.30-150400.3.8.2 libgimp-2_0-0-debuginfo-2.10.30-150400.3.8.2 libgimpui-2_0-0-2.10.30-150400.3.8.2 libgimpui-2_0-0-debuginfo-2.10.30-150400.3.8.2 python3-gexiv2-0.14.0-150400.4.2.1 typelib-1_0-GExiv2-0_10-0.14.0-150400.4.2.1 typelib-1_0-Gegl-0_4-0.4.34-150400.3.2.1 - openSUSE Leap 15.4 (x86_64): libgegl-0_4-0-32bit-0.4.34-150400.3.2.1 libgegl-0_4-0-32bit-debuginfo-0.4.34-150400.3.2.1 libgexiv2-2-32bit-0.14.0-150400.4.2.1 libgexiv2-2-32bit-debuginfo-0.14.0-150400.4.2.1 libgimp-2_0-0-32bit-2.10.30-150400.3.8.2 libgimp-2_0-0-32bit-debuginfo-2.10.30-150400.3.8.2 libgimpui-2_0-0-32bit-2.10.30-150400.3.8.2 libgimpui-2_0-0-32bit-debuginfo-2.10.30-150400.3.8.2 - openSUSE Leap 15.4 (noarch): gegl-0_4-lang-0.4.34-150400.3.2.1 gimp-lang-2.10.30-150400.3.8.2 gnome-photos-lang-40.0-150400.4.2.1 - SUSE Linux Enterprise Workstation Extension 15-SP4 (noarch): gegl-0_4-lang-0.4.34-150400.3.2.1 gimp-lang-2.10.30-150400.3.8.2 gnome-photos-lang-40.0-150400.4.2.1 - SUSE Linux Enterprise Workstation Extension 15-SP4 (x86_64): gegl-0_4-0.4.34-150400.3.2.1 gegl-0_4-debuginfo-0.4.34-150400.3.2.1 gegl-debuginfo-0.4.34-150400.3.2.1 gegl-debugsource-0.4.34-150400.3.2.1 gegl-devel-0.4.34-150400.3.2.1 gimp-2.10.30-150400.3.8.2 gimp-debuginfo-2.10.30-150400.3.8.2 gimp-debugsource-2.10.30-150400.3.8.2 gimp-devel-2.10.30-150400.3.8.2 gimp-devel-debuginfo-2.10.30-150400.3.8.2 gnome-photos-40.0-150400.4.2.1 gnome-photos-debuginfo-40.0-150400.4.2.1 gnome-photos-debugsource-40.0-150400.4.2.1 gnome-shell-search-provider-gnome-photos-40.0-150400.4.2.1 libgegl-0_4-0-0.4.34-150400.3.2.1 libgegl-0_4-0-debuginfo-0.4.34-150400.3.2.1 libgexiv2-debugsource-0.14.0-150400.4.2.1 libgexiv2-devel-0.14.0-150400.4.2.1 libgimp-2_0-0-2.10.30-150400.3.8.2 libgimp-2_0-0-debuginfo-2.10.30-150400.3.8.2 libgimpui-2_0-0-2.10.30-150400.3.8.2 libgimpui-2_0-0-debuginfo-2.10.30-150400.3.8.2 typelib-1_0-GExiv2-0_10-0.14.0-150400.4.2.1 typelib-1_0-Gegl-0_4-0.4.34-150400.3.2.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 (aarch64 ppc64le s390x): gegl-0.4.34-150400.3.2.1 gegl-0_4-0.4.34-150400.3.2.1 gegl-0_4-debuginfo-0.4.34-150400.3.2.1 gegl-debuginfo-0.4.34-150400.3.2.1 gegl-debugsource-0.4.34-150400.3.2.1 gegl-devel-0.4.34-150400.3.2.1 gegl-doc-0.4.34-150400.3.2.1 gimp-debuginfo-2.10.30-150400.3.8.2 gimp-debugsource-2.10.30-150400.3.8.2 gnome-photos-40.0-150400.4.2.1 gnome-photos-debuginfo-40.0-150400.4.2.1 gnome-photos-debugsource-40.0-150400.4.2.1 gnome-shell-search-provider-gnome-photos-40.0-150400.4.2.1 libgegl-0_4-0-0.4.34-150400.3.2.1 libgegl-0_4-0-debuginfo-0.4.34-150400.3.2.1 libgimp-2_0-0-2.10.30-150400.3.8.2 libgimp-2_0-0-debuginfo-2.10.30-150400.3.8.2 libgimpui-2_0-0-2.10.30-150400.3.8.2 libgimpui-2_0-0-debuginfo-2.10.30-150400.3.8.2 typelib-1_0-Gegl-0_4-0.4.34-150400.3.2.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 (aarch64): gimp-2.10.30-150400.3.8.2 gimp-devel-2.10.30-150400.3.8.2 gimp-devel-debuginfo-2.10.30-150400.3.8.2 gimp-plugin-aa-2.10.30-150400.3.8.2 gimp-plugin-aa-debuginfo-2.10.30-150400.3.8.2 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 (noarch): gegl-0_4-lang-0.4.34-150400.3.2.1 gimp-lang-2.10.30-150400.3.8.2 gnome-photos-lang-40.0-150400.4.2.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP4 (aarch64 ppc64le s390x x86_64): libgexiv2-2-0.14.0-150400.4.2.1 libgexiv2-2-debuginfo-0.14.0-150400.4.2.1 libgexiv2-debugsource-0.14.0-150400.4.2.1 References: From sle-updates at lists.suse.com Tue Nov 15 20:36:01 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 15 Nov 2022 21:36:01 +0100 (CET) Subject: SUSE-SU-2022:4003-1: important: Security update for nodejs16 Message-ID: <20221115203601.643F5F3D4@maintenance.suse.de> SUSE Security Update: Security update for nodejs16 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:4003-1 Rating: important References: #1205119 Cross-References: CVE-2022-43548 CVSS scores: CVE-2022-43548 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Web Scripting 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for nodejs16 fixes the following issues: - Update to LTS versino 16.18.1: - CVE-2022-43548: Fixed DNS rebinding in --inspect via invalid octal IP address (bsc#1205119). - Update to LTS version 16.18.0: * http: throw error on content-length mismatch * stream: add ReadableByteStream.tee() * deps: npm updated to 8.19.2 Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-4003=1 - SUSE Linux Enterprise Module for Web Scripting 15-SP4: zypper in -t patch SUSE-SLE-Module-Web-Scripting-15-SP4-2022-4003=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): corepack16-16.18.1-150400.3.12.1 nodejs16-16.18.1-150400.3.12.1 nodejs16-debuginfo-16.18.1-150400.3.12.1 nodejs16-debugsource-16.18.1-150400.3.12.1 nodejs16-devel-16.18.1-150400.3.12.1 npm16-16.18.1-150400.3.12.1 - openSUSE Leap 15.4 (noarch): nodejs16-docs-16.18.1-150400.3.12.1 - SUSE Linux Enterprise Module for Web Scripting 15-SP4 (aarch64 ppc64le s390x x86_64): nodejs16-16.18.1-150400.3.12.1 nodejs16-debuginfo-16.18.1-150400.3.12.1 nodejs16-debugsource-16.18.1-150400.3.12.1 nodejs16-devel-16.18.1-150400.3.12.1 npm16-16.18.1-150400.3.12.1 - SUSE Linux Enterprise Module for Web Scripting 15-SP4 (noarch): nodejs16-docs-16.18.1-150400.3.12.1 References: https://www.suse.com/security/cve/CVE-2022-43548.html https://bugzilla.suse.com/1205119 From sle-updates at lists.suse.com Wed Nov 16 08:24:13 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 16 Nov 2022 09:24:13 +0100 (CET) Subject: SUSE-CU-2022:2995-1: Recommended update of suse/sle-micro/5.3/toolbox Message-ID: <20221116082413.518CBF3D4@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.3/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2995-1 Container Tags : suse/sle-micro/5.3/toolbox:11.1 , suse/sle-micro/5.3/toolbox:11.1-5.2.32 , suse/sle-micro/5.3/toolbox:latest Container Release : 5.2.32 Severity : moderate Type : recommended References : 1201959 1204211 ----------------------------------------------------------------- The container suse/sle-micro/5.3/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3974-1 Released: Mon Nov 14 15:39:20 2022 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1201959,1204211 This update for util-linux fixes the following issues: - Fix file conflict during upgrade (bsc#1204211) - libuuid improvements (bsc#1201959, PED-1150): libuuid: Fix range when parsing UUIDs. Improve cache handling for short running applications-increment the cache size over runtime. Implement continuous clock handling for time based UUIDs. Check clock value from clock file to provide seamless libuuid. The following package changes have been done: - util-linux-systemd-2.37.2-150400.8.8.1 updated From sle-updates at lists.suse.com Wed Nov 16 08:46:45 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 16 Nov 2022 09:46:45 +0100 (CET) Subject: SUSE-CU-2022:2996-1: Recommended update of suse/sle15 Message-ID: <20221116084645.C4ECDF3D4@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2996-1 Container Tags : suse/sle15:15.1 , suse/sle15:15.1.6.2.704 Container Release : 6.2.704 Severity : important Type : recommended References : 1201959 1203652 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3961-1 Released: Mon Nov 14 07:33:50 2022 Summary: Recommended update for zlib Type: recommended Severity: important References: 1203652 This update for zlib fixes the following issues: - Fix updating strm.adler with inflate() if DFLTCC is used (bsc#1203652) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3975-1 Released: Mon Nov 14 15:41:13 2022 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1201959 This update for util-linux fixes the following issues: - libuuid improvements (bsc#1201959, PED-1150): libuuid: Fix range when parsing UUIDs. Improve cache handling for short running applications-increment the cache size over runtime. Implement continuous clock handling for time based UUIDs. Check clock value from clock file to provide seamless libuuid. The following package changes have been done: - libblkid1-2.33.2-150100.4.27.1 updated - libfdisk1-2.33.2-150100.4.27.1 updated - libmount1-2.33.2-150100.4.27.1 updated - libsmartcols1-2.33.2-150100.4.27.1 updated - libuuid1-2.33.2-150100.4.27.1 updated - libz1-1.2.11-150000.3.36.1 updated - util-linux-2.33.2-150100.4.27.1 updated From sle-updates at lists.suse.com Wed Nov 16 09:03:22 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 16 Nov 2022 10:03:22 +0100 (CET) Subject: SUSE-CU-2022:2997-1: Recommended update of suse/sle15 Message-ID: <20221116090322.DBAA6F3D4@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2997-1 Container Tags : suse/sle15:15.2 , suse/sle15:15.2.9.5.226 Container Release : 9.5.226 Severity : important Type : recommended References : 1201959 1203652 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3961-1 Released: Mon Nov 14 07:33:50 2022 Summary: Recommended update for zlib Type: recommended Severity: important References: 1203652 This update for zlib fixes the following issues: - Fix updating strm.adler with inflate() if DFLTCC is used (bsc#1203652) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3975-1 Released: Mon Nov 14 15:41:13 2022 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1201959 This update for util-linux fixes the following issues: - libuuid improvements (bsc#1201959, PED-1150): libuuid: Fix range when parsing UUIDs. Improve cache handling for short running applications-increment the cache size over runtime. Implement continuous clock handling for time based UUIDs. Check clock value from clock file to provide seamless libuuid. The following package changes have been done: - libblkid1-2.33.2-150100.4.27.1 updated - libfdisk1-2.33.2-150100.4.27.1 updated - libmount1-2.33.2-150100.4.27.1 updated - libsmartcols1-2.33.2-150100.4.27.1 updated - libuuid1-2.33.2-150100.4.27.1 updated - libz1-1.2.11-150000.3.36.1 updated - util-linux-2.33.2-150100.4.27.1 updated From sle-updates at lists.suse.com Wed Nov 16 09:10:46 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 16 Nov 2022 10:10:46 +0100 (CET) Subject: SUSE-CU-2022:2998-1: Recommended update of bci/bci-init Message-ID: <20221116091046.9A72CF3D4@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-init ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2998-1 Container Tags : bci/bci-init:15.3 , bci/bci-init:15.3.21.45 Container Release : 21.45 Severity : important Type : recommended References : 1201959 1203652 1204211 ----------------------------------------------------------------- The container bci/bci-init was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3961-1 Released: Mon Nov 14 07:33:50 2022 Summary: Recommended update for zlib Type: recommended Severity: important References: 1203652 This update for zlib fixes the following issues: - Fix updating strm.adler with inflate() if DFLTCC is used (bsc#1203652) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3973-1 Released: Mon Nov 14 15:38:25 2022 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1201959,1204211 This update for util-linux fixes the following issues: - Fix file conflict during upgrade (bsc#1204211) - libuuid improvements (bsc#1201959, PED-1150): libuuid: Fix range when parsing UUIDs. Improve cache handling for short running applications-increment the cache size over runtime. Implement continuous clock handling for time based UUIDs. Check clock value from clock file to provide seamless libuuid. The following package changes have been done: - libblkid1-2.36.2-150300.4.28.1 updated - libfdisk1-2.36.2-150300.4.28.1 updated - libmount1-2.36.2-150300.4.28.1 updated - libsmartcols1-2.36.2-150300.4.28.1 updated - libuuid1-2.36.2-150300.4.28.1 updated - libz1-1.2.11-150000.3.36.1 updated - util-linux-2.36.2-150300.4.28.1 updated - container:sles15-image-15.0.0-17.20.68 updated From sle-updates at lists.suse.com Wed Nov 16 09:13:41 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 16 Nov 2022 10:13:41 +0100 (CET) Subject: SUSE-CU-2022:2999-1: Recommended update of bci/bci-minimal Message-ID: <20221116091341.A8C12F3CC@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-minimal ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2999-1 Container Tags : bci/bci-minimal:15.3 , bci/bci-minimal:15.3.32.42 Container Release : 32.42 Severity : important Type : recommended References : 1203652 ----------------------------------------------------------------- The container bci/bci-minimal was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3961-1 Released: Mon Nov 14 07:33:50 2022 Summary: Recommended update for zlib Type: recommended Severity: important References: 1203652 This update for zlib fixes the following issues: - Fix updating strm.adler with inflate() if DFLTCC is used (bsc#1203652) The following package changes have been done: - libz1-1.2.11-150000.3.36.1 updated - container:micro-image-15.3.0-22.18 updated From sle-updates at lists.suse.com Wed Nov 16 09:20:19 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 16 Nov 2022 10:20:19 +0100 (CET) Subject: SUSE-CU-2022:3000-1: Recommended update of bci/nodejs Message-ID: <20221116092019.0ED7FF3CC@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3000-1 Container Tags : bci/node:12 , bci/node:12-17.57 , bci/nodejs:12 , bci/nodejs:12-17.57 Container Release : 17.57 Severity : important Type : recommended References : 1201959 1203652 1204211 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3961-1 Released: Mon Nov 14 07:33:50 2022 Summary: Recommended update for zlib Type: recommended Severity: important References: 1203652 This update for zlib fixes the following issues: - Fix updating strm.adler with inflate() if DFLTCC is used (bsc#1203652) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3973-1 Released: Mon Nov 14 15:38:25 2022 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1201959,1204211 This update for util-linux fixes the following issues: - Fix file conflict during upgrade (bsc#1204211) - libuuid improvements (bsc#1201959, PED-1150): libuuid: Fix range when parsing UUIDs. Improve cache handling for short running applications-increment the cache size over runtime. Implement continuous clock handling for time based UUIDs. Check clock value from clock file to provide seamless libuuid. The following package changes have been done: - libblkid1-2.36.2-150300.4.28.1 updated - libfdisk1-2.36.2-150300.4.28.1 updated - libmount1-2.36.2-150300.4.28.1 updated - libsmartcols1-2.36.2-150300.4.28.1 updated - libuuid1-2.36.2-150300.4.28.1 updated - libz1-1.2.11-150000.3.36.1 updated - util-linux-2.36.2-150300.4.28.1 updated - container:sles15-image-15.0.0-17.20.68 updated From sle-updates at lists.suse.com Wed Nov 16 09:26:44 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 16 Nov 2022 10:26:44 +0100 (CET) Subject: SUSE-CU-2022:3001-1: Recommended update of bci/python Message-ID: <20221116092644.2C1E8F3CC@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3001-1 Container Tags : bci/python:3 , bci/python:3.9 , bci/python:3.9-20.30 Container Release : 20.30 Severity : important Type : recommended References : 1201959 1203652 1204211 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3961-1 Released: Mon Nov 14 07:33:50 2022 Summary: Recommended update for zlib Type: recommended Severity: important References: 1203652 This update for zlib fixes the following issues: - Fix updating strm.adler with inflate() if DFLTCC is used (bsc#1203652) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3973-1 Released: Mon Nov 14 15:38:25 2022 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1201959,1204211 This update for util-linux fixes the following issues: - Fix file conflict during upgrade (bsc#1204211) - libuuid improvements (bsc#1201959, PED-1150): libuuid: Fix range when parsing UUIDs. Improve cache handling for short running applications-increment the cache size over runtime. Implement continuous clock handling for time based UUIDs. Check clock value from clock file to provide seamless libuuid. The following package changes have been done: - libblkid1-2.36.2-150300.4.28.1 updated - libfdisk1-2.36.2-150300.4.28.1 updated - libmount1-2.36.2-150300.4.28.1 updated - libsmartcols1-2.36.2-150300.4.28.1 updated - libuuid1-2.36.2-150300.4.28.1 updated - libz1-1.2.11-150000.3.36.1 updated - util-linux-2.36.2-150300.4.28.1 updated - container:sles15-image-15.0.0-17.20.68 updated From sle-updates at lists.suse.com Wed Nov 16 09:36:39 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 16 Nov 2022 10:36:39 +0100 (CET) Subject: SUSE-CU-2022:3002-1: Recommended update of suse/sle15 Message-ID: <20221116093639.16AB0F3CC@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3002-1 Container Tags : bci/bci-base:15.3 , bci/bci-base:15.3.17.20.68 , suse/sle15:15.3 , suse/sle15:15.3.17.20.68 Container Release : 17.20.68 Severity : important Type : recommended References : 1201959 1203652 1204211 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3961-1 Released: Mon Nov 14 07:33:50 2022 Summary: Recommended update for zlib Type: recommended Severity: important References: 1203652 This update for zlib fixes the following issues: - Fix updating strm.adler with inflate() if DFLTCC is used (bsc#1203652) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3973-1 Released: Mon Nov 14 15:38:25 2022 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1201959,1204211 This update for util-linux fixes the following issues: - Fix file conflict during upgrade (bsc#1204211) - libuuid improvements (bsc#1201959, PED-1150): libuuid: Fix range when parsing UUIDs. Improve cache handling for short running applications-increment the cache size over runtime. Implement continuous clock handling for time based UUIDs. Check clock value from clock file to provide seamless libuuid. The following package changes have been done: - libblkid1-2.36.2-150300.4.28.1 updated - libfdisk1-2.36.2-150300.4.28.1 updated - libmount1-2.36.2-150300.4.28.1 updated - libsmartcols1-2.36.2-150300.4.28.1 updated - libuuid1-2.36.2-150300.4.28.1 updated - libz1-1.2.11-150000.3.36.1 updated - util-linux-2.36.2-150300.4.28.1 updated From sle-updates at lists.suse.com Wed Nov 16 09:38:12 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 16 Nov 2022 10:38:12 +0100 (CET) Subject: SUSE-CU-2022:2994-1: Recommended update of bci/python Message-ID: <20221116093812.B0770F3CC@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2994-1 Container Tags : bci/python:3 , bci/python:3.10 , bci/python:3.10-7.24 , bci/python:latest Container Release : 7.24 Severity : important Type : recommended References : 1201959 1203652 1204211 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3961-1 Released: Mon Nov 14 07:33:50 2022 Summary: Recommended update for zlib Type: recommended Severity: important References: 1203652 This update for zlib fixes the following issues: - Fix updating strm.adler with inflate() if DFLTCC is used (bsc#1203652) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3974-1 Released: Mon Nov 14 15:39:20 2022 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1201959,1204211 This update for util-linux fixes the following issues: - Fix file conflict during upgrade (bsc#1204211) - libuuid improvements (bsc#1201959, PED-1150): libuuid: Fix range when parsing UUIDs. Improve cache handling for short running applications-increment the cache size over runtime. Implement continuous clock handling for time based UUIDs. Check clock value from clock file to provide seamless libuuid. The following package changes have been done: - libuuid1-2.37.2-150400.8.8.1 updated - libsmartcols1-2.37.2-150400.8.8.1 updated - libblkid1-2.37.2-150400.8.8.1 updated - libfdisk1-2.37.2-150400.8.8.1 updated - libz1-1.2.11-150000.3.36.1 updated - libmount1-2.37.2-150400.8.8.1 updated - util-linux-2.37.2-150400.8.8.1 updated - container:sles15-image-15.0.0-27.14.12 updated From sle-updates at lists.suse.com Wed Nov 16 09:39:54 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 16 Nov 2022 10:39:54 +0100 (CET) Subject: SUSE-CU-2022:3003-1: Recommended update of bci/python Message-ID: <20221116093954.653BCF3CC@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3003-1 Container Tags : bci/python:3 , bci/python:3.6 , bci/python:3.6-30.24 Container Release : 30.24 Severity : important Type : recommended References : 1201959 1203652 1204211 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3961-1 Released: Mon Nov 14 07:33:50 2022 Summary: Recommended update for zlib Type: recommended Severity: important References: 1203652 This update for zlib fixes the following issues: - Fix updating strm.adler with inflate() if DFLTCC is used (bsc#1203652) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3974-1 Released: Mon Nov 14 15:39:20 2022 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1201959,1204211 This update for util-linux fixes the following issues: - Fix file conflict during upgrade (bsc#1204211) - libuuid improvements (bsc#1201959, PED-1150): libuuid: Fix range when parsing UUIDs. Improve cache handling for short running applications-increment the cache size over runtime. Implement continuous clock handling for time based UUIDs. Check clock value from clock file to provide seamless libuuid. The following package changes have been done: - libuuid1-2.37.2-150400.8.8.1 updated - libsmartcols1-2.37.2-150400.8.8.1 updated - libblkid1-2.37.2-150400.8.8.1 updated - libfdisk1-2.37.2-150400.8.8.1 updated - libz1-1.2.11-150000.3.36.1 updated - libmount1-2.37.2-150400.8.8.1 updated - util-linux-2.37.2-150400.8.8.1 updated - container:sles15-image-15.0.0-27.14.12 updated From sle-updates at lists.suse.com Wed Nov 16 09:42:55 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 16 Nov 2022 10:42:55 +0100 (CET) Subject: SUSE-CU-2022:3004-1: Recommended update of bci/ruby Message-ID: <20221116094255.BF62DF3CC@maintenance.suse.de> SUSE Container Update Advisory: bci/ruby ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3004-1 Container Tags : bci/ruby:2 , bci/ruby:2.5 , bci/ruby:2.5-31.21 , bci/ruby:latest Container Release : 31.21 Severity : important Type : recommended References : 1201959 1203652 1204211 ----------------------------------------------------------------- The container bci/ruby was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3961-1 Released: Mon Nov 14 07:33:50 2022 Summary: Recommended update for zlib Type: recommended Severity: important References: 1203652 This update for zlib fixes the following issues: - Fix updating strm.adler with inflate() if DFLTCC is used (bsc#1203652) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3974-1 Released: Mon Nov 14 15:39:20 2022 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1201959,1204211 This update for util-linux fixes the following issues: - Fix file conflict during upgrade (bsc#1204211) - libuuid improvements (bsc#1201959, PED-1150): libuuid: Fix range when parsing UUIDs. Improve cache handling for short running applications-increment the cache size over runtime. Implement continuous clock handling for time based UUIDs. Check clock value from clock file to provide seamless libuuid. The following package changes have been done: - libuuid1-2.37.2-150400.8.8.1 updated - libsmartcols1-2.37.2-150400.8.8.1 updated - libblkid1-2.37.2-150400.8.8.1 updated - libfdisk1-2.37.2-150400.8.8.1 updated - libz1-1.2.11-150000.3.36.1 updated - libmount1-2.37.2-150400.8.8.1 updated - util-linux-2.37.2-150400.8.8.1 updated - container:sles15-image-15.0.0-27.14.12 updated From sle-updates at lists.suse.com Wed Nov 16 09:44:44 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 16 Nov 2022 10:44:44 +0100 (CET) Subject: SUSE-CU-2022:3005-1: Recommended update of bci/rust Message-ID: <20221116094444.7B61BF3CC@maintenance.suse.de> SUSE Container Update Advisory: bci/rust ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3005-1 Container Tags : bci/rust:1.59 , bci/rust:1.59-9.88 Container Release : 9.88 Severity : important Type : recommended References : 1201959 1203652 1204211 ----------------------------------------------------------------- The container bci/rust was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3961-1 Released: Mon Nov 14 07:33:50 2022 Summary: Recommended update for zlib Type: recommended Severity: important References: 1203652 This update for zlib fixes the following issues: - Fix updating strm.adler with inflate() if DFLTCC is used (bsc#1203652) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3974-1 Released: Mon Nov 14 15:39:20 2022 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1201959,1204211 This update for util-linux fixes the following issues: - Fix file conflict during upgrade (bsc#1204211) - libuuid improvements (bsc#1201959, PED-1150): libuuid: Fix range when parsing UUIDs. Improve cache handling for short running applications-increment the cache size over runtime. Implement continuous clock handling for time based UUIDs. Check clock value from clock file to provide seamless libuuid. The following package changes have been done: - libuuid1-2.37.2-150400.8.8.1 updated - libsmartcols1-2.37.2-150400.8.8.1 updated - libblkid1-2.37.2-150400.8.8.1 updated - libfdisk1-2.37.2-150400.8.8.1 updated - libz1-1.2.11-150000.3.36.1 updated - libmount1-2.37.2-150400.8.8.1 updated - util-linux-2.37.2-150400.8.8.1 updated - container:sles15-image-15.0.0-27.14.12 updated From sle-updates at lists.suse.com Wed Nov 16 09:45:22 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 16 Nov 2022 10:45:22 +0100 (CET) Subject: SUSE-CU-2022:3006-1: Recommended update of bci/rust Message-ID: <20221116094522.36819F3D4@maintenance.suse.de> SUSE Container Update Advisory: bci/rust ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3006-1 Container Tags : bci/rust:1.63 , bci/rust:1.63-4.4 Container Release : 4.4 Severity : important Type : recommended References : 1201959 1203652 1204211 ----------------------------------------------------------------- The container bci/rust was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3961-1 Released: Mon Nov 14 07:33:50 2022 Summary: Recommended update for zlib Type: recommended Severity: important References: 1203652 This update for zlib fixes the following issues: - Fix updating strm.adler with inflate() if DFLTCC is used (bsc#1203652) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3974-1 Released: Mon Nov 14 15:39:20 2022 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1201959,1204211 This update for util-linux fixes the following issues: - Fix file conflict during upgrade (bsc#1204211) - libuuid improvements (bsc#1201959, PED-1150): libuuid: Fix range when parsing UUIDs. Improve cache handling for short running applications-increment the cache size over runtime. Implement continuous clock handling for time based UUIDs. Check clock value from clock file to provide seamless libuuid. The following package changes have been done: - libuuid1-2.37.2-150400.8.8.1 updated - libsmartcols1-2.37.2-150400.8.8.1 updated - libblkid1-2.37.2-150400.8.8.1 updated - libfdisk1-2.37.2-150400.8.8.1 updated - libz1-1.2.11-150000.3.36.1 updated - libmount1-2.37.2-150400.8.8.1 updated - util-linux-2.37.2-150400.8.8.1 updated - container:sles15-image-15.0.0-27.14.12 updated From sle-updates at lists.suse.com Wed Nov 16 09:45:30 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 16 Nov 2022 10:45:30 +0100 (CET) Subject: SUSE-CU-2022:3007-1: Recommended update of bci/rust Message-ID: <20221116094530.2B780F3D4@maintenance.suse.de> SUSE Container Update Advisory: bci/rust ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3007-1 Container Tags : bci/rust:1.64 , bci/rust:1.64-2.4 , bci/rust:latest Container Release : 2.4 Severity : important Type : recommended References : 1201959 1203652 1204211 ----------------------------------------------------------------- The container bci/rust was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3961-1 Released: Mon Nov 14 07:33:50 2022 Summary: Recommended update for zlib Type: recommended Severity: important References: 1203652 This update for zlib fixes the following issues: - Fix updating strm.adler with inflate() if DFLTCC is used (bsc#1203652) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3974-1 Released: Mon Nov 14 15:39:20 2022 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1201959,1204211 This update for util-linux fixes the following issues: - Fix file conflict during upgrade (bsc#1204211) - libuuid improvements (bsc#1201959, PED-1150): libuuid: Fix range when parsing UUIDs. Improve cache handling for short running applications-increment the cache size over runtime. Implement continuous clock handling for time based UUIDs. Check clock value from clock file to provide seamless libuuid. The following package changes have been done: - libuuid1-2.37.2-150400.8.8.1 updated - libsmartcols1-2.37.2-150400.8.8.1 updated - libblkid1-2.37.2-150400.8.8.1 updated - libfdisk1-2.37.2-150400.8.8.1 updated - libz1-1.2.11-150000.3.36.1 updated - libmount1-2.37.2-150400.8.8.1 updated - util-linux-2.37.2-150400.8.8.1 updated - container:sles15-image-15.0.0-27.14.12 updated From sle-updates at lists.suse.com Wed Nov 16 09:47:03 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 16 Nov 2022 10:47:03 +0100 (CET) Subject: SUSE-CU-2022:3008-1: Recommended update of suse/sle15 Message-ID: <20221116094703.A655EF3D4@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3008-1 Container Tags : bci/bci-base:15.4 , bci/bci-base:15.4.27.14.13 , suse/sle15:15.4 , suse/sle15:15.4.27.14.13 Container Release : 27.14.13 Severity : important Type : recommended References : 1201959 1203652 1204211 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3961-1 Released: Mon Nov 14 07:33:50 2022 Summary: Recommended update for zlib Type: recommended Severity: important References: 1203652 This update for zlib fixes the following issues: - Fix updating strm.adler with inflate() if DFLTCC is used (bsc#1203652) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3974-1 Released: Mon Nov 14 15:39:20 2022 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1201959,1204211 This update for util-linux fixes the following issues: - Fix file conflict during upgrade (bsc#1204211) - libuuid improvements (bsc#1201959, PED-1150): libuuid: Fix range when parsing UUIDs. Improve cache handling for short running applications-increment the cache size over runtime. Implement continuous clock handling for time based UUIDs. Check clock value from clock file to provide seamless libuuid. The following package changes have been done: - libblkid1-2.37.2-150400.8.8.1 updated - libfdisk1-2.37.2-150400.8.8.1 updated - libmount1-2.37.2-150400.8.8.1 updated - libsmartcols1-2.37.2-150400.8.8.1 updated - libuuid1-2.37.2-150400.8.8.1 updated - libz1-1.2.11-150000.3.36.1 updated - util-linux-2.37.2-150400.8.8.1 updated From sle-updates at lists.suse.com Wed Nov 16 09:48:42 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 16 Nov 2022 10:48:42 +0100 (CET) Subject: SUSE-CU-2022:3009-1: Recommended update of suse/sle-micro/5.1/toolbox Message-ID: <20221116094842.024BBF3D4@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.1/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3009-1 Container Tags : suse/sle-micro/5.1/toolbox:11.1 , suse/sle-micro/5.1/toolbox:11.1-2.2.314 , suse/sle-micro/5.1/toolbox:latest Container Release : 2.2.314 Severity : moderate Type : recommended References : 1201959 1204211 ----------------------------------------------------------------- The container suse/sle-micro/5.1/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3973-1 Released: Mon Nov 14 15:38:25 2022 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1201959,1204211 This update for util-linux fixes the following issues: - Fix file conflict during upgrade (bsc#1204211) - libuuid improvements (bsc#1201959, PED-1150): libuuid: Fix range when parsing UUIDs. Improve cache handling for short running applications-increment the cache size over runtime. Implement continuous clock handling for time based UUIDs. Check clock value from clock file to provide seamless libuuid. The following package changes have been done: - util-linux-systemd-2.36.2-150300.4.28.1 updated From sle-updates at lists.suse.com Wed Nov 16 09:56:18 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 16 Nov 2022 10:56:18 +0100 (CET) Subject: SUSE-CU-2022:3011-1: Recommended update of suse/sle-micro/5.2/toolbox Message-ID: <20221116095618.A52F6F3CC@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.2/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3011-1 Container Tags : suse/sle-micro/5.2/toolbox:11.1 , suse/sle-micro/5.2/toolbox:11.1-6.2.135 , suse/sle-micro/5.2/toolbox:latest Container Release : 6.2.135 Severity : moderate Type : recommended References : 1201959 1204211 ----------------------------------------------------------------- The container suse/sle-micro/5.2/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3973-1 Released: Mon Nov 14 15:38:25 2022 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1201959,1204211 This update for util-linux fixes the following issues: - Fix file conflict during upgrade (bsc#1204211) - libuuid improvements (bsc#1201959, PED-1150): libuuid: Fix range when parsing UUIDs. Improve cache handling for short running applications-increment the cache size over runtime. Implement continuous clock handling for time based UUIDs. Check clock value from clock file to provide seamless libuuid. The following package changes have been done: - util-linux-systemd-2.36.2-150300.4.28.1 updated From sle-updates at lists.suse.com Wed Nov 16 11:22:07 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 16 Nov 2022 12:22:07 +0100 (CET) Subject: SUSE-SU-2022:4007-1: important: Security update for xen Message-ID: <20221116112207.935F0F3D4@maintenance.suse.de> SUSE Security Update: Security update for xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:4007-1 Rating: important References: #1027519 #1193923 #1203806 #1203807 #1204482 #1204483 #1204485 #1204487 #1204488 #1204489 #1204490 #1204494 #1204496 Cross-References: CVE-2022-33746 CVE-2022-33747 CVE-2022-33748 CVE-2022-42309 CVE-2022-42310 CVE-2022-42311 CVE-2022-42312 CVE-2022-42313 CVE-2022-42314 CVE-2022-42315 CVE-2022-42316 CVE-2022-42317 CVE-2022-42318 CVE-2022-42319 CVE-2022-42320 CVE-2022-42321 CVE-2022-42322 CVE-2022-42323 CVE-2022-42325 CVE-2022-42326 CVE-2022-42327 CVSS scores: CVE-2022-33746 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2022-33746 (SUSE): 5.3 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H CVE-2022-33747 (NVD) : 3.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L CVE-2022-33748 (NVD) : 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2022-33748 (SUSE): 5.3 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H CVE-2022-42309 (NVD) : 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H CVE-2022-42309 (SUSE): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H CVE-2022-42310 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-42310 (SUSE): 6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H CVE-2022-42311 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-42311 (SUSE): 6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H CVE-2022-42312 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2022-42312 (SUSE): 6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H CVE-2022-42313 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2022-42313 (SUSE): 6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H CVE-2022-42314 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2022-42314 (SUSE): 6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H CVE-2022-42315 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2022-42315 (SUSE): 6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H CVE-2022-42316 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2022-42316 (SUSE): 6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H CVE-2022-42317 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2022-42317 (SUSE): 6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H CVE-2022-42318 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2022-42318 (SUSE): 6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H CVE-2022-42319 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2022-42319 (SUSE): 6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H CVE-2022-42320 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-42320 (SUSE): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H CVE-2022-42321 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2022-42321 (SUSE): 6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H CVE-2022-42322 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-42322 (SUSE): 5.3 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H CVE-2022-42323 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-42323 (SUSE): 5.3 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H CVE-2022-42325 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-42325 (SUSE): 6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H CVE-2022-42326 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-42326 (SUSE): 6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H CVE-2022-42327 (NVD) : 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N CVE-2022-42327 (SUSE): 2.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:N Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Micro 5.3 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Module for Server Applications 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes 21 vulnerabilities is now available. Description: This update for xen fixes the following issues: - CVE-2022-33746: Fixed DoS due to excessively long P2M pool freeing (bsc#1203806). - CVE-2022-33748: Fixed DoS due to race in locking (bsc#1203807). - CVE-2022-42311, CVE-2022-42312, CVE-2022-42313, CVE-2022-42314, CVE-2022-42315, CVE-2022-42316, CVE-2022-42317, CVE-2022-42318: xen: Xenstore: Guests can let xenstored run out of memory (bsc#1204482) - CVE-2022-42309: xen: Xenstore: Guests can crash xenstored (bsc#1204485) - CVE-2022-42310: xen: Xenstore: Guests can create orphaned Xenstore nodes (bsc#1204487) - CVE-2022-42319: xen: Xenstore: Guests can cause Xenstore to not free temporary memory (bsc#1204488) - CVE-2022-42320: xen: Xenstore: Guests can get access to Xenstore nodes of deleted domains (bsc#1204489) - CVE-2022-42321: xen: Xenstore: Guests can crash xenstored via exhausting the stack (bsc#1204490) - CVE-2022-42322,CVE-2022-42323: xen: Xenstore: cooperating guests can create arbitrary numbers of nodes (bsc#1204494) - CVE-2022-42325,CVE-2022-42326: xen: Xenstore: Guests can create arbitrary number of nodes via transactions (bsc#1204496) - xen: Frontends vulnerable to backends (bsc#1193923). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-4007=1 - SUSE Linux Enterprise Module for Server Applications 15-SP4: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP4-2022-4007=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-4007=1 - SUSE Linux Enterprise Micro 5.3: zypper in -t patch SUSE-SLE-Micro-5.3-2022-4007=1 Package List: - openSUSE Leap 15.4 (aarch64 x86_64): xen-4.16.2_08-150400.4.16.1 xen-debugsource-4.16.2_08-150400.4.16.1 xen-devel-4.16.2_08-150400.4.16.1 xen-doc-html-4.16.2_08-150400.4.16.1 xen-libs-4.16.2_08-150400.4.16.1 xen-libs-debuginfo-4.16.2_08-150400.4.16.1 xen-tools-4.16.2_08-150400.4.16.1 xen-tools-debuginfo-4.16.2_08-150400.4.16.1 xen-tools-domU-4.16.2_08-150400.4.16.1 xen-tools-domU-debuginfo-4.16.2_08-150400.4.16.1 - openSUSE Leap 15.4 (noarch): xen-tools-xendomains-wait-disk-4.16.2_08-150400.4.16.1 - openSUSE Leap 15.4 (x86_64): xen-libs-32bit-4.16.2_08-150400.4.16.1 xen-libs-32bit-debuginfo-4.16.2_08-150400.4.16.1 - SUSE Linux Enterprise Module for Server Applications 15-SP4 (x86_64): xen-4.16.2_08-150400.4.16.1 xen-debugsource-4.16.2_08-150400.4.16.1 xen-devel-4.16.2_08-150400.4.16.1 xen-tools-4.16.2_08-150400.4.16.1 xen-tools-debuginfo-4.16.2_08-150400.4.16.1 - SUSE Linux Enterprise Module for Server Applications 15-SP4 (noarch): xen-tools-xendomains-wait-disk-4.16.2_08-150400.4.16.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (x86_64): xen-debugsource-4.16.2_08-150400.4.16.1 xen-libs-4.16.2_08-150400.4.16.1 xen-libs-debuginfo-4.16.2_08-150400.4.16.1 xen-tools-domU-4.16.2_08-150400.4.16.1 xen-tools-domU-debuginfo-4.16.2_08-150400.4.16.1 - SUSE Linux Enterprise Micro 5.3 (x86_64): xen-debugsource-4.16.2_08-150400.4.16.1 xen-libs-4.16.2_08-150400.4.16.1 xen-libs-debuginfo-4.16.2_08-150400.4.16.1 References: https://www.suse.com/security/cve/CVE-2022-33746.html https://www.suse.com/security/cve/CVE-2022-33747.html https://www.suse.com/security/cve/CVE-2022-33748.html https://www.suse.com/security/cve/CVE-2022-42309.html https://www.suse.com/security/cve/CVE-2022-42310.html https://www.suse.com/security/cve/CVE-2022-42311.html https://www.suse.com/security/cve/CVE-2022-42312.html https://www.suse.com/security/cve/CVE-2022-42313.html https://www.suse.com/security/cve/CVE-2022-42314.html https://www.suse.com/security/cve/CVE-2022-42315.html https://www.suse.com/security/cve/CVE-2022-42316.html https://www.suse.com/security/cve/CVE-2022-42317.html https://www.suse.com/security/cve/CVE-2022-42318.html https://www.suse.com/security/cve/CVE-2022-42319.html https://www.suse.com/security/cve/CVE-2022-42320.html https://www.suse.com/security/cve/CVE-2022-42321.html https://www.suse.com/security/cve/CVE-2022-42322.html https://www.suse.com/security/cve/CVE-2022-42323.html https://www.suse.com/security/cve/CVE-2022-42325.html https://www.suse.com/security/cve/CVE-2022-42326.html https://www.suse.com/security/cve/CVE-2022-42327.html https://bugzilla.suse.com/1027519 https://bugzilla.suse.com/1193923 https://bugzilla.suse.com/1203806 https://bugzilla.suse.com/1203807 https://bugzilla.suse.com/1204482 https://bugzilla.suse.com/1204483 https://bugzilla.suse.com/1204485 https://bugzilla.suse.com/1204487 https://bugzilla.suse.com/1204488 https://bugzilla.suse.com/1204489 https://bugzilla.suse.com/1204490 https://bugzilla.suse.com/1204494 https://bugzilla.suse.com/1204496 From sle-updates at lists.suse.com Wed Nov 16 11:23:57 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 16 Nov 2022 12:23:57 +0100 (CET) Subject: SUSE-RU-2022:4006-1: important: Recommended update for kernel-firmware Message-ID: <20221116112357.49A35F3D4@maintenance.suse.de> SUSE Recommended Update: Recommended update for kernel-firmware ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:4006-1 Rating: important References: #1203699 Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Micro 5.3 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for kernel-firmware fixes the following issues: - Update firmware for CS35L41 codecs (bsc#1203699) Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-4006=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-4006=1 - SUSE Linux Enterprise Micro 5.3: zypper in -t patch SUSE-SLE-Micro-5.3-2022-4006=1 Package List: - openSUSE Leap 15.4 (noarch): kernel-firmware-20220509-150400.4.13.1 kernel-firmware-all-20220509-150400.4.13.1 kernel-firmware-amdgpu-20220509-150400.4.13.1 kernel-firmware-ath10k-20220509-150400.4.13.1 kernel-firmware-ath11k-20220509-150400.4.13.1 kernel-firmware-atheros-20220509-150400.4.13.1 kernel-firmware-bluetooth-20220509-150400.4.13.1 kernel-firmware-bnx2-20220509-150400.4.13.1 kernel-firmware-brcm-20220509-150400.4.13.1 kernel-firmware-chelsio-20220509-150400.4.13.1 kernel-firmware-dpaa2-20220509-150400.4.13.1 kernel-firmware-i915-20220509-150400.4.13.1 kernel-firmware-intel-20220509-150400.4.13.1 kernel-firmware-iwlwifi-20220509-150400.4.13.1 kernel-firmware-liquidio-20220509-150400.4.13.1 kernel-firmware-marvell-20220509-150400.4.13.1 kernel-firmware-media-20220509-150400.4.13.1 kernel-firmware-mediatek-20220509-150400.4.13.1 kernel-firmware-mellanox-20220509-150400.4.13.1 kernel-firmware-mwifiex-20220509-150400.4.13.1 kernel-firmware-network-20220509-150400.4.13.1 kernel-firmware-nfp-20220509-150400.4.13.1 kernel-firmware-nvidia-20220509-150400.4.13.1 kernel-firmware-platform-20220509-150400.4.13.1 kernel-firmware-prestera-20220509-150400.4.13.1 kernel-firmware-qcom-20220509-150400.4.13.1 kernel-firmware-qlogic-20220509-150400.4.13.1 kernel-firmware-radeon-20220509-150400.4.13.1 kernel-firmware-realtek-20220509-150400.4.13.1 kernel-firmware-serial-20220509-150400.4.13.1 kernel-firmware-sound-20220509-150400.4.13.1 kernel-firmware-ti-20220509-150400.4.13.1 kernel-firmware-ueagle-20220509-150400.4.13.1 kernel-firmware-usb-network-20220509-150400.4.13.1 ucode-amd-20220509-150400.4.13.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (noarch): kernel-firmware-all-20220509-150400.4.13.1 kernel-firmware-amdgpu-20220509-150400.4.13.1 kernel-firmware-ath10k-20220509-150400.4.13.1 kernel-firmware-ath11k-20220509-150400.4.13.1 kernel-firmware-atheros-20220509-150400.4.13.1 kernel-firmware-bluetooth-20220509-150400.4.13.1 kernel-firmware-bnx2-20220509-150400.4.13.1 kernel-firmware-brcm-20220509-150400.4.13.1 kernel-firmware-chelsio-20220509-150400.4.13.1 kernel-firmware-dpaa2-20220509-150400.4.13.1 kernel-firmware-i915-20220509-150400.4.13.1 kernel-firmware-intel-20220509-150400.4.13.1 kernel-firmware-iwlwifi-20220509-150400.4.13.1 kernel-firmware-liquidio-20220509-150400.4.13.1 kernel-firmware-marvell-20220509-150400.4.13.1 kernel-firmware-media-20220509-150400.4.13.1 kernel-firmware-mediatek-20220509-150400.4.13.1 kernel-firmware-mellanox-20220509-150400.4.13.1 kernel-firmware-mwifiex-20220509-150400.4.13.1 kernel-firmware-network-20220509-150400.4.13.1 kernel-firmware-nfp-20220509-150400.4.13.1 kernel-firmware-nvidia-20220509-150400.4.13.1 kernel-firmware-platform-20220509-150400.4.13.1 kernel-firmware-prestera-20220509-150400.4.13.1 kernel-firmware-qcom-20220509-150400.4.13.1 kernel-firmware-qlogic-20220509-150400.4.13.1 kernel-firmware-radeon-20220509-150400.4.13.1 kernel-firmware-realtek-20220509-150400.4.13.1 kernel-firmware-serial-20220509-150400.4.13.1 kernel-firmware-sound-20220509-150400.4.13.1 kernel-firmware-ti-20220509-150400.4.13.1 kernel-firmware-ueagle-20220509-150400.4.13.1 kernel-firmware-usb-network-20220509-150400.4.13.1 ucode-amd-20220509-150400.4.13.1 - SUSE Linux Enterprise Micro 5.3 (noarch): kernel-firmware-all-20220509-150400.4.13.1 kernel-firmware-amdgpu-20220509-150400.4.13.1 kernel-firmware-ath10k-20220509-150400.4.13.1 kernel-firmware-ath11k-20220509-150400.4.13.1 kernel-firmware-atheros-20220509-150400.4.13.1 kernel-firmware-bluetooth-20220509-150400.4.13.1 kernel-firmware-bnx2-20220509-150400.4.13.1 kernel-firmware-brcm-20220509-150400.4.13.1 kernel-firmware-chelsio-20220509-150400.4.13.1 kernel-firmware-dpaa2-20220509-150400.4.13.1 kernel-firmware-i915-20220509-150400.4.13.1 kernel-firmware-intel-20220509-150400.4.13.1 kernel-firmware-iwlwifi-20220509-150400.4.13.1 kernel-firmware-liquidio-20220509-150400.4.13.1 kernel-firmware-marvell-20220509-150400.4.13.1 kernel-firmware-media-20220509-150400.4.13.1 kernel-firmware-mediatek-20220509-150400.4.13.1 kernel-firmware-mellanox-20220509-150400.4.13.1 kernel-firmware-mwifiex-20220509-150400.4.13.1 kernel-firmware-network-20220509-150400.4.13.1 kernel-firmware-nfp-20220509-150400.4.13.1 kernel-firmware-nvidia-20220509-150400.4.13.1 kernel-firmware-platform-20220509-150400.4.13.1 kernel-firmware-prestera-20220509-150400.4.13.1 kernel-firmware-qcom-20220509-150400.4.13.1 kernel-firmware-qlogic-20220509-150400.4.13.1 kernel-firmware-radeon-20220509-150400.4.13.1 kernel-firmware-realtek-20220509-150400.4.13.1 kernel-firmware-serial-20220509-150400.4.13.1 kernel-firmware-sound-20220509-150400.4.13.1 kernel-firmware-ti-20220509-150400.4.13.1 kernel-firmware-ueagle-20220509-150400.4.13.1 kernel-firmware-usb-network-20220509-150400.4.13.1 ucode-amd-20220509-150400.4.13.1 References: https://bugzilla.suse.com/1203699 From sle-updates at lists.suse.com Wed Nov 16 14:22:48 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 16 Nov 2022 15:22:48 +0100 (CET) Subject: SUSE-SU-2022:4010-1: moderate: Security update for apache2-mod_wsgi Message-ID: <20221116142248.E1ACEF3D4@maintenance.suse.de> SUSE Security Update: Security update for apache2-mod_wsgi ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:4010-1 Rating: moderate References: #1201634 Cross-References: CVE-2022-2255 CVSS scores: CVE-2022-2255 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVE-2022-2255 (SUSE): 5.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Public Cloud 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for apache2-mod_wsgi fixes the following issues: - CVE-2022-2255: Hardened the trusted proxy header filter to avoid bypass. (bsc#1201634) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-4010=1 - SUSE Linux Enterprise Module for Public Cloud 15-SP4: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP4-2022-4010=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): apache2-mod_wsgi-4.7.1-150400.3.3.1 apache2-mod_wsgi-debuginfo-4.7.1-150400.3.3.1 apache2-mod_wsgi-debugsource-4.7.1-150400.3.3.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP4 (aarch64 ppc64le s390x x86_64): apache2-mod_wsgi-4.7.1-150400.3.3.1 apache2-mod_wsgi-debuginfo-4.7.1-150400.3.3.1 apache2-mod_wsgi-debugsource-4.7.1-150400.3.3.1 References: https://www.suse.com/security/cve/CVE-2022-2255.html https://bugzilla.suse.com/1201634 From sle-updates at lists.suse.com Wed Nov 16 14:23:42 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 16 Nov 2022 15:23:42 +0100 (CET) Subject: SUSE-RU-2022:4008-1: moderate: Recommended update for python3-ec2imgutils Message-ID: <20221116142342.A76F6F3D4@maintenance.suse.de> SUSE Recommended Update: Recommended update for python3-ec2imgutils ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:4008-1 Rating: moderate References: #1199722 Affected Products: SUSE Enterprise Storage 7 SUSE Enterprise Storage 7.1 SUSE Linux Enterprise High Performance Computing 15-SP2 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Public Cloud 15-SP2 SUSE Linux Enterprise Module for Public Cloud 15-SP3 SUSE Linux Enterprise Module for Public Cloud 15-SP4 SUSE Linux Enterprise Server 15-SP2 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.1 SUSE Manager Retail Branch Server 4.2 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.1 SUSE Manager Server 4.2 SUSE Manager Server 4.3 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for python3-ec2imgutils fixes the following issues: - Update to version 10.0.1 + Follow up fix to (bsc#1199722) allow the user a choice of 2.0 and v2.0 as tpm versions on the command line - Update to version 10.0.0 (bsc#1199722) + Add --tpm-support as command line option and tpm_support to the API to register images that support NitroTPM + API change for ec2deprecateimg. It is now possible to deprecate an image without providing a successor image. - Add rpm-macros to build requirements in spec. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-4008=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-4008=1 - SUSE Linux Enterprise Module for Public Cloud 15-SP4: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP4-2022-4008=1 - SUSE Linux Enterprise Module for Public Cloud 15-SP3: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP3-2022-4008=1 - SUSE Linux Enterprise Module for Public Cloud 15-SP2: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP2-2022-4008=1 Package List: - openSUSE Leap 15.4 (noarch): python3-ec2imgutils-10.0.1-150200.6.7.1 - openSUSE Leap 15.3 (noarch): python3-ec2imgutils-10.0.1-150200.6.7.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP4 (noarch): python3-ec2imgutils-10.0.1-150200.6.7.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP3 (noarch): python3-ec2imgutils-10.0.1-150200.6.7.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP2 (noarch): python3-ec2imgutils-10.0.1-150200.6.7.1 References: https://bugzilla.suse.com/1199722 From sle-updates at lists.suse.com Wed Nov 16 14:24:43 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 16 Nov 2022 15:24:43 +0100 (CET) Subject: SUSE-SU-2022:4011-1: moderate: Security update for jsoup Message-ID: <20221116142443.9D905F3D4@maintenance.suse.de> SUSE Security Update: Security update for jsoup ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:4011-1 Rating: moderate References: #1203459 Cross-References: CVE-2022-36033 CVSS scores: CVE-2022-36033 (NVD) : 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVE-2022-36033 (SUSE): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Affected Products: SUSE Enterprise Storage 7.1 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Development Tools 15-SP3 SUSE Linux Enterprise Module for Development Tools 15-SP4 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.2 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.2 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.2 SUSE Manager Server 4.3 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for jsoup fixes the following issues: Updated to version 1.15.3: - CVE-2022-36033: Fixed incorrect sanitization of user input in SafeList.preserveRelativeLinks (bsc#1203459). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-4011=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-4011=1 - SUSE Linux Enterprise Module for Development Tools 15-SP4: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2022-4011=1 - SUSE Linux Enterprise Module for Development Tools 15-SP3: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2022-4011=1 Package List: - openSUSE Leap 15.4 (noarch): jsoup-1.15.3-150200.3.6.1 jsoup-javadoc-1.15.3-150200.3.6.1 - openSUSE Leap 15.3 (noarch): jsoup-1.15.3-150200.3.6.1 jsoup-javadoc-1.15.3-150200.3.6.1 - SUSE Linux Enterprise Module for Development Tools 15-SP4 (noarch): jsoup-1.15.3-150200.3.6.1 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (noarch): jsoup-1.15.3-150200.3.6.1 References: https://www.suse.com/security/cve/CVE-2022-36033.html https://bugzilla.suse.com/1203459 From sle-updates at lists.suse.com Wed Nov 16 14:25:35 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 16 Nov 2022 15:25:35 +0100 (CET) Subject: SUSE-SU-2022:4009-1: moderate: Security update for tomcat Message-ID: <20221116142535.94DD4F3D4@maintenance.suse.de> SUSE Security Update: Security update for tomcat ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:4009-1 Rating: moderate References: #1203868 Cross-References: CVE-2021-43980 CVSS scores: CVE-2021-43980 (NVD) : 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N CVE-2021-43980 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N Affected Products: SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for tomcat fixes the following issues: - CVE-2021-43980: Improve the recycling of Processor objects to make it more robust. (bsc#1203868) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-4009=1 Package List: - SUSE Linux Enterprise Server 12-SP5 (noarch): tomcat-9.0.36-3.90.1 tomcat-admin-webapps-9.0.36-3.90.1 tomcat-docs-webapp-9.0.36-3.90.1 tomcat-el-3_0-api-9.0.36-3.90.1 tomcat-javadoc-9.0.36-3.90.1 tomcat-jsp-2_3-api-9.0.36-3.90.1 tomcat-lib-9.0.36-3.90.1 tomcat-servlet-4_0-api-9.0.36-3.90.1 tomcat-webapps-9.0.36-3.90.1 References: https://www.suse.com/security/cve/CVE-2021-43980.html https://bugzilla.suse.com/1203868 From sle-updates at lists.suse.com Wed Nov 16 17:21:15 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 16 Nov 2022 18:21:15 +0100 (CET) Subject: SUSE-SU-2022:4013-1: moderate: Security update for apache2-mod_wsgi Message-ID: <20221116172115.10786F3D4@maintenance.suse.de> SUSE Security Update: Security update for apache2-mod_wsgi ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:4013-1 Rating: moderate References: #1201634 Cross-References: CVE-2022-2255 CVSS scores: CVE-2022-2255 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVE-2022-2255 (SUSE): 5.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L Affected Products: HPE Helion Openstack 8 SUSE Linux Enterprise High Performance Computing 12 SUSE Linux Enterprise Module for Public Cloud 12 SUSE Linux Enterprise Module for Web Scripting 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP Applications 12 SUSE Linux Enterprise Server for SAP Applications 12-SP3 SUSE Linux Enterprise Server for SAP Applications 12-SP4 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud Crowbar 8 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for apache2-mod_wsgi fixes the following issues: - CVE-2022-2255: Hardened the trusted proxy header filter to avoid bypass. (bsc#1201634) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2022-4013=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2022-4013=1 - SUSE Linux Enterprise Module for Web Scripting 12: zypper in -t patch SUSE-SLE-Module-Web-Scripting-12-2022-4013=1 - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2022-4013=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2022-4013=1 Package List: - SUSE OpenStack Cloud Crowbar 8 (x86_64): apache2-mod_wsgi-4.4.13-3.3.1 apache2-mod_wsgi-debuginfo-4.4.13-3.3.1 apache2-mod_wsgi-debugsource-4.4.13-3.3.1 - SUSE OpenStack Cloud 8 (x86_64): apache2-mod_wsgi-4.4.13-3.3.1 apache2-mod_wsgi-debuginfo-4.4.13-3.3.1 apache2-mod_wsgi-debugsource-4.4.13-3.3.1 - SUSE Linux Enterprise Module for Web Scripting 12 (aarch64 ppc64le s390x x86_64): apache2-mod_wsgi-4.4.13-3.3.1 apache2-mod_wsgi-debuginfo-4.4.13-3.3.1 apache2-mod_wsgi-debugsource-4.4.13-3.3.1 - SUSE Linux Enterprise Module for Public Cloud 12 (aarch64 ppc64le s390x x86_64): apache2-mod_wsgi-4.4.13-3.3.1 apache2-mod_wsgi-debuginfo-4.4.13-3.3.1 apache2-mod_wsgi-debugsource-4.4.13-3.3.1 - HPE Helion Openstack 8 (x86_64): apache2-mod_wsgi-4.4.13-3.3.1 apache2-mod_wsgi-debuginfo-4.4.13-3.3.1 apache2-mod_wsgi-debugsource-4.4.13-3.3.1 References: https://www.suse.com/security/cve/CVE-2022-2255.html https://bugzilla.suse.com/1201634 From sle-updates at lists.suse.com Wed Nov 16 17:21:56 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 16 Nov 2022 18:21:56 +0100 (CET) Subject: SUSE-SU-2022:4014-1: important: Security update for samba Message-ID: <20221116172156.94EC9F3D4@maintenance.suse.de> SUSE Security Update: Security update for samba ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:4014-1 Rating: important References: #1202976 Cross-References: CVE-2022-1615 CVSS scores: CVE-2022-1615 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-1615 (SUSE): 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Enterprise Storage 7 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for samba fixes the following issues: - CVE-2022-1615: Fixed error handling in random number generation (bso#15103)(bsc#1202976). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-4014=1 Package List: - SUSE Enterprise Storage 7 (aarch64 x86_64): ctdb-4.13.13+git.554.0742ec9cb74-150200.3.18.2 ctdb-debuginfo-4.13.13+git.554.0742ec9cb74-150200.3.18.2 libdcerpc-binding0-4.13.13+git.554.0742ec9cb74-150200.3.18.2 libdcerpc-binding0-debuginfo-4.13.13+git.554.0742ec9cb74-150200.3.18.2 libdcerpc0-4.13.13+git.554.0742ec9cb74-150200.3.18.2 libdcerpc0-debuginfo-4.13.13+git.554.0742ec9cb74-150200.3.18.2 libndr-krb5pac0-4.13.13+git.554.0742ec9cb74-150200.3.18.2 libndr-krb5pac0-debuginfo-4.13.13+git.554.0742ec9cb74-150200.3.18.2 libndr-nbt0-4.13.13+git.554.0742ec9cb74-150200.3.18.2 libndr-nbt0-debuginfo-4.13.13+git.554.0742ec9cb74-150200.3.18.2 libndr-standard0-4.13.13+git.554.0742ec9cb74-150200.3.18.2 libndr-standard0-debuginfo-4.13.13+git.554.0742ec9cb74-150200.3.18.2 libndr1-4.13.13+git.554.0742ec9cb74-150200.3.18.2 libndr1-debuginfo-4.13.13+git.554.0742ec9cb74-150200.3.18.2 libnetapi0-4.13.13+git.554.0742ec9cb74-150200.3.18.2 libnetapi0-debuginfo-4.13.13+git.554.0742ec9cb74-150200.3.18.2 libsamba-credentials0-4.13.13+git.554.0742ec9cb74-150200.3.18.2 libsamba-credentials0-debuginfo-4.13.13+git.554.0742ec9cb74-150200.3.18.2 libsamba-errors0-4.13.13+git.554.0742ec9cb74-150200.3.18.2 libsamba-errors0-debuginfo-4.13.13+git.554.0742ec9cb74-150200.3.18.2 libsamba-hostconfig0-4.13.13+git.554.0742ec9cb74-150200.3.18.2 libsamba-hostconfig0-debuginfo-4.13.13+git.554.0742ec9cb74-150200.3.18.2 libsamba-passdb0-4.13.13+git.554.0742ec9cb74-150200.3.18.2 libsamba-passdb0-debuginfo-4.13.13+git.554.0742ec9cb74-150200.3.18.2 libsamba-util0-4.13.13+git.554.0742ec9cb74-150200.3.18.2 libsamba-util0-debuginfo-4.13.13+git.554.0742ec9cb74-150200.3.18.2 libsamdb0-4.13.13+git.554.0742ec9cb74-150200.3.18.2 libsamdb0-debuginfo-4.13.13+git.554.0742ec9cb74-150200.3.18.2 libsmbclient0-4.13.13+git.554.0742ec9cb74-150200.3.18.2 libsmbclient0-debuginfo-4.13.13+git.554.0742ec9cb74-150200.3.18.2 libsmbconf0-4.13.13+git.554.0742ec9cb74-150200.3.18.2 libsmbconf0-debuginfo-4.13.13+git.554.0742ec9cb74-150200.3.18.2 libsmbldap2-4.13.13+git.554.0742ec9cb74-150200.3.18.2 libsmbldap2-debuginfo-4.13.13+git.554.0742ec9cb74-150200.3.18.2 libtevent-util0-4.13.13+git.554.0742ec9cb74-150200.3.18.2 libtevent-util0-debuginfo-4.13.13+git.554.0742ec9cb74-150200.3.18.2 libwbclient0-4.13.13+git.554.0742ec9cb74-150200.3.18.2 libwbclient0-debuginfo-4.13.13+git.554.0742ec9cb74-150200.3.18.2 samba-4.13.13+git.554.0742ec9cb74-150200.3.18.2 samba-ceph-4.13.13+git.554.0742ec9cb74-150200.3.18.2 samba-ceph-debuginfo-4.13.13+git.554.0742ec9cb74-150200.3.18.2 samba-client-4.13.13+git.554.0742ec9cb74-150200.3.18.2 samba-client-debuginfo-4.13.13+git.554.0742ec9cb74-150200.3.18.2 samba-debuginfo-4.13.13+git.554.0742ec9cb74-150200.3.18.2 samba-debugsource-4.13.13+git.554.0742ec9cb74-150200.3.18.2 samba-libs-4.13.13+git.554.0742ec9cb74-150200.3.18.2 samba-libs-debuginfo-4.13.13+git.554.0742ec9cb74-150200.3.18.2 samba-libs-python3-4.13.13+git.554.0742ec9cb74-150200.3.18.2 samba-libs-python3-debuginfo-4.13.13+git.554.0742ec9cb74-150200.3.18.2 samba-winbind-4.13.13+git.554.0742ec9cb74-150200.3.18.2 samba-winbind-debuginfo-4.13.13+git.554.0742ec9cb74-150200.3.18.2 References: https://www.suse.com/security/cve/CVE-2022-1615.html https://bugzilla.suse.com/1202976 From sle-updates at lists.suse.com Wed Nov 16 17:22:46 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 16 Nov 2022 18:22:46 +0100 (CET) Subject: SUSE-SU-2022:4015-1: important: Security update for rubygem-nokogiri Message-ID: <20221116172246.C0B82F3D4@maintenance.suse.de> SUSE Security Update: Security update for rubygem-nokogiri ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:4015-1 Rating: important References: #1198408 #1199782 Cross-References: CVE-2022-24836 CVE-2022-29181 CVSS scores: CVE-2022-24836 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-24836 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-29181 (NVD) : 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H CVE-2022-29181 (SUSE): 7.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H Affected Products: SUSE Enterprise Storage 6 SUSE Enterprise Storage 7 SUSE Enterprise Storage 7.1 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Availability 15 SUSE Linux Enterprise High Availability 15-SP1 SUSE Linux Enterprise High Availability 15-SP2 SUSE Linux Enterprise High Performance Computing 15 SUSE Linux Enterprise High Performance Computing 15-SP1 SUSE Linux Enterprise High Performance Computing 15-SP2 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Server 15 SUSE Linux Enterprise Server 15-SP1 SUSE Linux Enterprise Server 15-SP2 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15 SUSE Linux Enterprise Server for SAP Applications 15-SP1 SUSE Linux Enterprise Server for SAP Applications 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Manager Proxy 4.0 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.0 SUSE Manager Retail Branch Server 4.1 SUSE Manager Retail Branch Server 4.2 SUSE Manager Server 4.0 SUSE Manager Server 4.1 SUSE Manager Server 4.2 openSUSE Leap 15.3 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for rubygem-nokogiri fixes the following issues: - CVE-2022-24836: Fixes possibility to DoS because of inefficient RE in HTML encoding. (bsc#1198408) - CVE-2022-29181: Fixes Improper Handling of Unexpected Data Typesi. (bsc#1199782) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-4015=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-4015=1 - SUSE Linux Enterprise High Availability 15-SP2: zypper in -t patch SUSE-SLE-Product-HA-15-SP2-2022-4015=1 - SUSE Linux Enterprise High Availability 15-SP1: zypper in -t patch SUSE-SLE-Product-HA-15-SP1-2022-4015=1 - SUSE Linux Enterprise High Availability 15: zypper in -t patch SUSE-SLE-Product-HA-15-2022-4015=1 Package List: - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): ruby2.5-rubygem-nokogiri-1.8.5-150000.3.9.1 ruby2.5-rubygem-nokogiri-debuginfo-1.8.5-150000.3.9.1 ruby2.5-rubygem-nokogiri-doc-1.8.5-150000.3.9.1 ruby2.5-rubygem-nokogiri-testsuite-1.8.5-150000.3.9.1 rubygem-nokogiri-debugsource-1.8.5-150000.3.9.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): ruby2.5-rubygem-nokogiri-1.8.5-150000.3.9.1 ruby2.5-rubygem-nokogiri-debuginfo-1.8.5-150000.3.9.1 rubygem-nokogiri-debugsource-1.8.5-150000.3.9.1 - SUSE Linux Enterprise High Availability 15-SP2 (aarch64 ppc64le s390x x86_64): ruby2.5-rubygem-nokogiri-1.8.5-150000.3.9.1 ruby2.5-rubygem-nokogiri-debuginfo-1.8.5-150000.3.9.1 - SUSE Linux Enterprise High Availability 15-SP1 (aarch64 ppc64le s390x x86_64): ruby2.5-rubygem-nokogiri-1.8.5-150000.3.9.1 ruby2.5-rubygem-nokogiri-debuginfo-1.8.5-150000.3.9.1 - SUSE Linux Enterprise High Availability 15 (aarch64 ppc64le s390x x86_64): ruby2.5-rubygem-nokogiri-1.8.5-150000.3.9.1 ruby2.5-rubygem-nokogiri-debuginfo-1.8.5-150000.3.9.1 References: https://www.suse.com/security/cve/CVE-2022-24836.html https://www.suse.com/security/cve/CVE-2022-29181.html https://bugzilla.suse.com/1198408 https://bugzilla.suse.com/1199782 From sle-updates at lists.suse.com Wed Nov 16 17:23:46 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 16 Nov 2022 18:23:46 +0100 (CET) Subject: SUSE-SU-2022:4016-1: important: Security update for rubygem-nokogiri Message-ID: <20221116172346.87AB3F3D4@maintenance.suse.de> SUSE Security Update: Security update for rubygem-nokogiri ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:4016-1 Rating: important References: #1198408 #1199782 Cross-References: CVE-2022-24836 CVE-2022-29181 CVSS scores: CVE-2022-24836 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-24836 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-29181 (NVD) : 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H CVE-2022-29181 (SUSE): 7.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for rubygem-nokogiri fixes the following issues: - CVE-2022-24836: Fixes possibility to DoS because of inefficient RE in HTML encoding. (bsc#1198408) - CVE-2022-29181: Fixes Improper Handling of Unexpected Data Typesi. (bsc#1199782) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-4016=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-4016=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): ruby2.5-rubygem-nokogiri-1.8.5-150400.14.3.1 ruby2.5-rubygem-nokogiri-debuginfo-1.8.5-150400.14.3.1 ruby2.5-rubygem-nokogiri-doc-1.8.5-150400.14.3.1 ruby2.5-rubygem-nokogiri-testsuite-1.8.5-150400.14.3.1 rubygem-nokogiri-debugsource-1.8.5-150400.14.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): ruby2.5-rubygem-nokogiri-1.8.5-150400.14.3.1 ruby2.5-rubygem-nokogiri-debuginfo-1.8.5-150400.14.3.1 rubygem-nokogiri-debugsource-1.8.5-150400.14.3.1 References: https://www.suse.com/security/cve/CVE-2022-24836.html https://www.suse.com/security/cve/CVE-2022-29181.html https://bugzilla.suse.com/1198408 https://bugzilla.suse.com/1199782 From sle-updates at lists.suse.com Wed Nov 16 20:20:21 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 16 Nov 2022 21:20:21 +0100 (CET) Subject: SUSE-RU-2022:4020-1: moderate: Recommended update for nfs-utils Message-ID: <20221116202021.7811DF3E2@maintenance.suse.de> SUSE Recommended Update: Recommended update for nfs-utils ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:4020-1 Rating: moderate References: #1199856 #1202627 Affected Products: SUSE Enterprise Storage 7.1 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Micro 5.3 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.2 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.2 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.2 SUSE Manager Server 4.3 openSUSE Leap 15.3 openSUSE Leap 15.4 openSUSE Leap Micro 5.2 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for nfs-utils fixes the following issues: - Fix nfsdcltrack bug that affected non-x86 archs (bsc#1202627) - Ensure sysctl setting work (bsc#1199856) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap Micro 5.2: zypper in -t patch openSUSE-Leap-Micro-5.2-2022-4020=1 - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-4020=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-4020=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-4020=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-4020=1 - SUSE Linux Enterprise Micro 5.3: zypper in -t patch SUSE-SLE-Micro-5.3-2022-4020=1 - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-4020=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-4020=1 Package List: - openSUSE Leap Micro 5.2 (aarch64 x86_64): nfs-client-2.1.1-150100.10.27.1 nfs-client-debuginfo-2.1.1-150100.10.27.1 nfs-kernel-server-2.1.1-150100.10.27.1 nfs-kernel-server-debuginfo-2.1.1-150100.10.27.1 nfs-utils-debuginfo-2.1.1-150100.10.27.1 nfs-utils-debugsource-2.1.1-150100.10.27.1 - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): nfs-client-2.1.1-150100.10.27.1 nfs-client-debuginfo-2.1.1-150100.10.27.1 nfs-doc-2.1.1-150100.10.27.1 nfs-kernel-server-2.1.1-150100.10.27.1 nfs-kernel-server-debuginfo-2.1.1-150100.10.27.1 nfs-utils-debuginfo-2.1.1-150100.10.27.1 nfs-utils-debugsource-2.1.1-150100.10.27.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): nfs-client-2.1.1-150100.10.27.1 nfs-client-debuginfo-2.1.1-150100.10.27.1 nfs-doc-2.1.1-150100.10.27.1 nfs-kernel-server-2.1.1-150100.10.27.1 nfs-kernel-server-debuginfo-2.1.1-150100.10.27.1 nfs-utils-debuginfo-2.1.1-150100.10.27.1 nfs-utils-debugsource-2.1.1-150100.10.27.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): nfs-client-2.1.1-150100.10.27.1 nfs-client-debuginfo-2.1.1-150100.10.27.1 nfs-doc-2.1.1-150100.10.27.1 nfs-kernel-server-2.1.1-150100.10.27.1 nfs-kernel-server-debuginfo-2.1.1-150100.10.27.1 nfs-utils-debuginfo-2.1.1-150100.10.27.1 nfs-utils-debugsource-2.1.1-150100.10.27.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): nfs-client-2.1.1-150100.10.27.1 nfs-client-debuginfo-2.1.1-150100.10.27.1 nfs-doc-2.1.1-150100.10.27.1 nfs-kernel-server-2.1.1-150100.10.27.1 nfs-kernel-server-debuginfo-2.1.1-150100.10.27.1 nfs-utils-debuginfo-2.1.1-150100.10.27.1 nfs-utils-debugsource-2.1.1-150100.10.27.1 - SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64): nfs-client-2.1.1-150100.10.27.1 nfs-client-debuginfo-2.1.1-150100.10.27.1 nfs-kernel-server-2.1.1-150100.10.27.1 nfs-kernel-server-debuginfo-2.1.1-150100.10.27.1 nfs-utils-debuginfo-2.1.1-150100.10.27.1 nfs-utils-debugsource-2.1.1-150100.10.27.1 - SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64): nfs-client-2.1.1-150100.10.27.1 nfs-client-debuginfo-2.1.1-150100.10.27.1 nfs-kernel-server-2.1.1-150100.10.27.1 nfs-kernel-server-debuginfo-2.1.1-150100.10.27.1 nfs-utils-debuginfo-2.1.1-150100.10.27.1 nfs-utils-debugsource-2.1.1-150100.10.27.1 - SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64): nfs-client-2.1.1-150100.10.27.1 nfs-client-debuginfo-2.1.1-150100.10.27.1 nfs-kernel-server-2.1.1-150100.10.27.1 nfs-kernel-server-debuginfo-2.1.1-150100.10.27.1 nfs-utils-debuginfo-2.1.1-150100.10.27.1 nfs-utils-debugsource-2.1.1-150100.10.27.1 References: https://bugzilla.suse.com/1199856 https://bugzilla.suse.com/1202627 From sle-updates at lists.suse.com Wed Nov 16 20:21:30 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 16 Nov 2022 21:21:30 +0100 (CET) Subject: SUSE-RU-2022:4019-1: Recommended update for apparmor Message-ID: <20221116202130.BD359F3E2@maintenance.suse.de> SUSE Recommended Update: Recommended update for apparmor ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:4019-1 Rating: low References: #1202344 Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Micro 5.3 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Module for Development Tools 15-SP4 SUSE Linux Enterprise Module for Server Applications 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for apparmor fixes the following issues: - profiles: permit php-fpm pid files directly under run/ (bsc#1202344) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-4019=1 - SUSE Linux Enterprise Module for Server Applications 15-SP4: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP4-2022-4019=1 - SUSE Linux Enterprise Module for Development Tools 15-SP4: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2022-4019=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-4019=1 - SUSE Linux Enterprise Micro 5.3: zypper in -t patch SUSE-SLE-Micro-5.3-2022-4019=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): apache2-mod_apparmor-3.0.4-150400.5.3.1 apache2-mod_apparmor-debuginfo-3.0.4-150400.5.3.1 apparmor-debugsource-3.0.4-150400.5.3.1 apparmor-parser-3.0.4-150400.5.3.1 apparmor-parser-debuginfo-3.0.4-150400.5.3.1 libapparmor-debugsource-3.0.4-150400.5.3.1 libapparmor-devel-3.0.4-150400.5.3.1 libapparmor1-3.0.4-150400.5.3.1 libapparmor1-debuginfo-3.0.4-150400.5.3.1 pam_apparmor-3.0.4-150400.5.3.1 pam_apparmor-debuginfo-3.0.4-150400.5.3.1 perl-apparmor-3.0.4-150400.5.3.1 perl-apparmor-debuginfo-3.0.4-150400.5.3.1 python3-apparmor-3.0.4-150400.5.3.1 python3-apparmor-debuginfo-3.0.4-150400.5.3.1 ruby-apparmor-3.0.4-150400.5.3.1 ruby-apparmor-debuginfo-3.0.4-150400.5.3.1 - openSUSE Leap 15.4 (noarch): apparmor-abstractions-3.0.4-150400.5.3.1 apparmor-docs-3.0.4-150400.5.3.1 apparmor-parser-lang-3.0.4-150400.5.3.1 apparmor-profiles-3.0.4-150400.5.3.1 apparmor-utils-3.0.4-150400.5.3.1 apparmor-utils-lang-3.0.4-150400.5.3.1 - openSUSE Leap 15.4 (x86_64): libapparmor1-32bit-3.0.4-150400.5.3.1 libapparmor1-32bit-debuginfo-3.0.4-150400.5.3.1 pam_apparmor-32bit-3.0.4-150400.5.3.1 pam_apparmor-32bit-debuginfo-3.0.4-150400.5.3.1 - SUSE Linux Enterprise Module for Server Applications 15-SP4 (aarch64 ppc64le s390x x86_64): apache2-mod_apparmor-3.0.4-150400.5.3.1 apache2-mod_apparmor-debuginfo-3.0.4-150400.5.3.1 apparmor-debugsource-3.0.4-150400.5.3.1 - SUSE Linux Enterprise Module for Development Tools 15-SP4 (aarch64 ppc64le s390x x86_64): apparmor-debugsource-3.0.4-150400.5.3.1 perl-apparmor-3.0.4-150400.5.3.1 perl-apparmor-debuginfo-3.0.4-150400.5.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): apparmor-debugsource-3.0.4-150400.5.3.1 apparmor-parser-3.0.4-150400.5.3.1 apparmor-parser-debuginfo-3.0.4-150400.5.3.1 libapparmor-debugsource-3.0.4-150400.5.3.1 libapparmor-devel-3.0.4-150400.5.3.1 libapparmor1-3.0.4-150400.5.3.1 libapparmor1-debuginfo-3.0.4-150400.5.3.1 pam_apparmor-3.0.4-150400.5.3.1 pam_apparmor-debuginfo-3.0.4-150400.5.3.1 python3-apparmor-3.0.4-150400.5.3.1 python3-apparmor-debuginfo-3.0.4-150400.5.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (x86_64): libapparmor1-32bit-3.0.4-150400.5.3.1 libapparmor1-32bit-debuginfo-3.0.4-150400.5.3.1 pam_apparmor-32bit-3.0.4-150400.5.3.1 pam_apparmor-32bit-debuginfo-3.0.4-150400.5.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (noarch): apparmor-abstractions-3.0.4-150400.5.3.1 apparmor-docs-3.0.4-150400.5.3.1 apparmor-parser-lang-3.0.4-150400.5.3.1 apparmor-profiles-3.0.4-150400.5.3.1 apparmor-utils-3.0.4-150400.5.3.1 apparmor-utils-lang-3.0.4-150400.5.3.1 - SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64): apparmor-debugsource-3.0.4-150400.5.3.1 apparmor-parser-3.0.4-150400.5.3.1 apparmor-parser-debuginfo-3.0.4-150400.5.3.1 libapparmor-debugsource-3.0.4-150400.5.3.1 libapparmor1-3.0.4-150400.5.3.1 libapparmor1-debuginfo-3.0.4-150400.5.3.1 pam_apparmor-3.0.4-150400.5.3.1 pam_apparmor-debuginfo-3.0.4-150400.5.3.1 References: https://bugzilla.suse.com/1202344 From sle-updates at lists.suse.com Wed Nov 16 20:22:42 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 16 Nov 2022 21:22:42 +0100 (CET) Subject: SUSE-RU-2022:4021-1: Recommended update for mdadm Message-ID: <20221116202242.CCDDEF3E2@maintenance.suse.de> SUSE Recommended Update: Recommended update for mdadm ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:4021-1 Rating: low References: #1193566 SLE-24761 Affected Products: SUSE Enterprise Storage 7.1 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Micro 5.3 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.2 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.2 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.2 SUSE Manager Server 4.3 openSUSE Leap 15.3 openSUSE Leap 15.4 openSUSE Leap Micro 5.2 ______________________________________________________________________________ An update that has one recommended fix and contains one feature can now be installed. Description: This update for mdadm fixes the following issues: - Add EXTRAVERSION as make argument on build (jsc#SLE-24761, bsc#1193566) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap Micro 5.2: zypper in -t patch openSUSE-Leap-Micro-5.2-2022-4021=1 - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-4021=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-4021=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-4021=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-4021=1 - SUSE Linux Enterprise Micro 5.3: zypper in -t patch SUSE-SLE-Micro-5.3-2022-4021=1 - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-4021=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-4021=1 Package List: - openSUSE Leap Micro 5.2 (aarch64 x86_64): mdadm-4.1-150300.24.21.1 mdadm-debuginfo-4.1-150300.24.21.1 mdadm-debugsource-4.1-150300.24.21.1 - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): mdadm-4.1-150300.24.21.1 mdadm-debuginfo-4.1-150300.24.21.1 mdadm-debugsource-4.1-150300.24.21.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): mdadm-4.1-150300.24.21.1 mdadm-debuginfo-4.1-150300.24.21.1 mdadm-debugsource-4.1-150300.24.21.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): mdadm-4.1-150300.24.21.1 mdadm-debuginfo-4.1-150300.24.21.1 mdadm-debugsource-4.1-150300.24.21.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): mdadm-4.1-150300.24.21.1 mdadm-debuginfo-4.1-150300.24.21.1 mdadm-debugsource-4.1-150300.24.21.1 - SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64): mdadm-4.1-150300.24.21.1 mdadm-debuginfo-4.1-150300.24.21.1 mdadm-debugsource-4.1-150300.24.21.1 - SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64): mdadm-4.1-150300.24.21.1 mdadm-debuginfo-4.1-150300.24.21.1 mdadm-debugsource-4.1-150300.24.21.1 - SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64): mdadm-4.1-150300.24.21.1 mdadm-debuginfo-4.1-150300.24.21.1 mdadm-debugsource-4.1-150300.24.21.1 References: https://bugzilla.suse.com/1193566 From sle-updates at lists.suse.com Wed Nov 16 20:23:50 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 16 Nov 2022 21:23:50 +0100 (CET) Subject: SUSE-SU-2022:4022-1: moderate: Security update for ant Message-ID: <20221116202350.563B1F3E2@maintenance.suse.de> SUSE Security Update: Security update for ant ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:4022-1 Rating: moderate References: #1171696 #1177180 Cross-References: CVE-2020-11979 CVE-2020-1945 CVSS scores: CVE-2020-11979 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVE-2020-11979 (SUSE): 4.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L CVE-2020-1945 (NVD) : 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N CVE-2020-1945 (SUSE): 4.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L Affected Products: SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for ant fixes the following issues: - CVE-2020-1945: Fixed insecure temporary file vulnerability (bsc#1171696). - CVE-2020-11979: Fixed issue introduced with fix for CVE-2020-1945 (bsc#1177180). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-4022=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-4022=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (noarch): ant-1.9.4-3.12.1 ant-antlr-1.9.4-3.12.3 ant-apache-bcel-1.9.4-3.12.3 ant-apache-bsf-1.9.4-3.12.3 ant-apache-log4j-1.9.4-3.12.3 ant-apache-oro-1.9.4-3.12.3 ant-apache-regexp-1.9.4-3.12.3 ant-apache-resolver-1.9.4-3.12.3 ant-commons-logging-1.9.4-3.12.3 ant-javadoc-1.9.4-3.12.3 ant-javamail-1.9.4-3.12.3 ant-jdepend-1.9.4-3.12.3 ant-jmf-1.9.4-3.12.1 ant-junit-1.9.4-3.12.3 ant-manual-1.9.4-3.12.3 ant-scripts-1.9.4-3.12.1 ant-swing-1.9.4-3.12.1 - SUSE Linux Enterprise Server 12-SP5 (noarch): ant-1.9.4-3.12.1 References: https://www.suse.com/security/cve/CVE-2020-11979.html https://www.suse.com/security/cve/CVE-2020-1945.html https://bugzilla.suse.com/1171696 https://bugzilla.suse.com/1177180 From sle-updates at lists.suse.com Wed Nov 16 20:24:48 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 16 Nov 2022 21:24:48 +0100 (CET) Subject: SUSE-RU-2022:4018-1: Recommended update for python-service_identity Message-ID: <20221116202448.3F78BF3E2@maintenance.suse.de> SUSE Recommended Update: Recommended update for python-service_identity ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:4018-1 Rating: low References: #1203743 Affected Products: SUSE Enterprise Storage 7.1 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Server Applications 15-SP3 SUSE Linux Enterprise Module for Server Applications 15-SP4 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.2 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.2 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.2 SUSE Manager Server 4.3 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for python-service_identity fixes the following issues: - Loose the filelist for the package info to avoid build failure (bsc#1203743) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-4018=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-4018=1 - SUSE Linux Enterprise Module for Server Applications 15-SP4: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP4-2022-4018=1 - SUSE Linux Enterprise Module for Server Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP3-2022-4018=1 Package List: - openSUSE Leap 15.4 (noarch): python3-service_identity-18.1.0-150200.3.5.1 - openSUSE Leap 15.3 (noarch): python2-service_identity-18.1.0-150200.3.5.1 python3-service_identity-18.1.0-150200.3.5.1 - SUSE Linux Enterprise Module for Server Applications 15-SP4 (noarch): python3-service_identity-18.1.0-150200.3.5.1 - SUSE Linux Enterprise Module for Server Applications 15-SP3 (noarch): python3-service_identity-18.1.0-150200.3.5.1 References: https://bugzilla.suse.com/1203743 From sle-updates at lists.suse.com Thu Nov 17 02:19:56 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 17 Nov 2022 03:19:56 +0100 (CET) Subject: SUSE-SU-2022:4036-1: important: Security update for the Linux Kernel (Live Patch 4 for SLE 15 SP4) Message-ID: <20221117021956.BDE92F3D4@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 4 for SLE 15 SP4) ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:4036-1 Rating: important References: #1196959 Cross-References: CVE-2021-39698 CVSS scores: CVE-2021-39698 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-39698 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Live Patching 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for the Linux Kernel 5.14.21-150400_24_28 fixes one issue. The following security issue was fixed: - CVE-2021-39698: Fixed a possible memory corruption due to a use after free in aio_poll_complete_work. This could lead to local escalation of privilege with no additional execution privileges needed. (bsc#1196956) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Live Patching 15-SP4: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2022-4036=1 Package List: - SUSE Linux Enterprise Module for Live Patching 15-SP4 (ppc64le s390x x86_64): kernel-livepatch-5_14_21-150400_24_28-default-2-150400.2.1 kernel-livepatch-5_14_21-150400_24_28-default-debuginfo-2-150400.2.1 kernel-livepatch-SLE15-SP4_Update_4-debugsource-2-150400.2.1 References: https://www.suse.com/security/cve/CVE-2021-39698.html https://bugzilla.suse.com/1196959 From sle-updates at lists.suse.com Thu Nov 17 02:20:37 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 17 Nov 2022 03:20:37 +0100 (CET) Subject: SUSE-SU-2022:4027-1: important: Security update for the Linux Kernel (Live Patch 31 for SLE 15) Message-ID: <20221117022037.A2219F3D4@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 31 for SLE 15) ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:4027-1 Rating: important References: #1201742 #1201752 #1202087 #1203613 #1204170 Cross-References: CVE-2020-36557 CVE-2020-36558 CVE-2021-33655 CVE-2022-2588 CVE-2022-42703 CVSS scores: CVE-2020-36557 (NVD) : 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2020-36557 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2020-36558 (NVD) : 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2020-36558 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-33655 (NVD) : 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2021-33655 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-2588 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-42703 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-42703 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise High Performance Computing 15 SUSE Linux Enterprise Module for Live Patching 15 SUSE Linux Enterprise Server 15 SUSE Linux Enterprise Server for SAP Applications 15 ______________________________________________________________________________ An update that fixes 5 vulnerabilities is now available. Description: This update for the Linux Kernel 4.12.14-150000_150_95 fixes several issues. The following security issues were fixed: - CVE-2020-36557: Fixed a race condition between the VT_DISALLOCATE ioctl and closing/opening of ttys that could have led to a use-after-free (bnc#1201429). - CVE-2020-36558: Fixed a race condition involving VT_RESIZEX which could lead to a NULL pointer dereference and general protection fault (bnc#1200910). - CVE-2021-33655: Fixed out of bounds write with ioctl FBIOPUT_VSCREENINFO (bnc#1201635). - CVE-2022-2588: Fixed use-after-free in cls_route (bsc#1202096). - CVE-2022-42703: Fixed use-after-free in mm/rmap.c related to leaf anon_vma double reuse (bnc#1204168). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Live Patching 15: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-2022-4027=1 Package List: - SUSE Linux Enterprise Module for Live Patching 15 (ppc64le x86_64): kernel-livepatch-4_12_14-150000_150_95-default-4-150000.2.1 kernel-livepatch-4_12_14-150000_150_95-default-debuginfo-4-150000.2.1 References: https://www.suse.com/security/cve/CVE-2020-36557.html https://www.suse.com/security/cve/CVE-2020-36558.html https://www.suse.com/security/cve/CVE-2021-33655.html https://www.suse.com/security/cve/CVE-2022-2588.html https://www.suse.com/security/cve/CVE-2022-42703.html https://bugzilla.suse.com/1201742 https://bugzilla.suse.com/1201752 https://bugzilla.suse.com/1202087 https://bugzilla.suse.com/1203613 https://bugzilla.suse.com/1204170 From sle-updates at lists.suse.com Thu Nov 17 02:21:53 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 17 Nov 2022 03:21:53 +0100 (CET) Subject: SUSE-SU-2022:4030-1: important: Security update for the Linux Kernel (Live Patch 33 for SLE 15 SP1) Message-ID: <20221117022153.0F4BDF3D4@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 33 for SLE 15 SP1) ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:4030-1 Rating: important References: #1203613 #1204170 Cross-References: CVE-2022-2588 CVE-2022-42703 CVSS scores: CVE-2022-2588 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-42703 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-42703 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise High Performance Computing 15 SUSE Linux Enterprise High Performance Computing 15-SP1 SUSE Linux Enterprise High Performance Computing 15-SP2 SUSE Linux Enterprise Live Patching 12-SP4 SUSE Linux Enterprise Live Patching 12-SP5 SUSE Linux Enterprise Module for Live Patching 15 SUSE Linux Enterprise Module for Live Patching 15-SP1 SUSE Linux Enterprise Module for Live Patching 15-SP2 SUSE Linux Enterprise Server 15 SUSE Linux Enterprise Server 15-SP1 SUSE Linux Enterprise Server 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15 SUSE Linux Enterprise Server for SAP Applications 15-SP1 SUSE Linux Enterprise Server for SAP Applications 15-SP2 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for the Linux Kernel 4.12.14-150100_197_120 fixes several issues. The following security issues were fixed: - CVE-2022-2588: Fixed use-after-free in cls_route (bsc#1202096). - CVE-2022-42703: Fixed use-after-free in mm/rmap.c related to leaf anon_vma double reuse (bnc#1204168). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Live Patching 15-SP2: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP2-2022-4031=1 - SUSE Linux Enterprise Module for Live Patching 15-SP1: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP1-2022-4030=1 - SUSE Linux Enterprise Module for Live Patching 15: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-2022-4028=1 - SUSE Linux Enterprise Live Patching 12-SP5: zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2022-4026=1 - SUSE Linux Enterprise Live Patching 12-SP4: zypper in -t patch SUSE-SLE-Live-Patching-12-SP4-2022-4023=1 Package List: - SUSE Linux Enterprise Module for Live Patching 15-SP2 (ppc64le s390x x86_64): kernel-livepatch-5_3_18-150200_24_126-default-5-150200.2.1 kernel-livepatch-5_3_18-150200_24_126-default-debuginfo-5-150200.2.1 kernel-livepatch-SLE15-SP2_Update_29-debugsource-5-150200.2.1 - SUSE Linux Enterprise Module for Live Patching 15-SP1 (ppc64le x86_64): kernel-livepatch-4_12_14-150100_197_120-default-4-150100.2.1 - SUSE Linux Enterprise Module for Live Patching 15 (ppc64le x86_64): kernel-livepatch-4_12_14-150000_150_98-default-4-150000.2.1 kernel-livepatch-4_12_14-150000_150_98-default-debuginfo-4-150000.2.1 - SUSE Linux Enterprise Live Patching 12-SP5 (ppc64le s390x x86_64): kgraft-patch-4_12_14-122_130-default-4-2.1 - SUSE Linux Enterprise Live Patching 12-SP4 (ppc64le s390x x86_64): kgraft-patch-4_12_14-95_105-default-4-2.1 References: https://www.suse.com/security/cve/CVE-2022-2588.html https://www.suse.com/security/cve/CVE-2022-42703.html https://bugzilla.suse.com/1203613 https://bugzilla.suse.com/1204170 From sle-updates at lists.suse.com Thu Nov 17 02:22:50 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 17 Nov 2022 03:22:50 +0100 (CET) Subject: SUSE-SU-2022:4039-1: important: Security update for the Linux Kernel (Live Patch 2 for SLE 15 SP4) Message-ID: <20221117022250.9356AF3D4@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 2 for SLE 15 SP4) ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:4039-1 Rating: important References: #1200058 #1203613 #1204170 #1204289 Cross-References: CVE-2022-1882 CVE-2022-2588 CVE-2022-42703 CVE-2022-42722 CVSS scores: CVE-2022-1882 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-1882 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-2588 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-42703 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-42703 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-42722 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-42722 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Live Patching 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for the Linux Kernel 5.14.21-150400_24_18 fixes several issues. The following security issues were fixed: - CVE-2022-1882: Fixed a use-after-free flaw in free_pipe_info() that could allow a local user to crash or potentially escalate their privileges on the system (bsc#1199904). - CVE-2022-2588: Fixed use-after-free in cls_route (bsc#1202096). - CVE-2022-42703: Fixed use-after-free in mm/rmap.c related to leaf anon_vma double reuse (bnc#1204168). - CVE-2022-42722: Fixed crash in beacon protection for P2P-device. (bsc#1204125) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Live Patching 15-SP4: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2022-4039=1 Package List: - SUSE Linux Enterprise Module for Live Patching 15-SP4 (ppc64le s390x x86_64): kernel-livepatch-5_14_21-150400_24_18-default-5-150400.2.1 kernel-livepatch-5_14_21-150400_24_18-default-debuginfo-5-150400.2.1 kernel-livepatch-SLE15-SP4_Update_2-debugsource-5-150400.2.1 References: https://www.suse.com/security/cve/CVE-2022-1882.html https://www.suse.com/security/cve/CVE-2022-2588.html https://www.suse.com/security/cve/CVE-2022-42703.html https://www.suse.com/security/cve/CVE-2022-42722.html https://bugzilla.suse.com/1200058 https://bugzilla.suse.com/1203613 https://bugzilla.suse.com/1204170 https://bugzilla.suse.com/1204289 From sle-updates at lists.suse.com Thu Nov 17 02:23:46 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 17 Nov 2022 03:23:46 +0100 (CET) Subject: SUSE-SU-2022:4034-1: important: Security update for the Linux Kernel (Live Patch 23 for SLE 15 SP3) Message-ID: <20221117022346.AACB4F3D4@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 23 for SLE 15 SP3) ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:4034-1 Rating: important References: #1203613 #1204170 #1204289 Cross-References: CVE-2022-2588 CVE-2022-42703 CVE-2022-42722 CVSS scores: CVE-2022-2588 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-42703 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-42703 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-42722 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-42722 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Module for Live Patching 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for the Linux Kernel 5.3.18-150300_59_90 fixes several issues. The following security issues were fixed: - CVE-2022-2588: Fixed use-after-free in cls_route (bsc#1202096). - CVE-2022-42703: Fixed use-after-free in mm/rmap.c related to leaf anon_vma double reuse (bnc#1204168). - CVE-2022-42722: Fixed crash in beacon protection for P2P-device. (bsc#1204125) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Live Patching 15-SP3: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2022-4034=1 Package List: - SUSE Linux Enterprise Module for Live Patching 15-SP3 (ppc64le s390x x86_64): kernel-livepatch-5_3_18-150300_59_90-default-5-150300.2.1 References: https://www.suse.com/security/cve/CVE-2022-2588.html https://www.suse.com/security/cve/CVE-2022-42703.html https://www.suse.com/security/cve/CVE-2022-42722.html https://bugzilla.suse.com/1203613 https://bugzilla.suse.com/1204170 https://bugzilla.suse.com/1204289 From sle-updates at lists.suse.com Thu Nov 17 02:24:38 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 17 Nov 2022 03:24:38 +0100 (CET) Subject: SUSE-SU-2022:4033-1: important: Security update for the Linux Kernel (Live Patch 22 for SLE 15 SP3) Message-ID: <20221117022438.C158DF3D4@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 22 for SLE 15 SP3) ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:4033-1 Rating: important References: #1202087 #1203613 #1204170 #1204289 Cross-References: CVE-2021-33655 CVE-2022-2588 CVE-2022-42703 CVE-2022-42722 CVSS scores: CVE-2021-33655 (NVD) : 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2021-33655 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-2588 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-42703 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-42703 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-42722 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-42722 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Module for Live Patching 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for the Linux Kernel 5.3.18-150300_59_87 fixes several issues. The following security issues were fixed: - CVE-2022-2588: Fixed use-after-free in cls_route (bsc#1202096). - CVE-2021-33655: Fixed out of bounds write with ioctl FBIOPUT_VSCREENINFO (bnc#1201635). - CVE-2022-42703: Fixed use-after-free in mm/rmap.c related to leaf anon_vma double reuse (bnc#1204168). - CVE-2022-42722: Fixed crash in beacon protection for P2P-device. (bsc#1204125) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Live Patching 15-SP3: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2022-4033=1 Package List: - SUSE Linux Enterprise Module for Live Patching 15-SP3 (ppc64le s390x x86_64): kernel-livepatch-5_3_18-150300_59_87-default-6-150300.2.1 References: https://www.suse.com/security/cve/CVE-2021-33655.html https://www.suse.com/security/cve/CVE-2022-2588.html https://www.suse.com/security/cve/CVE-2022-42703.html https://www.suse.com/security/cve/CVE-2022-42722.html https://bugzilla.suse.com/1202087 https://bugzilla.suse.com/1203613 https://bugzilla.suse.com/1204170 https://bugzilla.suse.com/1204289 From sle-updates at lists.suse.com Thu Nov 17 02:25:41 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 17 Nov 2022 03:25:41 +0100 (CET) Subject: SUSE-SU-2022:4035-1: important: Security update for the Linux Kernel (Live Patch 1 for SLE 15 SP4) Message-ID: <20221117022541.64CC4F3D4@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 1 for SLE 15 SP4) ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:4035-1 Rating: important References: #1200058 #1202087 #1203613 #1204170 #1204289 Cross-References: CVE-2021-33655 CVE-2022-1882 CVE-2022-2588 CVE-2022-42703 CVE-2022-42722 CVSS scores: CVE-2021-33655 (NVD) : 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2021-33655 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-1882 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-1882 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-2588 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-42703 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-42703 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-42722 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-42722 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Live Patching 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 ______________________________________________________________________________ An update that fixes 5 vulnerabilities is now available. Description: This update for the Linux Kernel 5.14.21-150400_24_11 fixes several issues. The following security issues were fixed: - CVE-2021-33655: Fixed out of bounds write with ioctl FBIOPUT_VSCREENINFO (bnc#1201635). - CVE-2022-1882: Fixed a use-after-free flaw in free_pipe_info() that could allow a local user to crash or potentially escalate their privileges on the system (bsc#1199904). - CVE-2022-2588: Fixed use-after-free in cls_route (bsc#1202096). - CVE-2022-42703: Fixed use-after-free in mm/rmap.c related to leaf anon_vma double reuse (bnc#1204168). - CVE-2022-42722: Fixed crash in beacon protection for P2P-device. (bsc#1204125) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Live Patching 15-SP4: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2022-4035=1 Package List: - SUSE Linux Enterprise Module for Live Patching 15-SP4 (ppc64le s390x x86_64): kernel-livepatch-5_14_21-150400_24_11-default-5-150400.2.1 kernel-livepatch-5_14_21-150400_24_11-default-debuginfo-5-150400.2.1 kernel-livepatch-SLE15-SP4_Update_1-debugsource-5-150400.2.1 References: https://www.suse.com/security/cve/CVE-2021-33655.html https://www.suse.com/security/cve/CVE-2022-1882.html https://www.suse.com/security/cve/CVE-2022-2588.html https://www.suse.com/security/cve/CVE-2022-42703.html https://www.suse.com/security/cve/CVE-2022-42722.html https://bugzilla.suse.com/1200058 https://bugzilla.suse.com/1202087 https://bugzilla.suse.com/1203613 https://bugzilla.suse.com/1204170 https://bugzilla.suse.com/1204289 From sle-updates at lists.suse.com Thu Nov 17 02:26:47 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 17 Nov 2022 03:26:47 +0100 (CET) Subject: SUSE-SU-2022:4038-1: important: Security update for the Linux Kernel (Live Patch 31 for SLE 15 SP2) Message-ID: <20221117022647.47824F3D4@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 31 for SLE 15 SP2) ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:4038-1 Rating: important References: #1196959 #1203067 Cross-References: CVE-2021-39698 CVE-2022-39189 CVSS scores: CVE-2021-39698 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-39698 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-39189 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-39189 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP2 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Module for Live Patching 15-SP2 SUSE Linux Enterprise Module for Live Patching 15-SP3 SUSE Linux Enterprise Server 15-SP2 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for the Linux Kernel 5.3.18-150200_24_134 fixes several issues. The following security issues were fixed: - CVE-2021-39698: Fixed a possible memory corruption due to a use after free in aio_poll_complete_work. This could lead to local escalation of privilege with no additional execution privileges needed. (bsc#1196956) - CVE-2022-39189: Fixed a bug in the x86 KVM subsystem which allows unprivileged guest users to compromise the guest kernel because TLB flush operations are mishandled (bnc#1203066). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Live Patching 15-SP3: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2022-4038=1 - SUSE Linux Enterprise Module for Live Patching 15-SP2: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP2-2022-4032=1 Package List: - SUSE Linux Enterprise Module for Live Patching 15-SP3 (ppc64le s390x x86_64): kernel-livepatch-5_3_18-150300_59_98-default-2-150300.2.1 - SUSE Linux Enterprise Module for Live Patching 15-SP2 (ppc64le s390x x86_64): kernel-livepatch-5_3_18-150200_24_134-default-2-150200.2.1 kernel-livepatch-5_3_18-150200_24_134-default-debuginfo-2-150200.2.1 kernel-livepatch-SLE15-SP2_Update_31-debugsource-2-150200.2.1 References: https://www.suse.com/security/cve/CVE-2021-39698.html https://www.suse.com/security/cve/CVE-2022-39189.html https://bugzilla.suse.com/1196959 https://bugzilla.suse.com/1203067 From sle-updates at lists.suse.com Thu Nov 17 02:27:30 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 17 Nov 2022 03:27:30 +0100 (CET) Subject: SUSE-SU-2022:4037-1: important: Security update for the Linux Kernel (Live Patch 24 for SLE 15 SP3) Message-ID: <20221117022730.A0B3CF3D4@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 24 for SLE 15 SP3) ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:4037-1 Rating: important References: #1204289 Cross-References: CVE-2022-42722 CVSS scores: CVE-2022-42722 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-42722 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Module for Live Patching 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for the Linux Kernel 5.3.18-150300_59_93 fixes one issue. The following security issue was fixed: - CVE-2022-42722: Fixed crash in beacon protection for P2P-device. (bsc#1204125) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Live Patching 15-SP3: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2022-4037=1 Package List: - SUSE Linux Enterprise Module for Live Patching 15-SP3 (ppc64le s390x x86_64): kernel-livepatch-5_3_18-150300_59_93-default-4-150300.2.1 References: https://www.suse.com/security/cve/CVE-2022-42722.html https://bugzilla.suse.com/1204289 From sle-updates at lists.suse.com Thu Nov 17 02:28:11 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 17 Nov 2022 03:28:11 +0100 (CET) Subject: SUSE-SU-2022:4024-1: important: Security update for the Linux Kernel (Live Patch 32 for SLE 15 SP1) Message-ID: <20221117022811.5E594F3D4@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 32 for SLE 15 SP1) ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:4024-1 Rating: important References: #1202087 #1203613 #1204170 Cross-References: CVE-2021-33655 CVE-2022-2588 CVE-2022-42703 CVSS scores: CVE-2021-33655 (NVD) : 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2021-33655 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-2588 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-42703 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-42703 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP1 SUSE Linux Enterprise Live Patching 12-SP4 SUSE Linux Enterprise Live Patching 12-SP5 SUSE Linux Enterprise Module for Live Patching 15-SP1 SUSE Linux Enterprise Server 15-SP1 SUSE Linux Enterprise Server for SAP Applications 15-SP1 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for the Linux Kernel 4.12.14-150100_197_117 fixes several issues. The following security issues were fixed: - CVE-2021-33655: Fixed out of bounds write with ioctl FBIOPUT_VSCREENINFO (bnc#1201635). - CVE-2022-2588: Fixed use-after-free in cls_route (bsc#1202096). - CVE-2022-42703: Fixed use-after-free in mm/rmap.c related to leaf anon_vma double reuse (bnc#1204168). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Live Patching 15-SP1: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP1-2022-4029=1 - SUSE Linux Enterprise Live Patching 12-SP5: zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2022-4025=1 - SUSE Linux Enterprise Live Patching 12-SP4: zypper in -t patch SUSE-SLE-Live-Patching-12-SP4-2022-4024=1 Package List: - SUSE Linux Enterprise Module for Live Patching 15-SP1 (ppc64le x86_64): kernel-livepatch-4_12_14-150100_197_117-default-4-150100.2.1 - SUSE Linux Enterprise Live Patching 12-SP5 (ppc64le s390x x86_64): kgraft-patch-4_12_14-122_127-default-4-2.1 - SUSE Linux Enterprise Live Patching 12-SP4 (ppc64le s390x x86_64): kgraft-patch-4_12_14-95_102-default-4-2.1 References: https://www.suse.com/security/cve/CVE-2021-33655.html https://www.suse.com/security/cve/CVE-2022-2588.html https://www.suse.com/security/cve/CVE-2022-42703.html https://bugzilla.suse.com/1202087 https://bugzilla.suse.com/1203613 https://bugzilla.suse.com/1204170 From sle-updates at lists.suse.com Thu Nov 17 08:20:11 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 17 Nov 2022 09:20:11 +0100 (CET) Subject: SUSE-RU-2022:4041-1: moderate: Recommended update for libuv Message-ID: <20221117082011.4E808F3CC@maintenance.suse.de> SUSE Recommended Update: Recommended update for libuv ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:4041-1 Rating: moderate References: #1199062 Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for libuv fixes the following issues: - Remove epoll syscall wrappers. (bsc#1199062) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-4041=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-4041=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): libuv-debugsource-1.18.0-150400.11.3.1 libuv-devel-1.18.0-150400.11.3.1 libuv1-1.18.0-150400.11.3.1 libuv1-debuginfo-1.18.0-150400.11.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): libuv-debugsource-1.18.0-150400.11.3.1 libuv-devel-1.18.0-150400.11.3.1 libuv1-1.18.0-150400.11.3.1 libuv1-debuginfo-1.18.0-150400.11.3.1 References: https://bugzilla.suse.com/1199062 From sle-updates at lists.suse.com Thu Nov 17 08:20:57 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 17 Nov 2022 09:20:57 +0100 (CET) Subject: SUSE-RU-2022:4040-1: important: Recommended update for libvirt Message-ID: <20221117082057.0CEDCF3CC@maintenance.suse.de> SUSE Recommended Update: Recommended update for libvirt ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:4040-1 Rating: important References: #1158430 #1196087 #1197084 #1202608 #1202630 #1203976 Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Micro 5.3 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Module for Server Applications 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has 6 recommended fixes can now be installed. Description: This update for libvirt fixes the following issues: - apparmor: Fix QEMU access for UEFI variable files (bsc#1203976) - qemu: Don't assume that /usr/libexec/qemu-kvm exists (bsc#1158430, bsc#1196087) - qemu: Support memory allocation threads (bsc#1197084) - spec: Include aarch64 in the list of architectures that 'Require' dmidecode (bsc#1202608) - vmx: Require networkName for bridged and custom NICs (bsc#1202630) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-4040=1 - SUSE Linux Enterprise Module for Server Applications 15-SP4: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP4-2022-4040=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-4040=1 - SUSE Linux Enterprise Micro 5.3: zypper in -t patch SUSE-SLE-Micro-5.3-2022-4040=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): libvirt-8.0.0-150400.7.3.1 libvirt-client-8.0.0-150400.7.3.1 libvirt-client-debuginfo-8.0.0-150400.7.3.1 libvirt-daemon-8.0.0-150400.7.3.1 libvirt-daemon-config-network-8.0.0-150400.7.3.1 libvirt-daemon-config-nwfilter-8.0.0-150400.7.3.1 libvirt-daemon-debuginfo-8.0.0-150400.7.3.1 libvirt-daemon-driver-interface-8.0.0-150400.7.3.1 libvirt-daemon-driver-interface-debuginfo-8.0.0-150400.7.3.1 libvirt-daemon-driver-lxc-8.0.0-150400.7.3.1 libvirt-daemon-driver-lxc-debuginfo-8.0.0-150400.7.3.1 libvirt-daemon-driver-network-8.0.0-150400.7.3.1 libvirt-daemon-driver-network-debuginfo-8.0.0-150400.7.3.1 libvirt-daemon-driver-nodedev-8.0.0-150400.7.3.1 libvirt-daemon-driver-nodedev-debuginfo-8.0.0-150400.7.3.1 libvirt-daemon-driver-nwfilter-8.0.0-150400.7.3.1 libvirt-daemon-driver-nwfilter-debuginfo-8.0.0-150400.7.3.1 libvirt-daemon-driver-qemu-8.0.0-150400.7.3.1 libvirt-daemon-driver-qemu-debuginfo-8.0.0-150400.7.3.1 libvirt-daemon-driver-secret-8.0.0-150400.7.3.1 libvirt-daemon-driver-secret-debuginfo-8.0.0-150400.7.3.1 libvirt-daemon-driver-storage-8.0.0-150400.7.3.1 libvirt-daemon-driver-storage-core-8.0.0-150400.7.3.1 libvirt-daemon-driver-storage-core-debuginfo-8.0.0-150400.7.3.1 libvirt-daemon-driver-storage-disk-8.0.0-150400.7.3.1 libvirt-daemon-driver-storage-disk-debuginfo-8.0.0-150400.7.3.1 libvirt-daemon-driver-storage-gluster-8.0.0-150400.7.3.1 libvirt-daemon-driver-storage-gluster-debuginfo-8.0.0-150400.7.3.1 libvirt-daemon-driver-storage-iscsi-8.0.0-150400.7.3.1 libvirt-daemon-driver-storage-iscsi-debuginfo-8.0.0-150400.7.3.1 libvirt-daemon-driver-storage-iscsi-direct-8.0.0-150400.7.3.1 libvirt-daemon-driver-storage-iscsi-direct-debuginfo-8.0.0-150400.7.3.1 libvirt-daemon-driver-storage-logical-8.0.0-150400.7.3.1 libvirt-daemon-driver-storage-logical-debuginfo-8.0.0-150400.7.3.1 libvirt-daemon-driver-storage-mpath-8.0.0-150400.7.3.1 libvirt-daemon-driver-storage-mpath-debuginfo-8.0.0-150400.7.3.1 libvirt-daemon-driver-storage-scsi-8.0.0-150400.7.3.1 libvirt-daemon-driver-storage-scsi-debuginfo-8.0.0-150400.7.3.1 libvirt-daemon-hooks-8.0.0-150400.7.3.1 libvirt-daemon-lxc-8.0.0-150400.7.3.1 libvirt-daemon-qemu-8.0.0-150400.7.3.1 libvirt-debugsource-8.0.0-150400.7.3.1 libvirt-devel-8.0.0-150400.7.3.1 libvirt-libs-8.0.0-150400.7.3.1 libvirt-libs-debuginfo-8.0.0-150400.7.3.1 libvirt-lock-sanlock-8.0.0-150400.7.3.1 libvirt-lock-sanlock-debuginfo-8.0.0-150400.7.3.1 libvirt-nss-8.0.0-150400.7.3.1 libvirt-nss-debuginfo-8.0.0-150400.7.3.1 wireshark-plugin-libvirt-8.0.0-150400.7.3.1 wireshark-plugin-libvirt-debuginfo-8.0.0-150400.7.3.1 - openSUSE Leap 15.4 (aarch64 x86_64): libvirt-daemon-driver-storage-rbd-8.0.0-150400.7.3.1 libvirt-daemon-driver-storage-rbd-debuginfo-8.0.0-150400.7.3.1 - openSUSE Leap 15.4 (x86_64): libvirt-client-32bit-debuginfo-8.0.0-150400.7.3.1 libvirt-daemon-driver-libxl-8.0.0-150400.7.3.1 libvirt-daemon-driver-libxl-debuginfo-8.0.0-150400.7.3.1 libvirt-daemon-xen-8.0.0-150400.7.3.1 libvirt-devel-32bit-8.0.0-150400.7.3.1 - openSUSE Leap 15.4 (noarch): libvirt-doc-8.0.0-150400.7.3.1 - SUSE Linux Enterprise Module for Server Applications 15-SP4 (aarch64 ppc64le s390x x86_64): libvirt-8.0.0-150400.7.3.1 libvirt-client-8.0.0-150400.7.3.1 libvirt-client-debuginfo-8.0.0-150400.7.3.1 libvirt-daemon-8.0.0-150400.7.3.1 libvirt-daemon-config-network-8.0.0-150400.7.3.1 libvirt-daemon-config-nwfilter-8.0.0-150400.7.3.1 libvirt-daemon-debuginfo-8.0.0-150400.7.3.1 libvirt-daemon-driver-interface-8.0.0-150400.7.3.1 libvirt-daemon-driver-interface-debuginfo-8.0.0-150400.7.3.1 libvirt-daemon-driver-network-8.0.0-150400.7.3.1 libvirt-daemon-driver-network-debuginfo-8.0.0-150400.7.3.1 libvirt-daemon-driver-nodedev-8.0.0-150400.7.3.1 libvirt-daemon-driver-nodedev-debuginfo-8.0.0-150400.7.3.1 libvirt-daemon-driver-nwfilter-8.0.0-150400.7.3.1 libvirt-daemon-driver-nwfilter-debuginfo-8.0.0-150400.7.3.1 libvirt-daemon-driver-qemu-8.0.0-150400.7.3.1 libvirt-daemon-driver-qemu-debuginfo-8.0.0-150400.7.3.1 libvirt-daemon-driver-secret-8.0.0-150400.7.3.1 libvirt-daemon-driver-secret-debuginfo-8.0.0-150400.7.3.1 libvirt-daemon-driver-storage-8.0.0-150400.7.3.1 libvirt-daemon-driver-storage-core-8.0.0-150400.7.3.1 libvirt-daemon-driver-storage-core-debuginfo-8.0.0-150400.7.3.1 libvirt-daemon-driver-storage-disk-8.0.0-150400.7.3.1 libvirt-daemon-driver-storage-disk-debuginfo-8.0.0-150400.7.3.1 libvirt-daemon-driver-storage-iscsi-8.0.0-150400.7.3.1 libvirt-daemon-driver-storage-iscsi-debuginfo-8.0.0-150400.7.3.1 libvirt-daemon-driver-storage-iscsi-direct-8.0.0-150400.7.3.1 libvirt-daemon-driver-storage-iscsi-direct-debuginfo-8.0.0-150400.7.3.1 libvirt-daemon-driver-storage-logical-8.0.0-150400.7.3.1 libvirt-daemon-driver-storage-logical-debuginfo-8.0.0-150400.7.3.1 libvirt-daemon-driver-storage-mpath-8.0.0-150400.7.3.1 libvirt-daemon-driver-storage-mpath-debuginfo-8.0.0-150400.7.3.1 libvirt-daemon-driver-storage-scsi-8.0.0-150400.7.3.1 libvirt-daemon-driver-storage-scsi-debuginfo-8.0.0-150400.7.3.1 libvirt-daemon-hooks-8.0.0-150400.7.3.1 libvirt-daemon-qemu-8.0.0-150400.7.3.1 libvirt-debugsource-8.0.0-150400.7.3.1 libvirt-devel-8.0.0-150400.7.3.1 libvirt-lock-sanlock-8.0.0-150400.7.3.1 libvirt-lock-sanlock-debuginfo-8.0.0-150400.7.3.1 libvirt-nss-8.0.0-150400.7.3.1 libvirt-nss-debuginfo-8.0.0-150400.7.3.1 - SUSE Linux Enterprise Module for Server Applications 15-SP4 (aarch64 x86_64): libvirt-daemon-driver-storage-rbd-8.0.0-150400.7.3.1 libvirt-daemon-driver-storage-rbd-debuginfo-8.0.0-150400.7.3.1 - SUSE Linux Enterprise Module for Server Applications 15-SP4 (x86_64): libvirt-daemon-driver-libxl-8.0.0-150400.7.3.1 libvirt-daemon-driver-libxl-debuginfo-8.0.0-150400.7.3.1 libvirt-daemon-xen-8.0.0-150400.7.3.1 - SUSE Linux Enterprise Module for Server Applications 15-SP4 (noarch): libvirt-doc-8.0.0-150400.7.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): libvirt-debugsource-8.0.0-150400.7.3.1 libvirt-libs-8.0.0-150400.7.3.1 libvirt-libs-debuginfo-8.0.0-150400.7.3.1 - SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64): libvirt-client-8.0.0-150400.7.3.1 libvirt-client-debuginfo-8.0.0-150400.7.3.1 libvirt-daemon-8.0.0-150400.7.3.1 libvirt-daemon-debuginfo-8.0.0-150400.7.3.1 libvirt-daemon-driver-interface-8.0.0-150400.7.3.1 libvirt-daemon-driver-interface-debuginfo-8.0.0-150400.7.3.1 libvirt-daemon-driver-network-8.0.0-150400.7.3.1 libvirt-daemon-driver-network-debuginfo-8.0.0-150400.7.3.1 libvirt-daemon-driver-nodedev-8.0.0-150400.7.3.1 libvirt-daemon-driver-nodedev-debuginfo-8.0.0-150400.7.3.1 libvirt-daemon-driver-nwfilter-8.0.0-150400.7.3.1 libvirt-daemon-driver-nwfilter-debuginfo-8.0.0-150400.7.3.1 libvirt-daemon-driver-qemu-8.0.0-150400.7.3.1 libvirt-daemon-driver-qemu-debuginfo-8.0.0-150400.7.3.1 libvirt-daemon-driver-secret-8.0.0-150400.7.3.1 libvirt-daemon-driver-secret-debuginfo-8.0.0-150400.7.3.1 libvirt-daemon-driver-storage-8.0.0-150400.7.3.1 libvirt-daemon-driver-storage-core-8.0.0-150400.7.3.1 libvirt-daemon-driver-storage-core-debuginfo-8.0.0-150400.7.3.1 libvirt-daemon-driver-storage-disk-8.0.0-150400.7.3.1 libvirt-daemon-driver-storage-disk-debuginfo-8.0.0-150400.7.3.1 libvirt-daemon-driver-storage-iscsi-8.0.0-150400.7.3.1 libvirt-daemon-driver-storage-iscsi-debuginfo-8.0.0-150400.7.3.1 libvirt-daemon-driver-storage-iscsi-direct-8.0.0-150400.7.3.1 libvirt-daemon-driver-storage-iscsi-direct-debuginfo-8.0.0-150400.7.3.1 libvirt-daemon-driver-storage-logical-8.0.0-150400.7.3.1 libvirt-daemon-driver-storage-logical-debuginfo-8.0.0-150400.7.3.1 libvirt-daemon-driver-storage-mpath-8.0.0-150400.7.3.1 libvirt-daemon-driver-storage-mpath-debuginfo-8.0.0-150400.7.3.1 libvirt-daemon-driver-storage-scsi-8.0.0-150400.7.3.1 libvirt-daemon-driver-storage-scsi-debuginfo-8.0.0-150400.7.3.1 libvirt-daemon-qemu-8.0.0-150400.7.3.1 libvirt-debugsource-8.0.0-150400.7.3.1 libvirt-libs-8.0.0-150400.7.3.1 libvirt-libs-debuginfo-8.0.0-150400.7.3.1 - SUSE Linux Enterprise Micro 5.3 (aarch64 x86_64): libvirt-daemon-driver-storage-rbd-8.0.0-150400.7.3.1 libvirt-daemon-driver-storage-rbd-debuginfo-8.0.0-150400.7.3.1 References: https://bugzilla.suse.com/1158430 https://bugzilla.suse.com/1196087 https://bugzilla.suse.com/1197084 https://bugzilla.suse.com/1202608 https://bugzilla.suse.com/1202630 https://bugzilla.suse.com/1203976 From sle-updates at lists.suse.com Thu Nov 17 08:35:15 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 17 Nov 2022 09:35:15 +0100 (CET) Subject: SUSE-CU-2022:3013-1: Recommended update of suse/sles12sp5 Message-ID: <20221117083515.D9AC6F3CC@maintenance.suse.de> SUSE Container Update Advisory: suse/sles12sp5 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3013-1 Container Tags : suse/sles12sp5:6.5.401 , suse/sles12sp5:latest Container Release : 6.5.401 Severity : important Type : recommended References : 1081947 1201354 ----------------------------------------------------------------- The container suse/sles12sp5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3980-1 Released: Tue Nov 15 11:16:52 2022 Summary: Recommended update for util-linux Type: recommended Severity: important References: 1081947,1201354 This update for util-linux fixes the following issues: - Integrate pam_keyinit PAM module (bsc#1201354, bsc#1081947) The following package changes have been done: - libblkid1-2.33.2-4.24.1 updated - libfdisk1-2.33.2-4.24.1 updated - libmount1-2.33.2-4.24.1 updated - libsmartcols1-2.33.2-4.24.1 updated - libuuid1-2.33.2-4.24.1 updated - util-linux-2.33.2-4.24.1 updated From sle-updates at lists.suse.com Thu Nov 17 09:00:16 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 17 Nov 2022 10:00:16 +0100 (CET) Subject: SUSE-CU-2022:3014-1: Recommended update of suse/sle15 Message-ID: <20221117090016.69BE7F3CC@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3014-1 Container Tags : suse/sle15:15.0 , suse/sle15:15.0.4.22.641 Container Release : 4.22.641 Severity : important Type : recommended References : 1203652 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3961-1 Released: Mon Nov 14 07:33:50 2022 Summary: Recommended update for zlib Type: recommended Severity: important References: 1203652 This update for zlib fixes the following issues: - Fix updating strm.adler with inflate() if DFLTCC is used (bsc#1203652) The following package changes have been done: - libz1-1.2.11-150000.3.36.1 updated From sle-updates at lists.suse.com Thu Nov 17 09:02:43 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 17 Nov 2022 10:02:43 +0100 (CET) Subject: SUSE-CU-2022:3015-1: Security update of suse/389-ds Message-ID: <20221117090243.778F9F3CC@maintenance.suse.de> SUSE Container Update Advisory: suse/389-ds ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3015-1 Container Tags : suse/389-ds:2.0 , suse/389-ds:2.0-17.42 , suse/389-ds:latest Container Release : 17.42 Severity : important Type : security References : 1194119 1201959 1203652 1204179 1204211 1204493 1204748 1204968 1205146 CVE-2021-45710 CVE-2022-3821 ----------------------------------------------------------------- The container suse/389-ds was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3961-1 Released: Mon Nov 14 07:33:50 2022 Summary: Recommended update for zlib Type: recommended Severity: important References: 1203652 This update for zlib fixes the following issues: - Fix updating strm.adler with inflate() if DFLTCC is used (bsc#1203652) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3974-1 Released: Mon Nov 14 15:39:20 2022 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1201959,1204211 This update for util-linux fixes the following issues: - Fix file conflict during upgrade (bsc#1204211) - libuuid improvements (bsc#1201959, PED-1150): libuuid: Fix range when parsing UUIDs. Improve cache handling for short running applications-increment the cache size over runtime. Implement continuous clock handling for time based UUIDs. Check clock value from clock file to provide seamless libuuid. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3996-1 Released: Tue Nov 15 17:06:52 2022 Summary: Security update for 389-ds Type: security Severity: low References: 1194119,1204493,1204748,1205146,CVE-2021-45710 This update for 389-ds fixes the following issues: - CVE-2021-45710: Fixed tokio data race with memory corruption (bsc#1194119). - Update to version 2.0.16~git56.d15a0a7: - Failure to migrate from openldap if pwdPolicyChecker present (bsc#1205146). - Resolve issue with checklist post migration when dds is present (bsc#1204748). - Improve reliability of migrations from openldap when dynamic directory services is configured (bsc#1204493). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3999-1 Released: Tue Nov 15 17:08:04 2022 Summary: Security update for systemd Type: security Severity: moderate References: 1204179,1204968,CVE-2022-3821 This update for systemd fixes the following issues: - CVE-2022-3821: Fixed buffer overrun in format_timespan() function (bsc#1204968). - Import commit 0cd50eedcc0692c1f907b24424215f8db7d3b428 * 0469b9f2bc pstore: do not try to load all known pstore modules * ad05f54439 pstore: Run after modules are loaded * ccad817445 core: Add trigger limit for path units * 281d818fe3 core/mount: also add default before dependency for automount mount units * ffe5b4afa8 logind: fix crash in logind on user-specified message string - Document udev naming scheme (bsc#1204179) - Make 'sle15-sp3' net naming scheme still available for backward compatibility reason The following package changes have been done: - libuuid1-2.37.2-150400.8.8.1 updated - libsmartcols1-2.37.2-150400.8.8.1 updated - libblkid1-2.37.2-150400.8.8.1 updated - libfdisk1-2.37.2-150400.8.8.1 updated - libz1-1.2.11-150000.3.36.1 updated - libsystemd0-249.12-150400.8.13.1 updated - libmount1-2.37.2-150400.8.8.1 updated - util-linux-2.37.2-150400.8.8.1 updated - libsvrcore0-2.0.16~git56.d15a0a7-150400.3.15.1 updated - lib389-2.0.16~git56.d15a0a7-150400.3.15.1 updated - 389-ds-2.0.16~git56.d15a0a7-150400.3.15.1 updated - container:sles15-image-15.0.0-27.14.14 updated From sle-updates at lists.suse.com Thu Nov 17 09:04:35 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 17 Nov 2022 10:04:35 +0100 (CET) Subject: SUSE-CU-2022:3016-1: Security update of bci/bci-init Message-ID: <20221117090435.CC4BBF3CC@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-init ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3016-1 Container Tags : bci/bci-init:15.4 , bci/bci-init:15.4.24.29 , bci/bci-init:latest Container Release : 24.29 Severity : moderate Type : security References : 1204179 1204968 CVE-2022-3821 ----------------------------------------------------------------- The container bci/bci-init was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3999-1 Released: Tue Nov 15 17:08:04 2022 Summary: Security update for systemd Type: security Severity: moderate References: 1204179,1204968,CVE-2022-3821 This update for systemd fixes the following issues: - CVE-2022-3821: Fixed buffer overrun in format_timespan() function (bsc#1204968). - Import commit 0cd50eedcc0692c1f907b24424215f8db7d3b428 * 0469b9f2bc pstore: do not try to load all known pstore modules * ad05f54439 pstore: Run after modules are loaded * ccad817445 core: Add trigger limit for path units * 281d818fe3 core/mount: also add default before dependency for automount mount units * ffe5b4afa8 logind: fix crash in logind on user-specified message string - Document udev naming scheme (bsc#1204179) - Make 'sle15-sp3' net naming scheme still available for backward compatibility reason The following package changes have been done: - libudev1-249.12-150400.8.13.1 updated - libsystemd0-249.12-150400.8.13.1 updated - systemd-249.12-150400.8.13.1 updated - container:sles15-image-15.0.0-27.14.14 updated From sle-updates at lists.suse.com Thu Nov 17 09:06:23 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 17 Nov 2022 10:06:23 +0100 (CET) Subject: SUSE-CU-2022:3017-1: Security update of bci/nodejs Message-ID: <20221117090623.E3388F3CC@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3017-1 Container Tags : bci/node:14 , bci/node:14-35.27 , bci/nodejs:14 , bci/nodejs:14-35.27 Container Release : 35.27 Severity : moderate Type : security References : 1204179 1204968 CVE-2022-3821 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3999-1 Released: Tue Nov 15 17:08:04 2022 Summary: Security update for systemd Type: security Severity: moderate References: 1204179,1204968,CVE-2022-3821 This update for systemd fixes the following issues: - CVE-2022-3821: Fixed buffer overrun in format_timespan() function (bsc#1204968). - Import commit 0cd50eedcc0692c1f907b24424215f8db7d3b428 * 0469b9f2bc pstore: do not try to load all known pstore modules * ad05f54439 pstore: Run after modules are loaded * ccad817445 core: Add trigger limit for path units * 281d818fe3 core/mount: also add default before dependency for automount mount units * ffe5b4afa8 logind: fix crash in logind on user-specified message string - Document udev naming scheme (bsc#1204179) - Make 'sle15-sp3' net naming scheme still available for backward compatibility reason The following package changes have been done: - libudev1-249.12-150400.8.13.1 updated - libsystemd0-249.12-150400.8.13.1 updated - container:sles15-image-15.0.0-27.14.14 updated From sle-updates at lists.suse.com Thu Nov 17 09:09:09 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 17 Nov 2022 10:09:09 +0100 (CET) Subject: SUSE-CU-2022:3018-1: Security update of bci/openjdk Message-ID: <20221117090909.81016F3CC@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3018-1 Container Tags : bci/openjdk:11 , bci/openjdk:11-32.29 , bci/openjdk:latest Container Release : 32.29 Severity : moderate Type : security References : 1204179 1204422 1204425 1204968 CVE-2022-3554 CVE-2022-3555 CVE-2022-3821 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3986-1 Released: Tue Nov 15 12:57:41 2022 Summary: Security update for libX11 Type: security Severity: moderate References: 1204422,1204425,CVE-2022-3554,CVE-2022-3555 This update for libX11 fixes the following issues: - CVE-2022-3554: Fixed memory leak in XRegisterIMInstantiateCallback() (bsc#1204422). - CVE-2022-3555: Fixed memory leak in _XFreeX11XCBStructure() (bsc#1204425). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3999-1 Released: Tue Nov 15 17:08:04 2022 Summary: Security update for systemd Type: security Severity: moderate References: 1204179,1204968,CVE-2022-3821 This update for systemd fixes the following issues: - CVE-2022-3821: Fixed buffer overrun in format_timespan() function (bsc#1204968). - Import commit 0cd50eedcc0692c1f907b24424215f8db7d3b428 * 0469b9f2bc pstore: do not try to load all known pstore modules * ad05f54439 pstore: Run after modules are loaded * ccad817445 core: Add trigger limit for path units * 281d818fe3 core/mount: also add default before dependency for automount mount units * ffe5b4afa8 logind: fix crash in logind on user-specified message string - Document udev naming scheme (bsc#1204179) - Make 'sle15-sp3' net naming scheme still available for backward compatibility reason The following package changes have been done: - libsystemd0-249.12-150400.8.13.1 updated - libX11-data-1.6.5-150000.3.24.1 updated - libX11-6-1.6.5-150000.3.24.1 updated - container:sles15-image-15.0.0-27.14.14 updated From sle-updates at lists.suse.com Thu Nov 17 11:23:49 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 17 Nov 2022 12:23:49 +0100 (CET) Subject: SUSE-SU-2022:4044-1: important: Security update for python-cryptography, python-cryptography-vectors Message-ID: <20221117112349.DECAEF3D4@maintenance.suse.de> SUSE Security Update: Security update for python-cryptography, python-cryptography-vectors ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:4044-1 Rating: important References: #1101820 #1149792 #1176785 #1177083 ECO-3105 PM-2352 PM-2730 SLE-18312 Cross-References: CVE-2018-10903 CVSS scores: CVE-2018-10903 (NVD) : 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2018-10903 (SUSE): 5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Affected Products: SUSE Enterprise Storage 7 SUSE Enterprise Storage 7.1 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Python2 15-SP3 SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.1 SUSE Manager Retail Branch Server 4.2 SUSE Manager Server 4.1 SUSE Manager Server 4.2 openSUSE Leap 15.3 openSUSE Leap Micro 5.2 ______________________________________________________________________________ An update that solves one vulnerability, contains four features and has three fixes is now available. Description: This update for python-cryptography, python-cryptography-vectors fixes the following issues: - Update in SLE-15 (bsc#1177083, jsc#PM-2730, jsc#SLE-18312) - Refresh patches for new version - Update in SLE-15 (bsc#1176785, jsc#ECO-3105, jsc#PM-2352) - update to 2.9.2 * 2.9.2 - 2020-04-22 - Updated the macOS wheel to fix an issue where it would not run on macOS versions older than 10.15. * 2.9.1 - 2020-04-21 - Updated Windows, macOS, and manylinux wheels to be compiled with OpenSSL 1.1.1g. * 2.9 - 2020-04-02 - BACKWARDS INCOMPATIBLE: Support for Python 3.4 has been removed due to low usage and maintenance burden. - BACKWARDS INCOMPATIBLE: Support for OpenSSL 1.0.1 has been removed. Users on older version of OpenSSL will need to upgrade. - BACKWARDS INCOMPATIBLE: Support for LibreSSL 2.6.x has been removed. - Removed support for calling public_bytes() with no arguments, as per our deprecation policy. You must now pass encoding and format. - BACKWARDS INCOMPATIBLE: Reversed the order in which rfc4514_string() returns the RDNs as required by RFC 4514. - Updated Windows, macOS, and manylinux wheels to be compiled with OpenSSL 1.1.1f. - Added support for parsing single_extensions in an OCSP response. - NameAttribute values can now be empty strings. - Add openSSL_111d.patch to make this version of the package compatible with OpenSSL 1.1.1d, thus fixing bsc#1149792. - bsc#1101820 CVE-2018-10903 GCM tag forgery via truncated tag in finalize_with_tag API - Update in SLE-15 (bsc#1177083, jsc#PM-2730, jsc#SLE-18312) - Include in SLE-15 (bsc#1176785, jsc#ECO-3105, jsc#PM-2352) - update to 2.9.2: * updated vectors for the cryptography 2.9.2 testing Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap Micro 5.2: zypper in -t patch openSUSE-Leap-Micro-5.2-2022-4044=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-4044=1 - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-4044=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-4044=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-4044=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-4044=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-4044=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-4044=1 - SUSE Linux Enterprise Module for Python2 15-SP3: zypper in -t patch SUSE-SLE-Module-Python2-15-SP3-2022-4044=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-4044=1 - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-4044=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-4044=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-4044=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-4044=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-4044=1 Package List: - openSUSE Leap Micro 5.2 (aarch64 x86_64): python-cryptography-debuginfo-2.9.2-150200.13.1 python-cryptography-debugsource-2.9.2-150200.13.1 python3-cryptography-2.9.2-150200.13.1 python3-cryptography-debuginfo-2.9.2-150200.13.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): python-cryptography-debuginfo-2.9.2-150200.13.1 python-cryptography-debugsource-2.9.2-150200.13.1 python2-cryptography-2.9.2-150200.13.1 python2-cryptography-debuginfo-2.9.2-150200.13.1 python3-cryptography-2.9.2-150200.13.1 python3-cryptography-debuginfo-2.9.2-150200.13.1 - openSUSE Leap 15.3 (noarch): python2-cryptography-vectors-2.9.2-150200.3.3.1 python3-cryptography-vectors-2.9.2-150200.3.3.1 - SUSE Manager Server 4.1 (ppc64le s390x x86_64): python-cryptography-debuginfo-2.9.2-150200.13.1 python-cryptography-debugsource-2.9.2-150200.13.1 python2-cryptography-2.9.2-150200.13.1 python2-cryptography-debuginfo-2.9.2-150200.13.1 python3-cryptography-2.9.2-150200.13.1 python3-cryptography-debuginfo-2.9.2-150200.13.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): python-cryptography-debuginfo-2.9.2-150200.13.1 python-cryptography-debugsource-2.9.2-150200.13.1 python2-cryptography-2.9.2-150200.13.1 python2-cryptography-debuginfo-2.9.2-150200.13.1 python3-cryptography-2.9.2-150200.13.1 python3-cryptography-debuginfo-2.9.2-150200.13.1 - SUSE Manager Proxy 4.1 (x86_64): python-cryptography-debuginfo-2.9.2-150200.13.1 python-cryptography-debugsource-2.9.2-150200.13.1 python2-cryptography-2.9.2-150200.13.1 python2-cryptography-debuginfo-2.9.2-150200.13.1 python3-cryptography-2.9.2-150200.13.1 python3-cryptography-debuginfo-2.9.2-150200.13.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): python-cryptography-debuginfo-2.9.2-150200.13.1 python-cryptography-debugsource-2.9.2-150200.13.1 python2-cryptography-2.9.2-150200.13.1 python2-cryptography-debuginfo-2.9.2-150200.13.1 python3-cryptography-2.9.2-150200.13.1 python3-cryptography-debuginfo-2.9.2-150200.13.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): python-cryptography-debuginfo-2.9.2-150200.13.1 python-cryptography-debugsource-2.9.2-150200.13.1 python2-cryptography-2.9.2-150200.13.1 python2-cryptography-debuginfo-2.9.2-150200.13.1 python3-cryptography-2.9.2-150200.13.1 python3-cryptography-debuginfo-2.9.2-150200.13.1 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): python-cryptography-debuginfo-2.9.2-150200.13.1 python-cryptography-debugsource-2.9.2-150200.13.1 python3-cryptography-2.9.2-150200.13.1 python3-cryptography-debuginfo-2.9.2-150200.13.1 - SUSE Linux Enterprise Module for Python2 15-SP3 (aarch64 ppc64le s390x x86_64): python-cryptography-debuginfo-2.9.2-150200.13.1 python-cryptography-debugsource-2.9.2-150200.13.1 python2-cryptography-2.9.2-150200.13.1 python2-cryptography-debuginfo-2.9.2-150200.13.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): python-cryptography-debuginfo-2.9.2-150200.13.1 python-cryptography-debugsource-2.9.2-150200.13.1 python3-cryptography-2.9.2-150200.13.1 python3-cryptography-debuginfo-2.9.2-150200.13.1 - SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64): python-cryptography-debuginfo-2.9.2-150200.13.1 python-cryptography-debugsource-2.9.2-150200.13.1 python3-cryptography-2.9.2-150200.13.1 python3-cryptography-debuginfo-2.9.2-150200.13.1 - SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64): python-cryptography-debuginfo-2.9.2-150200.13.1 python-cryptography-debugsource-2.9.2-150200.13.1 python3-cryptography-2.9.2-150200.13.1 python3-cryptography-debuginfo-2.9.2-150200.13.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): python-cryptography-debuginfo-2.9.2-150200.13.1 python-cryptography-debugsource-2.9.2-150200.13.1 python2-cryptography-2.9.2-150200.13.1 python2-cryptography-debuginfo-2.9.2-150200.13.1 python3-cryptography-2.9.2-150200.13.1 python3-cryptography-debuginfo-2.9.2-150200.13.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): python-cryptography-debuginfo-2.9.2-150200.13.1 python-cryptography-debugsource-2.9.2-150200.13.1 python2-cryptography-2.9.2-150200.13.1 python2-cryptography-debuginfo-2.9.2-150200.13.1 python3-cryptography-2.9.2-150200.13.1 python3-cryptography-debuginfo-2.9.2-150200.13.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): python-cryptography-debuginfo-2.9.2-150200.13.1 python-cryptography-debugsource-2.9.2-150200.13.1 python2-cryptography-2.9.2-150200.13.1 python2-cryptography-debuginfo-2.9.2-150200.13.1 python3-cryptography-2.9.2-150200.13.1 python3-cryptography-debuginfo-2.9.2-150200.13.1 References: https://www.suse.com/security/cve/CVE-2018-10903.html https://bugzilla.suse.com/1101820 https://bugzilla.suse.com/1149792 https://bugzilla.suse.com/1176785 https://bugzilla.suse.com/1177083 From sle-updates at lists.suse.com Thu Nov 17 11:25:14 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 17 Nov 2022 12:25:14 +0100 (CET) Subject: SUSE-RU-2022:4042-1: moderate: Recommended update for trento-agent Message-ID: <20221117112514.99CBDF3D4@maintenance.suse.de> SUSE Recommended Update: Recommended update for trento-agent ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:4042-1 Rating: moderate References: Affected Products: SUSE Linux Enterprise Module for SAP Applications 15-SP1 SUSE Linux Enterprise Module for SAP Applications 15-SP2 SUSE Linux Enterprise Module for SAP Applications 15-SP3 SUSE Linux Enterprise Module for SAP Applications 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP1 SUSE Linux Enterprise Server for SAP Applications 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 ______________________________________________________________________________ An update that has 0 recommended fixes can now be installed. Description: This update for trento-agent fixes the following issues: - Release 1.2.0 # Changelog ### Added - Add GroupID field to the FactsGathered event mapping - Use google protobuf value in Fact message - Update Contracts with ContenType fetching from facade - Gatherer/Gatherers plugin management - Add kvm discovery - Move test fixture files - Detect Nutanix as underlying platform provider - Check type assertion properly - Sapsystems code declarative init - Use proper di in cloud discovery - Use proper di in the sles subscription discovery - Extract command executor to utils package - Refinement in the main README - Factsengine integration test - Fact gathering errors - Map the numeric strings as numbers to send the event - Fact gathering requested - Move used strucs on the factsengine to a entities package - Publish gathered facts using contract - Move the individual unit test function to suites - Use DI for the CommandExecutor - Upgrade to golang 1.18 - Sbd gatherer - Implement the hacluster password verify gatherer - Implement systemd daemons state gatherer - Implement crm\_mon and cibadmin gatherers - Corosync cmapctl gatherer - Package version gatherer - Add AgentID and CheckID fields to facts result - Remove the flavor field and add the installation source - Add plugins system - Gather facts command - Linter configuration - Facts engine ### Fixed - fix workflow name - Fix CI woops - Fix SAP profile comments parsing - Fix GHA obs jobs - Fix integration test to cancel properly listen function - Use correct Systemd testsuite This update for trento-server-installer fixes the following issues: - Release 1.2.0 ### Fixed - Add gh\_release file to fix the CI process ### Other Changes - Cleanup debugging leftovers supportconfig specfile - fix workflow name [\#47](https://github.com/trento-project/helm-charts/pull/47) (@gereonvey) - update obs relate - Fixes in trento-support about compressed output - Initial work to add wanda container - Add basic rabbitmq chart - Update grafana chart dependency to 6.36.1 - Bump helm/chart-testing-action from 2.2.1 to 2.3.0 - Bump azure/setup-helm from 2.1 to 3.3 - Add basic script for support requests This update for trento-runner-image fixes the following issues: - Release 1.1.0 ### Added - Set expanded version string to container ### Fixed - Workaround tar\_scm issue that remove - char from version string - Fix obs changes file release generation step ### Other Changes - update obs-commit CI job - fix workflow name - Update regular expression This update for trento-server-helm fixes the following issues: - Release 1.2.0 ### Fixed - Add gh\_release file to fix the CI process ### Other Changes - Cleanup debugging leftovers supportconfig specfile - fix workflow name - update obs related CI jobs - Fixes in trento-support about compressed output - Initial work to add wanda container - Add basic rabbitmq chart - Update grafana chart dependency to 6.36.1 - Bump helm/chart-testing-action from 2.2.1 to 2.3.0 - Bump azure/setup-helm from 2.1 to 3.3 - Add basic script for support requests This update for trento-web-image fixes the following issues: - Release 1.2.0 **Implemented enhancements:** - Enable query string filtering in existing views - Frontend table filters from query string - Process execution completed - Remove events from checks execution - Added Clear button to Filter component when one or more values are selected. - Add filtering through search params - Publish execution requested - Lift off rabbitmq - Make Database status icon interactive - Make Pacemaker Clusters status icon interactive - Navigate filtered checkresults - Health summary with clusters and databases - Aggregates snapshot - Add tag validation - Community eula - Remove PR type choice - Set version with git - Add installation\_source field to the host telemetry - Highlight check result row on hover and id in green **Fixed bugs:** - Table views not being updated when last tag is removed - Include missing file for CI - General browser fixes for collapsed sidebar - Fix active style matching inside navlink usage - Set the version properly in the suse container dockerfile - Run CI on release event - Reset pagination when a filter is selected **Closed issues:** - Disallow certain chars in tags **Merged pull requests:** - Release 1.2.0 and update changelog - Bump react-redux from 8.0.4 to 8.0.5 in /assets - Bump babel-loader from 9.0.1 to 9.1.0 in /assets - Enable box health filters on Dashboard - Use uuid format for id fields - fix obs-commit ci job - Mock DateTime using a custom date service and mox - Replace mock usage for dispatch - Bump @heroicons/react from 2.0.12 to 2.0.13 in /assets - Ui restyle of Health box in HealthSummary - Add a test using Fishery and Faker - Remove container name from rabbitmq container in docker compose - Bump react-router-dom from 6.4.2 to 6.4.3 in /assets - Bump babel-loader from 9.0.0 to 9.0.1 in /assets - Bump babel-loader from 8.2.5 to 9.0.0 in /assets - Bump autoprefixer from 10.4.12 to 10.4.13 in /assets - Bump @storybook/addon-interactions from 6.5.12 to 6.5.13 in /assets - Bump jest-environment-jsdom from 29.2.1 to 29.2.2 in /assets - Bump jest from 29.2.1 to 29.2.2 in /assets - Encapsulated About content with a white container - Bump eslint from 8.25.0 to 8.26.0 in /assets - Bump tailwindcss from 3.2.0 to 3.2.1 in /assets - Bump @storybook/addon-essentials from 6.5.12 to 6.5.13 in /assets - Bump @storybook/addon-links from 6.5.12 to 6.5.13 in /assets - Bump @storybook/react from 6.5.12 to 6.5.13 in /assets - Removed restart strategy from docker-compose file - Checks results refactor part two - Bump @babel/core from 7.19.3 to 7.19.6 in /assets - Bump @babel/plugin-transform-modules-commonjs from 7.18.6 to 7.19.6 in /assets - Bump dayjs from 1.11.5 to 1.11.6 in /assets - Bump tailwindcss from 3.1.8 to 3.2.0 in /assets - Bump esbuild from 0.15.11 to 0.15.12 in /assets - Bump eos-icons-react from 2.3.0 to 2.4.0 in /assets - Bump babel-jest from 29.2.0 to 29.2.1 in /assets - Bump jest-environment-jsdom from 29.2.0 to 29.2.1 in /assets - Bump eslint-plugin-jest from 27.1.2 to 27.1.3 in /assets - Bump jest from 29.2.0 to 29.2.1 in /assets - Bump docker/metadata-action from 4.1.0 to 4.1.1 - Initial proposal for a collapsed sidebar. - Refactor frontend events mapping - Bump axios from 0.27.2 to 1.1.3 in /assets - Bump esbuild from 0.15.10 to 0.15.11 in /assets - Bump jest-environment-jsdom from 29.1.2 to 29.2.0 in /assets - Bump eslint-plugin-jest from 27.1.1 to 27.1.2 in /assets - Bump jest from 29.1.2 to 29.2.0 in /assets - Add end-to-end tests for KVM & Nutanix cloud providers - Bump postcss from 8.4.17 to 8.4.18 in /assets - Bump styfle/cancel-workflow-action from 0.10.1 to 0.11.0 - Bump docker/login-action from 2.0.0 to 2.1.0 - Bump docker/metadata-action from 4.0.1 to 4.1.0 - Checks results refactor - Bump eslint-plugin-react from 7.31.9 to 7.31.10 in /assets - Bump @babel/preset-env from 7.19.3 to 7.19.4 in /assets - Add providers KVM & Nutanix to Host Details view - Fix HealthSummaryDto's required fields - Bump @reduxjs/toolkit from 1.8.5 to 1.8.6 in /assets - Bump eslint-plugin-react from 7.31.8 to 7.31.9 in /assets - Bump eslint from 8.24.0 to 8.25.0 in /assets - Bump eslint-plugin-jest from 27.1.0 to 27.1.1 in /assets - Bump @heroicons/react from 2.0.11 to 2.0.12 in /assets - Bump react-router-dom from 6.4.1 to 6.4.2 in /assets - Move the check for unused deps to static code analysis step - Add mix deps.unlock --check-unused to CI - Bump eslint-plugin-jest from 27.0.4 to 27.1.0 in /assets - Enable single pipe check on credo - Bump esbuild from 0.14.54 to 0.15.10 in /assets - Bump babel-jest from 29.1.0 to 29.1.2 in /assets - Bump jest from 29.1.1 to 29.1.2 in /assets - Bump @headlessui/react from 1.7.2 to 1.7.3 in /assets - Bump postcss from 8.4.16 to 8.4.17 in /assets - Bump jest-environment-jsdom from 29.1.1 to 29.1.2 in /assets - Bump styfle/cancel-workflow-action from 0.10.0 to 0.10.1 - Premium EULA page content update - Rename .Enum.\* to .Enums.\* in module paths for consistency - Bump esbuild-plugin-path-alias from 1.0.6 to 1.0.7 in /assets - Use new enum type for cluster types - Use new enum type for Health - Bump babel-jest from 29.0.3 to 29.1.0 in /assets - Bump jest from 29.0.3 to 29.1.1 in /assets - Bump jest-environment-jsdom from 29.0.3 to 29.1.1 in /assets - Added margin to the bottom of each result/host container. - Add provider enum - Bump @babel/core from 7.19.1 to 7.19.3 in /assets - Bump @babel/preset-env from 7.19.1 to 7.19.3 in /assets - Changed Warning border to 8px - Bump eslint from 8.23.1 to 8.24.0 in /assets - Add acceptance test - Test default catalog usage in the backend - Show warning unknown check selection - Bump react-redux from 8.0.2 to 8.0.4 in /assets - Return default catalog if the provider is unknown - Create BackToCluster button component - Add missing :kvm and :nutanix atoms to the provider field in events/commands/read models - Bump react-router-dom from 6.4.0 to 6.4.1 in /assets - Add kvm and nutanix providers - Update mock catalog - Bump autoprefixer from 10.4.11 to 10.4.12 in /assets - Bump @headlessui/react from 1.7.1 to 1.7.2 in /assets - Bump autoprefixer from 10.4.10 to 10.4.11 in /assets - Bump @babel/preset-env from 7.19.0 to 7.19.1 in /assets - Bump @babel/core from 7.19.0 to 7.19.1 in /assets - Bump date-fns from 2.29.2 to 2.29.3 in /assets - Bump autoprefixer from 10.4.9 to 10.4.10 in /assets - Bump react-hot-toast from 2.3.0 to 2.4.0 in /assets - Bump react-router-dom from 6.3.0 to 6.4.0 in /assets - Bump @storybook/addon-essentials from 6.5.11 to 6.5.12 in /assets - Bump @storybook/addon-actions from 6.5.11 to 6.5.12 in /assets - Bump @storybook/addon-interactions from 6.5.11 to 6.5.12 in /assets - Bump @storybook/react from 6.5.11 to 6.5.12 in /assets - Bump classnames from 2.3.1 to 2.3.2 in /assets - Bump @storybook/addon-links from 6.5.11 to 6.5.12 in /assets - Improve contribution documentations and add templates - Bump @storybook/addon-actions from 6.5.10 to 6.5.11 in /assets - Bump @storybook/addon-links from 6.5.10 to 6.5.11 in /assets - Bump @storybook/addon-interactions from 6.5.10 to 6.5.11 in /assets - Bump @storybook/react from 6.5.10 to 6.5.11 in /assets - Bump @heroicons/react from 2.0.10 to 2.0.11 in /assets - Bump @storybook/addon-essentials from 6.5.10 to 6.5.11 in /assets - Bump @headlessui/react from 1.7.0 to 1.7.1 in /assets - Check Result Overview in Cluster Details - Bump eslint-plugin-react from 7.31.7 to 7.31.8 in /assets - Bump jest from 29.0.2 to 29.0.3 in /assets - Bump autoprefixer from 10.4.8 to 10.4.9 in /assets - Bump eslint-plugin-jest from 27.0.2 to 27.0.4 in /assets - Bump jest-environment-jsdom from 29.0.2 to 29.0.3 in /assets - Bump babel-jest from 29.0.2 to 29.0.3 in /assets - Bump eslint from 8.23.0 to 8.23.1 in /assets - Bump eslint-plugin-jest from 27.0.1 to 27.0.2 in /assets - Check results filtering - Bump @headlessui/react from 1.6.6 to 1.7.0 in /assets - Refactor docker compose to add named volume for postgres persistence - Bump eslint-plugin-react from 7.31.6 to 7.31.7 in /assets - Bump @babel/core from 7.18.13 to 7.19.0 in /assets - Bump @babel/preset-env from 7.18.10 to 7.19.0 in /assets - Bump jest-environment-jsdom from 29.0.1 to 29.0.2 in /assets - Bump jest from 29.0.1 to 29.0.2 in /assets - Bump eslint-plugin-react from 7.31.1 to 7.31.6 in /assets - Bump @testing-library/react from 13.3.0 to 13.4.0 in /assets - Bump babel-jest from 29.0.1 to 29.0.2 in /assets - Bump @heroicons/react from 1.0.6 to 2.0.10 in /assets - Bump postcss-import from 14.1.0 to 15.0.0 in /assets - Add option to unselect the removed tag fix \#416 - Bump babel-jest from 29.0.0 to 29.0.1 in /assets - Bump jest from 29.0.0 to 29.0.1 in /assets - Bump eslint-plugin-jest from 26.8.7 to 27.0.1 in /assets - Bump jest-environment-jsdom from 29.0.0 to 29.0.1 in /assets - Bump eslint from 8.22.0 to 8.23.0 in /assets - Bump eslint-plugin-react from 7.31.0 to 7.31.1 in /assets - Bump jest-environment-jsdom from 28.1.3 to 29.0.0 in /assets - Bump jest from 28.1.3 to 29.0.0 in /assets - Bump babel-jest from 28.1.3 to 29.0.0 in /assets - Bump eslint-plugin-react from 7.30.1 to 7.31.0 in /assets - Bump @babel/core from 7.18.10 to 7.18.13 in /assets - Fix some typos since the CI breaks otherwise - Bump eslint-plugin-jest from 26.8.3 to 26.8.7 in /assets - Bump redux-saga from 1.2.0 to 1.2.1 in /assets - Bump @reduxjs/toolkit from 1.8.4 to 1.8.5 in /assets - Bump eslint-plugin-jest from 26.8.2 to 26.8.3 in /assets - Bump dayjs from 1.11.4 to 1.11.5 in /assets - Bump eslint from 8.21.0 to 8.22.0 in /assets - Bump redux-saga from 1.1.3 to 1.2.0 in /assets - Update fixtures to reflect a recent agent version - Bump @reduxjs/toolkit from 1.8.3 to 1.8.4 in /assets - Add value files support inside the Cypress testing suite - Bump eslint-plugin-jest from 26.8.1 to 26.8.2 in /assets - add nodejs to .tools-versions - Bump eslint-plugin-jest from 26.8.0 to 26.8.1 in /assets - Bump esbuild from 0.14.53 to 0.14.54 in /assets - Bump eslint-plugin-jest from 26.7.0 to 26.8.0 in /assets - Bump tailwindcss from 3.1.7 to 3.1.8 in /assets - Bump postcss from 8.4.14 to 8.4.16 in /assets - Upcasting - Bump @testing-library/jest-dom from 5.16.4 to 5.16.5 in /assets - Set expectations for the about.js from cypress.env - Bump @storybook/addon-essentials from 6.5.9 to 6.5.10 in /assets - Bump @storybook/react from 6.5.9 to 6.5.10 in /assets - Bump @storybook/addon-actions from 6.5.9 to 6.5.10 in /assets - Bump @storybook/addon-links from 6.5.9 to 6.5.10 in /assets - Bump @storybook/addon-interactions from 6.5.9 to 6.5.10 in /assets - Bump esbuild from 0.14.51 to 0.14.53 in /assets - Add missing env vars required for photofinish - Fix nil provider broadcast - Bump @babel/core from 7.18.9 to 7.18.10 in /assets - Bump @babel/preset-env from 7.18.9 to 7.18.10 in /assets - Remove gettext compiler from project configuration - Increase the z-index for modals and modal backdrops - Bump autoprefixer from 10.4.7 to 10.4.8 in /assets - Bump tailwindcss from 3.1.6 to 3.1.7 in /assets - Bump eslint-plugin-jest from 26.6.0 to 26.7.0 in /assets - Bump credo from 1.6.5 to 1.6.6 - Bump eslint from 8.20.0 to 8.21.0 in /assets - Bump postgrex from 0.16.3 to 0.16.4 - Bump esbuild from 0.14.50 to 0.14.51 in /assets - Enable telemetry community - Bump esbuild from 0.14.49 to 0.14.50 in /assets - Add automated deployments to the demo environment - Bump open\_api\_spex from 3.11.0 to 3.12.0 - Bump dialyxir from 1.1.0 to 1.2.0 - Bump gettext from 0.19.1 to 0.20.0 - Bump terser from 4.8.0 to 4.8.1 in /assets - Bump dayjs from 1.11.3 to 1.11.4 in /assets - Bump @babel/core from 7.18.6 to 7.18.9 in /assets - Bump @babel/preset-env from 7.18.6 to 7.18.9 in /assets - Bump eslint from 8.19.0 to 8.20.0 in /assets - Bump credo from 1.6.4 to 1.6.5 - Bump eslint-plugin-jest from 26.5.3 to 26.6.0 in /assets - Bump polymorphic\_embed from 1.9.0 to 2.0.0 - Bump swoosh from 1.7.1 to 1.7.3 Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for SAP Applications 15-SP4: zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-SP4-2022-4042=1 - SUSE Linux Enterprise Module for SAP Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-SP3-2022-4042=1 - SUSE Linux Enterprise Module for SAP Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-SP2-2022-4042=1 - SUSE Linux Enterprise Module for SAP Applications 15-SP1: zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-SP1-2022-4042=1 Package List: - SUSE Linux Enterprise Module for SAP Applications 15-SP4 (aarch64 ppc64le s390x x86_64): trento-agent-1.2.0-150300.1.11.1 - SUSE Linux Enterprise Module for SAP Applications 15-SP4 (noarch): trento-server-installer-1.2.0-150300.3.10.1 - SUSE Linux Enterprise Module for SAP Applications 15-SP3 (aarch64 ppc64le s390x x86_64): trento-agent-1.2.0-150300.1.11.1 - SUSE Linux Enterprise Module for SAP Applications 15-SP3 (noarch): trento-server-installer-1.2.0-150300.3.10.1 - SUSE Linux Enterprise Module for SAP Applications 15-SP2 (aarch64 ppc64le s390x x86_64): trento-agent-1.2.0-150300.1.11.1 - SUSE Linux Enterprise Module for SAP Applications 15-SP2 (noarch): trento-server-installer-1.2.0-150300.3.10.1 - SUSE Linux Enterprise Module for SAP Applications 15-SP1 (aarch64 ppc64le s390x x86_64): trento-agent-1.2.0-150300.1.11.1 - SUSE Linux Enterprise Module for SAP Applications 15-SP1 (noarch): trento-server-installer-1.2.0-150300.3.10.1 References: From sle-updates at lists.suse.com Thu Nov 17 11:26:00 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 17 Nov 2022 12:26:00 +0100 (CET) Subject: SUSE-RU-2022:4045-1: critical: Recommended update for pacemaker Message-ID: <20221117112600.08471F3D4@maintenance.suse.de> SUSE Recommended Update: Recommended update for pacemaker ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:4045-1 Rating: critical References: #1196673 #1198409 #1198715 #1203367 #1204581 #1205279 Affected Products: SUSE Linux Enterprise High Availability 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has 6 recommended fixes can now be installed. Description: This update for pacemaker fixes the following issues: - tools: fix syntax on resetting options in crm_resource (bsc#1198409) - tools: display the correct minimum execution status when executing 'crm_resource -O' (bsc#1205279, bsc#1204581) - controller: log an info instead of a warning for a stonith/shutdown that is unknown to the new DC (bsc#1198715) - controller: record CRM feature set as a transient attribute (bsc#1196673, bsc#1203367, fate#320759) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-4045=1 - SUSE Linux Enterprise High Availability 15-SP4: zypper in -t patch SUSE-SLE-Product-HA-15-SP4-2022-4045=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): libpacemaker-devel-2.1.2+20211124.ada5c3b36-150400.4.6.1 libpacemaker3-2.1.2+20211124.ada5c3b36-150400.4.6.1 libpacemaker3-debuginfo-2.1.2+20211124.ada5c3b36-150400.4.6.1 pacemaker-2.1.2+20211124.ada5c3b36-150400.4.6.1 pacemaker-cli-2.1.2+20211124.ada5c3b36-150400.4.6.1 pacemaker-cli-debuginfo-2.1.2+20211124.ada5c3b36-150400.4.6.1 pacemaker-debuginfo-2.1.2+20211124.ada5c3b36-150400.4.6.1 pacemaker-debugsource-2.1.2+20211124.ada5c3b36-150400.4.6.1 pacemaker-remote-2.1.2+20211124.ada5c3b36-150400.4.6.1 pacemaker-remote-debuginfo-2.1.2+20211124.ada5c3b36-150400.4.6.1 - openSUSE Leap 15.4 (noarch): pacemaker-cts-2.1.2+20211124.ada5c3b36-150400.4.6.1 - SUSE Linux Enterprise High Availability 15-SP4 (aarch64 ppc64le s390x x86_64): libpacemaker-devel-2.1.2+20211124.ada5c3b36-150400.4.6.1 libpacemaker3-2.1.2+20211124.ada5c3b36-150400.4.6.1 libpacemaker3-debuginfo-2.1.2+20211124.ada5c3b36-150400.4.6.1 pacemaker-2.1.2+20211124.ada5c3b36-150400.4.6.1 pacemaker-cli-2.1.2+20211124.ada5c3b36-150400.4.6.1 pacemaker-cli-debuginfo-2.1.2+20211124.ada5c3b36-150400.4.6.1 pacemaker-debuginfo-2.1.2+20211124.ada5c3b36-150400.4.6.1 pacemaker-debugsource-2.1.2+20211124.ada5c3b36-150400.4.6.1 pacemaker-remote-2.1.2+20211124.ada5c3b36-150400.4.6.1 pacemaker-remote-debuginfo-2.1.2+20211124.ada5c3b36-150400.4.6.1 - SUSE Linux Enterprise High Availability 15-SP4 (noarch): pacemaker-cts-2.1.2+20211124.ada5c3b36-150400.4.6.1 References: https://bugzilla.suse.com/1196673 https://bugzilla.suse.com/1198409 https://bugzilla.suse.com/1198715 https://bugzilla.suse.com/1203367 https://bugzilla.suse.com/1204581 https://bugzilla.suse.com/1205279 From sle-updates at lists.suse.com Thu Nov 17 11:27:17 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 17 Nov 2022 12:27:17 +0100 (CET) Subject: SUSE-RU-2022:4043-1: moderate: Recommended update for python3-ec2metadata Message-ID: <20221117112717.60E26F3D4@maintenance.suse.de> SUSE Recommended Update: Recommended update for python3-ec2metadata ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:4043-1 Rating: moderate References: #1204066 Affected Products: SUSE Enterprise Storage 6 SUSE Enterprise Storage 7 SUSE Enterprise Storage 7.1 SUSE Linux Enterprise High Performance Computing 15 SUSE Linux Enterprise High Performance Computing 15-SP1 SUSE Linux Enterprise High Performance Computing 15-SP2 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Micro 5.3 SUSE Linux Enterprise Module for Public Cloud 15 SUSE Linux Enterprise Module for Public Cloud 15-SP1 SUSE Linux Enterprise Module for Public Cloud 15-SP2 SUSE Linux Enterprise Module for Public Cloud 15-SP3 SUSE Linux Enterprise Module for Public Cloud 15-SP4 SUSE Linux Enterprise Server 15 SUSE Linux Enterprise Server 15-SP1 SUSE Linux Enterprise Server 15-SP2 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15 SUSE Linux Enterprise Server for SAP Applications 15-SP1 SUSE Linux Enterprise Server for SAP Applications 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.0 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.0 SUSE Manager Retail Branch Server 4.1 SUSE Manager Retail Branch Server 4.2 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.0 SUSE Manager Server 4.1 SUSE Manager Server 4.2 SUSE Manager Server 4.3 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for python3-ec2metadata fixes the following issues: - Update to version 4.0.0 (bsc#1204066) - Disambiguate cli options for duplicate endpoints. This is an incompatible change for some API versions of IMDS. When a duplicate endpoint is detected the cli option for both endpoints is expanded to a unique name. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-4043=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-4043=1 - SUSE Linux Enterprise Module for Public Cloud 15-SP4: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP4-2022-4043=1 - SUSE Linux Enterprise Module for Public Cloud 15-SP3: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP3-2022-4043=1 - SUSE Linux Enterprise Module for Public Cloud 15-SP2: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP2-2022-4043=1 - SUSE Linux Enterprise Module for Public Cloud 15-SP1: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP1-2022-4043=1 - SUSE Linux Enterprise Module for Public Cloud 15: zypper in -t patch SUSE-SLE-Module-Public-Cloud-Unrestricted-15-2022-4043=1 - SUSE Linux Enterprise Micro 5.3: zypper in -t patch SUSE-SLE-Micro-5.3-2022-4043=1 Package List: - openSUSE Leap 15.4 (noarch): python3-ec2metadata-4.0.0-150000.3.9.1 - openSUSE Leap 15.3 (noarch): python3-ec2metadata-4.0.0-150000.3.9.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP4 (noarch): python3-ec2metadata-4.0.0-150000.3.9.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP3 (noarch): python3-ec2metadata-4.0.0-150000.3.9.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP2 (noarch): python3-ec2metadata-4.0.0-150000.3.9.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP1 (noarch): python3-ec2metadata-4.0.0-150000.3.9.1 - SUSE Linux Enterprise Module for Public Cloud 15 (noarch): python3-ec2metadata-4.0.0-150000.3.9.1 - SUSE Linux Enterprise Micro 5.3 (noarch): python3-ec2metadata-4.0.0-150000.3.9.1 References: https://bugzilla.suse.com/1204066 From sle-updates at lists.suse.com Thu Nov 17 17:21:03 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 17 Nov 2022 18:21:03 +0100 (CET) Subject: SUSE-RU-2022:4046-1: moderate: Recommended update for nvme-cli Message-ID: <20221117172103.A8187F3D4@maintenance.suse.de> SUSE Recommended Update: Recommended update for nvme-cli ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:4046-1 Rating: moderate References: #1186399 Affected Products: SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for nvme-cli fixes the following issues: - Support auto discovery, add %systemd_ordering to spec file (bsc#1186399) - Use pkg-config for libuuid detection Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-4046=1 Package List: - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): nvme-cli-1.8.1-3.6.1 nvme-cli-debuginfo-1.8.1-3.6.1 nvme-cli-debugsource-1.8.1-3.6.1 References: https://bugzilla.suse.com/1186399 From sle-updates at lists.suse.com Thu Nov 17 17:21:46 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 17 Nov 2022 18:21:46 +0100 (CET) Subject: SUSE-RU-2022:4047-1: moderate: Recommended update for nvme-cli Message-ID: <20221117172146.31350F3D4@maintenance.suse.de> SUSE Recommended Update: Recommended update for nvme-cli ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:4047-1 Rating: moderate References: #1186399 #1201701 Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Micro 5.3 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for nvme-cli fixes the following issues: - Support auto discovery, add %systemd_ordering to spec file (bsc#1186399) - fabrics: Remove dhchap-ctrl-secret from discover/connect-all (bsc#1201701) - Various other fabrics related bug fixes were added. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-4047=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-4047=1 - SUSE Linux Enterprise Micro 5.3: zypper in -t patch SUSE-SLE-Micro-5.3-2022-4047=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): nvme-cli-2.0-150400.3.6.1 nvme-cli-bash-completion-2.0-150400.3.6.1 nvme-cli-debuginfo-2.0-150400.3.6.1 nvme-cli-debugsource-2.0-150400.3.6.1 nvme-cli-regress-script-2.0-150400.3.6.1 nvme-cli-zsh-completion-2.0-150400.3.6.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): nvme-cli-2.0-150400.3.6.1 nvme-cli-bash-completion-2.0-150400.3.6.1 nvme-cli-debuginfo-2.0-150400.3.6.1 nvme-cli-debugsource-2.0-150400.3.6.1 nvme-cli-zsh-completion-2.0-150400.3.6.1 - SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64): nvme-cli-2.0-150400.3.6.1 nvme-cli-debuginfo-2.0-150400.3.6.1 nvme-cli-debugsource-2.0-150400.3.6.1 References: https://bugzilla.suse.com/1186399 https://bugzilla.suse.com/1201701 From sle-updates at lists.suse.com Thu Nov 17 17:22:35 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 17 Nov 2022 18:22:35 +0100 (CET) Subject: SUSE-RU-2022:4049-1: moderate: Recommended update for libnvme Message-ID: <20221117172235.E9779F3D4@maintenance.suse.de> SUSE Recommended Update: Recommended update for libnvme ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:4049-1 Rating: moderate References: #1201501 #1201700 #1201701 #1201717 Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Micro 5.3 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has four recommended fixes can now be installed. Description: This update for libnvme fixes the following issues: - Fixes for controller authentication (bsc#1201501 bsc#1201700 bsc#1201701 bsc#1201717) - Subsystem scanning logic - Fabrics improvements Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-4049=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-4049=1 - SUSE Linux Enterprise Micro 5.3: zypper in -t patch SUSE-SLE-Micro-5.3-2022-4049=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): libnvme-debuginfo-1.0-150400.3.6.1 libnvme-debugsource-1.0-150400.3.6.1 libnvme-devel-1.0-150400.3.6.1 libnvme1-1.0-150400.3.6.1 libnvme1-debuginfo-1.0-150400.3.6.1 python3-libnvme-1.0-150400.3.6.1 python3-libnvme-debuginfo-1.0-150400.3.6.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): libnvme-debuginfo-1.0-150400.3.6.1 libnvme-debugsource-1.0-150400.3.6.1 libnvme-devel-1.0-150400.3.6.1 libnvme1-1.0-150400.3.6.1 libnvme1-debuginfo-1.0-150400.3.6.1 python3-libnvme-1.0-150400.3.6.1 python3-libnvme-debuginfo-1.0-150400.3.6.1 - SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64): libnvme-debuginfo-1.0-150400.3.6.1 libnvme-debugsource-1.0-150400.3.6.1 libnvme1-1.0-150400.3.6.1 libnvme1-debuginfo-1.0-150400.3.6.1 References: https://bugzilla.suse.com/1201501 https://bugzilla.suse.com/1201700 https://bugzilla.suse.com/1201701 https://bugzilla.suse.com/1201717 From sle-updates at lists.suse.com Thu Nov 17 17:23:31 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 17 Nov 2022 18:23:31 +0100 (CET) Subject: SUSE-SU-2022:4050-1: moderate: Security update for openvswitch Message-ID: <20221117172331.0F3B1F3D4@maintenance.suse.de> SUSE Security Update: Security update for openvswitch ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:4050-1 Rating: moderate References: #1203865 Cross-References: CVE-2022-32166 CVSS scores: CVE-2022-32166 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-32166 (SUSE): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H Affected Products: SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for openvswitch fixes the following issues: - CVE-2022-32166: Fixed out of bounds read in minimask_equal() (bsc#1203865). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-4050=1 Package List: - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): libopenvswitch-2_11-0-2.11.5-3.12.1 libopenvswitch-2_11-0-debuginfo-2.11.5-3.12.1 openvswitch-2.11.5-3.12.1 openvswitch-debuginfo-2.11.5-3.12.1 openvswitch-debugsource-2.11.5-3.12.1 References: https://www.suse.com/security/cve/CVE-2022-32166.html https://bugzilla.suse.com/1203865 From sle-updates at lists.suse.com Thu Nov 17 17:24:17 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 17 Nov 2022 18:24:17 +0100 (CET) Subject: SUSE-RU-2022:4048-1: moderate: Recommended update for nvme-cli Message-ID: <20221117172417.8179DF3D4@maintenance.suse.de> SUSE Recommended Update: Recommended update for nvme-cli ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:4048-1 Rating: moderate References: #1186399 #1200644 Affected Products: SUSE Enterprise Storage 7.1 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 openSUSE Leap Micro 5.2 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for nvme-cli fixes the following issues: - Fix infinite loop on invalid parameters (bsc#1200644) - Support auto discovery, add %systemd_ordering to spec file (bsc#1186399) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap Micro 5.2: zypper in -t patch openSUSE-Leap-Micro-5.2-2022-4048=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-4048=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-4048=1 - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-4048=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-4048=1 Package List: - openSUSE Leap Micro 5.2 (aarch64 x86_64): nvme-cli-1.13-150300.3.20.1 nvme-cli-debuginfo-1.13-150300.3.20.1 nvme-cli-debugsource-1.13-150300.3.20.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): nvme-cli-1.13-150300.3.20.1 nvme-cli-debuginfo-1.13-150300.3.20.1 nvme-cli-debugsource-1.13-150300.3.20.1 nvme-cli-regress-script-1.13-150300.3.20.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): nvme-cli-1.13-150300.3.20.1 nvme-cli-debuginfo-1.13-150300.3.20.1 nvme-cli-debugsource-1.13-150300.3.20.1 - SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64): nvme-cli-1.13-150300.3.20.1 nvme-cli-debuginfo-1.13-150300.3.20.1 nvme-cli-debugsource-1.13-150300.3.20.1 - SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64): nvme-cli-1.13-150300.3.20.1 nvme-cli-debuginfo-1.13-150300.3.20.1 nvme-cli-debugsource-1.13-150300.3.20.1 References: https://bugzilla.suse.com/1186399 https://bugzilla.suse.com/1200644 From sle-updates at lists.suse.com Thu Nov 17 17:25:10 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 17 Nov 2022 18:25:10 +0100 (CET) Subject: SUSE-SU-2022:4051-1: important: Security update for xen Message-ID: <20221117172510.57E5BF3D4@maintenance.suse.de> SUSE Security Update: Security update for xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:4051-1 Rating: important References: #1185104 #1203806 #1203807 #1204482 #1204485 #1204487 #1204489 #1204490 #1204494 Cross-References: CVE-2021-28689 CVE-2022-33746 CVE-2022-33748 CVE-2022-42309 CVE-2022-42310 CVE-2022-42311 CVE-2022-42312 CVE-2022-42313 CVE-2022-42314 CVE-2022-42315 CVE-2022-42316 CVE-2022-42317 CVE-2022-42318 CVE-2022-42320 CVE-2022-42321 CVE-2022-42322 CVE-2022-42323 CVSS scores: CVE-2021-28689 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2021-28689 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-33746 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2022-33746 (SUSE): 5.3 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H CVE-2022-33748 (NVD) : 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2022-33748 (SUSE): 5.3 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H CVE-2022-42309 (NVD) : 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H CVE-2022-42309 (SUSE): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H CVE-2022-42310 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-42310 (SUSE): 6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H CVE-2022-42311 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-42311 (SUSE): 6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H CVE-2022-42312 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2022-42312 (SUSE): 6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H CVE-2022-42313 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2022-42313 (SUSE): 6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H CVE-2022-42314 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2022-42314 (SUSE): 6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H CVE-2022-42315 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2022-42315 (SUSE): 6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H CVE-2022-42316 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2022-42316 (SUSE): 6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H CVE-2022-42317 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2022-42317 (SUSE): 6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H CVE-2022-42318 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2022-42318 (SUSE): 6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H CVE-2022-42320 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-42320 (SUSE): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H CVE-2022-42321 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2022-42321 (SUSE): 6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H CVE-2022-42322 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-42322 (SUSE): 5.3 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H CVE-2022-42323 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-42323 (SUSE): 5.3 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Server 12-SP2-BCL ______________________________________________________________________________ An update that fixes 17 vulnerabilities is now available. Description: This update for xen fixes the following issues: - CVE-2022-33746: Fixed DoS due to excessively long P2M pool freeing (bsc#1203806). - CVE-2022-33748: Fixed DoS due to race in locking (bsc#1203807). - CVE-2021-28689: Fixed speculative vulnerabilities with bare (non-shim) 32-bit PV guests (bsc#1185104). - CVE-2022-42311, CVE-2022-42312, CVE-2022-42313, CVE-2022-42314, CVE-2022-42315, CVE-2022-42316, CVE-2022-42317, CVE-2022-42318: xen: Xenstore: Guests can let xenstored run out of memory (bsc#1204482) - CVE-2022-42309: xen: Xenstore: Guests can crash xenstored (bsc#1204485) - CVE-2022-42310: xen: Xenstore: Guests can create orphaned Xenstore nodes (bsc#1204487) - CVE-2022-42320: xen: Xenstore: Guests can get access to Xenstore nodes of deleted domains (bsc#1204489) - CVE-2022-42321: xen: Xenstore: Guests can crash xenstored via exhausting the stack (bsc#1204490) - CVE-2022-42322,CVE-2022-42323: xen: Xenstore: cooperating guests can create arbitrary numbers of nodes (bsc#1204494) Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2022-4051=1 Package List: - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): xen-4.7.6_28-43.98.1 xen-debugsource-4.7.6_28-43.98.1 xen-doc-html-4.7.6_28-43.98.1 xen-libs-32bit-4.7.6_28-43.98.1 xen-libs-4.7.6_28-43.98.1 xen-libs-debuginfo-32bit-4.7.6_28-43.98.1 xen-libs-debuginfo-4.7.6_28-43.98.1 xen-tools-4.7.6_28-43.98.1 xen-tools-debuginfo-4.7.6_28-43.98.1 xen-tools-domU-4.7.6_28-43.98.1 xen-tools-domU-debuginfo-4.7.6_28-43.98.1 References: https://www.suse.com/security/cve/CVE-2021-28689.html https://www.suse.com/security/cve/CVE-2022-33746.html https://www.suse.com/security/cve/CVE-2022-33748.html https://www.suse.com/security/cve/CVE-2022-42309.html https://www.suse.com/security/cve/CVE-2022-42310.html https://www.suse.com/security/cve/CVE-2022-42311.html https://www.suse.com/security/cve/CVE-2022-42312.html https://www.suse.com/security/cve/CVE-2022-42313.html https://www.suse.com/security/cve/CVE-2022-42314.html https://www.suse.com/security/cve/CVE-2022-42315.html https://www.suse.com/security/cve/CVE-2022-42316.html https://www.suse.com/security/cve/CVE-2022-42317.html https://www.suse.com/security/cve/CVE-2022-42318.html https://www.suse.com/security/cve/CVE-2022-42320.html https://www.suse.com/security/cve/CVE-2022-42321.html https://www.suse.com/security/cve/CVE-2022-42322.html https://www.suse.com/security/cve/CVE-2022-42323.html https://bugzilla.suse.com/1185104 https://bugzilla.suse.com/1203806 https://bugzilla.suse.com/1203807 https://bugzilla.suse.com/1204482 https://bugzilla.suse.com/1204485 https://bugzilla.suse.com/1204487 https://bugzilla.suse.com/1204489 https://bugzilla.suse.com/1204490 https://bugzilla.suse.com/1204494 From sle-updates at lists.suse.com Thu Nov 17 20:20:14 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 17 Nov 2022 21:20:14 +0100 (CET) Subject: SUSE-SU-2022:4054-1: Security update for go1.19 Message-ID: <20221117202014.C4B66F3D4@maintenance.suse.de> SUSE Security Update: Security update for go1.19 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:4054-1 Rating: low References: #1200441 #1204941 Cross-References: CVE-2022-41716 CVSS scores: CVE-2022-41716 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVE-2022-41716 (SUSE): 0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N Affected Products: SUSE Enterprise Storage 7.1 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Development Tools 15-SP3 SUSE Linux Enterprise Module for Development Tools 15-SP4 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.2 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.2 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.2 SUSE Manager Server 4.3 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for go1.19 fixes the following issues: Update to go 1.19.3 (released 2022-11-01) (bsc#1200441): Security fixes: - CVE-2022-41716: Fixed unsanitized NUL in environment variables in syscalls, os/exec (go#56327) (bsc#1204941). Bugfixes: - runtime: lock count" fatal error when cgo is enabled (go#56308). - cmd/compile: libFuzzer instrumentation fakePC overflow on 386 arch (go#56168). - internal/fuzz: array literal initialization causes ICE "unhandled stmt ASOP" while fuzzing (go#56106). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-4054=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-4054=1 - SUSE Linux Enterprise Module for Development Tools 15-SP4: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2022-4054=1 - SUSE Linux Enterprise Module for Development Tools 15-SP3: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2022-4054=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): go1.19-1.19.3-150000.1.15.1 go1.19-doc-1.19.3-150000.1.15.1 - openSUSE Leap 15.4 (aarch64 x86_64): go1.19-race-1.19.3-150000.1.15.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): go1.19-1.19.3-150000.1.15.1 go1.19-doc-1.19.3-150000.1.15.1 - openSUSE Leap 15.3 (aarch64 x86_64): go1.19-race-1.19.3-150000.1.15.1 - SUSE Linux Enterprise Module for Development Tools 15-SP4 (aarch64 ppc64le s390x x86_64): go1.19-1.19.3-150000.1.15.1 go1.19-doc-1.19.3-150000.1.15.1 - SUSE Linux Enterprise Module for Development Tools 15-SP4 (aarch64 x86_64): go1.19-race-1.19.3-150000.1.15.1 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 ppc64le s390x x86_64): go1.19-1.19.3-150000.1.15.1 go1.19-doc-1.19.3-150000.1.15.1 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 x86_64): go1.19-race-1.19.3-150000.1.15.1 References: https://www.suse.com/security/cve/CVE-2022-41716.html https://bugzilla.suse.com/1200441 https://bugzilla.suse.com/1204941 From sle-updates at lists.suse.com Thu Nov 17 20:21:33 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 17 Nov 2022 21:21:33 +0100 (CET) Subject: SUSE-SU-2022:4058-1: important: Security update for MozillaFirefox Message-ID: <20221117202133.A97FDF3D4@maintenance.suse.de> SUSE Security Update: Security update for MozillaFirefox ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:4058-1 Rating: important References: #1205270 Cross-References: CVE-2022-45403 CVE-2022-45404 CVE-2022-45405 CVE-2022-45406 CVE-2022-45408 CVE-2022-45409 CVE-2022-45410 CVE-2022-45411 CVE-2022-45412 CVE-2022-45416 CVE-2022-45418 CVE-2022-45420 CVE-2022-45421 Affected Products: SUSE Enterprise Storage 7 SUSE Enterprise Storage 7.1 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Desktop Applications 15-SP3 SUSE Linux Enterprise Module for Desktop Applications 15-SP4 SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.1 SUSE Manager Retail Branch Server 4.2 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.1 SUSE Manager Server 4.2 SUSE Manager Server 4.3 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes 13 vulnerabilities is now available. Description: This update for MozillaFirefox fixes the following issues: Update to Firefox Extended Support Release 102.5.0 ESR (MFSA 2022-48, bsc#1205270): - CVE-2022-45403: Service Workers might have learned size of cross-origin media files - CVE-2022-45404: Fullscreen notification bypass - CVE-2022-45405: Use-after-free in InputStream implementation - CVE-2022-45406: Use-after-free of a JavaScript Realm - CVE-2022-45408: Fullscreen notification bypass via windowName - CVE-2022-45409: Use-after-free in Garbage Collection - CVE-2022-45410: ServiceWorker-intercepted requests bypassed SameSite cookie policy - CVE-2022-45411: Cross-Site Tracing was possible via non-standard override headers - CVE-2022-45412: Symlinks may resolve to partially uninitialized buffers - CVE-2022-45416: Keystroke Side-Channel Leakage - CVE-2022-45418: Custom mouse cursor could have been drawn over browser UI - CVE-2022-45420: Iframe contents could be rendered outside the iframe - CVE-2022-45421: Memory safety bugs fixed in Firefox 107 and Firefox ESR 102.5 Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-4058=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-4058=1 - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-4058=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-4058=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-4058=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-4058=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-4058=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-4058=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP4: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP4-2022-4058=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP3-2022-4058=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-4058=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-4058=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-4058=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): MozillaFirefox-102.5.0-150200.152.67.3 MozillaFirefox-branding-upstream-102.5.0-150200.152.67.3 MozillaFirefox-debuginfo-102.5.0-150200.152.67.3 MozillaFirefox-debugsource-102.5.0-150200.152.67.3 MozillaFirefox-devel-102.5.0-150200.152.67.3 MozillaFirefox-translations-common-102.5.0-150200.152.67.3 MozillaFirefox-translations-other-102.5.0-150200.152.67.3 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): MozillaFirefox-102.5.0-150200.152.67.3 MozillaFirefox-branding-upstream-102.5.0-150200.152.67.3 MozillaFirefox-debuginfo-102.5.0-150200.152.67.3 MozillaFirefox-debugsource-102.5.0-150200.152.67.3 MozillaFirefox-devel-102.5.0-150200.152.67.3 MozillaFirefox-translations-common-102.5.0-150200.152.67.3 MozillaFirefox-translations-other-102.5.0-150200.152.67.3 - SUSE Manager Server 4.1 (ppc64le s390x x86_64): MozillaFirefox-102.5.0-150200.152.67.3 MozillaFirefox-debuginfo-102.5.0-150200.152.67.3 MozillaFirefox-debugsource-102.5.0-150200.152.67.3 MozillaFirefox-devel-102.5.0-150200.152.67.3 MozillaFirefox-translations-common-102.5.0-150200.152.67.3 MozillaFirefox-translations-other-102.5.0-150200.152.67.3 - SUSE Manager Retail Branch Server 4.1 (x86_64): MozillaFirefox-102.5.0-150200.152.67.3 MozillaFirefox-debuginfo-102.5.0-150200.152.67.3 MozillaFirefox-debugsource-102.5.0-150200.152.67.3 MozillaFirefox-devel-102.5.0-150200.152.67.3 MozillaFirefox-translations-common-102.5.0-150200.152.67.3 MozillaFirefox-translations-other-102.5.0-150200.152.67.3 - SUSE Manager Proxy 4.1 (x86_64): MozillaFirefox-102.5.0-150200.152.67.3 MozillaFirefox-debuginfo-102.5.0-150200.152.67.3 MozillaFirefox-debugsource-102.5.0-150200.152.67.3 MozillaFirefox-devel-102.5.0-150200.152.67.3 MozillaFirefox-translations-common-102.5.0-150200.152.67.3 MozillaFirefox-translations-other-102.5.0-150200.152.67.3 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): MozillaFirefox-102.5.0-150200.152.67.3 MozillaFirefox-debuginfo-102.5.0-150200.152.67.3 MozillaFirefox-debugsource-102.5.0-150200.152.67.3 MozillaFirefox-devel-102.5.0-150200.152.67.3 MozillaFirefox-translations-common-102.5.0-150200.152.67.3 MozillaFirefox-translations-other-102.5.0-150200.152.67.3 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): MozillaFirefox-102.5.0-150200.152.67.3 MozillaFirefox-debuginfo-102.5.0-150200.152.67.3 MozillaFirefox-debugsource-102.5.0-150200.152.67.3 MozillaFirefox-devel-102.5.0-150200.152.67.3 MozillaFirefox-translations-common-102.5.0-150200.152.67.3 MozillaFirefox-translations-other-102.5.0-150200.152.67.3 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): MozillaFirefox-102.5.0-150200.152.67.3 MozillaFirefox-debuginfo-102.5.0-150200.152.67.3 MozillaFirefox-debugsource-102.5.0-150200.152.67.3 MozillaFirefox-devel-102.5.0-150200.152.67.3 MozillaFirefox-translations-common-102.5.0-150200.152.67.3 MozillaFirefox-translations-other-102.5.0-150200.152.67.3 - SUSE Linux Enterprise Module for Desktop Applications 15-SP4 (aarch64 ppc64le s390x x86_64): MozillaFirefox-102.5.0-150200.152.67.3 MozillaFirefox-debuginfo-102.5.0-150200.152.67.3 MozillaFirefox-debugsource-102.5.0-150200.152.67.3 MozillaFirefox-translations-common-102.5.0-150200.152.67.3 MozillaFirefox-translations-other-102.5.0-150200.152.67.3 - SUSE Linux Enterprise Module for Desktop Applications 15-SP4 (aarch64 ppc64le x86_64): MozillaFirefox-devel-102.5.0-150200.152.67.3 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (aarch64 ppc64le s390x x86_64): MozillaFirefox-102.5.0-150200.152.67.3 MozillaFirefox-debuginfo-102.5.0-150200.152.67.3 MozillaFirefox-debugsource-102.5.0-150200.152.67.3 MozillaFirefox-translations-common-102.5.0-150200.152.67.3 MozillaFirefox-translations-other-102.5.0-150200.152.67.3 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (aarch64 ppc64le x86_64): MozillaFirefox-devel-102.5.0-150200.152.67.3 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): MozillaFirefox-102.5.0-150200.152.67.3 MozillaFirefox-debuginfo-102.5.0-150200.152.67.3 MozillaFirefox-debugsource-102.5.0-150200.152.67.3 MozillaFirefox-devel-102.5.0-150200.152.67.3 MozillaFirefox-translations-common-102.5.0-150200.152.67.3 MozillaFirefox-translations-other-102.5.0-150200.152.67.3 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): MozillaFirefox-102.5.0-150200.152.67.3 MozillaFirefox-debuginfo-102.5.0-150200.152.67.3 MozillaFirefox-debugsource-102.5.0-150200.152.67.3 MozillaFirefox-devel-102.5.0-150200.152.67.3 MozillaFirefox-translations-common-102.5.0-150200.152.67.3 MozillaFirefox-translations-other-102.5.0-150200.152.67.3 - SUSE Enterprise Storage 7 (aarch64 x86_64): MozillaFirefox-102.5.0-150200.152.67.3 MozillaFirefox-debuginfo-102.5.0-150200.152.67.3 MozillaFirefox-debugsource-102.5.0-150200.152.67.3 MozillaFirefox-devel-102.5.0-150200.152.67.3 MozillaFirefox-translations-common-102.5.0-150200.152.67.3 MozillaFirefox-translations-other-102.5.0-150200.152.67.3 References: https://www.suse.com/security/cve/CVE-2022-45403.html https://www.suse.com/security/cve/CVE-2022-45404.html https://www.suse.com/security/cve/CVE-2022-45405.html https://www.suse.com/security/cve/CVE-2022-45406.html https://www.suse.com/security/cve/CVE-2022-45408.html https://www.suse.com/security/cve/CVE-2022-45409.html https://www.suse.com/security/cve/CVE-2022-45410.html https://www.suse.com/security/cve/CVE-2022-45411.html https://www.suse.com/security/cve/CVE-2022-45412.html https://www.suse.com/security/cve/CVE-2022-45416.html https://www.suse.com/security/cve/CVE-2022-45418.html https://www.suse.com/security/cve/CVE-2022-45420.html https://www.suse.com/security/cve/CVE-2022-45421.html https://bugzilla.suse.com/1205270 From sle-updates at lists.suse.com Thu Nov 17 20:23:28 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 17 Nov 2022 21:23:28 +0100 (CET) Subject: SUSE-SU-2022:4053-1: important: Security update for the Linux Kernel Message-ID: <20221117202328.7C37BF3D4@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:4053-1 Rating: important References: #1032323 #1065729 #1152489 #1198702 #1200465 #1200788 #1201725 #1202638 #1202686 #1202700 #1203066 #1203098 #1203387 #1203391 #1203496 #1203802 #1204053 #1204166 #1204168 #1204354 #1204355 #1204382 #1204402 #1204415 #1204417 #1204431 #1204439 #1204470 #1204479 #1204574 #1204575 #1204619 #1204635 #1204637 #1204646 #1204647 #1204653 #1204728 #1204753 #1204754 PED-1931 SLE-13847 SLE-24559 SLE-9246 Cross-References: CVE-2021-4037 CVE-2022-2153 CVE-2022-2964 CVE-2022-2978 CVE-2022-3176 CVE-2022-3424 CVE-2022-3521 CVE-2022-3524 CVE-2022-3535 CVE-2022-3542 CVE-2022-3545 CVE-2022-3565 CVE-2022-3577 CVE-2022-3586 CVE-2022-3594 CVE-2022-3621 CVE-2022-3625 CVE-2022-3629 CVE-2022-3640 CVE-2022-3646 CVE-2022-3649 CVE-2022-39189 CVE-2022-42703 CVE-2022-43750 CVSS scores: CVE-2021-4037 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-4037 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N CVE-2022-2153 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-2153 (SUSE): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2022-2964 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-2964 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-2978 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-2978 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3176 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3176 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3424 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3521 (NVD) : 2.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L CVE-2022-3521 (SUSE): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-3524 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-3524 (SUSE): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3535 (NVD) : 3.5 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L CVE-2022-3535 (SUSE): 2.3 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L CVE-2022-3542 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3542 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-3545 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3545 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-3565 (NVD) : 8 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3565 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-3577 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3577 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3586 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3586 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3594 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-3594 (SUSE): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-3621 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-3621 (SUSE): 4.3 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3625 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3625 (SUSE): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2022-3629 (NVD) : 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L CVE-2022-3629 (SUSE): 2.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L CVE-2022-3640 (NVD) : 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-3640 (SUSE): 7.1 CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-3646 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2022-3646 (SUSE): 2.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L CVE-2022-3649 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-3649 (SUSE): 3.1 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L CVE-2022-39189 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-39189 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-42703 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-42703 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-43750 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-43750 (SUSE): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Enterprise Storage 7.1 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Availability 15-SP3 SUSE Linux Enterprise High Performance Computing SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Development Tools 15-SP3 SUSE Linux Enterprise Module for Legacy Software 15-SP3 SUSE Linux Enterprise Module for Live Patching 15-SP3 SUSE Linux Enterprise Server SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Workstation Extension 15-SP3 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 openSUSE Leap 15.4 openSUSE Leap Micro 5.2 ______________________________________________________________________________ An update that solves 24 vulnerabilities, contains four features and has 16 fixes is now available. Description: The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2021-4037: Fixed function logic vulnerability that allowed local users to create files for the XFS file-system with an unintended group ownership and with group execution and SGID permission bits set (bnc#1198702). - CVE-2022-2153: Fixed vulnerability in KVM that could allow an unprivileged local attacker on the host to cause DoS (bnc#1200788). - CVE-2022-2964: Fixed memory corruption issues in ax88179_178a devices (bnc#1202686). - CVE-2022-2978: Fixed use-after-free in the NILFS file system that could lead to local privilege escalation or DoS (bnc#1202700). - CVE-2022-3176: Fixed use-after-free in io_uring when using POLLFREE (bnc#1203391). - CVE-2022-3424: Fixed use-after-free in gru_set_context_option(), gru_fault() and gru_handle_user_call_os() that could lead to kernel panic (bsc#1204166). - CVE-2022-3521: Fixed race condition in kcm_tx_work() in net/kcm/kcmsock.c (bnc#1204355). - CVE-2022-3524: Fixed memory leak in ipv6_renew_options() in the IPv6 handler (bnc#1204354). - CVE-2022-3535: Fixed memory leak in mvpp2_dbgfs_port_init() in drivers/net/ethernet/marvell/mvpp2/mvpp2_debugfs.c (bnc#1204417). - CVE-2022-3542: Fixed memory leak in bnx2x_tpa_stop() in drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.c (bnc#1204402). - CVE-2022-3545: Fixed use-after-free in area_cache_get() in drivers/net/ethernet/netronome/nfp/nfpcore/nfp_cppcore.c (bnc#1204415). - CVE-2022-3565: Fixed use-after-free in del_timer() in drivers/isdn/mISDN/l1oip_core.c (bnc#1204431). - CVE-2022-3577: Fixed out-of-bounds memory write flaw in bigben device driver that could lead to local privilege escalation or DoS (bnc#1204470). - CVE-2022-3586: Fixed use-after-free in socket buffer (SKB) that could allow a local unprivileged user to cause a denial of service (bnc#1204439). - CVE-2022-3594: Fixed excessive data logging in intr_callback() in drivers/net/usb/r8152.c (bnc#1204479). - CVE-2022-3621: Fixed null pointer dereference in nilfs_bmap_lookup_at_level() in fs/nilfs2/inode.c (bnc#1204574). - CVE-2022-3625: Fixed use-after-free in devlink_param_set()/devlink_param_get() in net/core/devlink.c (bnc#1204637). - CVE-2022-3629: Fixed memory leak in vsock_connect() in net/vmw_vsock/af_vsock.c (bnc#1204635). - CVE-2022-3640: Fixed use-after-free in l2cap_conn_del() in net/bluetooth/l2cap_core.c (bnc#1204619). - CVE-2022-3646: Fixed memory leak in nilfs_attach_log_writer() in fs/nilfs2/segment.c (bnc#1204646). - CVE-2022-3649: Fixed use-after-free in nilfs_new_inode() in fs/nilfs2/inode.c (bnc#1204647). - CVE-2022-39189: Fixed a flaw in the x86 KVM subsystem that could allow unprivileged guest users to compromise the guest kernel via TLB flush operations on preempted vCPU (bnc#1203066). - CVE-2022-42703: Fixed use-after-free in mm/rmap.c related to leaf anon_vma double reuse (bnc#1204168). - CVE-2022-43750: Fixed vulnerability in usbmon that allowed a user-space client to corrupt the monitor's internal memory (bnc#1204653). The following non-security bugs were fixed: - ACPI: APEI: do not add task_work to kernel thread to avoid memory leak (git-fixes). - ACPI: HMAT: Release platform device in case of platform_device_add_data() fails (git-fixes). - ACPI: extlog: Handle multiple records (git-fixes). - ACPI: processor idle: Practically limit "Dummy wait" workaround to old Intel systems (bnc#1203802). - ACPI: video: Add Toshiba Satellite/Portege Z830 quirk (git-fixes). - ALSA: Use del_timer_sync() before freeing timer (git-fixes). - ALSA: ac97: fix possible memory leak in snd_ac97_dev_register() (git-fixes). - ALSA: aoa: Fix I2S device accounting (git-fixes). - ALSA: aoa: i2sbus: fix possible memory leak in i2sbus_add_dev() (git-fixes). - ALSA: asihpi - Remove useless code in hpi_meter_get_peak() (git-fixes). - ALSA: au88x0: use explicitly signed char (git-fixes). - ALSA: dmaengine: increment buffer pointer atomically (git-fixes). - ALSA: hda/hdmi: Do not skip notification handling during PM operation (git-fixes). - ALSA: hda/realtek: Add Intel Reference SSID to support headset keys (git-fixes). - ALSA: hda/realtek: Add pincfg for ASUS G513 HP jack (git-fixes). - ALSA: hda/realtek: Add pincfg for ASUS G533Z HP jack (git-fixes). - ALSA: hda/realtek: Add quirk for ASUS GA503R laptop (git-fixes). - ALSA: hda/realtek: Add quirk for ASUS GV601R laptop (git-fixes). - ALSA: hda/realtek: Add quirk for Huawei WRT-WX9 (git-fixes). - ALSA: hda/realtek: Correct pin configs for ASUS G533Z (git-fixes). - ALSA: hda/realtek: Enable 4-speaker output Dell Precision 5530 laptop (git-fixes). - ALSA: hda/realtek: remove ALC289_FIXUP_DUAL_SPK for Dell 5530 (git-fixes). - ALSA: hda/sigmatel: Fix unused variable warning for beep power change (git-fixes). - ALSA: hda/sigmatel: Keep power up while beep is enabled (git-fixes). - ALSA: hda/tegra: Align BDL entry to 4KB boundary (git-fixes). - ALSA: hda: Fix position reporting on Poulsbo (git-fixes). - ALSA: hda: add Intel 5 Series / 3400 PCI DID (git-fixes). - ALSA: oss: Fix potential deadlock at unregistration (git-fixes). - ALSA: rawmidi: Drop register_mutex in snd_rawmidi_free() (git-fixes). - ALSA: rme9652: use explicitly signed char (git-fixes). - ALSA: usb-audio: Fix NULL dererence at error path (git-fixes). - ALSA: usb-audio: Fix potential memory leaks (git-fixes). - ASoC: eureka-tlv320: Hold reference returned from of_find_xxx API (git-fixes). - ASoC: fsl_sai: Remove unnecessary FIFO reset in ISR (git-fixes). - ASoC: mt6660: Fix PM disable depth imbalance in mt6660_i2c_probe (git-fixes). - ASoC: nau8824: Fix semaphore unbalance at error paths (git-fixes). - ASoC: rsnd: Add check for rsnd_mod_power_on (git-fixes). - ASoC: tas2770: Reinit regcache on reset (git-fixes). - ASoC: wcd9335: fix order of Slimbus unprepare/disable (git-fixes). - ASoC: wcd934x: fix order of Slimbus unprepare/disable (git-fixes). - ASoC: wm5102: Fix PM disable depth imbalance in wm5102_probe (git-fixes). - ASoC: wm5110: Fix PM disable depth imbalance in wm5110_probe (git-fixes). - ASoC: wm8997: Fix PM disable depth imbalance in wm8997_probe (git-fixes). - Bluetooth: L2CAP: Fix user-after-free (git-fixes). - Bluetooth: L2CAP: initialize delayed works at l2cap_chan_create() (git-fixes). - Bluetooth: hci_core: Fix not handling link timeouts propertly (git-fixes). - Bluetooth: hci_sysfs: Fix attempting to call device_add multiple times (git-fixes). - HID: hidraw: fix memory leak in hidraw_release() (git-fixes). - HID: magicmouse: Do not set BTN_MOUSE on double report (git-fixes). - HID: multitouch: Add memory barriers (git-fixes). - HID: roccat: Fix use-after-free in roccat_read() (git-fixes). - HSI: omap_ssi: Fix refcount leak in ssi_probe (git-fixes). - HSI: omap_ssi_port: Fix dma_map_sg error check (git-fixes). - IB/cm: Cancel mad on the DREQ event when the state is MRA_REP_RCVD (git-fixes) - IB/cma: Allow XRC INI QPs to set their local ACK timeout (git-fixes) - IB/core: Only update PKEY and GID caches on respective events (git-fixes) - IB/hfi1: Adjust pkey entry in index 0 (git-fixes) - IB/hfi1: Fix abba locking issue with sc_disable() (git-fixes) - IB/hfi1: Fix possible null-pointer dereference in _extend_sdma_tx_descs() (git-fixes) - IB/mlx4: Add support for REJ due to timeout (git-fixes) - IB/mlx4: Use port iterator and validation APIs (git-fixes) - IB/qib: Protect from buffer overflow in struct qib_user_sdma_pkt fields (git-fixes) - IB/rdmavt: Add __init/__exit annotations to module init/exit funcs (git-fixes) - IB/srpt: Remove redundant assignment to ret (git-fixes) - Input: i8042 - fix refount leak on sparc (git-fixes). - Input: xpad - add supported devices as contributed on github (git-fixes). - Input: xpad - fix wireless 360 controller breaking after suspend (git-fixes). - KVM: nVMX: Unconditionally purge queued/injected events on nested "exit" (git-fixes). - KVM: s390: Clarify SIGP orders versus STOP/RESTART (git-fixes). - KVM: s390: VSIE: fix MVPG handling for prefixing and MSO (git-fixes). - KVM: s390: clear kicked_mask before sleeping again (git-fixes). - KVM: s390: preserve deliverable_mask in __airqs_kick_single_vcpu (git-fixes). - KVM: s390: pv: do not present the ecall interrupt twice (git-fixes). - KVM: s390: split kvm_s390_real_to_abs (git-fixes). - KVM: s390x: fix SCK locking (git-fixes). - KVM: x86/emulator: Fix handing of POP SS to correctly set interruptibility (git-fixes). - PCI: Dynamically map ECAM regions (bsc#1204382). - PCI: Fix used_buses calculation in pci_scan_child_bus_extend() (git-fixes). - PCI: Sanitise firmware BAR assignments behind a PCI-PCI bridge (git-fixes). - PM: domains: Fix handling of unavailable/disabled idle states (git-fixes). - PM: hibernate: Allow hybrid sleep to work with s2idle (git-fixes). - RDMA/bnxt_re: Add missing spin lock initialization (git-fixes) - RDMA/bnxt_re: Fix query SRQ failure (git-fixes) - RDMA/cm: Fix memory leak in ib_cm_insert_listen (git-fixes) - RDMA/cma: Ensure rdma_addr_cancel() happens before issuing more requests (git-fixes) - RDMA/cma: Fix arguments order in net device validation (git-fixes) - RDMA/core: Sanitize WQ state received from the userspace (git-fixes) - RDMA/cxgb4: Remove MW support (git-fixes) - RDMA/efa: Free IRQ vectors on error flow (git-fixes) - RDMA/efa: Remove double QP type assignment (git-fixes) - RDMA/efa: Use ib_umem_num_dma_pages() (git-fixes) - RDMA/hfi1: Fix potential integer multiplication overflow errors (git-fixes) - RDMA/hns: Remove unnecessary check for the sgid_attr when modifying QP (git-fixes) - RDMA/i40iw: Use ib_umem_num_dma_pages() (git-fixes) - RDMA/iwcm: Release resources if iw_cm module initialization fails (git-fixes) - RDMA/mlx4: Return missed an error if device does not support steering (git-fixes) - RDMA/mlx5: Add missing check for return value in get namespace flow (git-fixes) - RDMA/mlx5: Block FDB rules when not in switchdev mode (git-fixes) - RDMA/mlx5: Fix memory leak in error flow for subscribe event routine (git-fixes) - RDMA/mlx5: Make mkeys always owned by the kernel's PD when not enabled (git-fixes) - RDMA/mlx5: Set user priority for DCT (git-fixes) - RDMA/mlx5: Use set_mkc_access_pd_addr_fields() in reg_create() (git-fixes) - RDMA/qedr: Fix NULL deref for query_qp on the GSI QP (git-fixes) - RDMA/qedr: Fix potential memory leak in __qedr_alloc_mr() (git-fixes) - RDMA/qedr: Fix reporting QP timeout attribute (git-fixes) - RDMA/qib: Remove superfluous fallthrough statements (git-fixes) - RDMA/rtrs-srv: Pass the correct number of entries for dma mapped SGL (git-fixes) - RDMA/rxe: Do not overwrite errno from ib_umem_get() (git-fixes) - RDMA/rxe: Fix "kernel NULL pointer dereference" error (git-fixes) - RDMA/rxe: Fix error unwind in rxe_create_qp() (git-fixes) - RDMA/rxe: Fix extra copies in build_rdma_network_hdr (git-fixes) - RDMA/rxe: Fix extra copy in prepare_ack_packet (git-fixes) - RDMA/rxe: Fix failure during driver load (git-fixes) - RDMA/rxe: Fix over copying in get_srq_wqe (git-fixes) - RDMA/rxe: Fix redundant call to ip_send_check (git-fixes) - RDMA/rxe: Fix redundant skb_put_zero (git-fixes) - RDMA/rxe: Fix rnr retry behavior (git-fixes) - RDMA/rxe: Fix the error caused by qp->sk (git-fixes) - RDMA/rxe: Fix wrong port_cap_flags (git-fixes) - RDMA/rxe: Generate a completion for unsupported/invalid opcode (git-fixes) - RDMA/rxe: Remove unused pkt->offset (git-fixes) - RDMA/rxe: Return CQE error if invalid lkey was supplied (git-fixes) - RDMA/sa_query: Use strscpy_pad instead of memcpy to copy a string (git-fixes) - RDMA/siw: Always consume all skbuf data in sk_data_ready() upcall. (git-fixes) - RDMA/siw: Fix a condition race issue in MPA request processing (git-fixes) - RDMA/siw: Fix duplicated reported IW_CM_EVENT_CONNECT_REPLY event (git-fixes) - RDMA/siw: Pass a pointer to virt_to_page() (git-fixes) - RDMA/usnic: fix set-but-not-unused variable 'flags' warning (git-fixes) - RDMA: Verify port when creating flow rule (git-fixes) - RDMA: remove useless condition in siw_create_cq() (git-fixes) - RDMa/mthca: Work around -Wenum-conversion warning (git-fixes) - Revert "drivers/video/backlight/platform_lcd.c: add support for (bsc#1152489) - Revert "drm: bridge: analogix/dp: add panel prepare/unprepare in suspend/resume time" (git-fixes). - Revert "usb: add quirks for Lenovo OneLink+ Dock" (git-fixes). - Revert "usb: storage: Add quirk for Samsung Fit flash" (git-fixes). - Revert "usb: storage: Add quirk for Samsung Fit flash" (git-fixes). - USB: serial: console: move mutex_unlock() before usb_serial_put() (git-fixes). - USB: serial: ftdi_sio: fix 300 bps rate for SIO (git-fixes). - USB: serial: option: add Quectel BG95 0x0203 composition (git-fixes). - USB: serial: option: add Quectel BG95 0x0203 composition (git-fixes). - USB: serial: option: add Quectel RM520N (git-fixes). - USB: serial: option: add Quectel RM520N (git-fixes). - USB: serial: qcserial: add new usb-id for Dell branded EM7455 (git-fixes). - USB: serial: qcserial: add new usb-id for Dell branded EM7455 (git-fixes). - arm64: assembler: add cond_yield macro (git-fixes) - ata: fix ata_id_has_devslp() (git-fixes). - ata: fix ata_id_has_dipm() (git-fixes). - ata: fix ata_id_has_ncq_autosense() (git-fixes). - ata: fix ata_id_sense_reporting_enabled() and ata_id_has_sense_reporting() (git-fixes). - ata: libahci_platform: Sanity check the DT child nodes number (git-fixes). - can: bcm: check the result of can_send() in bcm_can_tx() (git-fixes). - can: gs_usb: gs_can_open(): fix race dev->can.state condition (git-fixes). - can: kvaser_usb: Fix possible completions during init_completion (git-fixes). - can: kvaser_usb: Fix use of uninitialized completion (git-fixes). - can: kvaser_usb_leaf: Fix CAN state after restart (git-fixes). - can: kvaser_usb_leaf: Fix TX queue out of sync after restart (git-fixes). - can: mscan: mpc5xxx: mpc5xxx_can_probe(): add missing put_clock() in error path (git-fixes). - cgroup/cpuset: Enable update_tasks_cpumask() on top_cpuset (bsc#1204753). - clk: bcm2835: Make peripheral PLLC critical (git-fixes). - clk: bcm2835: fix bcm2835_clock_rate_from_divisor declaration (git-fixes). - clk: berlin: Add of_node_put() for of_get_parent() (git-fixes). - clk: imx: imx6sx: remove the SET_RATE_PARENT flag for QSPI clocks (git-fixes). - clk: iproc: Do not rely on node name for correct PLL setup (git-fixes). - clk: mediatek: mt8183: mfgcfg: Propagate rate changes to parent (git-fixes). - clk: oxnas: Hold reference returned by of_get_parent() (git-fixes). - clk: qcom: gcc-msm8916: use ARRAY_SIZE instead of specifying num_parents (git-fixes). - clk: qoriq: Hold reference returned by of_get_parent() (git-fixes). - clk: tegra20: Fix refcount leak in tegra20_clock_init (git-fixes). - clk: tegra: Fix refcount leak in tegra114_clock_init (git-fixes). - clk: tegra: Fix refcount leak in tegra210_clock_init (git-fixes). - clk: ti: dra7-atl: Fix reference leak in of_dra7_atl_clk_probe (git-fixes). - clk: zynqmp: Fix stack-out-of-bounds in strncpy` (git-fixes). - clk: zynqmp: pll: rectify rate rounding in zynqmp_pll_round_rate (git-fixes). - crypto: akcipher - default implementation for setting a private key (git-fixes). - crypto: arm64/sha - fix function types (git-fixes) - crypto: arm64/sha1-ce - simplify NEON yield (git-fixes) - crypto: arm64/sha2-ce - simplify NEON yield (git-fixes) - crypto: arm64/sha3-ce - simplify NEON yield (git-fixes) - crypto: arm64/sha512-ce - simplify NEON yield (git-fixes) - crypto: cavium - prevent integer overflow loading firmware (git-fixes). - crypto: ccp - Release dma channels before dmaengine unrgister (git-fixes). - crypto: hisilicon/zip - fix mismatch in get/set sgl_sge_nr (git-fixes). - device property: Fix documentation for *_match_string() APIs (git-fixes). - dmaengine: ioat: stop mod_timer from resurrecting deleted timer in __cleanup() (git-fixes). - dmaengine: xilinx_dma: Report error in case of dma_set_mask_and_coherent API failure (git-fixes). - dmaengine: xilinx_dma: cleanup for fetching xlnx,num-fstores property (git-fixes). - docs: update mediator information in CoC docs (git-fixes). - drivers: serial: jsm: fix some leaks in probe (git-fixes). - drm/amd/display: Limit user regamma to a valid value (git-fixes). - drm/amdgpu: do not register a dirty callback for non-atomic (git-fixes). - drm/amdgpu: fix initial connector audio value (git-fixes). - drm/amdgpu: use dirty framebuffer helper (git-fixes). - drm/bridge: Avoid uninitialized variable warning (git-fixes). - drm/bridge: megachips: Fix a null pointer dereference bug (git-fixes). - drm/bridge: parade-ps8640: Fix regulator supply order (git-fixes). - drm/i915/gvt: fix a memory leak in intel_gvt_init_vgpu_types (git-fixes). - drm/mipi-dsi: Detach devices when removing the host (git-fixes). - drm/msm/dpu: Fix comment typo (git-fixes). - drm/msm/dpu: index dpu_kms->hw_vbif using vbif_idx (git-fixes). - drm/msm/dsi: fix memory corruption with too many bridges (git-fixes). - drm/msm/hdmi: fix memory corruption with too many bridges (git-fixes). - drm/msm: Fix return type of mdp4_lvds_connector_mode_valid (git-fixes). - drm/msm: Make .remove and .shutdown HW shutdown consistent (git-fixes). - drm/nouveau/nouveau_bo: fix potential memory leak in nouveau_bo_alloc() (git-fixes). - drm/nouveau: fix a use-after-free in nouveau_gem_prime_import_sg_table() (git-fixes). - drm/omap: dss: Fix refcount leak bugs (git-fixes). - drm/rockchip: Fix return type of cdn_dp_connector_mode_valid (git-fixes). - drm/scheduler: quieten kernel-doc warnings (git-fixes). - drm/udl: Restore display mode on resume (git-fixes). - drm: Prevent drm_copy_field() to attempt copying a NULL pointer (git-fixes). - drm: Use size_t type for len variable in drm_copy_field() (git-fixes). - drm: bridge: adv7511: fix CEC power down control register offset (git-fixes). - drm: fix drm_mipi_dbi build errors (git-fixes). - drm: panel-orientation-quirks: Add quirk for Anbernic Win600 (git-fixes). - drm:pl111: Add of_node_put() when breaking out of for_each_available_child_of_node() (git-fixes). - dyndbg: fix module.dyndbg handling (git-fixes). - dyndbg: let query-modname override actual module name (git-fixes). - efi: Correct Macmini DMI match in uefi cert quirk (git-fixes). - efi: libstub: drop pointless get_memory_map() call (git-fixes). - exfat: Return ENAMETOOLONG consistently for oversized paths (bsc#1204053 bsc#1201725). - fbdev: cyber2000fb: fix missing pci_disable_device() (git-fixes). - fbdev: da8xx-fb: Fix error handling in .remove() (git-fixes). - firmware: arm_scmi: Add SCMI PM driver remove routine (git-fixes). - firmware: google: Test spinlock on panic path to avoid lockups (git-fixes). - fpga: prevent integer overflow in dfl_feature_ioctl_set_irq() (git-fixes). - gpio: rockchip: request GPIO mux to pinctrl when setting direction (git-fixes). - hid: hid-logitech-hidpp: avoid unnecessary assignments in hidpp_connect_event (git-fixes). - hwmon/coretemp: Handle large core ID value (git-fixes). - iio: ABI: Fix wrong format of differential capacitance channel ABI (git-fixes). - iio: adc: ad7923: fix channel readings for some variants (git-fixes). - iio: adc: at91-sama5d2_adc: check return status for pressure and touch (git-fixes). - iio: adc: at91-sama5d2_adc: fix AT91_SAMA5D2_MR_TRACKTIM_MAX (git-fixes). - iio: adc: at91-sama5d2_adc: lock around oversampling and sample freq (git-fixes). - iio: adc: mcp3911: use correct id bits (git-fixes). - iio: dac: ad5593r: Fix i2c read protocol requirements (git-fixes). - iio: inkern: only release the device node when done with it (git-fixes). - iio: light: tsl2583: Fix module unloading (git-fixes). - iio: pressure: dps310: Refactor startup procedure (git-fixes). - iio: pressure: dps310: Reset chip after timeout (git-fixes). - irqchip/ls-extirq: Fix invalid wait context by avoiding to use regmap (git-fixes). - kABI: arm64/crypto/sha512 Preserve function signature (git-fixes). - kbuild: Add skip_encoding_btf_enum64 option to pahole (git-fixes). - kbuild: remove the target in signal traps when interrupted (git-fixes). - kbuild: sink stdout from cmd for silent build (git-fixes). - kbuild: skip per-CPU BTF generation for pahole v1.18-v1.21 (jsc#SLE-24559). - kthread: Extract KTHREAD_IS_PER_CPU (bsc#1204753). - lib/sg_pool: change module_init(sg_pool_init) to subsys_initcall (git-fixes). - libata: add ATA_HORKAGE_NOLPM for Pioneer BDR-207M and BDR-205 (git-fixes). - locking/csd_lock: Change csdlock_debug from early_param to __setup (git-fixes). - mISDN: fix use-after-free bugs in l1oip timer handlers (git-fixes). - mISDN: hfcpci: Fix use-after-free bug in hfcpci_softirq (git-fixes). - mac802154: Fix LQI recording (git-fixes). - mailbox: bcm-ferxrm-mailbox: Fix error check for dma_map_sg (git-fixes). - media: aspeed-video: ignore interrupts that are not enabled (git-fixes). - media: cedrus: Set the platform driver data earlier (git-fixes). - media: coda: Add more H264 levels for CODA960 (git-fixes). - media: coda: Fix reported H264 profile (git-fixes). - media: cx88: Fix a null-ptr-deref bug in buffer_prepare() (git-fixes). - media: dvb_vb2: fix possible out of bound access (git-fixes). - media: v4l2-dv-timings: add sanity checks for blanking values (git-fixes). - media: videodev2.h: V4L2_DV_BT_BLANKING_HEIGHT should check 'interlaced' (git-fixes). - media: xilinx: vipp: Fix refcount leak in xvip_graph_dma_init (git-fixes). - memory: of: Fix refcount leak bug in of_get_ddr_timings() (git-fixes). - memory: pl353-smc: Fix refcount leak bug in pl353_smc_probe() (git-fixes). - mfd: fsl-imx25: Fix an error handling path in mx25_tsadc_setup_irq() (git-fixes). - mfd: intel_soc_pmic: Fix an error handling path in intel_soc_pmic_i2c_probe() (git-fixes). - mfd: lp8788: Fix an error handling path in lp8788_irq_init() and lp8788_irq_init() (git-fixes). - mfd: lp8788: Fix an error handling path in lp8788_probe() (git-fixes). - mfd: sm501: Add check for platform_driver_register() (git-fixes). - misc: ocxl: fix possible refcount leak in afu_ioctl() (git-fixes). - mm, memcg: avoid stale protection values when cgroup is above protection (bsc#1204754). - mm/hugetlb: fix races when looking up a CONT-PTE/PMD size hugetlb page (bsc#1204575). - mm: memcontrol: fix occasional OOMs due to proportional memory.low reclaim (bsc#1204754). - mmc: au1xmmc: Fix an error handling path in au1xmmc_probe() (git-fixes). - mmc: core: Fix kernel panic when remove non-standard SDIO card (git-fixes). - mmc: core: Replace with already defined values for readability (git-fixes). - mmc: core: Terminate infinite loop in SD-UHS voltage switch (git-fixes). - mmc: moxart: fix 4-bit bus width and remove 8-bit bus width (git-fixes). - mmc: sdhci-msm: add compatible string check for sdm670 (git-fixes). - mmc: sdhci-sprd: Fix minimum clock limit (git-fixes). - mmc: wmt-sdmmc: Fix an error handling path in wmt_mci_probe() (git-fixes). - mtd: devices: docg3: check the return value of devm_ioremap() in the probe (git-fixes). - mtd: rawnand: atmel: Unmap streaming DMA mappings (git-fixes). - mtd: rawnand: marvell: Use correct logic for nand-keep-config (git-fixes). - mtd: rawnand: meson: fix bit map use in meson_nfc_ecc_correct() (git-fixes). - net/ieee802154: fix uninit value bug in dgram_sendmsg (git-fixes). - net: ieee802154: return -EINVAL for unknown addr type (git-fixes). - net: usb: qmi_wwan: Add new usb-id for Dell branded EM7455 (git-fixes). - net: usb: qmi_wwan: Add new usb-id for Dell branded EM7455 (git-fixes). - net: usb: qmi_wwan: add Quectel RM520N (git-fixes). - openvswitch: Fix double reporting of drops in dropwatch (git-fixes). - openvswitch: Fix overreporting of drops in dropwatch (git-fixes). - openvswitch: switch from WARN to pr_warn (git-fixes). - padata: introduce internal padata_get/put_pd() helpers (bsc#1202638). - padata: make padata_free_shell() to respect pd's ->refcnt (bsc#1202638). - parisc/sticon: fix reverse colors (bsc#1152489) Backporting notes: * context changes - parisc: parisc-agp requires SBA IOMMU driver (bsc#1152489) - phy: qualcomm: call clk_disable_unprepare in the error handling (git-fixes). - pinctrl: armada-37xx: Add missing GPIO-only pins (git-fixes). - pinctrl: armada-37xx: Checks for errors in gpio_request_enable callback (git-fixes). - pinctrl: armada-37xx: Fix definitions for MPP pins 20-22 (git-fixes). - pinctrl: rockchip: add pinmux_ops.gpio_set_direction callback (git-fixes). - platform/x86: msi-laptop: Change DMI match / alias strings to fix module autoloading (git-fixes). - platform/x86: msi-laptop: Fix old-ec check for backlight registering (git-fixes). - platform/x86: msi-laptop: Fix resource cleanup (git-fixes). - power: supply: adp5061: fix out-of-bounds read in adp5061_get_chg_type() (git-fixes). - powerpc/64: Remove unused SYS_CALL_TABLE symbol (jsc#SLE-9246 git-fixes). - powerpc/fadump: align destination address to pagesize (bsc#1204728 ltc#200074). - powerpc/kprobes: Fix null pointer reference in arch_prepare_kprobe() (jsc#SLE-13847 git-fixes). - powerpc/mm/64s: Drop pgd_huge() (bsc#1065729). - powerpc/mm: remove pmd_huge/pud_huge stubs and include hugetlb.h (bsc#1065729). - powerpc/pci_dn: Add missing of_node_put() (bsc#1065729). - powerpc/powernv: add missing of_node_put() in opal_export_attrs() (bsc#1065729). - powerpc/pseries: Interface to represent PAPR firmware attributes (bsc#1200465 ltc#197256 jsc#PED-1931). - quota: widen timestamps for the fs_disk_quota structure (bsc#1203387). - regulator: pfuze100: Fix the global-out-of-bounds access in pfuze100_regulator_probe() (git-fixes). - regulator: qcom_rpm: Fix circular deferral regression (git-fixes). - reset: imx7: Fix the iMX8MP PCIe PHY PERST support (git-fixes). - rpmsg: qcom: glink: replace strncpy() with strscpy_pad() (git-fixes). - rtc: stmp3xxx: Add failure handling for stmp3xxx_wdt_register() (git-fixes). - s390/hypfs: avoid error message under KVM (bsc#1032323). - sbitmap: Avoid leaving waitqueue in invalid state in __sbq_wake_up() (git-fixes). - sbitmap: fix possible io hung due to lost wakeup (git-fixes). - scsi: libsas: Fix use-after-free bug in smp_execute_task_sg() (git-fixes). - scsi: mpt3sas: Fix return value check of dma_get_required_mask() (git-fixes). - scsi: qla2xxx: Fix disk failure to rediscover (git-fixes). - selftest/powerpc: Add PAPR sysfs attributes sniff test (bsc#1200465 ltc#197256 jsc#PED-1931). - selftests/powerpc: Skip energy_scale_info test on older firmware (git-fixes). - serial: Create uart_xmit_advance() (git-fixes). - serial: tegra-tcu: Use uart_xmit_advance(), fixes icount.tx accounting (git-fixes). - serial: tegra: Use uart_xmit_advance(), fixes icount.tx accounting (git-fixes). - soc: qcom: smem_state: Add refcounting for the 'state->of_node' (git-fixes). - soc: qcom: smsm: Fix refcount leak bugs in qcom_smsm_probe() (git-fixes). - soc: sunxi: sram: Actually claim SRAM regions (git-fixes). - soc: sunxi: sram: Fix debugfs info for A64 SRAM C (git-fixes). - soc: sunxi: sram: Prevent the driver from being unbound (git-fixes). - soc: sunxi_sram: Make use of the helper function devm_platform_ioremap_resource() (git-fixes). - spi/omap100k:Fix PM disable depth imbalance in omap1_spi100k_probe (git-fixes). - spi: mt7621: Fix an error message in mt7621_spi_probe() (git-fixes). - spi: qup: add missing clk_disable_unprepare on error in spi_qup_pm_resume_runtime() (git-fixes). - spi: qup: add missing clk_disable_unprepare on error in spi_qup_resume() (git-fixes). - spi: s3c64xx: Fix large transfers with DMA (git-fixes). - staging: rtl8723bs: fix a potential memory leak in rtw_init_cmd_priv() (git-fixes). - staging: vt6655: fix potential memory leak (git-fixes). - staging: vt6655: fix some erroneous memory clean-up loops (git-fixes). - struct pci_config_window kABI workaround (bsc#1204382). - thermal: intel_powerclamp: Use first online CPU as control_cpu (git-fixes). - thermal: intel_powerclamp: Use get_cpu() instead of smp_processor_id() to avoid crash (git-fixes). - tty/serial: atmel: RS485 & ISO7816: wait for TXRDY before sending data (git-fixes). - tty: serial: fsl_lpuart: disable dma rx/tx use flags in lpuart_dma_shutdown (git-fixes). - tty: xilinx_uartps: Fix the ignore_status (git-fixes). - uas: add no-uas quirk for Hiksemi usb_disk (git-fixes). - uas: ignore UAS for Thinkplus chips (git-fixes). - usb-storage: Add Hiksemi USB3-FW to IGNORE_UAS (git-fixes). - usb: add quirks for Lenovo OneLink+ Dock (git-fixes). - usb: add quirks for Lenovo OneLink+ Dock (git-fixes). - usb: bdc: change state when port disconnected (git-fixes). - usb: dwc3: gadget: Avoid starting DWC3 gadget during UDC unbind (git-fixes). - usb: dwc3: gadget: Do not set IMI for no_interrupt (git-fixes). - usb: dwc3: gadget: Prevent repeat pullup() (git-fixes). - usb: dwc3: gadget: Stop processing more requests on IMI (git-fixes). - usb: gadget: function: fix dangling pnp_string in f_printer.c (git-fixes). - usb: host: xhci: Fix potential memory leak in xhci_alloc_stream_info() (git-fixes). - usb: idmouse: fix an uninit-value in idmouse_open (git-fixes). - usb: mon: make mmapped memory read only (git-fixes). - usb: musb: Fix musb_gadget.c rxstate overflow bug (git-fixes). - usb: typec: ucsi: Remove incorrect warning (git-fixes). - usb: xhci-mtk: add a function to (un)load bandwidth info (git-fixes). - usb: xhci-mtk: add only one extra CS for FS/LS INTR (git-fixes). - usb: xhci-mtk: add some schedule error number (git-fixes). - usb: xhci-mtk: fix issue of out-of-bounds array access (git-fixes). - usb: xhci-mtk: get the microframe boundary for ESIT (git-fixes). - usb: xhci-mtk: use @sch_tt to check whether need do TT schedule (git-fixes). - vhost/vsock: Use kvmalloc/kvfree for larger packets (git-fixes). - video: fbdev: pxa3xx-gcu: Fix integer overflow in pxa3xx_gcu_write (git-fixes). - watchdog: armada_37xx_wdt: Fix .set_timeout callback (git-fixes). - watchdog: ftwdt010_wdt: fix test for platform_get_irq() failure (git-fixes). - wifi: ath10k: add peer map clean up for peer delete in ath10k_sta_state() (git-fixes). - wifi: ath9k: avoid uninit memory read in ath9k_htc_rx_msg() (git-fixes). - wifi: brcmfmac: fix invalid address access when enabling SCAN log level (git-fixes). - wifi: brcmfmac: fix use-after-free bug in brcmf_netdev_start_xmit() (git-fixes). - wifi: cfg80211: update hidden BSSes to avoid WARN_ON (git-fixes). - wifi: iwlwifi: mvm: fix double list_add at iwl_mvm_mac_wake_tx_queue (other cases) (git-fixes). - wifi: mac80211: Fix UAF in ieee80211_scan_rx() (git-fixes). - wifi: mac80211: allow bw change during channel switch in mesh (git-fixes). - wifi: mac80211: do not drop packets smaller than the LLC-SNAP header on fast-rx (git-fixes). - wifi: mac80211_hwsim: avoid mac80211 warning on bad rate (git-fixes). - wifi: rt2x00: correctly set BBP register 86 for MT7620 (git-fixes). - wifi: rt2x00: do not run Rt5592 IQ calibration on MT7620 (git-fixes). - wifi: rt2x00: set SoC wmac clock register (git-fixes). - wifi: rt2x00: set VGC gain for both chains of MT7620 (git-fixes). - wifi: rt2x00: set correct TX_SW_CFG1 MAC register for MT7620 (git-fixes). - wifi: rtl8xxxu: Fix AIFS written to REG_EDCA_*_PARAM (git-fixes). - wifi: rtl8xxxu: Fix skb misuse in TX queue selection (git-fixes). - wifi: rtl8xxxu: Improve rtl8xxxu_queue_select (git-fixes). - wifi: rtl8xxxu: Remove copy-paste leftover in gen2_update_rate_mask (git-fixes). - wifi: rtl8xxxu: gen2: Fix mistake in path B IQ calibration (git-fixes). - wifi: rtl8xxxu: tighten bounds checking in rtl8xxxu_read_efuse() (git-fixes). - xfs: add missing assert in xfs_fsmap_owner_from_rmap (git-fixes). - xfs: enable big timestamps (bsc#1203387). - xfs: enable new inode btree counters feature (bsc#1203387). - xfs: explicitly define inode timestamp range (bsc#1203387). - xfs: fix memory corruption during remote attr value buffer invalidation (git-fixes). - xfs: fix s_maxbytes computation on 32-bit kernels (git-fixes). - xfs: hoist out xfs_resizefs_init_new_ags() (git-fixes). - xfs: move incore structures out of xfs_da_format.h (git-fixes). - xfs: quota: move to time64_t interfaces (bsc#1203387). - xfs: redefine xfs_ictimestamp_t (bsc#1203387). - xfs: redefine xfs_timestamp_t (bsc#1203387). - xfs: refactor remote attr value buffer invalidation (git-fixes). - xfs: remove obsolete AGF counter debugging (git-fixes). - xfs: rename `new' to `delta' in xfs_growfs_data_private() (git-fixes). - xfs: reserve data and rt quota at the same time (bsc#1203496). - xfs: slightly tweak an assert in xfs_fs_map_blocks (git-fixes). - xfs: store inode btree block counts in AGI header (bsc#1203387). - xfs: streamline xfs_attr3_leaf_inactive (git-fixes). - xfs: use a struct timespec64 for the in-core crtime (bsc#1203387). - xfs: use the finobt block counts to speed up mount times (bsc#1203387). - xfs: widen ondisk inode timestamps to deal with y2038+ (bsc#1203387). - xfs: widen ondisk quota expiration timestamps to handle y2038+ (bsc#1203387). - xhci: Do not show warning for reinit on known broken suspend (git-fixes). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap Micro 5.2: zypper in -t patch openSUSE-Leap-Micro-5.2-2022-4053=1 - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-4053=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-4053=1 - SUSE Linux Enterprise Workstation Extension 15-SP3: zypper in -t patch SUSE-SLE-Product-WE-15-SP3-2022-4053=1 - SUSE Linux Enterprise Module for Live Patching 15-SP3: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2022-4053=1 Please note that this is the initial kernel livepatch without fixes itself, this livepatch package is later updated by seperate standalone livepatch updates. - SUSE Linux Enterprise Module for Legacy Software 15-SP3: zypper in -t patch SUSE-SLE-Module-Legacy-15-SP3-2022-4053=1 - SUSE Linux Enterprise Module for Development Tools 15-SP3: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2022-4053=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-4053=1 - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-4053=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-4053=1 - SUSE Linux Enterprise High Availability 15-SP3: zypper in -t patch SUSE-SLE-Product-HA-15-SP3-2022-4053=1 Package List: - openSUSE Leap Micro 5.2 (aarch64 x86_64): kernel-default-5.3.18-150300.59.101.1 kernel-default-base-5.3.18-150300.59.101.1.150300.18.58.1 kernel-default-debuginfo-5.3.18-150300.59.101.1 kernel-default-debugsource-5.3.18-150300.59.101.1 - openSUSE Leap 15.4 (aarch64): dtb-al-5.3.18-150300.59.101.1 dtb-zte-5.3.18-150300.59.101.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): cluster-md-kmp-default-5.3.18-150300.59.101.1 cluster-md-kmp-default-debuginfo-5.3.18-150300.59.101.1 dlm-kmp-default-5.3.18-150300.59.101.1 dlm-kmp-default-debuginfo-5.3.18-150300.59.101.1 gfs2-kmp-default-5.3.18-150300.59.101.1 gfs2-kmp-default-debuginfo-5.3.18-150300.59.101.1 kernel-default-5.3.18-150300.59.101.1 kernel-default-base-5.3.18-150300.59.101.1.150300.18.58.1 kernel-default-base-rebuild-5.3.18-150300.59.101.1.150300.18.58.1 kernel-default-debuginfo-5.3.18-150300.59.101.1 kernel-default-debugsource-5.3.18-150300.59.101.1 kernel-default-devel-5.3.18-150300.59.101.1 kernel-default-devel-debuginfo-5.3.18-150300.59.101.1 kernel-default-extra-5.3.18-150300.59.101.1 kernel-default-extra-debuginfo-5.3.18-150300.59.101.1 kernel-default-livepatch-5.3.18-150300.59.101.1 kernel-default-livepatch-devel-5.3.18-150300.59.101.1 kernel-default-optional-5.3.18-150300.59.101.1 kernel-default-optional-debuginfo-5.3.18-150300.59.101.1 kernel-obs-build-5.3.18-150300.59.101.1 kernel-obs-build-debugsource-5.3.18-150300.59.101.1 kernel-obs-qa-5.3.18-150300.59.101.1 kernel-syms-5.3.18-150300.59.101.1 kselftests-kmp-default-5.3.18-150300.59.101.1 kselftests-kmp-default-debuginfo-5.3.18-150300.59.101.1 ocfs2-kmp-default-5.3.18-150300.59.101.1 ocfs2-kmp-default-debuginfo-5.3.18-150300.59.101.1 reiserfs-kmp-default-5.3.18-150300.59.101.1 reiserfs-kmp-default-debuginfo-5.3.18-150300.59.101.1 - openSUSE Leap 15.3 (aarch64 x86_64): cluster-md-kmp-preempt-5.3.18-150300.59.101.1 cluster-md-kmp-preempt-debuginfo-5.3.18-150300.59.101.1 dlm-kmp-preempt-5.3.18-150300.59.101.1 dlm-kmp-preempt-debuginfo-5.3.18-150300.59.101.1 gfs2-kmp-preempt-5.3.18-150300.59.101.1 gfs2-kmp-preempt-debuginfo-5.3.18-150300.59.101.1 kernel-preempt-5.3.18-150300.59.101.1 kernel-preempt-debuginfo-5.3.18-150300.59.101.1 kernel-preempt-debugsource-5.3.18-150300.59.101.1 kernel-preempt-devel-5.3.18-150300.59.101.1 kernel-preempt-devel-debuginfo-5.3.18-150300.59.101.1 kernel-preempt-extra-5.3.18-150300.59.101.1 kernel-preempt-extra-debuginfo-5.3.18-150300.59.101.1 kernel-preempt-livepatch-devel-5.3.18-150300.59.101.1 kernel-preempt-optional-5.3.18-150300.59.101.1 kernel-preempt-optional-debuginfo-5.3.18-150300.59.101.1 kselftests-kmp-preempt-5.3.18-150300.59.101.1 kselftests-kmp-preempt-debuginfo-5.3.18-150300.59.101.1 ocfs2-kmp-preempt-5.3.18-150300.59.101.1 ocfs2-kmp-preempt-debuginfo-5.3.18-150300.59.101.1 reiserfs-kmp-preempt-5.3.18-150300.59.101.1 reiserfs-kmp-preempt-debuginfo-5.3.18-150300.59.101.1 - openSUSE Leap 15.3 (ppc64le x86_64): kernel-debug-5.3.18-150300.59.101.1 kernel-debug-debuginfo-5.3.18-150300.59.101.1 kernel-debug-debugsource-5.3.18-150300.59.101.1 kernel-debug-devel-5.3.18-150300.59.101.1 kernel-debug-devel-debuginfo-5.3.18-150300.59.101.1 kernel-debug-livepatch-devel-5.3.18-150300.59.101.1 kernel-kvmsmall-5.3.18-150300.59.101.1 kernel-kvmsmall-debuginfo-5.3.18-150300.59.101.1 kernel-kvmsmall-debugsource-5.3.18-150300.59.101.1 kernel-kvmsmall-devel-5.3.18-150300.59.101.1 kernel-kvmsmall-devel-debuginfo-5.3.18-150300.59.101.1 kernel-kvmsmall-livepatch-devel-5.3.18-150300.59.101.1 - openSUSE Leap 15.3 (aarch64): cluster-md-kmp-64kb-5.3.18-150300.59.101.1 cluster-md-kmp-64kb-debuginfo-5.3.18-150300.59.101.1 dlm-kmp-64kb-5.3.18-150300.59.101.1 dlm-kmp-64kb-debuginfo-5.3.18-150300.59.101.1 dtb-al-5.3.18-150300.59.101.1 dtb-allwinner-5.3.18-150300.59.101.1 dtb-altera-5.3.18-150300.59.101.1 dtb-amd-5.3.18-150300.59.101.1 dtb-amlogic-5.3.18-150300.59.101.1 dtb-apm-5.3.18-150300.59.101.1 dtb-arm-5.3.18-150300.59.101.1 dtb-broadcom-5.3.18-150300.59.101.1 dtb-cavium-5.3.18-150300.59.101.1 dtb-exynos-5.3.18-150300.59.101.1 dtb-freescale-5.3.18-150300.59.101.1 dtb-hisilicon-5.3.18-150300.59.101.1 dtb-lg-5.3.18-150300.59.101.1 dtb-marvell-5.3.18-150300.59.101.1 dtb-mediatek-5.3.18-150300.59.101.1 dtb-nvidia-5.3.18-150300.59.101.1 dtb-qcom-5.3.18-150300.59.101.1 dtb-renesas-5.3.18-150300.59.101.1 dtb-rockchip-5.3.18-150300.59.101.1 dtb-socionext-5.3.18-150300.59.101.1 dtb-sprd-5.3.18-150300.59.101.1 dtb-xilinx-5.3.18-150300.59.101.1 dtb-zte-5.3.18-150300.59.101.1 gfs2-kmp-64kb-5.3.18-150300.59.101.1 gfs2-kmp-64kb-debuginfo-5.3.18-150300.59.101.1 kernel-64kb-5.3.18-150300.59.101.1 kernel-64kb-debuginfo-5.3.18-150300.59.101.1 kernel-64kb-debugsource-5.3.18-150300.59.101.1 kernel-64kb-devel-5.3.18-150300.59.101.1 kernel-64kb-devel-debuginfo-5.3.18-150300.59.101.1 kernel-64kb-extra-5.3.18-150300.59.101.1 kernel-64kb-extra-debuginfo-5.3.18-150300.59.101.1 kernel-64kb-livepatch-devel-5.3.18-150300.59.101.1 kernel-64kb-optional-5.3.18-150300.59.101.1 kernel-64kb-optional-debuginfo-5.3.18-150300.59.101.1 kselftests-kmp-64kb-5.3.18-150300.59.101.1 kselftests-kmp-64kb-debuginfo-5.3.18-150300.59.101.1 ocfs2-kmp-64kb-5.3.18-150300.59.101.1 ocfs2-kmp-64kb-debuginfo-5.3.18-150300.59.101.1 reiserfs-kmp-64kb-5.3.18-150300.59.101.1 reiserfs-kmp-64kb-debuginfo-5.3.18-150300.59.101.1 - openSUSE Leap 15.3 (noarch): kernel-devel-5.3.18-150300.59.101.1 kernel-docs-5.3.18-150300.59.101.1 kernel-docs-html-5.3.18-150300.59.101.1 kernel-macros-5.3.18-150300.59.101.1 kernel-source-5.3.18-150300.59.101.1 kernel-source-vanilla-5.3.18-150300.59.101.1 - openSUSE Leap 15.3 (s390x): kernel-zfcpdump-5.3.18-150300.59.101.1 kernel-zfcpdump-debuginfo-5.3.18-150300.59.101.1 kernel-zfcpdump-debugsource-5.3.18-150300.59.101.1 - SUSE Linux Enterprise Workstation Extension 15-SP3 (x86_64): kernel-default-debuginfo-5.3.18-150300.59.101.1 kernel-default-debugsource-5.3.18-150300.59.101.1 kernel-default-extra-5.3.18-150300.59.101.1 kernel-default-extra-debuginfo-5.3.18-150300.59.101.1 kernel-preempt-debuginfo-5.3.18-150300.59.101.1 kernel-preempt-debugsource-5.3.18-150300.59.101.1 kernel-preempt-extra-5.3.18-150300.59.101.1 kernel-preempt-extra-debuginfo-5.3.18-150300.59.101.1 - SUSE Linux Enterprise Module for Live Patching 15-SP3 (ppc64le s390x x86_64): kernel-default-debuginfo-5.3.18-150300.59.101.1 kernel-default-debugsource-5.3.18-150300.59.101.1 kernel-default-livepatch-5.3.18-150300.59.101.1 kernel-default-livepatch-devel-5.3.18-150300.59.101.1 kernel-livepatch-5_3_18-150300_59_101-default-1-150300.7.3.1 - SUSE Linux Enterprise Module for Legacy Software 15-SP3 (aarch64 ppc64le s390x x86_64): kernel-default-debuginfo-5.3.18-150300.59.101.1 kernel-default-debugsource-5.3.18-150300.59.101.1 reiserfs-kmp-default-5.3.18-150300.59.101.1 reiserfs-kmp-default-debuginfo-5.3.18-150300.59.101.1 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 ppc64le s390x x86_64): kernel-obs-build-5.3.18-150300.59.101.1 kernel-obs-build-debugsource-5.3.18-150300.59.101.1 kernel-syms-5.3.18-150300.59.101.1 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 x86_64): kernel-preempt-debuginfo-5.3.18-150300.59.101.1 kernel-preempt-debugsource-5.3.18-150300.59.101.1 kernel-preempt-devel-5.3.18-150300.59.101.1 kernel-preempt-devel-debuginfo-5.3.18-150300.59.101.1 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (noarch): kernel-docs-5.3.18-150300.59.101.1 kernel-source-5.3.18-150300.59.101.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): kernel-default-5.3.18-150300.59.101.1 kernel-default-base-5.3.18-150300.59.101.1.150300.18.58.1 kernel-default-debuginfo-5.3.18-150300.59.101.1 kernel-default-debugsource-5.3.18-150300.59.101.1 kernel-default-devel-5.3.18-150300.59.101.1 kernel-default-devel-debuginfo-5.3.18-150300.59.101.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 x86_64): kernel-preempt-5.3.18-150300.59.101.1 kernel-preempt-debuginfo-5.3.18-150300.59.101.1 kernel-preempt-debugsource-5.3.18-150300.59.101.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64): kernel-64kb-5.3.18-150300.59.101.1 kernel-64kb-debuginfo-5.3.18-150300.59.101.1 kernel-64kb-debugsource-5.3.18-150300.59.101.1 kernel-64kb-devel-5.3.18-150300.59.101.1 kernel-64kb-devel-debuginfo-5.3.18-150300.59.101.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch): kernel-devel-5.3.18-150300.59.101.1 kernel-macros-5.3.18-150300.59.101.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (s390x): kernel-zfcpdump-5.3.18-150300.59.101.1 kernel-zfcpdump-debuginfo-5.3.18-150300.59.101.1 kernel-zfcpdump-debugsource-5.3.18-150300.59.101.1 - SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64): kernel-default-5.3.18-150300.59.101.1 kernel-default-base-5.3.18-150300.59.101.1.150300.18.58.1 kernel-default-debuginfo-5.3.18-150300.59.101.1 kernel-default-debugsource-5.3.18-150300.59.101.1 - SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64): kernel-default-5.3.18-150300.59.101.1 kernel-default-base-5.3.18-150300.59.101.1.150300.18.58.1 kernel-default-debuginfo-5.3.18-150300.59.101.1 kernel-default-debugsource-5.3.18-150300.59.101.1 - SUSE Linux Enterprise High Availability 15-SP3 (aarch64 ppc64le s390x x86_64): cluster-md-kmp-default-5.3.18-150300.59.101.1 cluster-md-kmp-default-debuginfo-5.3.18-150300.59.101.1 dlm-kmp-default-5.3.18-150300.59.101.1 dlm-kmp-default-debuginfo-5.3.18-150300.59.101.1 gfs2-kmp-default-5.3.18-150300.59.101.1 gfs2-kmp-default-debuginfo-5.3.18-150300.59.101.1 kernel-default-debuginfo-5.3.18-150300.59.101.1 kernel-default-debugsource-5.3.18-150300.59.101.1 ocfs2-kmp-default-5.3.18-150300.59.101.1 ocfs2-kmp-default-debuginfo-5.3.18-150300.59.101.1 References: https://www.suse.com/security/cve/CVE-2021-4037.html https://www.suse.com/security/cve/CVE-2022-2153.html https://www.suse.com/security/cve/CVE-2022-2964.html https://www.suse.com/security/cve/CVE-2022-2978.html https://www.suse.com/security/cve/CVE-2022-3176.html https://www.suse.com/security/cve/CVE-2022-3424.html https://www.suse.com/security/cve/CVE-2022-3521.html https://www.suse.com/security/cve/CVE-2022-3524.html https://www.suse.com/security/cve/CVE-2022-3535.html https://www.suse.com/security/cve/CVE-2022-3542.html https://www.suse.com/security/cve/CVE-2022-3545.html https://www.suse.com/security/cve/CVE-2022-3565.html https://www.suse.com/security/cve/CVE-2022-3577.html https://www.suse.com/security/cve/CVE-2022-3586.html https://www.suse.com/security/cve/CVE-2022-3594.html https://www.suse.com/security/cve/CVE-2022-3621.html https://www.suse.com/security/cve/CVE-2022-3625.html https://www.suse.com/security/cve/CVE-2022-3629.html https://www.suse.com/security/cve/CVE-2022-3640.html https://www.suse.com/security/cve/CVE-2022-3646.html https://www.suse.com/security/cve/CVE-2022-3649.html https://www.suse.com/security/cve/CVE-2022-39189.html https://www.suse.com/security/cve/CVE-2022-42703.html https://www.suse.com/security/cve/CVE-2022-43750.html https://bugzilla.suse.com/1032323 https://bugzilla.suse.com/1065729 https://bugzilla.suse.com/1152489 https://bugzilla.suse.com/1198702 https://bugzilla.suse.com/1200465 https://bugzilla.suse.com/1200788 https://bugzilla.suse.com/1201725 https://bugzilla.suse.com/1202638 https://bugzilla.suse.com/1202686 https://bugzilla.suse.com/1202700 https://bugzilla.suse.com/1203066 https://bugzilla.suse.com/1203098 https://bugzilla.suse.com/1203387 https://bugzilla.suse.com/1203391 https://bugzilla.suse.com/1203496 https://bugzilla.suse.com/1203802 https://bugzilla.suse.com/1204053 https://bugzilla.suse.com/1204166 https://bugzilla.suse.com/1204168 https://bugzilla.suse.com/1204354 https://bugzilla.suse.com/1204355 https://bugzilla.suse.com/1204382 https://bugzilla.suse.com/1204402 https://bugzilla.suse.com/1204415 https://bugzilla.suse.com/1204417 https://bugzilla.suse.com/1204431 https://bugzilla.suse.com/1204439 https://bugzilla.suse.com/1204470 https://bugzilla.suse.com/1204479 https://bugzilla.suse.com/1204574 https://bugzilla.suse.com/1204575 https://bugzilla.suse.com/1204619 https://bugzilla.suse.com/1204635 https://bugzilla.suse.com/1204637 https://bugzilla.suse.com/1204646 https://bugzilla.suse.com/1204647 https://bugzilla.suse.com/1204653 https://bugzilla.suse.com/1204728 https://bugzilla.suse.com/1204753 https://bugzilla.suse.com/1204754 From sle-updates at lists.suse.com Thu Nov 17 20:27:51 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 17 Nov 2022 21:27:51 +0100 (CET) Subject: SUSE-SU-2022:4056-1: moderate: Security update for systemd Message-ID: <20221117202751.C5821F3D4@maintenance.suse.de> SUSE Security Update: Security update for systemd ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:4056-1 Rating: moderate References: #1204179 #1204968 Cross-References: CVE-2022-3821 CVSS scores: CVE-2022-3821 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3821 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE Enterprise Storage 7.1 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 openSUSE Leap 15.4 openSUSE Leap Micro 5.2 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for systemd fixes the following issues: - CVE-2022-3821: Fixed buffer overrun in format_timespan() function (bsc#1204968). - Import commit 56bee38fd0da18dad5fc5c5d12c02238a22b50e2 * 8a70235d8a core: Add trigger limit for path units * 93e544f3a0 core/mount: also add default before dependency for automount mount units * 5916a7748c logind: fix crash in logind on user-specified message string - Document udev naming scheme (bsc#1204179). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap Micro 5.2: zypper in -t patch openSUSE-Leap-Micro-5.2-2022-4056=1 - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-4056=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-4056=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-4056=1 - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-4056=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-4056=1 Package List: - openSUSE Leap Micro 5.2 (aarch64 x86_64): libsystemd0-246.16-150300.7.54.1 libsystemd0-debuginfo-246.16-150300.7.54.1 libudev1-246.16-150300.7.54.1 libudev1-debuginfo-246.16-150300.7.54.1 systemd-246.16-150300.7.54.1 systemd-container-246.16-150300.7.54.1 systemd-container-debuginfo-246.16-150300.7.54.1 systemd-debuginfo-246.16-150300.7.54.1 systemd-debugsource-246.16-150300.7.54.1 systemd-journal-remote-246.16-150300.7.54.1 systemd-journal-remote-debuginfo-246.16-150300.7.54.1 systemd-sysvinit-246.16-150300.7.54.1 udev-246.16-150300.7.54.1 udev-debuginfo-246.16-150300.7.54.1 - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): nss-mymachines-246.16-150300.7.54.1 nss-mymachines-debuginfo-246.16-150300.7.54.1 nss-resolve-246.16-150300.7.54.1 nss-resolve-debuginfo-246.16-150300.7.54.1 systemd-logger-246.16-150300.7.54.1 - openSUSE Leap 15.4 (x86_64): nss-mymachines-32bit-246.16-150300.7.54.1 nss-mymachines-32bit-debuginfo-246.16-150300.7.54.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): libsystemd0-246.16-150300.7.54.1 libsystemd0-debuginfo-246.16-150300.7.54.1 libudev-devel-246.16-150300.7.54.1 libudev1-246.16-150300.7.54.1 libudev1-debuginfo-246.16-150300.7.54.1 nss-myhostname-246.16-150300.7.54.1 nss-myhostname-debuginfo-246.16-150300.7.54.1 nss-mymachines-246.16-150300.7.54.1 nss-mymachines-debuginfo-246.16-150300.7.54.1 nss-resolve-246.16-150300.7.54.1 nss-resolve-debuginfo-246.16-150300.7.54.1 nss-systemd-246.16-150300.7.54.1 nss-systemd-debuginfo-246.16-150300.7.54.1 systemd-246.16-150300.7.54.1 systemd-container-246.16-150300.7.54.1 systemd-container-debuginfo-246.16-150300.7.54.1 systemd-coredump-246.16-150300.7.54.1 systemd-coredump-debuginfo-246.16-150300.7.54.1 systemd-debuginfo-246.16-150300.7.54.1 systemd-debugsource-246.16-150300.7.54.1 systemd-devel-246.16-150300.7.54.1 systemd-doc-246.16-150300.7.54.1 systemd-journal-remote-246.16-150300.7.54.1 systemd-journal-remote-debuginfo-246.16-150300.7.54.1 systemd-logger-246.16-150300.7.54.1 systemd-network-246.16-150300.7.54.1 systemd-network-debuginfo-246.16-150300.7.54.1 systemd-sysvinit-246.16-150300.7.54.1 udev-246.16-150300.7.54.1 udev-debuginfo-246.16-150300.7.54.1 - openSUSE Leap 15.3 (x86_64): libsystemd0-32bit-246.16-150300.7.54.1 libsystemd0-32bit-debuginfo-246.16-150300.7.54.1 libudev-devel-32bit-246.16-150300.7.54.1 libudev1-32bit-246.16-150300.7.54.1 libudev1-32bit-debuginfo-246.16-150300.7.54.1 nss-myhostname-32bit-246.16-150300.7.54.1 nss-myhostname-32bit-debuginfo-246.16-150300.7.54.1 nss-mymachines-32bit-246.16-150300.7.54.1 nss-mymachines-32bit-debuginfo-246.16-150300.7.54.1 systemd-32bit-246.16-150300.7.54.1 systemd-32bit-debuginfo-246.16-150300.7.54.1 - openSUSE Leap 15.3 (noarch): systemd-lang-246.16-150300.7.54.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): libsystemd0-246.16-150300.7.54.1 libsystemd0-debuginfo-246.16-150300.7.54.1 libudev-devel-246.16-150300.7.54.1 libudev1-246.16-150300.7.54.1 libudev1-debuginfo-246.16-150300.7.54.1 systemd-246.16-150300.7.54.1 systemd-container-246.16-150300.7.54.1 systemd-container-debuginfo-246.16-150300.7.54.1 systemd-coredump-246.16-150300.7.54.1 systemd-coredump-debuginfo-246.16-150300.7.54.1 systemd-debuginfo-246.16-150300.7.54.1 systemd-debugsource-246.16-150300.7.54.1 systemd-devel-246.16-150300.7.54.1 systemd-doc-246.16-150300.7.54.1 systemd-journal-remote-246.16-150300.7.54.1 systemd-journal-remote-debuginfo-246.16-150300.7.54.1 systemd-sysvinit-246.16-150300.7.54.1 udev-246.16-150300.7.54.1 udev-debuginfo-246.16-150300.7.54.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (x86_64): libsystemd0-32bit-246.16-150300.7.54.1 libsystemd0-32bit-debuginfo-246.16-150300.7.54.1 libudev1-32bit-246.16-150300.7.54.1 libudev1-32bit-debuginfo-246.16-150300.7.54.1 systemd-32bit-246.16-150300.7.54.1 systemd-32bit-debuginfo-246.16-150300.7.54.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch): systemd-lang-246.16-150300.7.54.1 - SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64): libsystemd0-246.16-150300.7.54.1 libsystemd0-debuginfo-246.16-150300.7.54.1 libudev1-246.16-150300.7.54.1 libudev1-debuginfo-246.16-150300.7.54.1 systemd-246.16-150300.7.54.1 systemd-container-246.16-150300.7.54.1 systemd-container-debuginfo-246.16-150300.7.54.1 systemd-debuginfo-246.16-150300.7.54.1 systemd-debugsource-246.16-150300.7.54.1 systemd-journal-remote-246.16-150300.7.54.1 systemd-journal-remote-debuginfo-246.16-150300.7.54.1 systemd-sysvinit-246.16-150300.7.54.1 udev-246.16-150300.7.54.1 udev-debuginfo-246.16-150300.7.54.1 - SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64): libsystemd0-246.16-150300.7.54.1 libsystemd0-debuginfo-246.16-150300.7.54.1 libudev1-246.16-150300.7.54.1 libudev1-debuginfo-246.16-150300.7.54.1 systemd-246.16-150300.7.54.1 systemd-container-246.16-150300.7.54.1 systemd-container-debuginfo-246.16-150300.7.54.1 systemd-debuginfo-246.16-150300.7.54.1 systemd-debugsource-246.16-150300.7.54.1 systemd-journal-remote-246.16-150300.7.54.1 systemd-journal-remote-debuginfo-246.16-150300.7.54.1 systemd-sysvinit-246.16-150300.7.54.1 udev-246.16-150300.7.54.1 udev-debuginfo-246.16-150300.7.54.1 References: https://www.suse.com/security/cve/CVE-2022-3821.html https://bugzilla.suse.com/1204179 https://bugzilla.suse.com/1204968 From sle-updates at lists.suse.com Thu Nov 17 20:28:45 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 17 Nov 2022 21:28:45 +0100 (CET) Subject: SUSE-SU-2022:4057-1: Security update for python-Twisted Message-ID: <20221117202845.EBB4FF3D4@maintenance.suse.de> SUSE Security Update: Security update for python-Twisted ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:4057-1 Rating: low References: #1204781 Cross-References: CVE-2022-39348 CVSS scores: CVE-2022-39348 (NVD) : 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2022-39348 (SUSE): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L Affected Products: SUSE Enterprise Storage 7.1 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 SUSE Linux Enterprise Module for Server Applications 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for python-Twisted fixes the following issues: - CVE-2022-39348: Fixed NameVirtualHost Host header injection (bsc#1204781). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-4057=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-4057=1 - SUSE Linux Enterprise Module for Server Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP3-2022-4057=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP3-2022-4057=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): python-Twisted-debuginfo-19.10.0-150200.3.18.1 python-Twisted-debugsource-19.10.0-150200.3.18.1 python3-Twisted-debuginfo-19.10.0-150200.3.18.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): python-Twisted-debuginfo-19.10.0-150200.3.18.1 python-Twisted-debugsource-19.10.0-150200.3.18.1 python-Twisted-doc-19.10.0-150200.3.18.1 python2-Twisted-19.10.0-150200.3.18.1 python2-Twisted-debuginfo-19.10.0-150200.3.18.1 python3-Twisted-19.10.0-150200.3.18.1 python3-Twisted-debuginfo-19.10.0-150200.3.18.1 - SUSE Linux Enterprise Module for Server Applications 15-SP3 (aarch64 ppc64le s390x x86_64): python-Twisted-debuginfo-19.10.0-150200.3.18.1 python-Twisted-debugsource-19.10.0-150200.3.18.1 python3-Twisted-19.10.0-150200.3.18.1 python3-Twisted-debuginfo-19.10.0-150200.3.18.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (aarch64 ppc64le s390x x86_64): python-Twisted-debugsource-19.10.0-150200.3.18.1 python3-Twisted-19.10.0-150200.3.18.1 python3-Twisted-debuginfo-19.10.0-150200.3.18.1 References: https://www.suse.com/security/cve/CVE-2022-39348.html https://bugzilla.suse.com/1204781 From sle-updates at lists.suse.com Thu Nov 17 20:29:29 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 17 Nov 2022 21:29:29 +0100 (CET) Subject: SUSE-OU-2022:4059-1: moderate: Optional update for ssg-apply Message-ID: <20221117202929.5DA88F3D4@maintenance.suse.de> SUSE Optional Update: Optional update for ssg-apply ______________________________________________________________________________ Announcement ID: SUSE-OU-2022:4059-1 Rating: moderate References: SLE-20927 Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has 0 optional fixes and contains one feature can now be installed. Description: This update for ssg-apply fixes the following issues: This package contains a systemd service which can be run on boot which detects and/or mitigates hardening issues from the scap-security-guide, aka ComplianceAsCode. The behaviour can be configured in the config file /etc/ssg-apply/default.conf Options: - "profile" ... Which SCAP XCCDF profile to use. The default is "stig" for the SUSE supported DISA stig profile. Other profiles from the scap-security-guide can also be selected, like "cis", "hipaa", "pci-dss" and others. - "remediate" Whether to have the service immediately fix the issues. The default is "off", if you want to enable automatic remediation, use "on". - "tailoring-file" ... default is "" (none). A tailoring file is a XML configuration file that can be used to select/deselect rules to check / remediate. The service can be enabled with: * systemctl enable ssg-apply.service Patch Instructions: To install this SUSE Optional Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-4059=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-4059=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): ssg-apply-1.0-150000.1.3.1 ssg-apply-debugsource-1.0-150000.1.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): ssg-apply-1.0-150000.1.3.1 ssg-apply-debugsource-1.0-150000.1.3.1 References: From sle-updates at lists.suse.com Thu Nov 17 20:30:11 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 17 Nov 2022 21:30:11 +0100 (CET) Subject: SUSE-SU-2022:4055-1: Security update for go1.18 Message-ID: <20221117203011.96DEDF3D4@maintenance.suse.de> SUSE Security Update: Security update for go1.18 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:4055-1 Rating: low References: #1193742 #1204941 Cross-References: CVE-2022-41716 CVSS scores: CVE-2022-41716 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVE-2022-41716 (SUSE): 0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N Affected Products: SUSE Enterprise Storage 7.1 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Development Tools 15-SP3 SUSE Linux Enterprise Module for Development Tools 15-SP4 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.2 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.2 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.2 SUSE Manager Server 4.3 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for go1.18 fixes the following issues: Update to go 1.18.8 (released 2022-11-01) (bsc#1193742): Security fixes: - CVE-2022-41716: Fixed unsanitized NUL in environment variables in syscalls, os/exec (go#56327) (bsc#1204941). Bugfixes: - runtime: lock count" fatal error when cgo is enabled (go#56308). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-4055=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-4055=1 - SUSE Linux Enterprise Module for Development Tools 15-SP4: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2022-4055=1 - SUSE Linux Enterprise Module for Development Tools 15-SP3: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2022-4055=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): go1.18-1.18.8-150000.1.37.1 go1.18-doc-1.18.8-150000.1.37.1 - openSUSE Leap 15.4 (aarch64 x86_64): go1.18-race-1.18.8-150000.1.37.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): go1.18-1.18.8-150000.1.37.1 go1.18-doc-1.18.8-150000.1.37.1 - openSUSE Leap 15.3 (aarch64 x86_64): go1.18-race-1.18.8-150000.1.37.1 - SUSE Linux Enterprise Module for Development Tools 15-SP4 (aarch64 ppc64le s390x x86_64): go1.18-1.18.8-150000.1.37.1 go1.18-doc-1.18.8-150000.1.37.1 - SUSE Linux Enterprise Module for Development Tools 15-SP4 (aarch64 x86_64): go1.18-race-1.18.8-150000.1.37.1 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 ppc64le s390x x86_64): go1.18-1.18.8-150000.1.37.1 go1.18-doc-1.18.8-150000.1.37.1 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 x86_64): go1.18-race-1.18.8-150000.1.37.1 References: https://www.suse.com/security/cve/CVE-2022-41716.html https://bugzilla.suse.com/1193742 https://bugzilla.suse.com/1204941 From sle-updates at lists.suse.com Fri Nov 18 08:21:07 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 18 Nov 2022 09:21:07 +0100 (CET) Subject: SUSE-RU-2022:4061-1: important: Recommended update for sapconf Message-ID: <20221118082107.1F67CF3CC@maintenance.suse.de> SUSE Recommended Update: Recommended update for sapconf ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:4061-1 Rating: important References: #1190736 #1190787 Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Enterprise Storage 7 SUSE Enterprise Storage 7.1 SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Server Applications 15-SP3 SUSE Linux Enterprise Module for Server Applications 15-SP4 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.1 SUSE Manager Retail Branch Server 4.2 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.1 SUSE Manager Server 4.2 SUSE Manager Server 4.3 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for sapconf fixes the following issues: - Adapt check of an active saptune service during the initial package installation to work in a chroot environment and fix the missing enablement of sapconf (bsc#1190736, bsc#1190787) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-4061=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-4061=1 - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-4061=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-4061=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-4061=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-4061=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-4061=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-4061=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-4061=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-4061=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-4061=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-4061=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2022-4061=1 - SUSE Linux Enterprise Module for Server Applications 15-SP4: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP4-2022-4061=1 - SUSE Linux Enterprise Module for Server Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP3-2022-4061=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-4061=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-4061=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-4061=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-4061=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-4061=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-4061=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-4061=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-4061=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - openSUSE Leap 15.4 (noarch): sapconf-5.0.5-150000.7.24.1 - openSUSE Leap 15.3 (noarch): sapconf-5.0.5-150000.7.24.1 - SUSE Manager Server 4.1 (noarch): sapconf-5.0.5-150000.7.24.1 - SUSE Manager Retail Branch Server 4.1 (noarch): sapconf-5.0.5-150000.7.24.1 - SUSE Manager Proxy 4.1 (noarch): sapconf-5.0.5-150000.7.24.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (noarch): sapconf-5.0.5-150000.7.24.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (noarch): sapconf-5.0.5-150000.7.24.1 - SUSE Linux Enterprise Server for SAP 15 (noarch): sapconf-5.0.5-150000.7.24.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (noarch): sapconf-5.0.5-150000.7.24.1 - SUSE Linux Enterprise Server 15-SP2-BCL (noarch): sapconf-5.0.5-150000.7.24.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (noarch): sapconf-5.0.5-150000.7.24.1 - SUSE Linux Enterprise Server 15-SP1-BCL (noarch): sapconf-5.0.5-150000.7.24.1 - SUSE Linux Enterprise Server 15-LTSS (noarch): sapconf-5.0.5-150000.7.24.1 - SUSE Linux Enterprise Module for Server Applications 15-SP4 (noarch): sapconf-5.0.5-150000.7.24.1 - SUSE Linux Enterprise Module for Server Applications 15-SP3 (noarch): sapconf-5.0.5-150000.7.24.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (noarch): sapconf-5.0.5-150000.7.24.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (noarch): sapconf-5.0.5-150000.7.24.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (noarch): sapconf-5.0.5-150000.7.24.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (noarch): sapconf-5.0.5-150000.7.24.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (noarch): sapconf-5.0.5-150000.7.24.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (noarch): sapconf-5.0.5-150000.7.24.1 - SUSE Enterprise Storage 7 (noarch): sapconf-5.0.5-150000.7.24.1 - SUSE Enterprise Storage 6 (noarch): sapconf-5.0.5-150000.7.24.1 - SUSE CaaS Platform 4.0 (noarch): sapconf-5.0.5-150000.7.24.1 References: https://bugzilla.suse.com/1190736 https://bugzilla.suse.com/1190787 From sle-updates at lists.suse.com Fri Nov 18 08:22:38 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 18 Nov 2022 09:22:38 +0100 (CET) Subject: SUSE-RU-2022:4060-1: important: Recommended update for sapconf Message-ID: <20221118082238.3CE5BF3CC@maintenance.suse.de> SUSE Recommended Update: Recommended update for sapconf ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:4060-1 Rating: important References: #1190736 #1190787 Affected Products: SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 9 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for sapconf fixes the following issues: - Adapt check of an active saptune service during the initial package installation to work in a chroot environment and fix the missing enablement of sapconf (bsc#1190736, bsc#1190787) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2022-4060=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2022-4060=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2022-4060=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-4060=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2022-4060=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2022-4060=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (noarch): sapconf-5.0.5-40.74.1 - SUSE OpenStack Cloud 9 (noarch): sapconf-5.0.5-40.74.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (noarch): sapconf-5.0.5-40.74.1 - SUSE Linux Enterprise Server 12-SP5 (noarch): sapconf-5.0.5-40.74.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (noarch): sapconf-5.0.5-40.74.1 - SUSE Linux Enterprise Server 12-SP3-BCL (noarch): sapconf-5.0.5-40.74.1 References: https://bugzilla.suse.com/1190736 https://bugzilla.suse.com/1190787 From sle-updates at lists.suse.com Fri Nov 18 08:22:39 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 18 Nov 2022 09:22:39 +0100 (CET) Subject: SUSE-CU-2022:3020-1: Security update of suse/sle-micro/5.3/toolbox Message-ID: <20221118082239.84CA3F3CC@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.3/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3020-1 Container Tags : suse/sle-micro/5.3/toolbox:11.1 , suse/sle-micro/5.3/toolbox:11.1-5.2.34 , suse/sle-micro/5.3/toolbox:latest Container Release : 5.2.34 Severity : important Type : security References : 1202344 1204179 1204968 1204986 CVE-2022-3821 CVE-2022-43995 ----------------------------------------------------------------- The container suse/sle-micro/5.3/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3999-1 Released: Tue Nov 15 17:08:04 2022 Summary: Security update for systemd Type: security Severity: moderate References: 1204179,1204968,CVE-2022-3821 This update for systemd fixes the following issues: - CVE-2022-3821: Fixed buffer overrun in format_timespan() function (bsc#1204968). - Import commit 0cd50eedcc0692c1f907b24424215f8db7d3b428 * 0469b9f2bc pstore: do not try to load all known pstore modules * ad05f54439 pstore: Run after modules are loaded * ccad817445 core: Add trigger limit for path units * 281d818fe3 core/mount: also add default before dependency for automount mount units * ffe5b4afa8 logind: fix crash in logind on user-specified message string - Document udev naming scheme (bsc#1204179) - Make 'sle15-sp3' net naming scheme still available for backward compatibility reason ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4001-1 Released: Tue Nov 15 17:08:52 2022 Summary: Security update for sudo Type: security Severity: important References: 1204986,CVE-2022-43995 This update for sudo fixes the following issues: - CVE-2022-43995: Fixed a potential heap-based buffer over-read when entering a password of seven characters or fewer and using the crypt() password backend (bsc#1204986). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4019-1 Released: Wed Nov 16 15:44:20 2022 Summary: Recommended update for apparmor Type: recommended Severity: low References: 1202344 This update for apparmor fixes the following issues: - profiles: permit php-fpm pid files directly under run/ (bsc#1202344) The following package changes have been done: - libapparmor1-3.0.4-150400.5.3.1 updated - sudo-1.9.9-150400.4.6.1 updated - systemd-249.12-150400.8.13.1 updated From sle-updates at lists.suse.com Fri Nov 18 08:31:43 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 18 Nov 2022 09:31:43 +0100 (CET) Subject: SUSE-CU-2022:3021-1: Security update of bci/bci-init Message-ID: <20221118083143.CFD16F3CC@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-init ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3021-1 Container Tags : bci/bci-init:15.3 , bci/bci-init:15.3.21.48 Container Release : 21.48 Severity : moderate Type : security References : 1204179 1204968 CVE-2022-3821 ----------------------------------------------------------------- The container bci/bci-init was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4056-1 Released: Thu Nov 17 15:38:08 2022 Summary: Security update for systemd Type: security Severity: moderate References: 1204179,1204968,CVE-2022-3821 This update for systemd fixes the following issues: - CVE-2022-3821: Fixed buffer overrun in format_timespan() function (bsc#1204968). - Import commit 56bee38fd0da18dad5fc5c5d12c02238a22b50e2 * 8a70235d8a core: Add trigger limit for path units * 93e544f3a0 core/mount: also add default before dependency for automount mount units * 5916a7748c logind: fix crash in logind on user-specified message string - Document udev naming scheme (bsc#1204179). The following package changes have been done: - libsystemd0-246.16-150300.7.54.1 updated - libudev1-246.16-150300.7.54.1 updated - systemd-246.16-150300.7.54.1 updated - udev-246.16-150300.7.54.1 updated - container:sles15-image-15.0.0-17.20.69 updated From sle-updates at lists.suse.com Fri Nov 18 08:39:38 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 18 Nov 2022 09:39:38 +0100 (CET) Subject: SUSE-CU-2022:3022-1: Security update of bci/nodejs Message-ID: <20221118083938.258F7F3CC@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3022-1 Container Tags : bci/node:12 , bci/node:12-17.59 , bci/nodejs:12 , bci/nodejs:12-17.59 Container Release : 17.59 Severity : moderate Type : security References : 1204179 1204968 CVE-2022-3821 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4056-1 Released: Thu Nov 17 15:38:08 2022 Summary: Security update for systemd Type: security Severity: moderate References: 1204179,1204968,CVE-2022-3821 This update for systemd fixes the following issues: - CVE-2022-3821: Fixed buffer overrun in format_timespan() function (bsc#1204968). - Import commit 56bee38fd0da18dad5fc5c5d12c02238a22b50e2 * 8a70235d8a core: Add trigger limit for path units * 93e544f3a0 core/mount: also add default before dependency for automount mount units * 5916a7748c logind: fix crash in logind on user-specified message string - Document udev naming scheme (bsc#1204179). The following package changes have been done: - libsystemd0-246.16-150300.7.54.1 updated - libudev1-246.16-150300.7.54.1 updated From sle-updates at lists.suse.com Fri Nov 18 08:46:52 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 18 Nov 2022 09:46:52 +0100 (CET) Subject: SUSE-CU-2022:3023-1: Security update of bci/python Message-ID: <20221118084652.075A0F3CC@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3023-1 Container Tags : bci/python:3 , bci/python:3.9 , bci/python:3.9-20.32 Container Release : 20.32 Severity : moderate Type : security References : 1204179 1204968 CVE-2022-3821 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4056-1 Released: Thu Nov 17 15:38:08 2022 Summary: Security update for systemd Type: security Severity: moderate References: 1204179,1204968,CVE-2022-3821 This update for systemd fixes the following issues: - CVE-2022-3821: Fixed buffer overrun in format_timespan() function (bsc#1204968). - Import commit 56bee38fd0da18dad5fc5c5d12c02238a22b50e2 * 8a70235d8a core: Add trigger limit for path units * 93e544f3a0 core/mount: also add default before dependency for automount mount units * 5916a7748c logind: fix crash in logind on user-specified message string - Document udev naming scheme (bsc#1204179). The following package changes have been done: - libsystemd0-246.16-150300.7.54.1 updated - libudev1-246.16-150300.7.54.1 updated - container:sles15-image-15.0.0-17.20.69 updated From sle-updates at lists.suse.com Fri Nov 18 08:49:28 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 18 Nov 2022 09:49:28 +0100 (CET) Subject: SUSE-CU-2022:3024-1: Security update of bci/golang Message-ID: <20221118084928.29216F3CC@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3024-1 Container Tags : bci/golang:1.18 , bci/golang:1.18-18.31 Container Release : 18.31 Severity : moderate Type : security References : 1193742 1204179 1204941 1204968 CVE-2022-3821 CVE-2022-41716 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3999-1 Released: Tue Nov 15 17:08:04 2022 Summary: Security update for systemd Type: security Severity: moderate References: 1204179,1204968,CVE-2022-3821 This update for systemd fixes the following issues: - CVE-2022-3821: Fixed buffer overrun in format_timespan() function (bsc#1204968). - Import commit 0cd50eedcc0692c1f907b24424215f8db7d3b428 * 0469b9f2bc pstore: do not try to load all known pstore modules * ad05f54439 pstore: Run after modules are loaded * ccad817445 core: Add trigger limit for path units * 281d818fe3 core/mount: also add default before dependency for automount mount units * ffe5b4afa8 logind: fix crash in logind on user-specified message string - Document udev naming scheme (bsc#1204179) - Make 'sle15-sp3' net naming scheme still available for backward compatibility reason ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4055-1 Released: Thu Nov 17 15:37:24 2022 Summary: Security update for go1.18 Type: security Severity: low References: 1193742,1204941,CVE-2022-41716 This update for go1.18 fixes the following issues: Update to go 1.18.8 (released 2022-11-01) (bsc#1193742): Security fixes: - CVE-2022-41716: Fixed unsanitized NUL in environment variables in syscalls, os/exec (go#56327) (bsc#1204941). Bugfixes: - runtime: lock count' fatal error when cgo is enabled (go#56308). The following package changes have been done: - libudev1-249.12-150400.8.13.1 updated - libsystemd0-249.12-150400.8.13.1 updated - go1.18-1.18.8-150000.1.37.1 updated - container:sles15-image-15.0.0-27.14.14 updated From sle-updates at lists.suse.com Fri Nov 18 08:51:15 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 18 Nov 2022 09:51:15 +0100 (CET) Subject: SUSE-CU-2022:3025-1: Security update of bci/golang Message-ID: <20221118085115.8093CF3CC@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3025-1 Container Tags : bci/golang:1.19 , bci/golang:1.19-18.29 , bci/golang:latest Container Release : 18.29 Severity : important Type : security References : 1200441 1201959 1203652 1204179 1204211 1204941 1204968 CVE-2022-3821 CVE-2022-41716 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3961-1 Released: Mon Nov 14 07:33:50 2022 Summary: Recommended update for zlib Type: recommended Severity: important References: 1203652 This update for zlib fixes the following issues: - Fix updating strm.adler with inflate() if DFLTCC is used (bsc#1203652) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3974-1 Released: Mon Nov 14 15:39:20 2022 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1201959,1204211 This update for util-linux fixes the following issues: - Fix file conflict during upgrade (bsc#1204211) - libuuid improvements (bsc#1201959, PED-1150): libuuid: Fix range when parsing UUIDs. Improve cache handling for short running applications-increment the cache size over runtime. Implement continuous clock handling for time based UUIDs. Check clock value from clock file to provide seamless libuuid. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3999-1 Released: Tue Nov 15 17:08:04 2022 Summary: Security update for systemd Type: security Severity: moderate References: 1204179,1204968,CVE-2022-3821 This update for systemd fixes the following issues: - CVE-2022-3821: Fixed buffer overrun in format_timespan() function (bsc#1204968). - Import commit 0cd50eedcc0692c1f907b24424215f8db7d3b428 * 0469b9f2bc pstore: do not try to load all known pstore modules * ad05f54439 pstore: Run after modules are loaded * ccad817445 core: Add trigger limit for path units * 281d818fe3 core/mount: also add default before dependency for automount mount units * ffe5b4afa8 logind: fix crash in logind on user-specified message string - Document udev naming scheme (bsc#1204179) - Make 'sle15-sp3' net naming scheme still available for backward compatibility reason ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4054-1 Released: Thu Nov 17 15:36:58 2022 Summary: Security update for go1.19 Type: security Severity: low References: 1200441,1204941,CVE-2022-41716 This update for go1.19 fixes the following issues: Update to go 1.19.3 (released 2022-11-01) (bsc#1200441): Security fixes: - CVE-2022-41716: Fixed unsanitized NUL in environment variables in syscalls, os/exec (go#56327) (bsc#1204941). Bugfixes: - runtime: lock count' fatal error when cgo is enabled (go#56308). - cmd/compile: libFuzzer instrumentation fakePC overflow on 386 arch (go#56168). - internal/fuzz: array literal initialization causes ICE 'unhandled stmt ASOP' while fuzzing (go#56106). The following package changes have been done: - libuuid1-2.37.2-150400.8.8.1 updated - libudev1-249.12-150400.8.13.1 updated - libsmartcols1-2.37.2-150400.8.8.1 updated - libblkid1-2.37.2-150400.8.8.1 updated - libfdisk1-2.37.2-150400.8.8.1 updated - libz1-1.2.11-150000.3.36.1 updated - libsystemd0-249.12-150400.8.13.1 updated - libmount1-2.37.2-150400.8.8.1 updated - util-linux-2.37.2-150400.8.8.1 updated - go1.19-1.19.3-150000.1.15.1 updated - container:sles15-image-15.0.0-27.14.14 updated From sle-updates at lists.suse.com Fri Nov 18 08:53:17 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 18 Nov 2022 09:53:17 +0100 (CET) Subject: SUSE-CU-2022:3026-1: Recommended update of bci/bci-init Message-ID: <20221118085317.ADFEBF3CC@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-init ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3026-1 Container Tags : bci/bci-init:15.4 , bci/bci-init:15.4.24.30 , bci/bci-init:latest Container Release : 24.30 Severity : low Type : recommended References : 1202344 ----------------------------------------------------------------- The container bci/bci-init was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4019-1 Released: Wed Nov 16 15:44:20 2022 Summary: Recommended update for apparmor Type: recommended Severity: low References: 1202344 This update for apparmor fixes the following issues: - profiles: permit php-fpm pid files directly under run/ (bsc#1202344) The following package changes have been done: - libapparmor1-3.0.4-150400.5.3.1 updated From sle-updates at lists.suse.com Fri Nov 18 08:57:01 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 18 Nov 2022 09:57:01 +0100 (CET) Subject: SUSE-CU-2022:3027-1: Security update of bci/openjdk-devel Message-ID: <20221118085701.CD2BDF3CC@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3027-1 Container Tags : bci/openjdk-devel:11 , bci/openjdk-devel:11-36.63 , bci/openjdk-devel:latest Container Release : 36.63 Severity : moderate Type : security References : 1203459 1204179 1204422 1204425 1204968 CVE-2022-3554 CVE-2022-3555 CVE-2022-36033 CVE-2022-3821 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3986-1 Released: Tue Nov 15 12:57:41 2022 Summary: Security update for libX11 Type: security Severity: moderate References: 1204422,1204425,CVE-2022-3554,CVE-2022-3555 This update for libX11 fixes the following issues: - CVE-2022-3554: Fixed memory leak in XRegisterIMInstantiateCallback() (bsc#1204422). - CVE-2022-3555: Fixed memory leak in _XFreeX11XCBStructure() (bsc#1204425). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3999-1 Released: Tue Nov 15 17:08:04 2022 Summary: Security update for systemd Type: security Severity: moderate References: 1204179,1204968,CVE-2022-3821 This update for systemd fixes the following issues: - CVE-2022-3821: Fixed buffer overrun in format_timespan() function (bsc#1204968). - Import commit 0cd50eedcc0692c1f907b24424215f8db7d3b428 * 0469b9f2bc pstore: do not try to load all known pstore modules * ad05f54439 pstore: Run after modules are loaded * ccad817445 core: Add trigger limit for path units * 281d818fe3 core/mount: also add default before dependency for automount mount units * ffe5b4afa8 logind: fix crash in logind on user-specified message string - Document udev naming scheme (bsc#1204179) - Make 'sle15-sp3' net naming scheme still available for backward compatibility reason ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4011-1 Released: Wed Nov 16 11:29:09 2022 Summary: Security update for jsoup Type: security Severity: moderate References: 1203459,CVE-2022-36033 This update for jsoup fixes the following issues: Updated to version 1.15.3: - CVE-2022-36033: Fixed incorrect sanitization of user input in SafeList.preserveRelativeLinks (bsc#1203459). The following package changes have been done: - libudev1-249.12-150400.8.13.1 updated - libsystemd0-249.12-150400.8.13.1 updated - libX11-data-1.6.5-150000.3.24.1 updated - libX11-6-1.6.5-150000.3.24.1 updated - jsoup-1.15.3-150200.3.6.1 updated - container:bci-openjdk-11-15.4-32.29 updated From sle-updates at lists.suse.com Fri Nov 18 08:59:50 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 18 Nov 2022 09:59:50 +0100 (CET) Subject: SUSE-CU-2022:3028-1: Security update of suse/pcp Message-ID: <20221118085950.CDE7CF3CC@maintenance.suse.de> SUSE Container Update Advisory: suse/pcp ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3028-1 Container Tags : suse/pcp:5 , suse/pcp:5.2 , suse/pcp:5.2.2 , suse/pcp:5.2.2-11.70 , suse/pcp:latest Container Release : 11.70 Severity : moderate Type : security References : 1199062 1202344 1204179 1204968 CVE-2022-3821 ----------------------------------------------------------------- The container suse/pcp was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3999-1 Released: Tue Nov 15 17:08:04 2022 Summary: Security update for systemd Type: security Severity: moderate References: 1204179,1204968,CVE-2022-3821 This update for systemd fixes the following issues: - CVE-2022-3821: Fixed buffer overrun in format_timespan() function (bsc#1204968). - Import commit 0cd50eedcc0692c1f907b24424215f8db7d3b428 * 0469b9f2bc pstore: do not try to load all known pstore modules * ad05f54439 pstore: Run after modules are loaded * ccad817445 core: Add trigger limit for path units * 281d818fe3 core/mount: also add default before dependency for automount mount units * ffe5b4afa8 logind: fix crash in logind on user-specified message string - Document udev naming scheme (bsc#1204179) - Make 'sle15-sp3' net naming scheme still available for backward compatibility reason ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4019-1 Released: Wed Nov 16 15:44:20 2022 Summary: Recommended update for apparmor Type: recommended Severity: low References: 1202344 This update for apparmor fixes the following issues: - profiles: permit php-fpm pid files directly under run/ (bsc#1202344) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4041-1 Released: Thu Nov 17 04:55:47 2022 Summary: Recommended update for libuv Type: recommended Severity: moderate References: 1199062 This update for libuv fixes the following issues: - Remove epoll syscall wrappers. (bsc#1199062) The following package changes have been done: - libudev1-249.12-150400.8.13.1 updated - libsystemd0-249.12-150400.8.13.1 updated - libapparmor1-3.0.4-150400.5.3.1 updated - systemd-249.12-150400.8.13.1 updated - libuv1-1.18.0-150400.11.3.1 updated - container:bci-bci-init-15.4-15.4-24.30 updated From sle-updates at lists.suse.com Fri Nov 18 09:02:01 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 18 Nov 2022 10:02:01 +0100 (CET) Subject: SUSE-CU-2022:3029-1: Security update of suse/sle-micro/5.1/toolbox Message-ID: <20221118090201.579D8F3CC@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.1/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3029-1 Container Tags : suse/sle-micro/5.1/toolbox:11.1 , suse/sle-micro/5.1/toolbox:11.1-2.2.315 , suse/sle-micro/5.1/toolbox:latest Container Release : 2.2.315 Severity : moderate Type : security References : 1204179 1204968 CVE-2022-3821 ----------------------------------------------------------------- The container suse/sle-micro/5.1/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4056-1 Released: Thu Nov 17 15:38:08 2022 Summary: Security update for systemd Type: security Severity: moderate References: 1204179,1204968,CVE-2022-3821 This update for systemd fixes the following issues: - CVE-2022-3821: Fixed buffer overrun in format_timespan() function (bsc#1204968). - Import commit 56bee38fd0da18dad5fc5c5d12c02238a22b50e2 * 8a70235d8a core: Add trigger limit for path units * 93e544f3a0 core/mount: also add default before dependency for automount mount units * 5916a7748c logind: fix crash in logind on user-specified message string - Document udev naming scheme (bsc#1204179). The following package changes have been done: - systemd-246.16-150300.7.54.1 updated - udev-246.16-150300.7.54.1 updated From sle-updates at lists.suse.com Fri Nov 18 09:10:15 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 18 Nov 2022 10:10:15 +0100 (CET) Subject: SUSE-CU-2022:3031-1: Security update of suse/sle-micro/5.2/toolbox Message-ID: <20221118091015.CDD07F3CC@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.2/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3031-1 Container Tags : suse/sle-micro/5.2/toolbox:11.1 , suse/sle-micro/5.2/toolbox:11.1-6.2.136 , suse/sle-micro/5.2/toolbox:latest Container Release : 6.2.136 Severity : moderate Type : security References : 1204179 1204968 CVE-2022-3821 ----------------------------------------------------------------- The container suse/sle-micro/5.2/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4056-1 Released: Thu Nov 17 15:38:08 2022 Summary: Security update for systemd Type: security Severity: moderate References: 1204179,1204968,CVE-2022-3821 This update for systemd fixes the following issues: - CVE-2022-3821: Fixed buffer overrun in format_timespan() function (bsc#1204968). - Import commit 56bee38fd0da18dad5fc5c5d12c02238a22b50e2 * 8a70235d8a core: Add trigger limit for path units * 93e544f3a0 core/mount: also add default before dependency for automount mount units * 5916a7748c logind: fix crash in logind on user-specified message string - Document udev naming scheme (bsc#1204179). The following package changes have been done: - systemd-246.16-150300.7.54.1 updated - udev-246.16-150300.7.54.1 updated From sle-updates at lists.suse.com Fri Nov 18 09:10:52 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 18 Nov 2022 10:10:52 +0100 (CET) Subject: SUSE-CU-2022:3032-1: Security update of trento/trento-db Message-ID: <20221118091052.1DB74F3CC@maintenance.suse.de> SUSE Container Update Advisory: trento/trento-db ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3032-1 Container Tags : trento/trento-db:14.5 , trento/trento-db:14.5-rev1.0.0 , trento/trento-db:14.5-rev1.0.0-build2.2.168 , trento/trento-db:latest Container Release : 2.2.168 Severity : important Type : security References : 1087072 1164384 1193951 1195059 1195463 1196850 1198166 1199235 1199524 1200437 1200485 1201942 1202368 1203438 1204111 1204112 1204113 1204708 CVE-2019-20454 CVE-2020-21913 CVE-2022-1587 CVE-2022-1706 CVE-2022-2625 CVE-2022-40674 CVE-2022-42010 CVE-2022-42011 CVE-2022-42012 CVE-2022-43680 ----------------------------------------------------------------- The container trento/trento-db was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2628-1 Released: Tue Aug 2 12:21:23 2022 Summary: Recommended update for apparmor Type: recommended Severity: important References: 1195463,1196850 This update for apparmor fixes the following issues: - Add new rule to fix reported 'DENIED' audit records with Apparmor profile 'usr.sbin.smbd' (bsc#1196850) - Add new rule to allow reading of openssl.cnf (bsc#1195463) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2649-1 Released: Wed Aug 3 15:06:21 2022 Summary: Security update for pcre2 Type: security Severity: important References: 1164384,1199235,CVE-2019-20454,CVE-2022-1587 This update for pcre2 fixes the following issues: - CVE-2019-20454: Fixed out-of-bounds read in JIT mode when \X is used in non-UTF mode (bsc#1164384). - CVE-2022-1587: Fixed out-of-bounds read due to bug in recursions (bsc#1199235). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2866-1 Released: Mon Aug 22 15:36:30 2022 Summary: Security update for systemd-presets-common-SUSE Type: security Severity: moderate References: 1199524,1200485,CVE-2022-1706 This update for systemd-presets-common-SUSE fixes the following issues: - CVE-2022-1706: Fixed accessible configs from unprivileged containers in VMs running on VMware products (bsc#1199524). The following non-security bugs were fixed: - Modify branding-preset-states to fix systemd-presets-common-SUSE not enabling new user systemd service preset configuration just as it handles system service presets. By passing an (optional) second parameter 'user', the save/apply-changes commands now work with user services instead of system ones (bsc#1200485) - Add the wireplumber user service preset to enable it by default in SLE15-SP4 where it replaced pipewire-media-session, but keep pipewire-media-session preset so we don't have to branch the systemd-presets-common-SUSE package for SP4 (bsc#1200485) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2921-1 Released: Fri Aug 26 15:17:43 2022 Summary: Recommended update for systemd Type: recommended Severity: important References: 1195059 This update for systemd fixes the following issues: - Drop or soften some of the deprecation warnings (jsc#PED-944) - Ensure root user can login even if systemd-user-sessions.service is not activated yet (bsc#1195059) - tmpfiles: check for the correct directory ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2989-1 Released: Thu Sep 1 14:24:28 2022 Summary: Security update for postgresql14 Type: security Severity: important References: 1198166,1200437,1202368,CVE-2022-2625 This update for postgresql14 fixes the following issues: - Upgrade to version 14.5: - CVE-2022-2625: Fixed an issue where extension scripts would replace objects not belonging to that extension (bsc#1202368). - Upgrade to version 14.4 (bsc#1200437) - Release notes: https://www.postgresql.org/docs/release/14.4/ - Release announcement: https://www.postgresql.org/about/news/p-2470/ - Prevent possible corruption of indexes created or rebuilt with the CONCURRENTLY option (bsc#1200437) - Pin to llvm13 until the next patchlevel update (bsc#1198166) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3142-1 Released: Wed Sep 7 09:54:18 2022 Summary: Security update for icu Type: security Severity: moderate References: 1193951,CVE-2020-21913 This update for icu fixes the following issues: - CVE-2020-21913: Fixed a memory safetey issue that could lead to use after free (bsc#1193951). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3452-1 Released: Wed Sep 28 12:13:43 2022 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1201942 This update for glibc fixes the following issues: - Reversing calculation of __x86_shared_non_temporal_threshold (bsc#1201942) - powerpc: Optimized memcmp for power10 (jsc#PED-987) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3597-1 Released: Mon Oct 17 13:13:16 2022 Summary: Security update for expat Type: security Severity: important References: 1203438,CVE-2022-40674 This update for expat fixes the following issues: - CVE-2022-40674: Fixed use-after-free in the doContent function in xmlparse.c (bsc#1203438). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3805-1 Released: Thu Oct 27 17:19:46 2022 Summary: Security update for dbus-1 Type: security Severity: important References: 1087072,1204111,1204112,1204113,CVE-2022-42010,CVE-2022-42011,CVE-2022-42012 This update for dbus-1 fixes the following issues: - CVE-2022-42010: Fixed potential crash that could be triggered by an invalid signature (bsc#1204111). - CVE-2022-42011: Fixed an out of bounds read caused by a fixed length array (bsc#1204112). - CVE-2022-42012: Fixed a use-after-free that could be trigged by a message in non-native endianness with out-of-band Unix file descriptor (bsc#1204113). Bugfixes: - Disable asserts (bsc#1087072). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3912-1 Released: Tue Nov 8 13:38:11 2022 Summary: Security update for expat Type: security Severity: important References: 1204708,CVE-2022-43680 This update for expat fixes the following issues: - CVE-2022-43680: Fixed use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate (bsc#1204708). The following package changes have been done: - glibc-locale-base-2.31-150300.41.1 updated - libapparmor1-2.13.6-150300.3.15.1 updated - libdbus-1-3-1.12.2-150100.8.14.1 updated - libexpat1-2.2.5-150000.3.25.1 updated - libicu65_1-ledata-65.1-150200.4.5.1 updated - libpcre2-8-0-10.31-150000.3.12.1 updated - libpq5-14.5-150200.5.17.1 updated - systemd-presets-common-SUSE-15-150100.8.17.1 updated - glibc-locale-2.31-150300.41.1 updated - libicu-suse65_1-65.1-150200.4.5.1 updated - postgresql14-14.5-150200.5.17.1 updated - dbus-1-1.12.2-150100.8.14.1 updated - systemd-246.16-150300.7.51.1 updated - udev-246.16-150300.7.51.1 updated - postgresql14-server-14.5-150200.5.17.1 updated From sle-updates at lists.suse.com Fri Nov 18 09:11:33 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 18 Nov 2022 10:11:33 +0100 (CET) Subject: SUSE-CU-2022:3033-1: Security update of trento/trento-runner Message-ID: <20221118091133.76416F3CC@maintenance.suse.de> SUSE Container Update Advisory: trento/trento-runner ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3033-1 Container Tags : trento/trento-runner:1.1.0 , trento/trento-runner:1.1.0-build4.19.1 , trento/trento-runner:latest Container Release : 4.19.1 Severity : important Type : security References : 1182345 1192439 1195916 1196696 1199140 1200657 1201942 1202436 1202498 1202498 1202624 1203438 1204145 1204708 CVE-2020-29651 CVE-2021-28861 CVE-2022-40674 CVE-2022-43680 ----------------------------------------------------------------- The container trento/trento-runner was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2735-1 Released: Wed Aug 10 04:31:41 2022 Summary: Recommended update for tar Type: recommended Severity: moderate References: 1200657 This update for tar fixes the following issues: - Fix race condition while creating intermediate subdirectories (bsc#1200657) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2831-1 Released: Wed Aug 17 14:41:07 2022 Summary: Recommended update for aws-efs-utils, python-ansi2html, python-py, python-pytest-html, python-pytest-metadata, python-pytest-rerunfailures, python-coverage, python-oniconfig, python-unittest-mixins Type: security Severity: moderate References: 1195916,1196696,CVE-2020-29651 This update for aws-efs-utils, python-ansi2html, python-py, python-pytest-html, python-pytest-metadata, python-pytest-rerunfailures fixes the following issues: - Update in SLE-15 (bsc#1196696, bsc#1195916, jsc#SLE-23972) - Remove redundant python3 dependency from Requires - Update regular expression to fix python shebang - Style is enforced upstream and triggers unnecessary build version requirements - Allow specifying fs_id in cloudwatch log group name - Includes fix for stunnel path - Added hardening to systemd service(s). - Raise minimal pytest version - Fix typo in the ansi2html Requires - Cleanup with spec-cleaner - Make sure the tests are really executed - Remove useless devel dependency - Multiprocessing support in Python 3.8 was broken, but is now fixed - Bumpy the URL to point to github rather than to docs ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2844-1 Released: Thu Aug 18 14:41:25 2022 Summary: Recommended update for tar Type: recommended Severity: important References: 1202436 This update for tar fixes the following issues: - A regression in a previous update lead to potential deadlocks when extracting an archive. (bsc#1202436) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2853-1 Released: Fri Aug 19 15:59:42 2022 Summary: Recommended update for sle-module-legacy-release Type: recommended Severity: low References: 1202498 This update for python-iniconfig provides the following fix: - Ship python3-iniconfig also to openSUSE 15.3 and 15.4 (bsc#1202498) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2943-1 Released: Tue Aug 30 15:42:16 2022 Summary: Recommended update for python-iniconfig Type: recommended Severity: low References: 1202498 This update for python-iniconfig provides the following fix: - Ship missing python2-iniconfig to openSUSE 15.3 (bsc#1202498) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3028-1 Released: Mon Sep 5 16:31:24 2022 Summary: Recommended update for python-pytz Type: recommended Severity: low References: This update for python-pytz fixes the following issues: - update to 2022.1: matches tzdata 2022a - declare python 3.10 compatibility ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3156-1 Released: Wed Sep 7 14:32:26 2022 Summary: Recommended update for go1.16 Type: recommended Severity: moderate References: 1182345 This update for go1.16 fixes the following issues: - Bootstrap using Go 1.12 on SUSE Linux Enterprise 15 and newer and Go 1.11 elsewhere (bsc#1182345) - Bootstrap using gcc-go any version ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3215-1 Released: Thu Sep 8 15:58:27 2022 Summary: Recommended update for rpm Type: recommended Severity: moderate References: This update for rpm fixes the following issues: - Support Ed25519 RPM signatures [jsc#SLE-24714] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3262-1 Released: Tue Sep 13 15:34:29 2022 Summary: Recommended update for gcc11 Type: recommended Severity: moderate References: 1199140 This update for gcc11 ships some missing 32bit libraries for s390x. (bsc#1199140) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3452-1 Released: Wed Sep 28 12:13:43 2022 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1201942 This update for glibc fixes the following issues: - Reversing calculation of __x86_shared_non_temporal_threshold (bsc#1201942) - powerpc: Optimized memcmp for power10 (jsc#PED-987) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3544-1 Released: Thu Oct 6 13:48:42 2022 Summary: Security update for python3 Type: security Severity: important References: 1202624,CVE-2021-28861 This update for python3 fixes the following issues: - CVE-2021-28861: Fixed an open redirection vulnerability in the HTTP server when an URI path starts with // (bsc#1202624). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3597-1 Released: Mon Oct 17 13:13:16 2022 Summary: Security update for expat Type: security Severity: important References: 1203438,CVE-2022-40674 This update for expat fixes the following issues: - CVE-2022-40674: Fixed use-after-free in the doContent function in xmlparse.c (bsc#1203438). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3904-1 Released: Tue Nov 8 10:52:13 2022 Summary: Recommended update for openssh Type: recommended Severity: moderate References: 1192439 This update for openssh fixes the following issue: - Prevent empty messages from being sent. (bsc#1192439) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3912-1 Released: Tue Nov 8 13:38:11 2022 Summary: Security update for expat Type: security Severity: important References: 1204708,CVE-2022-43680 This update for expat fixes the following issues: - CVE-2022-43680: Fixed use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate (bsc#1204708). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3985-1 Released: Tue Nov 15 12:54:11 2022 Summary: Recommended update for python-apipkg Type: recommended Severity: moderate References: 1204145 This update fixes for python3-apipkg the following issues: The following package changes have been done: - libatomic1-11.3.0+git1637-150000.1.11.2 updated - libgomp1-11.3.0+git1637-150000.1.11.2 updated - libitm1-11.3.0+git1637-150000.1.11.2 updated - liblsan0-11.3.0+git1637-150000.1.11.2 updated - libtsan0-11.3.0+git1637-150000.1.11.2 updated - tar-1.34-150000.3.18.1 updated - glibc-devel-2.31-150300.41.1 updated - go1.16-1.16.15-150000.1.49.1 updated - libexpat1-2.2.5-150000.3.25.1 updated - openssh-common-8.4p1-150300.3.12.2 updated - python3-base-3.6.15-150300.10.30.1 updated - libpython3_6m1_0-3.6.15-150300.10.30.1 updated - openssh-fips-8.4p1-150300.3.12.2 updated - python3-3.6.15-150300.10.30.1 updated - openssh-server-8.4p1-150300.3.12.2 updated - openssh-clients-8.4p1-150300.3.12.2 updated - python3-rpm-4.14.3-150300.49.1 updated - python3-pytz-2022.1-150300.3.6.1 updated - python3-iniconfig-1.1.1-150000.1.9.1 added - python3-apipkg-1.4-150000.3.4.1 added - openssh-8.4p1-150300.3.12.2 updated - python3-py-1.10.0-150000.5.9.2 updated From sle-updates at lists.suse.com Fri Nov 18 09:12:03 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 18 Nov 2022 10:12:03 +0100 (CET) Subject: SUSE-CU-2022:3034-1: Recommended update of trento/trento-web Message-ID: <20221118091203.69CE8F3CC@maintenance.suse.de> SUSE Container Update Advisory: trento/trento-web ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3034-1 Container Tags : trento/trento-web:1.2.0 , trento/trento-web:1.2.0-build4.18.1 , trento/trento-web:latest Container Release : 4.18.1 Severity : important Type : recommended References : 1200657 1202436 ----------------------------------------------------------------- The container trento/trento-web was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2735-1 Released: Wed Aug 10 04:31:41 2022 Summary: Recommended update for tar Type: recommended Severity: moderate References: 1200657 This update for tar fixes the following issues: - Fix race condition while creating intermediate subdirectories (bsc#1200657) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2844-1 Released: Thu Aug 18 14:41:25 2022 Summary: Recommended update for tar Type: recommended Severity: important References: 1202436 This update for tar fixes the following issues: - A regression in a previous update lead to potential deadlocks when extracting an archive. (bsc#1202436) The following package changes have been done: - tar-1.34-150000.3.18.1 updated From sle-updates at lists.suse.com Fri Nov 18 11:22:27 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 18 Nov 2022 12:22:27 +0100 (CET) Subject: SUSE-RU-2022:4062-1: moderate: Recommended update for libusb-1_0 Message-ID: <20221118112227.C91B8F3D4@maintenance.suse.de> SUSE Recommended Update: Recommended update for libusb-1_0 ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:4062-1 Rating: moderate References: #1201590 Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Micro 5.3 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for libusb-1_0 fixes the following issues: - Fix regression where some devices no longer work if they have a configuration value of 0 (bsc#1201590) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-4062=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2022-4062=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-4062=1 - SUSE Linux Enterprise Micro 5.3: zypper in -t patch SUSE-SLE-Micro-5.3-2022-4062=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): libusb-1_0-0-1.0.24-150400.3.3.1 libusb-1_0-0-debuginfo-1.0.24-150400.3.3.1 libusb-1_0-debugsource-1.0.24-150400.3.3.1 libusb-1_0-devel-1.0.24-150400.3.3.1 - openSUSE Leap 15.4 (x86_64): libusb-1_0-0-32bit-1.0.24-150400.3.3.1 libusb-1_0-0-32bit-debuginfo-1.0.24-150400.3.3.1 libusb-1_0-devel-32bit-1.0.24-150400.3.3.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 (x86_64): libusb-1_0-0-32bit-1.0.24-150400.3.3.1 libusb-1_0-0-32bit-debuginfo-1.0.24-150400.3.3.1 libusb-1_0-debugsource-1.0.24-150400.3.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): libusb-1_0-0-1.0.24-150400.3.3.1 libusb-1_0-0-debuginfo-1.0.24-150400.3.3.1 libusb-1_0-debugsource-1.0.24-150400.3.3.1 libusb-1_0-devel-1.0.24-150400.3.3.1 - SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64): libusb-1_0-0-1.0.24-150400.3.3.1 libusb-1_0-0-debuginfo-1.0.24-150400.3.3.1 libusb-1_0-debugsource-1.0.24-150400.3.3.1 References: https://bugzilla.suse.com/1201590 From sle-updates at lists.suse.com Fri Nov 18 11:23:59 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 18 Nov 2022 12:23:59 +0100 (CET) Subject: SUSE-RU-2022:4063-1: moderate: Recommended update for hwdata Message-ID: <20221118112359.200B6F3D4@maintenance.suse.de> SUSE Recommended Update: Recommended update for hwdata ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:4063-1 Rating: moderate References: Affected Products: SUSE Enterprise Storage 7 SUSE Enterprise Storage 7.1 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Micro 5.3 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Module for SUSE Manager Proxy 4.1 SUSE Linux Enterprise Module for SUSE Manager Proxy 4.2 SUSE Linux Enterprise Module for SUSE Manager Proxy 4.3 SUSE Linux Enterprise Module for SUSE Manager Server 4.1 SUSE Linux Enterprise Module for SUSE Manager Server 4.2 SUSE Linux Enterprise Module for SUSE Manager Server 4.3 SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.1 SUSE Manager Retail Branch Server 4.2 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.1 SUSE Manager Server 4.2 SUSE Manager Server 4.3 SUSE Manager Tools 15 openSUSE Leap 15.3 openSUSE Leap 15.4 openSUSE Leap Micro 5.2 ______________________________________________________________________________ An update that has 0 recommended fixes can now be installed. Description: This update for hwdata fixes the following issues: - Updated pci, usb and vendor ids Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap Micro 5.2: zypper in -t patch openSUSE-Leap-Micro-5.2-2022-4063=1 - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-4063=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-4063=1 - SUSE Manager Tools 15: zypper in -t patch SUSE-SLE-Manager-Tools-15-2022-4063=1 - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-4063=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-4063=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-4063=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-4063=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-4063=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-4063=1 - SUSE Linux Enterprise Module for SUSE Manager Server 4.3: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.3-2022-4063=1 - SUSE Linux Enterprise Module for SUSE Manager Server 4.2: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.2-2022-4063=1 - SUSE Linux Enterprise Module for SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.1-2022-4063=1 - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.3: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Proxy-4.3-2022-4063=1 - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.2: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Proxy-4.2-2022-4063=1 - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Proxy-4.1-2022-4063=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-4063=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-4063=1 - SUSE Linux Enterprise Micro 5.3: zypper in -t patch SUSE-SLE-Micro-5.3-2022-4063=1 - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-4063=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-4063=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-4063=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-4063=1 Package List: - openSUSE Leap Micro 5.2 (noarch): hwdata-0.363-150000.3.51.1 - openSUSE Leap 15.4 (noarch): hwdata-0.363-150000.3.51.1 - openSUSE Leap 15.3 (noarch): hwdata-0.363-150000.3.51.1 - SUSE Manager Tools 15 (noarch): hwdata-0.363-150000.3.51.1 - SUSE Manager Server 4.1 (noarch): hwdata-0.363-150000.3.51.1 - SUSE Manager Retail Branch Server 4.1 (noarch): hwdata-0.363-150000.3.51.1 - SUSE Manager Proxy 4.1 (noarch): hwdata-0.363-150000.3.51.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (noarch): hwdata-0.363-150000.3.51.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (noarch): hwdata-0.363-150000.3.51.1 - SUSE Linux Enterprise Server 15-SP2-BCL (noarch): hwdata-0.363-150000.3.51.1 - SUSE Linux Enterprise Module for SUSE Manager Server 4.3 (noarch): hwdata-0.363-150000.3.51.1 - SUSE Linux Enterprise Module for SUSE Manager Server 4.2 (noarch): hwdata-0.363-150000.3.51.1 - SUSE Linux Enterprise Module for SUSE Manager Server 4.1 (noarch): hwdata-0.363-150000.3.51.1 - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.3 (noarch): hwdata-0.363-150000.3.51.1 - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.2 (noarch): hwdata-0.363-150000.3.51.1 - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.1 (noarch): hwdata-0.363-150000.3.51.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (noarch): hwdata-0.363-150000.3.51.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch): hwdata-0.363-150000.3.51.1 - SUSE Linux Enterprise Micro 5.3 (noarch): hwdata-0.363-150000.3.51.1 - SUSE Linux Enterprise Micro 5.2 (noarch): hwdata-0.363-150000.3.51.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (noarch): hwdata-0.363-150000.3.51.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (noarch): hwdata-0.363-150000.3.51.1 - SUSE Enterprise Storage 7 (noarch): hwdata-0.363-150000.3.51.1 References: From sle-updates at lists.suse.com Fri Nov 18 14:22:47 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 18 Nov 2022 15:22:47 +0100 (CET) Subject: SUSE-SU-2022:4067-1: important: Security update for php7 Message-ID: <20221118142247.E4F5AF3D4@maintenance.suse.de> SUSE Security Update: Security update for php7 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:4067-1 Rating: important References: #1204577 SLE-23639 Cross-References: CVE-2015-9253 CVE-2017-8923 CVE-2017-9120 CVE-2018-1000222 CVE-2018-12882 CVE-2018-14851 CVE-2018-17082 CVE-2018-19935 CVE-2018-20783 CVE-2019-11034 CVE-2019-11035 CVE-2019-11036 CVE-2019-11039 CVE-2019-11040 CVE-2019-11041 CVE-2019-11042 CVE-2019-11043 CVE-2019-11045 CVE-2019-11046 CVE-2019-11047 CVE-2019-11048 CVE-2019-11050 CVE-2019-9020 CVE-2019-9021 CVE-2019-9022 CVE-2019-9023 CVE-2019-9024 CVE-2019-9637 CVE-2019-9638 CVE-2019-9640 CVE-2019-9641 CVE-2019-9675 CVE-2020-7059 CVE-2020-7060 CVE-2020-7062 CVE-2020-7063 CVE-2020-7064 CVE-2020-7066 CVE-2020-7068 CVE-2020-7069 CVE-2020-7070 CVE-2020-7071 CVE-2021-21702 CVE-2021-21703 CVE-2021-21704 CVE-2021-21705 CVE-2021-21707 CVE-2022-31625 CVE-2022-31626 CVE-2022-31628 CVE-2022-31629 CVE-2022-37454 CVSS scores: CVE-2015-9253 (NVD) : 6.5 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2015-9253 (SUSE): 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2017-8923 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2017-8923 (SUSE): 5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2017-9120 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2017-9120 (SUSE): 4 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2018-1000222 (NVD) : 8.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2018-1000222 (SUSE): 7 CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2018-12882 (NVD) : 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2018-12882 (SUSE): 6.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L CVE-2018-14851 (NVD) : 5.5 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2018-14851 (SUSE): 3.7 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2018-17082 (NVD) : 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVE-2018-17082 (SUSE): 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVE-2018-19935 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2018-19935 (SUSE): 3.3 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L CVE-2018-20783 (NVD) : 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2018-20783 (SUSE): 5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVE-2019-11034 (NVD) : 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H CVE-2019-11034 (SUSE): 4.8 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L CVE-2019-11035 (NVD) : 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H CVE-2019-11035 (SUSE): 4.8 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L CVE-2019-11036 (NVD) : 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H CVE-2019-11036 (SUSE): 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L CVE-2019-11039 (NVD) : 9.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H CVE-2019-11039 (SUSE): 4 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVE-2019-11040 (NVD) : 9.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H CVE-2019-11040 (SUSE): 4.3 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVE-2019-11041 (NVD) : 7.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H CVE-2019-11041 (SUSE): 8.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2019-11042 (NVD) : 7.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H CVE-2019-11042 (SUSE): 5.4 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L CVE-2019-11043 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2019-11043 (SUSE): 8.1 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2019-11045 (NVD) : 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2019-11045 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2019-11046 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2019-11046 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVE-2019-11047 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L CVE-2019-11047 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L CVE-2019-11048 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2019-11050 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L CVE-2019-11050 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L CVE-2019-9020 (NVD) : 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2019-9020 (SUSE): 4.8 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L CVE-2019-9021 (NVD) : 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2019-9021 (SUSE): 3.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N CVE-2019-9022 (NVD) : 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2019-9022 (SUSE): 6.5 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2019-9023 (NVD) : 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2019-9023 (SUSE): 5.1 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L CVE-2019-9024 (NVD) : 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2019-9024 (SUSE): 5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVE-2019-9637 (NVD) : 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2019-9637 (SUSE): 3.1 CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N CVE-2019-9638 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2019-9638 (SUSE): 5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2019-9640 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2019-9640 (SUSE): 3.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2019-9641 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2019-9641 (SUSE): 4.4 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L CVE-2019-9675 (NVD) : 8.1 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2019-9675 (SUSE): 5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2020-7059 (NVD) : 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H CVE-2020-7059 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVE-2020-7060 (NVD) : 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H CVE-2020-7060 (SUSE): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2020-7062 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2020-7062 (SUSE): 2.5 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2020-7063 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVE-2020-7063 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVE-2020-7064 (NVD) : 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L CVE-2020-7064 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVE-2020-7066 (NVD) : 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N CVE-2020-7066 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVE-2020-7068 (NVD) : 3.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:L CVE-2020-7068 (SUSE): 4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2020-7069 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N CVE-2020-7069 (SUSE): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N CVE-2020-7070 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVE-2020-7070 (SUSE): 6.8 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N CVE-2020-7071 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVE-2020-7071 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVE-2021-21702 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-21702 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-21703 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-21703 (SUSE): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2021-21704 (NVD) : 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-21704 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-21705 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVE-2021-21705 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVE-2021-21707 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVE-2021-21707 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVE-2022-31625 (NVD) : 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-31625 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-31626 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-31626 (SUSE): 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-31628 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-31628 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CVE-2022-31629 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N CVE-2022-37454 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-37454 (SUSE): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server for SAP 15-SP1 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes 52 vulnerabilities, contains one feature is now available. Description: This update for php7 fixes the following issues: - Version update to 7.2.34 [jsc#SLE-23639] - CVE-2022-37454: Fixed SHA-3 buffer overflow (bsc#1204577). - Fix integer overflow in PHP_SHA3##bits (bsc#1204577#c26). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-4067=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-4067=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-4067=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-4067=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-4067=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2022-4067=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-4067=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-4067=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-4067=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-4067=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-4067=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): php7-wddx-7.2.34-150000.4.103.1 php7-wddx-debuginfo-7.2.34-150000.4.103.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): apache2-mod_php7-7.2.34-150000.4.103.1 apache2-mod_php7-debuginfo-7.2.34-150000.4.103.1 php7-7.2.34-150000.4.103.1 php7-bcmath-7.2.34-150000.4.103.1 php7-bcmath-debuginfo-7.2.34-150000.4.103.1 php7-bz2-7.2.34-150000.4.103.1 php7-bz2-debuginfo-7.2.34-150000.4.103.1 php7-calendar-7.2.34-150000.4.103.1 php7-calendar-debuginfo-7.2.34-150000.4.103.1 php7-ctype-7.2.34-150000.4.103.1 php7-ctype-debuginfo-7.2.34-150000.4.103.1 php7-curl-7.2.34-150000.4.103.1 php7-curl-debuginfo-7.2.34-150000.4.103.1 php7-dba-7.2.34-150000.4.103.1 php7-dba-debuginfo-7.2.34-150000.4.103.1 php7-debuginfo-7.2.34-150000.4.103.1 php7-debugsource-7.2.34-150000.4.103.1 php7-devel-7.2.34-150000.4.103.1 php7-dom-7.2.34-150000.4.103.1 php7-dom-debuginfo-7.2.34-150000.4.103.1 php7-enchant-7.2.34-150000.4.103.1 php7-enchant-debuginfo-7.2.34-150000.4.103.1 php7-exif-7.2.34-150000.4.103.1 php7-exif-debuginfo-7.2.34-150000.4.103.1 php7-fastcgi-7.2.34-150000.4.103.1 php7-fastcgi-debuginfo-7.2.34-150000.4.103.1 php7-fileinfo-7.2.34-150000.4.103.1 php7-fileinfo-debuginfo-7.2.34-150000.4.103.1 php7-fpm-7.2.34-150000.4.103.1 php7-fpm-debuginfo-7.2.34-150000.4.103.1 php7-ftp-7.2.34-150000.4.103.1 php7-ftp-debuginfo-7.2.34-150000.4.103.1 php7-gd-7.2.34-150000.4.103.1 php7-gd-debuginfo-7.2.34-150000.4.103.1 php7-gettext-7.2.34-150000.4.103.1 php7-gettext-debuginfo-7.2.34-150000.4.103.1 php7-gmp-7.2.34-150000.4.103.1 php7-gmp-debuginfo-7.2.34-150000.4.103.1 php7-iconv-7.2.34-150000.4.103.1 php7-iconv-debuginfo-7.2.34-150000.4.103.1 php7-intl-7.2.34-150000.4.103.1 php7-intl-debuginfo-7.2.34-150000.4.103.1 php7-json-7.2.34-150000.4.103.1 php7-json-debuginfo-7.2.34-150000.4.103.1 php7-ldap-7.2.34-150000.4.103.1 php7-ldap-debuginfo-7.2.34-150000.4.103.1 php7-mbstring-7.2.34-150000.4.103.1 php7-mbstring-debuginfo-7.2.34-150000.4.103.1 php7-mysql-7.2.34-150000.4.103.1 php7-mysql-debuginfo-7.2.34-150000.4.103.1 php7-odbc-7.2.34-150000.4.103.1 php7-odbc-debuginfo-7.2.34-150000.4.103.1 php7-opcache-7.2.34-150000.4.103.1 php7-opcache-debuginfo-7.2.34-150000.4.103.1 php7-openssl-7.2.34-150000.4.103.1 php7-openssl-debuginfo-7.2.34-150000.4.103.1 php7-pcntl-7.2.34-150000.4.103.1 php7-pcntl-debuginfo-7.2.34-150000.4.103.1 php7-pdo-7.2.34-150000.4.103.1 php7-pdo-debuginfo-7.2.34-150000.4.103.1 php7-pgsql-7.2.34-150000.4.103.1 php7-pgsql-debuginfo-7.2.34-150000.4.103.1 php7-phar-7.2.34-150000.4.103.1 php7-phar-debuginfo-7.2.34-150000.4.103.1 php7-posix-7.2.34-150000.4.103.1 php7-posix-debuginfo-7.2.34-150000.4.103.1 php7-readline-7.2.34-150000.4.103.1 php7-readline-debuginfo-7.2.34-150000.4.103.1 php7-shmop-7.2.34-150000.4.103.1 php7-shmop-debuginfo-7.2.34-150000.4.103.1 php7-snmp-7.2.34-150000.4.103.1 php7-snmp-debuginfo-7.2.34-150000.4.103.1 php7-soap-7.2.34-150000.4.103.1 php7-soap-debuginfo-7.2.34-150000.4.103.1 php7-sockets-7.2.34-150000.4.103.1 php7-sockets-debuginfo-7.2.34-150000.4.103.1 php7-sodium-7.2.34-150000.4.103.1 php7-sodium-debuginfo-7.2.34-150000.4.103.1 php7-sqlite-7.2.34-150000.4.103.1 php7-sqlite-debuginfo-7.2.34-150000.4.103.1 php7-sysvmsg-7.2.34-150000.4.103.1 php7-sysvmsg-debuginfo-7.2.34-150000.4.103.1 php7-sysvsem-7.2.34-150000.4.103.1 php7-sysvsem-debuginfo-7.2.34-150000.4.103.1 php7-sysvshm-7.2.34-150000.4.103.1 php7-sysvshm-debuginfo-7.2.34-150000.4.103.1 php7-tidy-7.2.34-150000.4.103.1 php7-tidy-debuginfo-7.2.34-150000.4.103.1 php7-tokenizer-7.2.34-150000.4.103.1 php7-tokenizer-debuginfo-7.2.34-150000.4.103.1 php7-wddx-7.2.34-150000.4.103.1 php7-wddx-debuginfo-7.2.34-150000.4.103.1 php7-xmlreader-7.2.34-150000.4.103.1 php7-xmlreader-debuginfo-7.2.34-150000.4.103.1 php7-xmlrpc-7.2.34-150000.4.103.1 php7-xmlrpc-debuginfo-7.2.34-150000.4.103.1 php7-xmlwriter-7.2.34-150000.4.103.1 php7-xmlwriter-debuginfo-7.2.34-150000.4.103.1 php7-xsl-7.2.34-150000.4.103.1 php7-xsl-debuginfo-7.2.34-150000.4.103.1 php7-zip-7.2.34-150000.4.103.1 php7-zip-debuginfo-7.2.34-150000.4.103.1 php7-zlib-7.2.34-150000.4.103.1 php7-zlib-debuginfo-7.2.34-150000.4.103.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (noarch): php7-pear-7.2.34-150000.4.103.1 php7-pear-Archive_Tar-7.2.34-150000.4.103.1 - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): apache2-mod_php7-7.2.34-150000.4.103.1 apache2-mod_php7-debuginfo-7.2.34-150000.4.103.1 php7-7.2.34-150000.4.103.1 php7-bcmath-7.2.34-150000.4.103.1 php7-bcmath-debuginfo-7.2.34-150000.4.103.1 php7-bz2-7.2.34-150000.4.103.1 php7-bz2-debuginfo-7.2.34-150000.4.103.1 php7-calendar-7.2.34-150000.4.103.1 php7-calendar-debuginfo-7.2.34-150000.4.103.1 php7-ctype-7.2.34-150000.4.103.1 php7-ctype-debuginfo-7.2.34-150000.4.103.1 php7-curl-7.2.34-150000.4.103.1 php7-curl-debuginfo-7.2.34-150000.4.103.1 php7-dba-7.2.34-150000.4.103.1 php7-dba-debuginfo-7.2.34-150000.4.103.1 php7-debuginfo-7.2.34-150000.4.103.1 php7-debugsource-7.2.34-150000.4.103.1 php7-devel-7.2.34-150000.4.103.1 php7-dom-7.2.34-150000.4.103.1 php7-dom-debuginfo-7.2.34-150000.4.103.1 php7-enchant-7.2.34-150000.4.103.1 php7-enchant-debuginfo-7.2.34-150000.4.103.1 php7-exif-7.2.34-150000.4.103.1 php7-exif-debuginfo-7.2.34-150000.4.103.1 php7-fastcgi-7.2.34-150000.4.103.1 php7-fastcgi-debuginfo-7.2.34-150000.4.103.1 php7-fileinfo-7.2.34-150000.4.103.1 php7-fileinfo-debuginfo-7.2.34-150000.4.103.1 php7-fpm-7.2.34-150000.4.103.1 php7-fpm-debuginfo-7.2.34-150000.4.103.1 php7-ftp-7.2.34-150000.4.103.1 php7-ftp-debuginfo-7.2.34-150000.4.103.1 php7-gd-7.2.34-150000.4.103.1 php7-gd-debuginfo-7.2.34-150000.4.103.1 php7-gettext-7.2.34-150000.4.103.1 php7-gettext-debuginfo-7.2.34-150000.4.103.1 php7-gmp-7.2.34-150000.4.103.1 php7-gmp-debuginfo-7.2.34-150000.4.103.1 php7-iconv-7.2.34-150000.4.103.1 php7-iconv-debuginfo-7.2.34-150000.4.103.1 php7-intl-7.2.34-150000.4.103.1 php7-intl-debuginfo-7.2.34-150000.4.103.1 php7-json-7.2.34-150000.4.103.1 php7-json-debuginfo-7.2.34-150000.4.103.1 php7-ldap-7.2.34-150000.4.103.1 php7-ldap-debuginfo-7.2.34-150000.4.103.1 php7-mbstring-7.2.34-150000.4.103.1 php7-mbstring-debuginfo-7.2.34-150000.4.103.1 php7-mysql-7.2.34-150000.4.103.1 php7-mysql-debuginfo-7.2.34-150000.4.103.1 php7-odbc-7.2.34-150000.4.103.1 php7-odbc-debuginfo-7.2.34-150000.4.103.1 php7-opcache-7.2.34-150000.4.103.1 php7-opcache-debuginfo-7.2.34-150000.4.103.1 php7-openssl-7.2.34-150000.4.103.1 php7-openssl-debuginfo-7.2.34-150000.4.103.1 php7-pcntl-7.2.34-150000.4.103.1 php7-pcntl-debuginfo-7.2.34-150000.4.103.1 php7-pdo-7.2.34-150000.4.103.1 php7-pdo-debuginfo-7.2.34-150000.4.103.1 php7-pgsql-7.2.34-150000.4.103.1 php7-pgsql-debuginfo-7.2.34-150000.4.103.1 php7-phar-7.2.34-150000.4.103.1 php7-phar-debuginfo-7.2.34-150000.4.103.1 php7-posix-7.2.34-150000.4.103.1 php7-posix-debuginfo-7.2.34-150000.4.103.1 php7-readline-7.2.34-150000.4.103.1 php7-readline-debuginfo-7.2.34-150000.4.103.1 php7-shmop-7.2.34-150000.4.103.1 php7-shmop-debuginfo-7.2.34-150000.4.103.1 php7-snmp-7.2.34-150000.4.103.1 php7-snmp-debuginfo-7.2.34-150000.4.103.1 php7-soap-7.2.34-150000.4.103.1 php7-soap-debuginfo-7.2.34-150000.4.103.1 php7-sockets-7.2.34-150000.4.103.1 php7-sockets-debuginfo-7.2.34-150000.4.103.1 php7-sodium-7.2.34-150000.4.103.1 php7-sodium-debuginfo-7.2.34-150000.4.103.1 php7-sqlite-7.2.34-150000.4.103.1 php7-sqlite-debuginfo-7.2.34-150000.4.103.1 php7-sysvmsg-7.2.34-150000.4.103.1 php7-sysvmsg-debuginfo-7.2.34-150000.4.103.1 php7-sysvsem-7.2.34-150000.4.103.1 php7-sysvsem-debuginfo-7.2.34-150000.4.103.1 php7-sysvshm-7.2.34-150000.4.103.1 php7-sysvshm-debuginfo-7.2.34-150000.4.103.1 php7-tokenizer-7.2.34-150000.4.103.1 php7-tokenizer-debuginfo-7.2.34-150000.4.103.1 php7-wddx-7.2.34-150000.4.103.1 php7-wddx-debuginfo-7.2.34-150000.4.103.1 php7-xmlreader-7.2.34-150000.4.103.1 php7-xmlreader-debuginfo-7.2.34-150000.4.103.1 php7-xmlrpc-7.2.34-150000.4.103.1 php7-xmlrpc-debuginfo-7.2.34-150000.4.103.1 php7-xmlwriter-7.2.34-150000.4.103.1 php7-xmlwriter-debuginfo-7.2.34-150000.4.103.1 php7-xsl-7.2.34-150000.4.103.1 php7-xsl-debuginfo-7.2.34-150000.4.103.1 php7-zip-7.2.34-150000.4.103.1 php7-zip-debuginfo-7.2.34-150000.4.103.1 php7-zlib-7.2.34-150000.4.103.1 php7-zlib-debuginfo-7.2.34-150000.4.103.1 - SUSE Linux Enterprise Server for SAP 15 (noarch): php7-pear-7.2.34-150000.4.103.1 php7-pear-Archive_Tar-7.2.34-150000.4.103.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): apache2-mod_php7-7.2.34-150000.4.103.1 apache2-mod_php7-debuginfo-7.2.34-150000.4.103.1 php7-7.2.34-150000.4.103.1 php7-bcmath-7.2.34-150000.4.103.1 php7-bcmath-debuginfo-7.2.34-150000.4.103.1 php7-bz2-7.2.34-150000.4.103.1 php7-bz2-debuginfo-7.2.34-150000.4.103.1 php7-calendar-7.2.34-150000.4.103.1 php7-calendar-debuginfo-7.2.34-150000.4.103.1 php7-ctype-7.2.34-150000.4.103.1 php7-ctype-debuginfo-7.2.34-150000.4.103.1 php7-curl-7.2.34-150000.4.103.1 php7-curl-debuginfo-7.2.34-150000.4.103.1 php7-dba-7.2.34-150000.4.103.1 php7-dba-debuginfo-7.2.34-150000.4.103.1 php7-debuginfo-7.2.34-150000.4.103.1 php7-debugsource-7.2.34-150000.4.103.1 php7-devel-7.2.34-150000.4.103.1 php7-dom-7.2.34-150000.4.103.1 php7-dom-debuginfo-7.2.34-150000.4.103.1 php7-enchant-7.2.34-150000.4.103.1 php7-enchant-debuginfo-7.2.34-150000.4.103.1 php7-exif-7.2.34-150000.4.103.1 php7-exif-debuginfo-7.2.34-150000.4.103.1 php7-fastcgi-7.2.34-150000.4.103.1 php7-fastcgi-debuginfo-7.2.34-150000.4.103.1 php7-fileinfo-7.2.34-150000.4.103.1 php7-fileinfo-debuginfo-7.2.34-150000.4.103.1 php7-fpm-7.2.34-150000.4.103.1 php7-fpm-debuginfo-7.2.34-150000.4.103.1 php7-ftp-7.2.34-150000.4.103.1 php7-ftp-debuginfo-7.2.34-150000.4.103.1 php7-gd-7.2.34-150000.4.103.1 php7-gd-debuginfo-7.2.34-150000.4.103.1 php7-gettext-7.2.34-150000.4.103.1 php7-gettext-debuginfo-7.2.34-150000.4.103.1 php7-gmp-7.2.34-150000.4.103.1 php7-gmp-debuginfo-7.2.34-150000.4.103.1 php7-iconv-7.2.34-150000.4.103.1 php7-iconv-debuginfo-7.2.34-150000.4.103.1 php7-intl-7.2.34-150000.4.103.1 php7-intl-debuginfo-7.2.34-150000.4.103.1 php7-json-7.2.34-150000.4.103.1 php7-json-debuginfo-7.2.34-150000.4.103.1 php7-ldap-7.2.34-150000.4.103.1 php7-ldap-debuginfo-7.2.34-150000.4.103.1 php7-mbstring-7.2.34-150000.4.103.1 php7-mbstring-debuginfo-7.2.34-150000.4.103.1 php7-mysql-7.2.34-150000.4.103.1 php7-mysql-debuginfo-7.2.34-150000.4.103.1 php7-odbc-7.2.34-150000.4.103.1 php7-odbc-debuginfo-7.2.34-150000.4.103.1 php7-opcache-7.2.34-150000.4.103.1 php7-opcache-debuginfo-7.2.34-150000.4.103.1 php7-openssl-7.2.34-150000.4.103.1 php7-openssl-debuginfo-7.2.34-150000.4.103.1 php7-pcntl-7.2.34-150000.4.103.1 php7-pcntl-debuginfo-7.2.34-150000.4.103.1 php7-pdo-7.2.34-150000.4.103.1 php7-pdo-debuginfo-7.2.34-150000.4.103.1 php7-pgsql-7.2.34-150000.4.103.1 php7-pgsql-debuginfo-7.2.34-150000.4.103.1 php7-phar-7.2.34-150000.4.103.1 php7-phar-debuginfo-7.2.34-150000.4.103.1 php7-posix-7.2.34-150000.4.103.1 php7-posix-debuginfo-7.2.34-150000.4.103.1 php7-readline-7.2.34-150000.4.103.1 php7-readline-debuginfo-7.2.34-150000.4.103.1 php7-shmop-7.2.34-150000.4.103.1 php7-shmop-debuginfo-7.2.34-150000.4.103.1 php7-snmp-7.2.34-150000.4.103.1 php7-snmp-debuginfo-7.2.34-150000.4.103.1 php7-soap-7.2.34-150000.4.103.1 php7-soap-debuginfo-7.2.34-150000.4.103.1 php7-sockets-7.2.34-150000.4.103.1 php7-sockets-debuginfo-7.2.34-150000.4.103.1 php7-sodium-7.2.34-150000.4.103.1 php7-sodium-debuginfo-7.2.34-150000.4.103.1 php7-sqlite-7.2.34-150000.4.103.1 php7-sqlite-debuginfo-7.2.34-150000.4.103.1 php7-sysvmsg-7.2.34-150000.4.103.1 php7-sysvmsg-debuginfo-7.2.34-150000.4.103.1 php7-sysvsem-7.2.34-150000.4.103.1 php7-sysvsem-debuginfo-7.2.34-150000.4.103.1 php7-sysvshm-7.2.34-150000.4.103.1 php7-sysvshm-debuginfo-7.2.34-150000.4.103.1 php7-tidy-7.2.34-150000.4.103.1 php7-tidy-debuginfo-7.2.34-150000.4.103.1 php7-tokenizer-7.2.34-150000.4.103.1 php7-tokenizer-debuginfo-7.2.34-150000.4.103.1 php7-wddx-7.2.34-150000.4.103.1 php7-wddx-debuginfo-7.2.34-150000.4.103.1 php7-xmlreader-7.2.34-150000.4.103.1 php7-xmlreader-debuginfo-7.2.34-150000.4.103.1 php7-xmlrpc-7.2.34-150000.4.103.1 php7-xmlrpc-debuginfo-7.2.34-150000.4.103.1 php7-xmlwriter-7.2.34-150000.4.103.1 php7-xmlwriter-debuginfo-7.2.34-150000.4.103.1 php7-xsl-7.2.34-150000.4.103.1 php7-xsl-debuginfo-7.2.34-150000.4.103.1 php7-zip-7.2.34-150000.4.103.1 php7-zip-debuginfo-7.2.34-150000.4.103.1 php7-zlib-7.2.34-150000.4.103.1 php7-zlib-debuginfo-7.2.34-150000.4.103.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (noarch): php7-pear-7.2.34-150000.4.103.1 php7-pear-Archive_Tar-7.2.34-150000.4.103.1 - SUSE Linux Enterprise Server 15-SP1-BCL (noarch): php7-pear-7.2.34-150000.4.103.1 php7-pear-Archive_Tar-7.2.34-150000.4.103.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): apache2-mod_php7-7.2.34-150000.4.103.1 apache2-mod_php7-debuginfo-7.2.34-150000.4.103.1 php7-7.2.34-150000.4.103.1 php7-bcmath-7.2.34-150000.4.103.1 php7-bcmath-debuginfo-7.2.34-150000.4.103.1 php7-bz2-7.2.34-150000.4.103.1 php7-bz2-debuginfo-7.2.34-150000.4.103.1 php7-calendar-7.2.34-150000.4.103.1 php7-calendar-debuginfo-7.2.34-150000.4.103.1 php7-ctype-7.2.34-150000.4.103.1 php7-ctype-debuginfo-7.2.34-150000.4.103.1 php7-curl-7.2.34-150000.4.103.1 php7-curl-debuginfo-7.2.34-150000.4.103.1 php7-dba-7.2.34-150000.4.103.1 php7-dba-debuginfo-7.2.34-150000.4.103.1 php7-debuginfo-7.2.34-150000.4.103.1 php7-debugsource-7.2.34-150000.4.103.1 php7-devel-7.2.34-150000.4.103.1 php7-dom-7.2.34-150000.4.103.1 php7-dom-debuginfo-7.2.34-150000.4.103.1 php7-enchant-7.2.34-150000.4.103.1 php7-enchant-debuginfo-7.2.34-150000.4.103.1 php7-exif-7.2.34-150000.4.103.1 php7-exif-debuginfo-7.2.34-150000.4.103.1 php7-fastcgi-7.2.34-150000.4.103.1 php7-fastcgi-debuginfo-7.2.34-150000.4.103.1 php7-fileinfo-7.2.34-150000.4.103.1 php7-fileinfo-debuginfo-7.2.34-150000.4.103.1 php7-fpm-7.2.34-150000.4.103.1 php7-fpm-debuginfo-7.2.34-150000.4.103.1 php7-ftp-7.2.34-150000.4.103.1 php7-ftp-debuginfo-7.2.34-150000.4.103.1 php7-gd-7.2.34-150000.4.103.1 php7-gd-debuginfo-7.2.34-150000.4.103.1 php7-gettext-7.2.34-150000.4.103.1 php7-gettext-debuginfo-7.2.34-150000.4.103.1 php7-gmp-7.2.34-150000.4.103.1 php7-gmp-debuginfo-7.2.34-150000.4.103.1 php7-iconv-7.2.34-150000.4.103.1 php7-iconv-debuginfo-7.2.34-150000.4.103.1 php7-intl-7.2.34-150000.4.103.1 php7-intl-debuginfo-7.2.34-150000.4.103.1 php7-json-7.2.34-150000.4.103.1 php7-json-debuginfo-7.2.34-150000.4.103.1 php7-ldap-7.2.34-150000.4.103.1 php7-ldap-debuginfo-7.2.34-150000.4.103.1 php7-mbstring-7.2.34-150000.4.103.1 php7-mbstring-debuginfo-7.2.34-150000.4.103.1 php7-mysql-7.2.34-150000.4.103.1 php7-mysql-debuginfo-7.2.34-150000.4.103.1 php7-odbc-7.2.34-150000.4.103.1 php7-odbc-debuginfo-7.2.34-150000.4.103.1 php7-opcache-7.2.34-150000.4.103.1 php7-opcache-debuginfo-7.2.34-150000.4.103.1 php7-openssl-7.2.34-150000.4.103.1 php7-openssl-debuginfo-7.2.34-150000.4.103.1 php7-pcntl-7.2.34-150000.4.103.1 php7-pcntl-debuginfo-7.2.34-150000.4.103.1 php7-pdo-7.2.34-150000.4.103.1 php7-pdo-debuginfo-7.2.34-150000.4.103.1 php7-pgsql-7.2.34-150000.4.103.1 php7-pgsql-debuginfo-7.2.34-150000.4.103.1 php7-phar-7.2.34-150000.4.103.1 php7-phar-debuginfo-7.2.34-150000.4.103.1 php7-posix-7.2.34-150000.4.103.1 php7-posix-debuginfo-7.2.34-150000.4.103.1 php7-readline-7.2.34-150000.4.103.1 php7-readline-debuginfo-7.2.34-150000.4.103.1 php7-shmop-7.2.34-150000.4.103.1 php7-shmop-debuginfo-7.2.34-150000.4.103.1 php7-snmp-7.2.34-150000.4.103.1 php7-snmp-debuginfo-7.2.34-150000.4.103.1 php7-soap-7.2.34-150000.4.103.1 php7-soap-debuginfo-7.2.34-150000.4.103.1 php7-sockets-7.2.34-150000.4.103.1 php7-sockets-debuginfo-7.2.34-150000.4.103.1 php7-sodium-7.2.34-150000.4.103.1 php7-sodium-debuginfo-7.2.34-150000.4.103.1 php7-sqlite-7.2.34-150000.4.103.1 php7-sqlite-debuginfo-7.2.34-150000.4.103.1 php7-sysvmsg-7.2.34-150000.4.103.1 php7-sysvmsg-debuginfo-7.2.34-150000.4.103.1 php7-sysvsem-7.2.34-150000.4.103.1 php7-sysvsem-debuginfo-7.2.34-150000.4.103.1 php7-sysvshm-7.2.34-150000.4.103.1 php7-sysvshm-debuginfo-7.2.34-150000.4.103.1 php7-tidy-7.2.34-150000.4.103.1 php7-tidy-debuginfo-7.2.34-150000.4.103.1 php7-tokenizer-7.2.34-150000.4.103.1 php7-tokenizer-debuginfo-7.2.34-150000.4.103.1 php7-wddx-7.2.34-150000.4.103.1 php7-wddx-debuginfo-7.2.34-150000.4.103.1 php7-xmlreader-7.2.34-150000.4.103.1 php7-xmlreader-debuginfo-7.2.34-150000.4.103.1 php7-xmlrpc-7.2.34-150000.4.103.1 php7-xmlrpc-debuginfo-7.2.34-150000.4.103.1 php7-xmlwriter-7.2.34-150000.4.103.1 php7-xmlwriter-debuginfo-7.2.34-150000.4.103.1 php7-xsl-7.2.34-150000.4.103.1 php7-xsl-debuginfo-7.2.34-150000.4.103.1 php7-zip-7.2.34-150000.4.103.1 php7-zip-debuginfo-7.2.34-150000.4.103.1 php7-zlib-7.2.34-150000.4.103.1 php7-zlib-debuginfo-7.2.34-150000.4.103.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): apache2-mod_php7-7.2.34-150000.4.103.1 apache2-mod_php7-debuginfo-7.2.34-150000.4.103.1 php7-7.2.34-150000.4.103.1 php7-bcmath-7.2.34-150000.4.103.1 php7-bcmath-debuginfo-7.2.34-150000.4.103.1 php7-bz2-7.2.34-150000.4.103.1 php7-bz2-debuginfo-7.2.34-150000.4.103.1 php7-calendar-7.2.34-150000.4.103.1 php7-calendar-debuginfo-7.2.34-150000.4.103.1 php7-ctype-7.2.34-150000.4.103.1 php7-ctype-debuginfo-7.2.34-150000.4.103.1 php7-curl-7.2.34-150000.4.103.1 php7-curl-debuginfo-7.2.34-150000.4.103.1 php7-dba-7.2.34-150000.4.103.1 php7-dba-debuginfo-7.2.34-150000.4.103.1 php7-debuginfo-7.2.34-150000.4.103.1 php7-debugsource-7.2.34-150000.4.103.1 php7-devel-7.2.34-150000.4.103.1 php7-dom-7.2.34-150000.4.103.1 php7-dom-debuginfo-7.2.34-150000.4.103.1 php7-enchant-7.2.34-150000.4.103.1 php7-enchant-debuginfo-7.2.34-150000.4.103.1 php7-exif-7.2.34-150000.4.103.1 php7-exif-debuginfo-7.2.34-150000.4.103.1 php7-fastcgi-7.2.34-150000.4.103.1 php7-fastcgi-debuginfo-7.2.34-150000.4.103.1 php7-fileinfo-7.2.34-150000.4.103.1 php7-fileinfo-debuginfo-7.2.34-150000.4.103.1 php7-fpm-7.2.34-150000.4.103.1 php7-fpm-debuginfo-7.2.34-150000.4.103.1 php7-ftp-7.2.34-150000.4.103.1 php7-ftp-debuginfo-7.2.34-150000.4.103.1 php7-gd-7.2.34-150000.4.103.1 php7-gd-debuginfo-7.2.34-150000.4.103.1 php7-gettext-7.2.34-150000.4.103.1 php7-gettext-debuginfo-7.2.34-150000.4.103.1 php7-gmp-7.2.34-150000.4.103.1 php7-gmp-debuginfo-7.2.34-150000.4.103.1 php7-iconv-7.2.34-150000.4.103.1 php7-iconv-debuginfo-7.2.34-150000.4.103.1 php7-intl-7.2.34-150000.4.103.1 php7-intl-debuginfo-7.2.34-150000.4.103.1 php7-json-7.2.34-150000.4.103.1 php7-json-debuginfo-7.2.34-150000.4.103.1 php7-ldap-7.2.34-150000.4.103.1 php7-ldap-debuginfo-7.2.34-150000.4.103.1 php7-mbstring-7.2.34-150000.4.103.1 php7-mbstring-debuginfo-7.2.34-150000.4.103.1 php7-mysql-7.2.34-150000.4.103.1 php7-mysql-debuginfo-7.2.34-150000.4.103.1 php7-odbc-7.2.34-150000.4.103.1 php7-odbc-debuginfo-7.2.34-150000.4.103.1 php7-opcache-7.2.34-150000.4.103.1 php7-opcache-debuginfo-7.2.34-150000.4.103.1 php7-openssl-7.2.34-150000.4.103.1 php7-openssl-debuginfo-7.2.34-150000.4.103.1 php7-pcntl-7.2.34-150000.4.103.1 php7-pcntl-debuginfo-7.2.34-150000.4.103.1 php7-pdo-7.2.34-150000.4.103.1 php7-pdo-debuginfo-7.2.34-150000.4.103.1 php7-pgsql-7.2.34-150000.4.103.1 php7-pgsql-debuginfo-7.2.34-150000.4.103.1 php7-phar-7.2.34-150000.4.103.1 php7-phar-debuginfo-7.2.34-150000.4.103.1 php7-posix-7.2.34-150000.4.103.1 php7-posix-debuginfo-7.2.34-150000.4.103.1 php7-readline-7.2.34-150000.4.103.1 php7-readline-debuginfo-7.2.34-150000.4.103.1 php7-shmop-7.2.34-150000.4.103.1 php7-shmop-debuginfo-7.2.34-150000.4.103.1 php7-snmp-7.2.34-150000.4.103.1 php7-snmp-debuginfo-7.2.34-150000.4.103.1 php7-soap-7.2.34-150000.4.103.1 php7-soap-debuginfo-7.2.34-150000.4.103.1 php7-sockets-7.2.34-150000.4.103.1 php7-sockets-debuginfo-7.2.34-150000.4.103.1 php7-sodium-7.2.34-150000.4.103.1 php7-sodium-debuginfo-7.2.34-150000.4.103.1 php7-sqlite-7.2.34-150000.4.103.1 php7-sqlite-debuginfo-7.2.34-150000.4.103.1 php7-sysvmsg-7.2.34-150000.4.103.1 php7-sysvmsg-debuginfo-7.2.34-150000.4.103.1 php7-sysvsem-7.2.34-150000.4.103.1 php7-sysvsem-debuginfo-7.2.34-150000.4.103.1 php7-sysvshm-7.2.34-150000.4.103.1 php7-sysvshm-debuginfo-7.2.34-150000.4.103.1 php7-tokenizer-7.2.34-150000.4.103.1 php7-tokenizer-debuginfo-7.2.34-150000.4.103.1 php7-wddx-7.2.34-150000.4.103.1 php7-wddx-debuginfo-7.2.34-150000.4.103.1 php7-xmlreader-7.2.34-150000.4.103.1 php7-xmlreader-debuginfo-7.2.34-150000.4.103.1 php7-xmlrpc-7.2.34-150000.4.103.1 php7-xmlrpc-debuginfo-7.2.34-150000.4.103.1 php7-xmlwriter-7.2.34-150000.4.103.1 php7-xmlwriter-debuginfo-7.2.34-150000.4.103.1 php7-xsl-7.2.34-150000.4.103.1 php7-xsl-debuginfo-7.2.34-150000.4.103.1 php7-zip-7.2.34-150000.4.103.1 php7-zip-debuginfo-7.2.34-150000.4.103.1 php7-zlib-7.2.34-150000.4.103.1 php7-zlib-debuginfo-7.2.34-150000.4.103.1 - SUSE Linux Enterprise Server 15-LTSS (noarch): php7-pear-7.2.34-150000.4.103.1 php7-pear-Archive_Tar-7.2.34-150000.4.103.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): apache2-mod_php7-7.2.34-150000.4.103.1 apache2-mod_php7-debuginfo-7.2.34-150000.4.103.1 php7-7.2.34-150000.4.103.1 php7-bcmath-7.2.34-150000.4.103.1 php7-bcmath-debuginfo-7.2.34-150000.4.103.1 php7-bz2-7.2.34-150000.4.103.1 php7-bz2-debuginfo-7.2.34-150000.4.103.1 php7-calendar-7.2.34-150000.4.103.1 php7-calendar-debuginfo-7.2.34-150000.4.103.1 php7-ctype-7.2.34-150000.4.103.1 php7-ctype-debuginfo-7.2.34-150000.4.103.1 php7-curl-7.2.34-150000.4.103.1 php7-curl-debuginfo-7.2.34-150000.4.103.1 php7-dba-7.2.34-150000.4.103.1 php7-dba-debuginfo-7.2.34-150000.4.103.1 php7-debuginfo-7.2.34-150000.4.103.1 php7-debugsource-7.2.34-150000.4.103.1 php7-devel-7.2.34-150000.4.103.1 php7-dom-7.2.34-150000.4.103.1 php7-dom-debuginfo-7.2.34-150000.4.103.1 php7-enchant-7.2.34-150000.4.103.1 php7-enchant-debuginfo-7.2.34-150000.4.103.1 php7-exif-7.2.34-150000.4.103.1 php7-exif-debuginfo-7.2.34-150000.4.103.1 php7-fastcgi-7.2.34-150000.4.103.1 php7-fastcgi-debuginfo-7.2.34-150000.4.103.1 php7-fileinfo-7.2.34-150000.4.103.1 php7-fileinfo-debuginfo-7.2.34-150000.4.103.1 php7-fpm-7.2.34-150000.4.103.1 php7-fpm-debuginfo-7.2.34-150000.4.103.1 php7-ftp-7.2.34-150000.4.103.1 php7-ftp-debuginfo-7.2.34-150000.4.103.1 php7-gd-7.2.34-150000.4.103.1 php7-gd-debuginfo-7.2.34-150000.4.103.1 php7-gettext-7.2.34-150000.4.103.1 php7-gettext-debuginfo-7.2.34-150000.4.103.1 php7-gmp-7.2.34-150000.4.103.1 php7-gmp-debuginfo-7.2.34-150000.4.103.1 php7-iconv-7.2.34-150000.4.103.1 php7-iconv-debuginfo-7.2.34-150000.4.103.1 php7-intl-7.2.34-150000.4.103.1 php7-intl-debuginfo-7.2.34-150000.4.103.1 php7-json-7.2.34-150000.4.103.1 php7-json-debuginfo-7.2.34-150000.4.103.1 php7-ldap-7.2.34-150000.4.103.1 php7-ldap-debuginfo-7.2.34-150000.4.103.1 php7-mbstring-7.2.34-150000.4.103.1 php7-mbstring-debuginfo-7.2.34-150000.4.103.1 php7-mysql-7.2.34-150000.4.103.1 php7-mysql-debuginfo-7.2.34-150000.4.103.1 php7-odbc-7.2.34-150000.4.103.1 php7-odbc-debuginfo-7.2.34-150000.4.103.1 php7-opcache-7.2.34-150000.4.103.1 php7-opcache-debuginfo-7.2.34-150000.4.103.1 php7-openssl-7.2.34-150000.4.103.1 php7-openssl-debuginfo-7.2.34-150000.4.103.1 php7-pcntl-7.2.34-150000.4.103.1 php7-pcntl-debuginfo-7.2.34-150000.4.103.1 php7-pdo-7.2.34-150000.4.103.1 php7-pdo-debuginfo-7.2.34-150000.4.103.1 php7-pgsql-7.2.34-150000.4.103.1 php7-pgsql-debuginfo-7.2.34-150000.4.103.1 php7-phar-7.2.34-150000.4.103.1 php7-phar-debuginfo-7.2.34-150000.4.103.1 php7-posix-7.2.34-150000.4.103.1 php7-posix-debuginfo-7.2.34-150000.4.103.1 php7-readline-7.2.34-150000.4.103.1 php7-readline-debuginfo-7.2.34-150000.4.103.1 php7-shmop-7.2.34-150000.4.103.1 php7-shmop-debuginfo-7.2.34-150000.4.103.1 php7-snmp-7.2.34-150000.4.103.1 php7-snmp-debuginfo-7.2.34-150000.4.103.1 php7-soap-7.2.34-150000.4.103.1 php7-soap-debuginfo-7.2.34-150000.4.103.1 php7-sockets-7.2.34-150000.4.103.1 php7-sockets-debuginfo-7.2.34-150000.4.103.1 php7-sodium-7.2.34-150000.4.103.1 php7-sodium-debuginfo-7.2.34-150000.4.103.1 php7-sqlite-7.2.34-150000.4.103.1 php7-sqlite-debuginfo-7.2.34-150000.4.103.1 php7-sysvmsg-7.2.34-150000.4.103.1 php7-sysvmsg-debuginfo-7.2.34-150000.4.103.1 php7-sysvsem-7.2.34-150000.4.103.1 php7-sysvsem-debuginfo-7.2.34-150000.4.103.1 php7-sysvshm-7.2.34-150000.4.103.1 php7-sysvshm-debuginfo-7.2.34-150000.4.103.1 php7-tidy-7.2.34-150000.4.103.1 php7-tidy-debuginfo-7.2.34-150000.4.103.1 php7-tokenizer-7.2.34-150000.4.103.1 php7-tokenizer-debuginfo-7.2.34-150000.4.103.1 php7-wddx-7.2.34-150000.4.103.1 php7-wddx-debuginfo-7.2.34-150000.4.103.1 php7-xmlreader-7.2.34-150000.4.103.1 php7-xmlreader-debuginfo-7.2.34-150000.4.103.1 php7-xmlrpc-7.2.34-150000.4.103.1 php7-xmlrpc-debuginfo-7.2.34-150000.4.103.1 php7-xmlwriter-7.2.34-150000.4.103.1 php7-xmlwriter-debuginfo-7.2.34-150000.4.103.1 php7-xsl-7.2.34-150000.4.103.1 php7-xsl-debuginfo-7.2.34-150000.4.103.1 php7-zip-7.2.34-150000.4.103.1 php7-zip-debuginfo-7.2.34-150000.4.103.1 php7-zlib-7.2.34-150000.4.103.1 php7-zlib-debuginfo-7.2.34-150000.4.103.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (noarch): php7-pear-7.2.34-150000.4.103.1 php7-pear-Archive_Tar-7.2.34-150000.4.103.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): apache2-mod_php7-7.2.34-150000.4.103.1 apache2-mod_php7-debuginfo-7.2.34-150000.4.103.1 php7-7.2.34-150000.4.103.1 php7-bcmath-7.2.34-150000.4.103.1 php7-bcmath-debuginfo-7.2.34-150000.4.103.1 php7-bz2-7.2.34-150000.4.103.1 php7-bz2-debuginfo-7.2.34-150000.4.103.1 php7-calendar-7.2.34-150000.4.103.1 php7-calendar-debuginfo-7.2.34-150000.4.103.1 php7-ctype-7.2.34-150000.4.103.1 php7-ctype-debuginfo-7.2.34-150000.4.103.1 php7-curl-7.2.34-150000.4.103.1 php7-curl-debuginfo-7.2.34-150000.4.103.1 php7-dba-7.2.34-150000.4.103.1 php7-dba-debuginfo-7.2.34-150000.4.103.1 php7-debuginfo-7.2.34-150000.4.103.1 php7-debugsource-7.2.34-150000.4.103.1 php7-devel-7.2.34-150000.4.103.1 php7-dom-7.2.34-150000.4.103.1 php7-dom-debuginfo-7.2.34-150000.4.103.1 php7-enchant-7.2.34-150000.4.103.1 php7-enchant-debuginfo-7.2.34-150000.4.103.1 php7-exif-7.2.34-150000.4.103.1 php7-exif-debuginfo-7.2.34-150000.4.103.1 php7-fastcgi-7.2.34-150000.4.103.1 php7-fastcgi-debuginfo-7.2.34-150000.4.103.1 php7-fileinfo-7.2.34-150000.4.103.1 php7-fileinfo-debuginfo-7.2.34-150000.4.103.1 php7-fpm-7.2.34-150000.4.103.1 php7-fpm-debuginfo-7.2.34-150000.4.103.1 php7-ftp-7.2.34-150000.4.103.1 php7-ftp-debuginfo-7.2.34-150000.4.103.1 php7-gd-7.2.34-150000.4.103.1 php7-gd-debuginfo-7.2.34-150000.4.103.1 php7-gettext-7.2.34-150000.4.103.1 php7-gettext-debuginfo-7.2.34-150000.4.103.1 php7-gmp-7.2.34-150000.4.103.1 php7-gmp-debuginfo-7.2.34-150000.4.103.1 php7-iconv-7.2.34-150000.4.103.1 php7-iconv-debuginfo-7.2.34-150000.4.103.1 php7-intl-7.2.34-150000.4.103.1 php7-intl-debuginfo-7.2.34-150000.4.103.1 php7-json-7.2.34-150000.4.103.1 php7-json-debuginfo-7.2.34-150000.4.103.1 php7-ldap-7.2.34-150000.4.103.1 php7-ldap-debuginfo-7.2.34-150000.4.103.1 php7-mbstring-7.2.34-150000.4.103.1 php7-mbstring-debuginfo-7.2.34-150000.4.103.1 php7-mysql-7.2.34-150000.4.103.1 php7-mysql-debuginfo-7.2.34-150000.4.103.1 php7-odbc-7.2.34-150000.4.103.1 php7-odbc-debuginfo-7.2.34-150000.4.103.1 php7-opcache-7.2.34-150000.4.103.1 php7-opcache-debuginfo-7.2.34-150000.4.103.1 php7-openssl-7.2.34-150000.4.103.1 php7-openssl-debuginfo-7.2.34-150000.4.103.1 php7-pcntl-7.2.34-150000.4.103.1 php7-pcntl-debuginfo-7.2.34-150000.4.103.1 php7-pdo-7.2.34-150000.4.103.1 php7-pdo-debuginfo-7.2.34-150000.4.103.1 php7-pgsql-7.2.34-150000.4.103.1 php7-pgsql-debuginfo-7.2.34-150000.4.103.1 php7-phar-7.2.34-150000.4.103.1 php7-phar-debuginfo-7.2.34-150000.4.103.1 php7-posix-7.2.34-150000.4.103.1 php7-posix-debuginfo-7.2.34-150000.4.103.1 php7-readline-7.2.34-150000.4.103.1 php7-readline-debuginfo-7.2.34-150000.4.103.1 php7-shmop-7.2.34-150000.4.103.1 php7-shmop-debuginfo-7.2.34-150000.4.103.1 php7-snmp-7.2.34-150000.4.103.1 php7-snmp-debuginfo-7.2.34-150000.4.103.1 php7-soap-7.2.34-150000.4.103.1 php7-soap-debuginfo-7.2.34-150000.4.103.1 php7-sockets-7.2.34-150000.4.103.1 php7-sockets-debuginfo-7.2.34-150000.4.103.1 php7-sodium-7.2.34-150000.4.103.1 php7-sodium-debuginfo-7.2.34-150000.4.103.1 php7-sqlite-7.2.34-150000.4.103.1 php7-sqlite-debuginfo-7.2.34-150000.4.103.1 php7-sysvmsg-7.2.34-150000.4.103.1 php7-sysvmsg-debuginfo-7.2.34-150000.4.103.1 php7-sysvsem-7.2.34-150000.4.103.1 php7-sysvsem-debuginfo-7.2.34-150000.4.103.1 php7-sysvshm-7.2.34-150000.4.103.1 php7-sysvshm-debuginfo-7.2.34-150000.4.103.1 php7-tidy-7.2.34-150000.4.103.1 php7-tidy-debuginfo-7.2.34-150000.4.103.1 php7-tokenizer-7.2.34-150000.4.103.1 php7-tokenizer-debuginfo-7.2.34-150000.4.103.1 php7-wddx-7.2.34-150000.4.103.1 php7-wddx-debuginfo-7.2.34-150000.4.103.1 php7-xmlreader-7.2.34-150000.4.103.1 php7-xmlreader-debuginfo-7.2.34-150000.4.103.1 php7-xmlrpc-7.2.34-150000.4.103.1 php7-xmlrpc-debuginfo-7.2.34-150000.4.103.1 php7-xmlwriter-7.2.34-150000.4.103.1 php7-xmlwriter-debuginfo-7.2.34-150000.4.103.1 php7-xsl-7.2.34-150000.4.103.1 php7-xsl-debuginfo-7.2.34-150000.4.103.1 php7-zip-7.2.34-150000.4.103.1 php7-zip-debuginfo-7.2.34-150000.4.103.1 php7-zlib-7.2.34-150000.4.103.1 php7-zlib-debuginfo-7.2.34-150000.4.103.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (noarch): php7-pear-7.2.34-150000.4.103.1 php7-pear-Archive_Tar-7.2.34-150000.4.103.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): apache2-mod_php7-7.2.34-150000.4.103.1 apache2-mod_php7-debuginfo-7.2.34-150000.4.103.1 php7-7.2.34-150000.4.103.1 php7-bcmath-7.2.34-150000.4.103.1 php7-bcmath-debuginfo-7.2.34-150000.4.103.1 php7-bz2-7.2.34-150000.4.103.1 php7-bz2-debuginfo-7.2.34-150000.4.103.1 php7-calendar-7.2.34-150000.4.103.1 php7-calendar-debuginfo-7.2.34-150000.4.103.1 php7-ctype-7.2.34-150000.4.103.1 php7-ctype-debuginfo-7.2.34-150000.4.103.1 php7-curl-7.2.34-150000.4.103.1 php7-curl-debuginfo-7.2.34-150000.4.103.1 php7-dba-7.2.34-150000.4.103.1 php7-dba-debuginfo-7.2.34-150000.4.103.1 php7-debuginfo-7.2.34-150000.4.103.1 php7-debugsource-7.2.34-150000.4.103.1 php7-devel-7.2.34-150000.4.103.1 php7-dom-7.2.34-150000.4.103.1 php7-dom-debuginfo-7.2.34-150000.4.103.1 php7-enchant-7.2.34-150000.4.103.1 php7-enchant-debuginfo-7.2.34-150000.4.103.1 php7-exif-7.2.34-150000.4.103.1 php7-exif-debuginfo-7.2.34-150000.4.103.1 php7-fastcgi-7.2.34-150000.4.103.1 php7-fastcgi-debuginfo-7.2.34-150000.4.103.1 php7-fileinfo-7.2.34-150000.4.103.1 php7-fileinfo-debuginfo-7.2.34-150000.4.103.1 php7-fpm-7.2.34-150000.4.103.1 php7-fpm-debuginfo-7.2.34-150000.4.103.1 php7-ftp-7.2.34-150000.4.103.1 php7-ftp-debuginfo-7.2.34-150000.4.103.1 php7-gd-7.2.34-150000.4.103.1 php7-gd-debuginfo-7.2.34-150000.4.103.1 php7-gettext-7.2.34-150000.4.103.1 php7-gettext-debuginfo-7.2.34-150000.4.103.1 php7-gmp-7.2.34-150000.4.103.1 php7-gmp-debuginfo-7.2.34-150000.4.103.1 php7-iconv-7.2.34-150000.4.103.1 php7-iconv-debuginfo-7.2.34-150000.4.103.1 php7-intl-7.2.34-150000.4.103.1 php7-intl-debuginfo-7.2.34-150000.4.103.1 php7-json-7.2.34-150000.4.103.1 php7-json-debuginfo-7.2.34-150000.4.103.1 php7-ldap-7.2.34-150000.4.103.1 php7-ldap-debuginfo-7.2.34-150000.4.103.1 php7-mbstring-7.2.34-150000.4.103.1 php7-mbstring-debuginfo-7.2.34-150000.4.103.1 php7-mysql-7.2.34-150000.4.103.1 php7-mysql-debuginfo-7.2.34-150000.4.103.1 php7-odbc-7.2.34-150000.4.103.1 php7-odbc-debuginfo-7.2.34-150000.4.103.1 php7-opcache-7.2.34-150000.4.103.1 php7-opcache-debuginfo-7.2.34-150000.4.103.1 php7-openssl-7.2.34-150000.4.103.1 php7-openssl-debuginfo-7.2.34-150000.4.103.1 php7-pcntl-7.2.34-150000.4.103.1 php7-pcntl-debuginfo-7.2.34-150000.4.103.1 php7-pdo-7.2.34-150000.4.103.1 php7-pdo-debuginfo-7.2.34-150000.4.103.1 php7-pgsql-7.2.34-150000.4.103.1 php7-pgsql-debuginfo-7.2.34-150000.4.103.1 php7-phar-7.2.34-150000.4.103.1 php7-phar-debuginfo-7.2.34-150000.4.103.1 php7-posix-7.2.34-150000.4.103.1 php7-posix-debuginfo-7.2.34-150000.4.103.1 php7-readline-7.2.34-150000.4.103.1 php7-readline-debuginfo-7.2.34-150000.4.103.1 php7-shmop-7.2.34-150000.4.103.1 php7-shmop-debuginfo-7.2.34-150000.4.103.1 php7-snmp-7.2.34-150000.4.103.1 php7-snmp-debuginfo-7.2.34-150000.4.103.1 php7-soap-7.2.34-150000.4.103.1 php7-soap-debuginfo-7.2.34-150000.4.103.1 php7-sockets-7.2.34-150000.4.103.1 php7-sockets-debuginfo-7.2.34-150000.4.103.1 php7-sodium-7.2.34-150000.4.103.1 php7-sodium-debuginfo-7.2.34-150000.4.103.1 php7-sqlite-7.2.34-150000.4.103.1 php7-sqlite-debuginfo-7.2.34-150000.4.103.1 php7-sysvmsg-7.2.34-150000.4.103.1 php7-sysvmsg-debuginfo-7.2.34-150000.4.103.1 php7-sysvsem-7.2.34-150000.4.103.1 php7-sysvsem-debuginfo-7.2.34-150000.4.103.1 php7-sysvshm-7.2.34-150000.4.103.1 php7-sysvshm-debuginfo-7.2.34-150000.4.103.1 php7-tokenizer-7.2.34-150000.4.103.1 php7-tokenizer-debuginfo-7.2.34-150000.4.103.1 php7-wddx-7.2.34-150000.4.103.1 php7-wddx-debuginfo-7.2.34-150000.4.103.1 php7-xmlreader-7.2.34-150000.4.103.1 php7-xmlreader-debuginfo-7.2.34-150000.4.103.1 php7-xmlrpc-7.2.34-150000.4.103.1 php7-xmlrpc-debuginfo-7.2.34-150000.4.103.1 php7-xmlwriter-7.2.34-150000.4.103.1 php7-xmlwriter-debuginfo-7.2.34-150000.4.103.1 php7-xsl-7.2.34-150000.4.103.1 php7-xsl-debuginfo-7.2.34-150000.4.103.1 php7-zip-7.2.34-150000.4.103.1 php7-zip-debuginfo-7.2.34-150000.4.103.1 php7-zlib-7.2.34-150000.4.103.1 php7-zlib-debuginfo-7.2.34-150000.4.103.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (noarch): php7-pear-7.2.34-150000.4.103.1 php7-pear-Archive_Tar-7.2.34-150000.4.103.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): apache2-mod_php7-7.2.34-150000.4.103.1 apache2-mod_php7-debuginfo-7.2.34-150000.4.103.1 php7-7.2.34-150000.4.103.1 php7-bcmath-7.2.34-150000.4.103.1 php7-bcmath-debuginfo-7.2.34-150000.4.103.1 php7-bz2-7.2.34-150000.4.103.1 php7-bz2-debuginfo-7.2.34-150000.4.103.1 php7-calendar-7.2.34-150000.4.103.1 php7-calendar-debuginfo-7.2.34-150000.4.103.1 php7-ctype-7.2.34-150000.4.103.1 php7-ctype-debuginfo-7.2.34-150000.4.103.1 php7-curl-7.2.34-150000.4.103.1 php7-curl-debuginfo-7.2.34-150000.4.103.1 php7-dba-7.2.34-150000.4.103.1 php7-dba-debuginfo-7.2.34-150000.4.103.1 php7-debuginfo-7.2.34-150000.4.103.1 php7-debugsource-7.2.34-150000.4.103.1 php7-devel-7.2.34-150000.4.103.1 php7-dom-7.2.34-150000.4.103.1 php7-dom-debuginfo-7.2.34-150000.4.103.1 php7-enchant-7.2.34-150000.4.103.1 php7-enchant-debuginfo-7.2.34-150000.4.103.1 php7-exif-7.2.34-150000.4.103.1 php7-exif-debuginfo-7.2.34-150000.4.103.1 php7-fastcgi-7.2.34-150000.4.103.1 php7-fastcgi-debuginfo-7.2.34-150000.4.103.1 php7-fileinfo-7.2.34-150000.4.103.1 php7-fileinfo-debuginfo-7.2.34-150000.4.103.1 php7-fpm-7.2.34-150000.4.103.1 php7-fpm-debuginfo-7.2.34-150000.4.103.1 php7-ftp-7.2.34-150000.4.103.1 php7-ftp-debuginfo-7.2.34-150000.4.103.1 php7-gd-7.2.34-150000.4.103.1 php7-gd-debuginfo-7.2.34-150000.4.103.1 php7-gettext-7.2.34-150000.4.103.1 php7-gettext-debuginfo-7.2.34-150000.4.103.1 php7-gmp-7.2.34-150000.4.103.1 php7-gmp-debuginfo-7.2.34-150000.4.103.1 php7-iconv-7.2.34-150000.4.103.1 php7-iconv-debuginfo-7.2.34-150000.4.103.1 php7-intl-7.2.34-150000.4.103.1 php7-intl-debuginfo-7.2.34-150000.4.103.1 php7-json-7.2.34-150000.4.103.1 php7-json-debuginfo-7.2.34-150000.4.103.1 php7-ldap-7.2.34-150000.4.103.1 php7-ldap-debuginfo-7.2.34-150000.4.103.1 php7-mbstring-7.2.34-150000.4.103.1 php7-mbstring-debuginfo-7.2.34-150000.4.103.1 php7-mysql-7.2.34-150000.4.103.1 php7-mysql-debuginfo-7.2.34-150000.4.103.1 php7-odbc-7.2.34-150000.4.103.1 php7-odbc-debuginfo-7.2.34-150000.4.103.1 php7-opcache-7.2.34-150000.4.103.1 php7-opcache-debuginfo-7.2.34-150000.4.103.1 php7-openssl-7.2.34-150000.4.103.1 php7-openssl-debuginfo-7.2.34-150000.4.103.1 php7-pcntl-7.2.34-150000.4.103.1 php7-pcntl-debuginfo-7.2.34-150000.4.103.1 php7-pdo-7.2.34-150000.4.103.1 php7-pdo-debuginfo-7.2.34-150000.4.103.1 php7-pgsql-7.2.34-150000.4.103.1 php7-pgsql-debuginfo-7.2.34-150000.4.103.1 php7-phar-7.2.34-150000.4.103.1 php7-phar-debuginfo-7.2.34-150000.4.103.1 php7-posix-7.2.34-150000.4.103.1 php7-posix-debuginfo-7.2.34-150000.4.103.1 php7-readline-7.2.34-150000.4.103.1 php7-readline-debuginfo-7.2.34-150000.4.103.1 php7-shmop-7.2.34-150000.4.103.1 php7-shmop-debuginfo-7.2.34-150000.4.103.1 php7-snmp-7.2.34-150000.4.103.1 php7-snmp-debuginfo-7.2.34-150000.4.103.1 php7-soap-7.2.34-150000.4.103.1 php7-soap-debuginfo-7.2.34-150000.4.103.1 php7-sockets-7.2.34-150000.4.103.1 php7-sockets-debuginfo-7.2.34-150000.4.103.1 php7-sodium-7.2.34-150000.4.103.1 php7-sodium-debuginfo-7.2.34-150000.4.103.1 php7-sqlite-7.2.34-150000.4.103.1 php7-sqlite-debuginfo-7.2.34-150000.4.103.1 php7-sysvmsg-7.2.34-150000.4.103.1 php7-sysvmsg-debuginfo-7.2.34-150000.4.103.1 php7-sysvsem-7.2.34-150000.4.103.1 php7-sysvsem-debuginfo-7.2.34-150000.4.103.1 php7-sysvshm-7.2.34-150000.4.103.1 php7-sysvshm-debuginfo-7.2.34-150000.4.103.1 php7-tokenizer-7.2.34-150000.4.103.1 php7-tokenizer-debuginfo-7.2.34-150000.4.103.1 php7-wddx-7.2.34-150000.4.103.1 php7-wddx-debuginfo-7.2.34-150000.4.103.1 php7-xmlreader-7.2.34-150000.4.103.1 php7-xmlreader-debuginfo-7.2.34-150000.4.103.1 php7-xmlrpc-7.2.34-150000.4.103.1 php7-xmlrpc-debuginfo-7.2.34-150000.4.103.1 php7-xmlwriter-7.2.34-150000.4.103.1 php7-xmlwriter-debuginfo-7.2.34-150000.4.103.1 php7-xsl-7.2.34-150000.4.103.1 php7-xsl-debuginfo-7.2.34-150000.4.103.1 php7-zip-7.2.34-150000.4.103.1 php7-zip-debuginfo-7.2.34-150000.4.103.1 php7-zlib-7.2.34-150000.4.103.1 php7-zlib-debuginfo-7.2.34-150000.4.103.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (noarch): php7-pear-7.2.34-150000.4.103.1 php7-pear-Archive_Tar-7.2.34-150000.4.103.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): apache2-mod_php7-7.2.34-150000.4.103.1 apache2-mod_php7-debuginfo-7.2.34-150000.4.103.1 php7-7.2.34-150000.4.103.1 php7-bcmath-7.2.34-150000.4.103.1 php7-bcmath-debuginfo-7.2.34-150000.4.103.1 php7-bz2-7.2.34-150000.4.103.1 php7-bz2-debuginfo-7.2.34-150000.4.103.1 php7-calendar-7.2.34-150000.4.103.1 php7-calendar-debuginfo-7.2.34-150000.4.103.1 php7-ctype-7.2.34-150000.4.103.1 php7-ctype-debuginfo-7.2.34-150000.4.103.1 php7-curl-7.2.34-150000.4.103.1 php7-curl-debuginfo-7.2.34-150000.4.103.1 php7-dba-7.2.34-150000.4.103.1 php7-dba-debuginfo-7.2.34-150000.4.103.1 php7-debuginfo-7.2.34-150000.4.103.1 php7-debugsource-7.2.34-150000.4.103.1 php7-devel-7.2.34-150000.4.103.1 php7-dom-7.2.34-150000.4.103.1 php7-dom-debuginfo-7.2.34-150000.4.103.1 php7-enchant-7.2.34-150000.4.103.1 php7-enchant-debuginfo-7.2.34-150000.4.103.1 php7-exif-7.2.34-150000.4.103.1 php7-exif-debuginfo-7.2.34-150000.4.103.1 php7-fastcgi-7.2.34-150000.4.103.1 php7-fastcgi-debuginfo-7.2.34-150000.4.103.1 php7-fileinfo-7.2.34-150000.4.103.1 php7-fileinfo-debuginfo-7.2.34-150000.4.103.1 php7-fpm-7.2.34-150000.4.103.1 php7-fpm-debuginfo-7.2.34-150000.4.103.1 php7-ftp-7.2.34-150000.4.103.1 php7-ftp-debuginfo-7.2.34-150000.4.103.1 php7-gd-7.2.34-150000.4.103.1 php7-gd-debuginfo-7.2.34-150000.4.103.1 php7-gettext-7.2.34-150000.4.103.1 php7-gettext-debuginfo-7.2.34-150000.4.103.1 php7-gmp-7.2.34-150000.4.103.1 php7-gmp-debuginfo-7.2.34-150000.4.103.1 php7-iconv-7.2.34-150000.4.103.1 php7-iconv-debuginfo-7.2.34-150000.4.103.1 php7-intl-7.2.34-150000.4.103.1 php7-intl-debuginfo-7.2.34-150000.4.103.1 php7-json-7.2.34-150000.4.103.1 php7-json-debuginfo-7.2.34-150000.4.103.1 php7-ldap-7.2.34-150000.4.103.1 php7-ldap-debuginfo-7.2.34-150000.4.103.1 php7-mbstring-7.2.34-150000.4.103.1 php7-mbstring-debuginfo-7.2.34-150000.4.103.1 php7-mysql-7.2.34-150000.4.103.1 php7-mysql-debuginfo-7.2.34-150000.4.103.1 php7-odbc-7.2.34-150000.4.103.1 php7-odbc-debuginfo-7.2.34-150000.4.103.1 php7-opcache-7.2.34-150000.4.103.1 php7-opcache-debuginfo-7.2.34-150000.4.103.1 php7-openssl-7.2.34-150000.4.103.1 php7-openssl-debuginfo-7.2.34-150000.4.103.1 php7-pcntl-7.2.34-150000.4.103.1 php7-pcntl-debuginfo-7.2.34-150000.4.103.1 php7-pdo-7.2.34-150000.4.103.1 php7-pdo-debuginfo-7.2.34-150000.4.103.1 php7-pgsql-7.2.34-150000.4.103.1 php7-pgsql-debuginfo-7.2.34-150000.4.103.1 php7-phar-7.2.34-150000.4.103.1 php7-phar-debuginfo-7.2.34-150000.4.103.1 php7-posix-7.2.34-150000.4.103.1 php7-posix-debuginfo-7.2.34-150000.4.103.1 php7-readline-7.2.34-150000.4.103.1 php7-readline-debuginfo-7.2.34-150000.4.103.1 php7-shmop-7.2.34-150000.4.103.1 php7-shmop-debuginfo-7.2.34-150000.4.103.1 php7-snmp-7.2.34-150000.4.103.1 php7-snmp-debuginfo-7.2.34-150000.4.103.1 php7-soap-7.2.34-150000.4.103.1 php7-soap-debuginfo-7.2.34-150000.4.103.1 php7-sockets-7.2.34-150000.4.103.1 php7-sockets-debuginfo-7.2.34-150000.4.103.1 php7-sodium-7.2.34-150000.4.103.1 php7-sodium-debuginfo-7.2.34-150000.4.103.1 php7-sqlite-7.2.34-150000.4.103.1 php7-sqlite-debuginfo-7.2.34-150000.4.103.1 php7-sysvmsg-7.2.34-150000.4.103.1 php7-sysvmsg-debuginfo-7.2.34-150000.4.103.1 php7-sysvsem-7.2.34-150000.4.103.1 php7-sysvsem-debuginfo-7.2.34-150000.4.103.1 php7-sysvshm-7.2.34-150000.4.103.1 php7-sysvshm-debuginfo-7.2.34-150000.4.103.1 php7-tidy-7.2.34-150000.4.103.1 php7-tidy-debuginfo-7.2.34-150000.4.103.1 php7-tokenizer-7.2.34-150000.4.103.1 php7-tokenizer-debuginfo-7.2.34-150000.4.103.1 php7-wddx-7.2.34-150000.4.103.1 php7-wddx-debuginfo-7.2.34-150000.4.103.1 php7-xmlreader-7.2.34-150000.4.103.1 php7-xmlreader-debuginfo-7.2.34-150000.4.103.1 php7-xmlrpc-7.2.34-150000.4.103.1 php7-xmlrpc-debuginfo-7.2.34-150000.4.103.1 php7-xmlwriter-7.2.34-150000.4.103.1 php7-xmlwriter-debuginfo-7.2.34-150000.4.103.1 php7-xsl-7.2.34-150000.4.103.1 php7-xsl-debuginfo-7.2.34-150000.4.103.1 php7-zip-7.2.34-150000.4.103.1 php7-zip-debuginfo-7.2.34-150000.4.103.1 php7-zlib-7.2.34-150000.4.103.1 php7-zlib-debuginfo-7.2.34-150000.4.103.1 - SUSE Enterprise Storage 6 (noarch): php7-pear-7.2.34-150000.4.103.1 php7-pear-Archive_Tar-7.2.34-150000.4.103.1 - SUSE CaaS Platform 4.0 (x86_64): apache2-mod_php7-7.2.34-150000.4.103.1 apache2-mod_php7-debuginfo-7.2.34-150000.4.103.1 php7-7.2.34-150000.4.103.1 php7-bcmath-7.2.34-150000.4.103.1 php7-bcmath-debuginfo-7.2.34-150000.4.103.1 php7-bz2-7.2.34-150000.4.103.1 php7-bz2-debuginfo-7.2.34-150000.4.103.1 php7-calendar-7.2.34-150000.4.103.1 php7-calendar-debuginfo-7.2.34-150000.4.103.1 php7-ctype-7.2.34-150000.4.103.1 php7-ctype-debuginfo-7.2.34-150000.4.103.1 php7-curl-7.2.34-150000.4.103.1 php7-curl-debuginfo-7.2.34-150000.4.103.1 php7-dba-7.2.34-150000.4.103.1 php7-dba-debuginfo-7.2.34-150000.4.103.1 php7-debuginfo-7.2.34-150000.4.103.1 php7-debugsource-7.2.34-150000.4.103.1 php7-devel-7.2.34-150000.4.103.1 php7-dom-7.2.34-150000.4.103.1 php7-dom-debuginfo-7.2.34-150000.4.103.1 php7-enchant-7.2.34-150000.4.103.1 php7-enchant-debuginfo-7.2.34-150000.4.103.1 php7-exif-7.2.34-150000.4.103.1 php7-exif-debuginfo-7.2.34-150000.4.103.1 php7-fastcgi-7.2.34-150000.4.103.1 php7-fastcgi-debuginfo-7.2.34-150000.4.103.1 php7-fileinfo-7.2.34-150000.4.103.1 php7-fileinfo-debuginfo-7.2.34-150000.4.103.1 php7-fpm-7.2.34-150000.4.103.1 php7-fpm-debuginfo-7.2.34-150000.4.103.1 php7-ftp-7.2.34-150000.4.103.1 php7-ftp-debuginfo-7.2.34-150000.4.103.1 php7-gd-7.2.34-150000.4.103.1 php7-gd-debuginfo-7.2.34-150000.4.103.1 php7-gettext-7.2.34-150000.4.103.1 php7-gettext-debuginfo-7.2.34-150000.4.103.1 php7-gmp-7.2.34-150000.4.103.1 php7-gmp-debuginfo-7.2.34-150000.4.103.1 php7-iconv-7.2.34-150000.4.103.1 php7-iconv-debuginfo-7.2.34-150000.4.103.1 php7-intl-7.2.34-150000.4.103.1 php7-intl-debuginfo-7.2.34-150000.4.103.1 php7-json-7.2.34-150000.4.103.1 php7-json-debuginfo-7.2.34-150000.4.103.1 php7-ldap-7.2.34-150000.4.103.1 php7-ldap-debuginfo-7.2.34-150000.4.103.1 php7-mbstring-7.2.34-150000.4.103.1 php7-mbstring-debuginfo-7.2.34-150000.4.103.1 php7-mysql-7.2.34-150000.4.103.1 php7-mysql-debuginfo-7.2.34-150000.4.103.1 php7-odbc-7.2.34-150000.4.103.1 php7-odbc-debuginfo-7.2.34-150000.4.103.1 php7-opcache-7.2.34-150000.4.103.1 php7-opcache-debuginfo-7.2.34-150000.4.103.1 php7-openssl-7.2.34-150000.4.103.1 php7-openssl-debuginfo-7.2.34-150000.4.103.1 php7-pcntl-7.2.34-150000.4.103.1 php7-pcntl-debuginfo-7.2.34-150000.4.103.1 php7-pdo-7.2.34-150000.4.103.1 php7-pdo-debuginfo-7.2.34-150000.4.103.1 php7-pgsql-7.2.34-150000.4.103.1 php7-pgsql-debuginfo-7.2.34-150000.4.103.1 php7-phar-7.2.34-150000.4.103.1 php7-phar-debuginfo-7.2.34-150000.4.103.1 php7-posix-7.2.34-150000.4.103.1 php7-posix-debuginfo-7.2.34-150000.4.103.1 php7-readline-7.2.34-150000.4.103.1 php7-readline-debuginfo-7.2.34-150000.4.103.1 php7-shmop-7.2.34-150000.4.103.1 php7-shmop-debuginfo-7.2.34-150000.4.103.1 php7-snmp-7.2.34-150000.4.103.1 php7-snmp-debuginfo-7.2.34-150000.4.103.1 php7-soap-7.2.34-150000.4.103.1 php7-soap-debuginfo-7.2.34-150000.4.103.1 php7-sockets-7.2.34-150000.4.103.1 php7-sockets-debuginfo-7.2.34-150000.4.103.1 php7-sodium-7.2.34-150000.4.103.1 php7-sodium-debuginfo-7.2.34-150000.4.103.1 php7-sqlite-7.2.34-150000.4.103.1 php7-sqlite-debuginfo-7.2.34-150000.4.103.1 php7-sysvmsg-7.2.34-150000.4.103.1 php7-sysvmsg-debuginfo-7.2.34-150000.4.103.1 php7-sysvsem-7.2.34-150000.4.103.1 php7-sysvsem-debuginfo-7.2.34-150000.4.103.1 php7-sysvshm-7.2.34-150000.4.103.1 php7-sysvshm-debuginfo-7.2.34-150000.4.103.1 php7-tidy-7.2.34-150000.4.103.1 php7-tidy-debuginfo-7.2.34-150000.4.103.1 php7-tokenizer-7.2.34-150000.4.103.1 php7-tokenizer-debuginfo-7.2.34-150000.4.103.1 php7-wddx-7.2.34-150000.4.103.1 php7-wddx-debuginfo-7.2.34-150000.4.103.1 php7-xmlreader-7.2.34-150000.4.103.1 php7-xmlreader-debuginfo-7.2.34-150000.4.103.1 php7-xmlrpc-7.2.34-150000.4.103.1 php7-xmlrpc-debuginfo-7.2.34-150000.4.103.1 php7-xmlwriter-7.2.34-150000.4.103.1 php7-xmlwriter-debuginfo-7.2.34-150000.4.103.1 php7-xsl-7.2.34-150000.4.103.1 php7-xsl-debuginfo-7.2.34-150000.4.103.1 php7-zip-7.2.34-150000.4.103.1 php7-zip-debuginfo-7.2.34-150000.4.103.1 php7-zlib-7.2.34-150000.4.103.1 php7-zlib-debuginfo-7.2.34-150000.4.103.1 - SUSE CaaS Platform 4.0 (noarch): php7-pear-7.2.34-150000.4.103.1 php7-pear-Archive_Tar-7.2.34-150000.4.103.1 References: https://www.suse.com/security/cve/CVE-2015-9253.html https://www.suse.com/security/cve/CVE-2017-8923.html https://www.suse.com/security/cve/CVE-2017-9120.html https://www.suse.com/security/cve/CVE-2018-1000222.html https://www.suse.com/security/cve/CVE-2018-12882.html https://www.suse.com/security/cve/CVE-2018-14851.html https://www.suse.com/security/cve/CVE-2018-17082.html https://www.suse.com/security/cve/CVE-2018-19935.html https://www.suse.com/security/cve/CVE-2018-20783.html https://www.suse.com/security/cve/CVE-2019-11034.html https://www.suse.com/security/cve/CVE-2019-11035.html https://www.suse.com/security/cve/CVE-2019-11036.html https://www.suse.com/security/cve/CVE-2019-11039.html https://www.suse.com/security/cve/CVE-2019-11040.html https://www.suse.com/security/cve/CVE-2019-11041.html https://www.suse.com/security/cve/CVE-2019-11042.html https://www.suse.com/security/cve/CVE-2019-11043.html https://www.suse.com/security/cve/CVE-2019-11045.html https://www.suse.com/security/cve/CVE-2019-11046.html https://www.suse.com/security/cve/CVE-2019-11047.html https://www.suse.com/security/cve/CVE-2019-11048.html https://www.suse.com/security/cve/CVE-2019-11050.html https://www.suse.com/security/cve/CVE-2019-9020.html https://www.suse.com/security/cve/CVE-2019-9021.html https://www.suse.com/security/cve/CVE-2019-9022.html https://www.suse.com/security/cve/CVE-2019-9023.html https://www.suse.com/security/cve/CVE-2019-9024.html https://www.suse.com/security/cve/CVE-2019-9637.html https://www.suse.com/security/cve/CVE-2019-9638.html https://www.suse.com/security/cve/CVE-2019-9640.html https://www.suse.com/security/cve/CVE-2019-9641.html https://www.suse.com/security/cve/CVE-2019-9675.html https://www.suse.com/security/cve/CVE-2020-7059.html https://www.suse.com/security/cve/CVE-2020-7060.html https://www.suse.com/security/cve/CVE-2020-7062.html https://www.suse.com/security/cve/CVE-2020-7063.html https://www.suse.com/security/cve/CVE-2020-7064.html https://www.suse.com/security/cve/CVE-2020-7066.html https://www.suse.com/security/cve/CVE-2020-7068.html https://www.suse.com/security/cve/CVE-2020-7069.html https://www.suse.com/security/cve/CVE-2020-7070.html https://www.suse.com/security/cve/CVE-2020-7071.html https://www.suse.com/security/cve/CVE-2021-21702.html https://www.suse.com/security/cve/CVE-2021-21703.html https://www.suse.com/security/cve/CVE-2021-21704.html https://www.suse.com/security/cve/CVE-2021-21705.html https://www.suse.com/security/cve/CVE-2021-21707.html https://www.suse.com/security/cve/CVE-2022-31625.html https://www.suse.com/security/cve/CVE-2022-31626.html https://www.suse.com/security/cve/CVE-2022-31628.html https://www.suse.com/security/cve/CVE-2022-31629.html https://www.suse.com/security/cve/CVE-2022-37454.html https://bugzilla.suse.com/1204577 From sle-updates at lists.suse.com Fri Nov 18 14:24:28 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 18 Nov 2022 15:24:28 +0100 (CET) Subject: SUSE-RU-2022:4065-1: important: Recommended update for timezone Message-ID: <20221118142428.EB283F3D4@maintenance.suse.de> SUSE Recommended Update: Recommended update for timezone ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:4065-1 Rating: important References: #1177460 #1202324 #1204649 #1205156 Affected Products: SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 9 ______________________________________________________________________________ An update that has four recommended fixes can now be installed. Description: This update for timezone fixes the following issues: Update timezone version from 2022a to 2022f (bsc#1177460, bsc#1204649, bsc#1205156): - Mexico will no longer observe DST except near the US border - Chihuahua moves to year-round -06 on 2022-10-30 - Fiji no longer observes DST - In vanguard form, GMT is now a Zone and Etc/GMT a link - zic now supports links to links, and vanguard form uses this - Simplify four Ontario zones - Fix a Y2438 bug when reading TZif data - Enable 64-bit time_t on 32-bit glibc platforms - Omit large-file support when no longer needed - Jordan and Syria switch from +02/+03 with DST to year-round +03 - Palestine transitions are now Saturdays at 02:00 - Simplify three Ukraine zones into one - Work around awk bug - Improve tzselect on intercontinental Zones - Chile's DST is delayed by a week in September 2022 (bsc#1202324) - Iran no longer observes DST after 2022 - Rename Europe/Kiev to Europe/Kyiv - New `zic -R` command option - Vanguard form now uses %z Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2022-4065=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2022-4065=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2022-4065=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-4065=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2022-4065=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2022-4065=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2022-4065=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): timezone-2022f-74.66.1 timezone-debuginfo-2022f-74.66.1 timezone-debugsource-2022f-74.66.1 - SUSE OpenStack Cloud Crowbar 9 (noarch): timezone-java-2022f-74.66.1 - SUSE OpenStack Cloud 9 (x86_64): timezone-2022f-74.66.1 timezone-debuginfo-2022f-74.66.1 timezone-debugsource-2022f-74.66.1 - SUSE OpenStack Cloud 9 (noarch): timezone-java-2022f-74.66.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): timezone-2022f-74.66.1 timezone-debuginfo-2022f-74.66.1 timezone-debugsource-2022f-74.66.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (noarch): timezone-java-2022f-74.66.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): timezone-2022f-74.66.1 timezone-debuginfo-2022f-74.66.1 timezone-debugsource-2022f-74.66.1 - SUSE Linux Enterprise Server 12-SP5 (noarch): timezone-java-2022f-74.66.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): timezone-2022f-74.66.1 timezone-debuginfo-2022f-74.66.1 timezone-debugsource-2022f-74.66.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (noarch): timezone-java-2022f-74.66.1 - SUSE Linux Enterprise Server 12-SP3-BCL (noarch): timezone-java-2022f-74.66.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): timezone-2022f-74.66.1 timezone-debuginfo-2022f-74.66.1 timezone-debugsource-2022f-74.66.1 - SUSE Linux Enterprise Server 12-SP2-BCL (noarch): timezone-java-2022f-74.66.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): timezone-2022f-74.66.1 timezone-debuginfo-2022f-74.66.1 timezone-debugsource-2022f-74.66.1 References: https://bugzilla.suse.com/1177460 https://bugzilla.suse.com/1202324 https://bugzilla.suse.com/1204649 https://bugzilla.suse.com/1205156 From sle-updates at lists.suse.com Fri Nov 18 14:25:35 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 18 Nov 2022 15:25:35 +0100 (CET) Subject: SUSE-SU-2022:4068-1: important: Security update for php74 Message-ID: <20221118142535.0422BF3D4@maintenance.suse.de> SUSE Security Update: Security update for php74 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:4068-1 Rating: important References: #1203867 #1203870 #1204577 #1204979 SLE-23639 Cross-References: CVE-2017-8923 CVE-2020-7068 CVE-2020-7069 CVE-2020-7070 CVE-2020-7071 CVE-2021-21702 CVE-2021-21703 CVE-2021-21704 CVE-2021-21705 CVE-2021-21706 CVE-2021-21707 CVE-2021-21708 CVE-2022-31625 CVE-2022-31626 CVE-2022-31628 CVE-2022-31629 CVE-2022-31630 CVE-2022-37454 CVSS scores: CVE-2017-8923 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2017-8923 (SUSE): 5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2020-7068 (NVD) : 3.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:L CVE-2020-7068 (SUSE): 4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2020-7069 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N CVE-2020-7069 (SUSE): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N CVE-2020-7070 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVE-2020-7070 (SUSE): 6.8 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N CVE-2020-7071 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVE-2020-7071 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVE-2021-21702 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-21702 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-21703 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-21703 (SUSE): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2021-21704 (NVD) : 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-21704 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-21705 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVE-2021-21705 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVE-2021-21706 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N CVE-2021-21707 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVE-2021-21707 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVE-2021-21708 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-21708 (SUSE): 7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H CVE-2022-31625 (NVD) : 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-31625 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-31626 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-31626 (SUSE): 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-31628 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-31628 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CVE-2022-31629 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N CVE-2022-31630 (NVD) : 7.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H CVE-2022-31630 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVE-2022-37454 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-37454 (SUSE): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise High Performance Computing 12 SUSE Linux Enterprise Module for Web Scripting 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP Applications 12 SUSE Linux Enterprise Server for SAP Applications 12-SP3 SUSE Linux Enterprise Server for SAP Applications 12-SP4 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 ______________________________________________________________________________ An update that fixes 18 vulnerabilities, contains one feature is now available. Description: This update for php74 fixes the following issues: - Version update to 7.4.33: - CVE-2022-31630: Fixed out-of-bounds read due to insufficient input validation in imageloadfont() (bsc#1204979). - CVE-2022-37454: Fixed buffer overflow in hash_update() on long parameter (bsc#1204577). - Version update to 7.4.32 (jsc#SLE-23639) - CVE-2022-31628: Fixed an uncontrolled recursion in the phar uncompressor while decompressing "quines" gzip files. (bsc#1203867) - CVE-2022-31629: Fixed a bug which could lead an attacker to set an insecure cookie that will treated as secure in the victim's browser. (bsc#1203870) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-4068=1 - SUSE Linux Enterprise Module for Web Scripting 12: zypper in -t patch SUSE-SLE-Module-Web-Scripting-12-2022-4068=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): php74-debuginfo-7.4.33-1.47.2 php74-debugsource-7.4.33-1.47.2 php74-devel-7.4.33-1.47.2 - SUSE Linux Enterprise Module for Web Scripting 12 (aarch64 ppc64le s390x x86_64): apache2-mod_php74-7.4.33-1.47.2 apache2-mod_php74-debuginfo-7.4.33-1.47.2 php74-7.4.33-1.47.2 php74-bcmath-7.4.33-1.47.2 php74-bcmath-debuginfo-7.4.33-1.47.2 php74-bz2-7.4.33-1.47.2 php74-bz2-debuginfo-7.4.33-1.47.2 php74-calendar-7.4.33-1.47.2 php74-calendar-debuginfo-7.4.33-1.47.2 php74-ctype-7.4.33-1.47.2 php74-ctype-debuginfo-7.4.33-1.47.2 php74-curl-7.4.33-1.47.2 php74-curl-debuginfo-7.4.33-1.47.2 php74-dba-7.4.33-1.47.2 php74-dba-debuginfo-7.4.33-1.47.2 php74-debuginfo-7.4.33-1.47.2 php74-debugsource-7.4.33-1.47.2 php74-dom-7.4.33-1.47.2 php74-dom-debuginfo-7.4.33-1.47.2 php74-enchant-7.4.33-1.47.2 php74-enchant-debuginfo-7.4.33-1.47.2 php74-exif-7.4.33-1.47.2 php74-exif-debuginfo-7.4.33-1.47.2 php74-fastcgi-7.4.33-1.47.2 php74-fastcgi-debuginfo-7.4.33-1.47.2 php74-fileinfo-7.4.33-1.47.2 php74-fileinfo-debuginfo-7.4.33-1.47.2 php74-fpm-7.4.33-1.47.2 php74-fpm-debuginfo-7.4.33-1.47.2 php74-ftp-7.4.33-1.47.2 php74-ftp-debuginfo-7.4.33-1.47.2 php74-gd-7.4.33-1.47.2 php74-gd-debuginfo-7.4.33-1.47.2 php74-gettext-7.4.33-1.47.2 php74-gettext-debuginfo-7.4.33-1.47.2 php74-gmp-7.4.33-1.47.2 php74-gmp-debuginfo-7.4.33-1.47.2 php74-iconv-7.4.33-1.47.2 php74-iconv-debuginfo-7.4.33-1.47.2 php74-intl-7.4.33-1.47.2 php74-intl-debuginfo-7.4.33-1.47.2 php74-json-7.4.33-1.47.2 php74-json-debuginfo-7.4.33-1.47.2 php74-ldap-7.4.33-1.47.2 php74-ldap-debuginfo-7.4.33-1.47.2 php74-mbstring-7.4.33-1.47.2 php74-mbstring-debuginfo-7.4.33-1.47.2 php74-mysql-7.4.33-1.47.2 php74-mysql-debuginfo-7.4.33-1.47.2 php74-odbc-7.4.33-1.47.2 php74-odbc-debuginfo-7.4.33-1.47.2 php74-opcache-7.4.33-1.47.2 php74-opcache-debuginfo-7.4.33-1.47.2 php74-openssl-7.4.33-1.47.2 php74-openssl-debuginfo-7.4.33-1.47.2 php74-pcntl-7.4.33-1.47.2 php74-pcntl-debuginfo-7.4.33-1.47.2 php74-pdo-7.4.33-1.47.2 php74-pdo-debuginfo-7.4.33-1.47.2 php74-pgsql-7.4.33-1.47.2 php74-pgsql-debuginfo-7.4.33-1.47.2 php74-phar-7.4.33-1.47.2 php74-phar-debuginfo-7.4.33-1.47.2 php74-posix-7.4.33-1.47.2 php74-posix-debuginfo-7.4.33-1.47.2 php74-readline-7.4.33-1.47.2 php74-readline-debuginfo-7.4.33-1.47.2 php74-shmop-7.4.33-1.47.2 php74-shmop-debuginfo-7.4.33-1.47.2 php74-snmp-7.4.33-1.47.2 php74-snmp-debuginfo-7.4.33-1.47.2 php74-soap-7.4.33-1.47.2 php74-soap-debuginfo-7.4.33-1.47.2 php74-sockets-7.4.33-1.47.2 php74-sockets-debuginfo-7.4.33-1.47.2 php74-sodium-7.4.33-1.47.2 php74-sodium-debuginfo-7.4.33-1.47.2 php74-sqlite-7.4.33-1.47.2 php74-sqlite-debuginfo-7.4.33-1.47.2 php74-sysvmsg-7.4.33-1.47.2 php74-sysvmsg-debuginfo-7.4.33-1.47.2 php74-sysvsem-7.4.33-1.47.2 php74-sysvsem-debuginfo-7.4.33-1.47.2 php74-sysvshm-7.4.33-1.47.2 php74-sysvshm-debuginfo-7.4.33-1.47.2 php74-tidy-7.4.33-1.47.2 php74-tidy-debuginfo-7.4.33-1.47.2 php74-tokenizer-7.4.33-1.47.2 php74-tokenizer-debuginfo-7.4.33-1.47.2 php74-xmlreader-7.4.33-1.47.2 php74-xmlreader-debuginfo-7.4.33-1.47.2 php74-xmlrpc-7.4.33-1.47.2 php74-xmlrpc-debuginfo-7.4.33-1.47.2 php74-xmlwriter-7.4.33-1.47.2 php74-xmlwriter-debuginfo-7.4.33-1.47.2 php74-xsl-7.4.33-1.47.2 php74-xsl-debuginfo-7.4.33-1.47.2 php74-zip-7.4.33-1.47.2 php74-zip-debuginfo-7.4.33-1.47.2 php74-zlib-7.4.33-1.47.2 php74-zlib-debuginfo-7.4.33-1.47.2 References: https://www.suse.com/security/cve/CVE-2017-8923.html https://www.suse.com/security/cve/CVE-2020-7068.html https://www.suse.com/security/cve/CVE-2020-7069.html https://www.suse.com/security/cve/CVE-2020-7070.html https://www.suse.com/security/cve/CVE-2020-7071.html https://www.suse.com/security/cve/CVE-2021-21702.html https://www.suse.com/security/cve/CVE-2021-21703.html https://www.suse.com/security/cve/CVE-2021-21704.html https://www.suse.com/security/cve/CVE-2021-21705.html https://www.suse.com/security/cve/CVE-2021-21706.html https://www.suse.com/security/cve/CVE-2021-21707.html https://www.suse.com/security/cve/CVE-2021-21708.html https://www.suse.com/security/cve/CVE-2022-31625.html https://www.suse.com/security/cve/CVE-2022-31626.html https://www.suse.com/security/cve/CVE-2022-31628.html https://www.suse.com/security/cve/CVE-2022-31629.html https://www.suse.com/security/cve/CVE-2022-31630.html https://www.suse.com/security/cve/CVE-2022-37454.html https://bugzilla.suse.com/1203867 https://bugzilla.suse.com/1203870 https://bugzilla.suse.com/1204577 https://bugzilla.suse.com/1204979 From sle-updates at lists.suse.com Fri Nov 18 14:27:15 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 18 Nov 2022 15:27:15 +0100 (CET) Subject: SUSE-SU-2022:4069-1: important: Security update for php7 Message-ID: <20221118142715.745B7F3D4@maintenance.suse.de> SUSE Security Update: Security update for php7 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:4069-1 Rating: important References: #1203867 #1203870 #1204577 #1204979 SLE-23639 Cross-References: CVE-2017-8923 CVE-2020-7068 CVE-2020-7069 CVE-2020-7070 CVE-2020-7071 CVE-2021-21702 CVE-2021-21703 CVE-2021-21704 CVE-2021-21705 CVE-2021-21706 CVE-2021-21707 CVE-2021-21708 CVE-2022-31625 CVE-2022-31626 CVE-2022-31628 CVE-2022-31629 CVE-2022-31630 CVE-2022-37454 CVSS scores: CVE-2017-8923 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2017-8923 (SUSE): 5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2020-7068 (NVD) : 3.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:L CVE-2020-7068 (SUSE): 4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2020-7069 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N CVE-2020-7069 (SUSE): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N CVE-2020-7070 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVE-2020-7070 (SUSE): 6.8 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N CVE-2020-7071 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVE-2020-7071 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVE-2021-21702 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-21702 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-21703 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-21703 (SUSE): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2021-21704 (NVD) : 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-21704 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-21705 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVE-2021-21705 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVE-2021-21706 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N CVE-2021-21707 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVE-2021-21707 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVE-2021-21708 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-21708 (SUSE): 7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H CVE-2022-31625 (NVD) : 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-31625 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-31626 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-31626 (SUSE): 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-31628 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-31628 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CVE-2022-31629 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N CVE-2022-31630 (NVD) : 7.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H CVE-2022-31630 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVE-2022-37454 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-37454 (SUSE): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Enterprise Storage 7 SUSE Enterprise Storage 7.1 SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 SUSE Linux Enterprise Module for Web Scripting 15-SP3 SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.1 SUSE Manager Retail Branch Server 4.2 SUSE Manager Server 4.1 SUSE Manager Server 4.2 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes 18 vulnerabilities, contains one feature is now available. Description: This update for php7 fixes the following issues: - Version update to 7.4.33: - CVE-2022-31630: Fixed out-of-bounds read due to insufficient input validation in imageloadfont() (bsc#1204979). - CVE-2022-37454: Fixed buffer overflow in hash_update() on long parameter (bsc#1204577). - Version update to 7.4.32 (jsc#SLE-23639) - CVE-2022-31628: Fixed an uncontrolled recursion in the phar uncompressor while decompressing "quines" gzip files. (bsc#1203867) - CVE-2022-31629: Fixed a bug which could lead an attacker to set an insecure cookie that will treated as secure in the victim's browser. (bsc#1203870) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-4069=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-4069=1 - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-4069=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-4069=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-4069=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-4069=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-4069=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-4069=1 - SUSE Linux Enterprise Module for Web Scripting 15-SP3: zypper in -t patch SUSE-SLE-Module-Web-Scripting-15-SP3-2022-4069=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP3-2022-4069=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-4069=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-4069=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-4069=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): php7-firebird-7.4.33-150200.3.46.2 php7-firebird-debuginfo-7.4.33-150200.3.46.2 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): apache2-mod_php7-7.4.33-150200.3.46.2 apache2-mod_php7-debuginfo-7.4.33-150200.3.46.2 php7-7.4.33-150200.3.46.2 php7-bcmath-7.4.33-150200.3.46.2 php7-bcmath-debuginfo-7.4.33-150200.3.46.2 php7-bz2-7.4.33-150200.3.46.2 php7-bz2-debuginfo-7.4.33-150200.3.46.2 php7-calendar-7.4.33-150200.3.46.2 php7-calendar-debuginfo-7.4.33-150200.3.46.2 php7-ctype-7.4.33-150200.3.46.2 php7-ctype-debuginfo-7.4.33-150200.3.46.2 php7-curl-7.4.33-150200.3.46.2 php7-curl-debuginfo-7.4.33-150200.3.46.2 php7-dba-7.4.33-150200.3.46.2 php7-dba-debuginfo-7.4.33-150200.3.46.2 php7-debuginfo-7.4.33-150200.3.46.2 php7-debugsource-7.4.33-150200.3.46.2 php7-devel-7.4.33-150200.3.46.2 php7-dom-7.4.33-150200.3.46.2 php7-dom-debuginfo-7.4.33-150200.3.46.2 php7-embed-7.4.33-150200.3.46.2 php7-embed-debuginfo-7.4.33-150200.3.46.2 php7-enchant-7.4.33-150200.3.46.2 php7-enchant-debuginfo-7.4.33-150200.3.46.2 php7-exif-7.4.33-150200.3.46.2 php7-exif-debuginfo-7.4.33-150200.3.46.2 php7-fastcgi-7.4.33-150200.3.46.2 php7-fastcgi-debuginfo-7.4.33-150200.3.46.2 php7-fileinfo-7.4.33-150200.3.46.2 php7-fileinfo-debuginfo-7.4.33-150200.3.46.2 php7-firebird-7.4.33-150200.3.46.2 php7-firebird-debuginfo-7.4.33-150200.3.46.2 php7-fpm-7.4.33-150200.3.46.2 php7-fpm-debuginfo-7.4.33-150200.3.46.2 php7-ftp-7.4.33-150200.3.46.2 php7-ftp-debuginfo-7.4.33-150200.3.46.2 php7-gd-7.4.33-150200.3.46.2 php7-gd-debuginfo-7.4.33-150200.3.46.2 php7-gettext-7.4.33-150200.3.46.2 php7-gettext-debuginfo-7.4.33-150200.3.46.2 php7-gmp-7.4.33-150200.3.46.2 php7-gmp-debuginfo-7.4.33-150200.3.46.2 php7-iconv-7.4.33-150200.3.46.2 php7-iconv-debuginfo-7.4.33-150200.3.46.2 php7-intl-7.4.33-150200.3.46.2 php7-intl-debuginfo-7.4.33-150200.3.46.2 php7-json-7.4.33-150200.3.46.2 php7-json-debuginfo-7.4.33-150200.3.46.2 php7-ldap-7.4.33-150200.3.46.2 php7-ldap-debuginfo-7.4.33-150200.3.46.2 php7-mbstring-7.4.33-150200.3.46.2 php7-mbstring-debuginfo-7.4.33-150200.3.46.2 php7-mysql-7.4.33-150200.3.46.2 php7-mysql-debuginfo-7.4.33-150200.3.46.2 php7-odbc-7.4.33-150200.3.46.2 php7-odbc-debuginfo-7.4.33-150200.3.46.2 php7-opcache-7.4.33-150200.3.46.2 php7-opcache-debuginfo-7.4.33-150200.3.46.2 php7-openssl-7.4.33-150200.3.46.2 php7-openssl-debuginfo-7.4.33-150200.3.46.2 php7-pcntl-7.4.33-150200.3.46.2 php7-pcntl-debuginfo-7.4.33-150200.3.46.2 php7-pdo-7.4.33-150200.3.46.2 php7-pdo-debuginfo-7.4.33-150200.3.46.2 php7-pgsql-7.4.33-150200.3.46.2 php7-pgsql-debuginfo-7.4.33-150200.3.46.2 php7-phar-7.4.33-150200.3.46.2 php7-phar-debuginfo-7.4.33-150200.3.46.2 php7-posix-7.4.33-150200.3.46.2 php7-posix-debuginfo-7.4.33-150200.3.46.2 php7-readline-7.4.33-150200.3.46.2 php7-readline-debuginfo-7.4.33-150200.3.46.2 php7-shmop-7.4.33-150200.3.46.2 php7-shmop-debuginfo-7.4.33-150200.3.46.2 php7-snmp-7.4.33-150200.3.46.2 php7-snmp-debuginfo-7.4.33-150200.3.46.2 php7-soap-7.4.33-150200.3.46.2 php7-soap-debuginfo-7.4.33-150200.3.46.2 php7-sockets-7.4.33-150200.3.46.2 php7-sockets-debuginfo-7.4.33-150200.3.46.2 php7-sodium-7.4.33-150200.3.46.2 php7-sodium-debuginfo-7.4.33-150200.3.46.2 php7-sqlite-7.4.33-150200.3.46.2 php7-sqlite-debuginfo-7.4.33-150200.3.46.2 php7-sysvmsg-7.4.33-150200.3.46.2 php7-sysvmsg-debuginfo-7.4.33-150200.3.46.2 php7-sysvsem-7.4.33-150200.3.46.2 php7-sysvsem-debuginfo-7.4.33-150200.3.46.2 php7-sysvshm-7.4.33-150200.3.46.2 php7-sysvshm-debuginfo-7.4.33-150200.3.46.2 php7-test-7.4.33-150200.3.46.2 php7-tidy-7.4.33-150200.3.46.2 php7-tidy-debuginfo-7.4.33-150200.3.46.2 php7-tokenizer-7.4.33-150200.3.46.2 php7-tokenizer-debuginfo-7.4.33-150200.3.46.2 php7-xmlreader-7.4.33-150200.3.46.2 php7-xmlreader-debuginfo-7.4.33-150200.3.46.2 php7-xmlrpc-7.4.33-150200.3.46.2 php7-xmlrpc-debuginfo-7.4.33-150200.3.46.2 php7-xmlwriter-7.4.33-150200.3.46.2 php7-xmlwriter-debuginfo-7.4.33-150200.3.46.2 php7-xsl-7.4.33-150200.3.46.2 php7-xsl-debuginfo-7.4.33-150200.3.46.2 php7-zip-7.4.33-150200.3.46.2 php7-zip-debuginfo-7.4.33-150200.3.46.2 php7-zlib-7.4.33-150200.3.46.2 php7-zlib-debuginfo-7.4.33-150200.3.46.2 - SUSE Manager Server 4.1 (ppc64le s390x x86_64): apache2-mod_php7-7.4.33-150200.3.46.2 apache2-mod_php7-debuginfo-7.4.33-150200.3.46.2 php7-7.4.33-150200.3.46.2 php7-bcmath-7.4.33-150200.3.46.2 php7-bcmath-debuginfo-7.4.33-150200.3.46.2 php7-bz2-7.4.33-150200.3.46.2 php7-bz2-debuginfo-7.4.33-150200.3.46.2 php7-calendar-7.4.33-150200.3.46.2 php7-calendar-debuginfo-7.4.33-150200.3.46.2 php7-ctype-7.4.33-150200.3.46.2 php7-ctype-debuginfo-7.4.33-150200.3.46.2 php7-curl-7.4.33-150200.3.46.2 php7-curl-debuginfo-7.4.33-150200.3.46.2 php7-dba-7.4.33-150200.3.46.2 php7-dba-debuginfo-7.4.33-150200.3.46.2 php7-debuginfo-7.4.33-150200.3.46.2 php7-debugsource-7.4.33-150200.3.46.2 php7-devel-7.4.33-150200.3.46.2 php7-dom-7.4.33-150200.3.46.2 php7-dom-debuginfo-7.4.33-150200.3.46.2 php7-enchant-7.4.33-150200.3.46.2 php7-enchant-debuginfo-7.4.33-150200.3.46.2 php7-exif-7.4.33-150200.3.46.2 php7-exif-debuginfo-7.4.33-150200.3.46.2 php7-fastcgi-7.4.33-150200.3.46.2 php7-fastcgi-debuginfo-7.4.33-150200.3.46.2 php7-fileinfo-7.4.33-150200.3.46.2 php7-fileinfo-debuginfo-7.4.33-150200.3.46.2 php7-fpm-7.4.33-150200.3.46.2 php7-fpm-debuginfo-7.4.33-150200.3.46.2 php7-ftp-7.4.33-150200.3.46.2 php7-ftp-debuginfo-7.4.33-150200.3.46.2 php7-gd-7.4.33-150200.3.46.2 php7-gd-debuginfo-7.4.33-150200.3.46.2 php7-gettext-7.4.33-150200.3.46.2 php7-gettext-debuginfo-7.4.33-150200.3.46.2 php7-gmp-7.4.33-150200.3.46.2 php7-gmp-debuginfo-7.4.33-150200.3.46.2 php7-iconv-7.4.33-150200.3.46.2 php7-iconv-debuginfo-7.4.33-150200.3.46.2 php7-intl-7.4.33-150200.3.46.2 php7-intl-debuginfo-7.4.33-150200.3.46.2 php7-json-7.4.33-150200.3.46.2 php7-json-debuginfo-7.4.33-150200.3.46.2 php7-ldap-7.4.33-150200.3.46.2 php7-ldap-debuginfo-7.4.33-150200.3.46.2 php7-mbstring-7.4.33-150200.3.46.2 php7-mbstring-debuginfo-7.4.33-150200.3.46.2 php7-mysql-7.4.33-150200.3.46.2 php7-mysql-debuginfo-7.4.33-150200.3.46.2 php7-odbc-7.4.33-150200.3.46.2 php7-odbc-debuginfo-7.4.33-150200.3.46.2 php7-opcache-7.4.33-150200.3.46.2 php7-opcache-debuginfo-7.4.33-150200.3.46.2 php7-openssl-7.4.33-150200.3.46.2 php7-openssl-debuginfo-7.4.33-150200.3.46.2 php7-pcntl-7.4.33-150200.3.46.2 php7-pcntl-debuginfo-7.4.33-150200.3.46.2 php7-pdo-7.4.33-150200.3.46.2 php7-pdo-debuginfo-7.4.33-150200.3.46.2 php7-pgsql-7.4.33-150200.3.46.2 php7-pgsql-debuginfo-7.4.33-150200.3.46.2 php7-phar-7.4.33-150200.3.46.2 php7-phar-debuginfo-7.4.33-150200.3.46.2 php7-posix-7.4.33-150200.3.46.2 php7-posix-debuginfo-7.4.33-150200.3.46.2 php7-readline-7.4.33-150200.3.46.2 php7-readline-debuginfo-7.4.33-150200.3.46.2 php7-shmop-7.4.33-150200.3.46.2 php7-shmop-debuginfo-7.4.33-150200.3.46.2 php7-snmp-7.4.33-150200.3.46.2 php7-snmp-debuginfo-7.4.33-150200.3.46.2 php7-soap-7.4.33-150200.3.46.2 php7-soap-debuginfo-7.4.33-150200.3.46.2 php7-sockets-7.4.33-150200.3.46.2 php7-sockets-debuginfo-7.4.33-150200.3.46.2 php7-sodium-7.4.33-150200.3.46.2 php7-sodium-debuginfo-7.4.33-150200.3.46.2 php7-sqlite-7.4.33-150200.3.46.2 php7-sqlite-debuginfo-7.4.33-150200.3.46.2 php7-sysvmsg-7.4.33-150200.3.46.2 php7-sysvmsg-debuginfo-7.4.33-150200.3.46.2 php7-sysvsem-7.4.33-150200.3.46.2 php7-sysvsem-debuginfo-7.4.33-150200.3.46.2 php7-sysvshm-7.4.33-150200.3.46.2 php7-sysvshm-debuginfo-7.4.33-150200.3.46.2 php7-tidy-7.4.33-150200.3.46.2 php7-tidy-debuginfo-7.4.33-150200.3.46.2 php7-tokenizer-7.4.33-150200.3.46.2 php7-tokenizer-debuginfo-7.4.33-150200.3.46.2 php7-xmlreader-7.4.33-150200.3.46.2 php7-xmlreader-debuginfo-7.4.33-150200.3.46.2 php7-xmlrpc-7.4.33-150200.3.46.2 php7-xmlrpc-debuginfo-7.4.33-150200.3.46.2 php7-xmlwriter-7.4.33-150200.3.46.2 php7-xmlwriter-debuginfo-7.4.33-150200.3.46.2 php7-xsl-7.4.33-150200.3.46.2 php7-xsl-debuginfo-7.4.33-150200.3.46.2 php7-zip-7.4.33-150200.3.46.2 php7-zip-debuginfo-7.4.33-150200.3.46.2 php7-zlib-7.4.33-150200.3.46.2 php7-zlib-debuginfo-7.4.33-150200.3.46.2 - SUSE Manager Retail Branch Server 4.1 (x86_64): apache2-mod_php7-7.4.33-150200.3.46.2 apache2-mod_php7-debuginfo-7.4.33-150200.3.46.2 php7-7.4.33-150200.3.46.2 php7-bcmath-7.4.33-150200.3.46.2 php7-bcmath-debuginfo-7.4.33-150200.3.46.2 php7-bz2-7.4.33-150200.3.46.2 php7-bz2-debuginfo-7.4.33-150200.3.46.2 php7-calendar-7.4.33-150200.3.46.2 php7-calendar-debuginfo-7.4.33-150200.3.46.2 php7-ctype-7.4.33-150200.3.46.2 php7-ctype-debuginfo-7.4.33-150200.3.46.2 php7-curl-7.4.33-150200.3.46.2 php7-curl-debuginfo-7.4.33-150200.3.46.2 php7-dba-7.4.33-150200.3.46.2 php7-dba-debuginfo-7.4.33-150200.3.46.2 php7-debuginfo-7.4.33-150200.3.46.2 php7-debugsource-7.4.33-150200.3.46.2 php7-devel-7.4.33-150200.3.46.2 php7-dom-7.4.33-150200.3.46.2 php7-dom-debuginfo-7.4.33-150200.3.46.2 php7-enchant-7.4.33-150200.3.46.2 php7-enchant-debuginfo-7.4.33-150200.3.46.2 php7-exif-7.4.33-150200.3.46.2 php7-exif-debuginfo-7.4.33-150200.3.46.2 php7-fastcgi-7.4.33-150200.3.46.2 php7-fastcgi-debuginfo-7.4.33-150200.3.46.2 php7-fileinfo-7.4.33-150200.3.46.2 php7-fileinfo-debuginfo-7.4.33-150200.3.46.2 php7-fpm-7.4.33-150200.3.46.2 php7-fpm-debuginfo-7.4.33-150200.3.46.2 php7-ftp-7.4.33-150200.3.46.2 php7-ftp-debuginfo-7.4.33-150200.3.46.2 php7-gd-7.4.33-150200.3.46.2 php7-gd-debuginfo-7.4.33-150200.3.46.2 php7-gettext-7.4.33-150200.3.46.2 php7-gettext-debuginfo-7.4.33-150200.3.46.2 php7-gmp-7.4.33-150200.3.46.2 php7-gmp-debuginfo-7.4.33-150200.3.46.2 php7-iconv-7.4.33-150200.3.46.2 php7-iconv-debuginfo-7.4.33-150200.3.46.2 php7-intl-7.4.33-150200.3.46.2 php7-intl-debuginfo-7.4.33-150200.3.46.2 php7-json-7.4.33-150200.3.46.2 php7-json-debuginfo-7.4.33-150200.3.46.2 php7-ldap-7.4.33-150200.3.46.2 php7-ldap-debuginfo-7.4.33-150200.3.46.2 php7-mbstring-7.4.33-150200.3.46.2 php7-mbstring-debuginfo-7.4.33-150200.3.46.2 php7-mysql-7.4.33-150200.3.46.2 php7-mysql-debuginfo-7.4.33-150200.3.46.2 php7-odbc-7.4.33-150200.3.46.2 php7-odbc-debuginfo-7.4.33-150200.3.46.2 php7-opcache-7.4.33-150200.3.46.2 php7-opcache-debuginfo-7.4.33-150200.3.46.2 php7-openssl-7.4.33-150200.3.46.2 php7-openssl-debuginfo-7.4.33-150200.3.46.2 php7-pcntl-7.4.33-150200.3.46.2 php7-pcntl-debuginfo-7.4.33-150200.3.46.2 php7-pdo-7.4.33-150200.3.46.2 php7-pdo-debuginfo-7.4.33-150200.3.46.2 php7-pgsql-7.4.33-150200.3.46.2 php7-pgsql-debuginfo-7.4.33-150200.3.46.2 php7-phar-7.4.33-150200.3.46.2 php7-phar-debuginfo-7.4.33-150200.3.46.2 php7-posix-7.4.33-150200.3.46.2 php7-posix-debuginfo-7.4.33-150200.3.46.2 php7-readline-7.4.33-150200.3.46.2 php7-readline-debuginfo-7.4.33-150200.3.46.2 php7-shmop-7.4.33-150200.3.46.2 php7-shmop-debuginfo-7.4.33-150200.3.46.2 php7-snmp-7.4.33-150200.3.46.2 php7-snmp-debuginfo-7.4.33-150200.3.46.2 php7-soap-7.4.33-150200.3.46.2 php7-soap-debuginfo-7.4.33-150200.3.46.2 php7-sockets-7.4.33-150200.3.46.2 php7-sockets-debuginfo-7.4.33-150200.3.46.2 php7-sodium-7.4.33-150200.3.46.2 php7-sodium-debuginfo-7.4.33-150200.3.46.2 php7-sqlite-7.4.33-150200.3.46.2 php7-sqlite-debuginfo-7.4.33-150200.3.46.2 php7-sysvmsg-7.4.33-150200.3.46.2 php7-sysvmsg-debuginfo-7.4.33-150200.3.46.2 php7-sysvsem-7.4.33-150200.3.46.2 php7-sysvsem-debuginfo-7.4.33-150200.3.46.2 php7-sysvshm-7.4.33-150200.3.46.2 php7-sysvshm-debuginfo-7.4.33-150200.3.46.2 php7-tidy-7.4.33-150200.3.46.2 php7-tidy-debuginfo-7.4.33-150200.3.46.2 php7-tokenizer-7.4.33-150200.3.46.2 php7-tokenizer-debuginfo-7.4.33-150200.3.46.2 php7-xmlreader-7.4.33-150200.3.46.2 php7-xmlreader-debuginfo-7.4.33-150200.3.46.2 php7-xmlrpc-7.4.33-150200.3.46.2 php7-xmlrpc-debuginfo-7.4.33-150200.3.46.2 php7-xmlwriter-7.4.33-150200.3.46.2 php7-xmlwriter-debuginfo-7.4.33-150200.3.46.2 php7-xsl-7.4.33-150200.3.46.2 php7-xsl-debuginfo-7.4.33-150200.3.46.2 php7-zip-7.4.33-150200.3.46.2 php7-zip-debuginfo-7.4.33-150200.3.46.2 php7-zlib-7.4.33-150200.3.46.2 php7-zlib-debuginfo-7.4.33-150200.3.46.2 - SUSE Manager Proxy 4.1 (x86_64): apache2-mod_php7-7.4.33-150200.3.46.2 apache2-mod_php7-debuginfo-7.4.33-150200.3.46.2 php7-7.4.33-150200.3.46.2 php7-bcmath-7.4.33-150200.3.46.2 php7-bcmath-debuginfo-7.4.33-150200.3.46.2 php7-bz2-7.4.33-150200.3.46.2 php7-bz2-debuginfo-7.4.33-150200.3.46.2 php7-calendar-7.4.33-150200.3.46.2 php7-calendar-debuginfo-7.4.33-150200.3.46.2 php7-ctype-7.4.33-150200.3.46.2 php7-ctype-debuginfo-7.4.33-150200.3.46.2 php7-curl-7.4.33-150200.3.46.2 php7-curl-debuginfo-7.4.33-150200.3.46.2 php7-dba-7.4.33-150200.3.46.2 php7-dba-debuginfo-7.4.33-150200.3.46.2 php7-debuginfo-7.4.33-150200.3.46.2 php7-debugsource-7.4.33-150200.3.46.2 php7-devel-7.4.33-150200.3.46.2 php7-dom-7.4.33-150200.3.46.2 php7-dom-debuginfo-7.4.33-150200.3.46.2 php7-enchant-7.4.33-150200.3.46.2 php7-enchant-debuginfo-7.4.33-150200.3.46.2 php7-exif-7.4.33-150200.3.46.2 php7-exif-debuginfo-7.4.33-150200.3.46.2 php7-fastcgi-7.4.33-150200.3.46.2 php7-fastcgi-debuginfo-7.4.33-150200.3.46.2 php7-fileinfo-7.4.33-150200.3.46.2 php7-fileinfo-debuginfo-7.4.33-150200.3.46.2 php7-fpm-7.4.33-150200.3.46.2 php7-fpm-debuginfo-7.4.33-150200.3.46.2 php7-ftp-7.4.33-150200.3.46.2 php7-ftp-debuginfo-7.4.33-150200.3.46.2 php7-gd-7.4.33-150200.3.46.2 php7-gd-debuginfo-7.4.33-150200.3.46.2 php7-gettext-7.4.33-150200.3.46.2 php7-gettext-debuginfo-7.4.33-150200.3.46.2 php7-gmp-7.4.33-150200.3.46.2 php7-gmp-debuginfo-7.4.33-150200.3.46.2 php7-iconv-7.4.33-150200.3.46.2 php7-iconv-debuginfo-7.4.33-150200.3.46.2 php7-intl-7.4.33-150200.3.46.2 php7-intl-debuginfo-7.4.33-150200.3.46.2 php7-json-7.4.33-150200.3.46.2 php7-json-debuginfo-7.4.33-150200.3.46.2 php7-ldap-7.4.33-150200.3.46.2 php7-ldap-debuginfo-7.4.33-150200.3.46.2 php7-mbstring-7.4.33-150200.3.46.2 php7-mbstring-debuginfo-7.4.33-150200.3.46.2 php7-mysql-7.4.33-150200.3.46.2 php7-mysql-debuginfo-7.4.33-150200.3.46.2 php7-odbc-7.4.33-150200.3.46.2 php7-odbc-debuginfo-7.4.33-150200.3.46.2 php7-opcache-7.4.33-150200.3.46.2 php7-opcache-debuginfo-7.4.33-150200.3.46.2 php7-openssl-7.4.33-150200.3.46.2 php7-openssl-debuginfo-7.4.33-150200.3.46.2 php7-pcntl-7.4.33-150200.3.46.2 php7-pcntl-debuginfo-7.4.33-150200.3.46.2 php7-pdo-7.4.33-150200.3.46.2 php7-pdo-debuginfo-7.4.33-150200.3.46.2 php7-pgsql-7.4.33-150200.3.46.2 php7-pgsql-debuginfo-7.4.33-150200.3.46.2 php7-phar-7.4.33-150200.3.46.2 php7-phar-debuginfo-7.4.33-150200.3.46.2 php7-posix-7.4.33-150200.3.46.2 php7-posix-debuginfo-7.4.33-150200.3.46.2 php7-readline-7.4.33-150200.3.46.2 php7-readline-debuginfo-7.4.33-150200.3.46.2 php7-shmop-7.4.33-150200.3.46.2 php7-shmop-debuginfo-7.4.33-150200.3.46.2 php7-snmp-7.4.33-150200.3.46.2 php7-snmp-debuginfo-7.4.33-150200.3.46.2 php7-soap-7.4.33-150200.3.46.2 php7-soap-debuginfo-7.4.33-150200.3.46.2 php7-sockets-7.4.33-150200.3.46.2 php7-sockets-debuginfo-7.4.33-150200.3.46.2 php7-sodium-7.4.33-150200.3.46.2 php7-sodium-debuginfo-7.4.33-150200.3.46.2 php7-sqlite-7.4.33-150200.3.46.2 php7-sqlite-debuginfo-7.4.33-150200.3.46.2 php7-sysvmsg-7.4.33-150200.3.46.2 php7-sysvmsg-debuginfo-7.4.33-150200.3.46.2 php7-sysvsem-7.4.33-150200.3.46.2 php7-sysvsem-debuginfo-7.4.33-150200.3.46.2 php7-sysvshm-7.4.33-150200.3.46.2 php7-sysvshm-debuginfo-7.4.33-150200.3.46.2 php7-tidy-7.4.33-150200.3.46.2 php7-tidy-debuginfo-7.4.33-150200.3.46.2 php7-tokenizer-7.4.33-150200.3.46.2 php7-tokenizer-debuginfo-7.4.33-150200.3.46.2 php7-xmlreader-7.4.33-150200.3.46.2 php7-xmlreader-debuginfo-7.4.33-150200.3.46.2 php7-xmlrpc-7.4.33-150200.3.46.2 php7-xmlrpc-debuginfo-7.4.33-150200.3.46.2 php7-xmlwriter-7.4.33-150200.3.46.2 php7-xmlwriter-debuginfo-7.4.33-150200.3.46.2 php7-xsl-7.4.33-150200.3.46.2 php7-xsl-debuginfo-7.4.33-150200.3.46.2 php7-zip-7.4.33-150200.3.46.2 php7-zip-debuginfo-7.4.33-150200.3.46.2 php7-zlib-7.4.33-150200.3.46.2 php7-zlib-debuginfo-7.4.33-150200.3.46.2 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): apache2-mod_php7-7.4.33-150200.3.46.2 apache2-mod_php7-debuginfo-7.4.33-150200.3.46.2 php7-7.4.33-150200.3.46.2 php7-bcmath-7.4.33-150200.3.46.2 php7-bcmath-debuginfo-7.4.33-150200.3.46.2 php7-bz2-7.4.33-150200.3.46.2 php7-bz2-debuginfo-7.4.33-150200.3.46.2 php7-calendar-7.4.33-150200.3.46.2 php7-calendar-debuginfo-7.4.33-150200.3.46.2 php7-ctype-7.4.33-150200.3.46.2 php7-ctype-debuginfo-7.4.33-150200.3.46.2 php7-curl-7.4.33-150200.3.46.2 php7-curl-debuginfo-7.4.33-150200.3.46.2 php7-dba-7.4.33-150200.3.46.2 php7-dba-debuginfo-7.4.33-150200.3.46.2 php7-debuginfo-7.4.33-150200.3.46.2 php7-debugsource-7.4.33-150200.3.46.2 php7-devel-7.4.33-150200.3.46.2 php7-dom-7.4.33-150200.3.46.2 php7-dom-debuginfo-7.4.33-150200.3.46.2 php7-enchant-7.4.33-150200.3.46.2 php7-enchant-debuginfo-7.4.33-150200.3.46.2 php7-exif-7.4.33-150200.3.46.2 php7-exif-debuginfo-7.4.33-150200.3.46.2 php7-fastcgi-7.4.33-150200.3.46.2 php7-fastcgi-debuginfo-7.4.33-150200.3.46.2 php7-fileinfo-7.4.33-150200.3.46.2 php7-fileinfo-debuginfo-7.4.33-150200.3.46.2 php7-fpm-7.4.33-150200.3.46.2 php7-fpm-debuginfo-7.4.33-150200.3.46.2 php7-ftp-7.4.33-150200.3.46.2 php7-ftp-debuginfo-7.4.33-150200.3.46.2 php7-gd-7.4.33-150200.3.46.2 php7-gd-debuginfo-7.4.33-150200.3.46.2 php7-gettext-7.4.33-150200.3.46.2 php7-gettext-debuginfo-7.4.33-150200.3.46.2 php7-gmp-7.4.33-150200.3.46.2 php7-gmp-debuginfo-7.4.33-150200.3.46.2 php7-iconv-7.4.33-150200.3.46.2 php7-iconv-debuginfo-7.4.33-150200.3.46.2 php7-intl-7.4.33-150200.3.46.2 php7-intl-debuginfo-7.4.33-150200.3.46.2 php7-json-7.4.33-150200.3.46.2 php7-json-debuginfo-7.4.33-150200.3.46.2 php7-ldap-7.4.33-150200.3.46.2 php7-ldap-debuginfo-7.4.33-150200.3.46.2 php7-mbstring-7.4.33-150200.3.46.2 php7-mbstring-debuginfo-7.4.33-150200.3.46.2 php7-mysql-7.4.33-150200.3.46.2 php7-mysql-debuginfo-7.4.33-150200.3.46.2 php7-odbc-7.4.33-150200.3.46.2 php7-odbc-debuginfo-7.4.33-150200.3.46.2 php7-opcache-7.4.33-150200.3.46.2 php7-opcache-debuginfo-7.4.33-150200.3.46.2 php7-openssl-7.4.33-150200.3.46.2 php7-openssl-debuginfo-7.4.33-150200.3.46.2 php7-pcntl-7.4.33-150200.3.46.2 php7-pcntl-debuginfo-7.4.33-150200.3.46.2 php7-pdo-7.4.33-150200.3.46.2 php7-pdo-debuginfo-7.4.33-150200.3.46.2 php7-pgsql-7.4.33-150200.3.46.2 php7-pgsql-debuginfo-7.4.33-150200.3.46.2 php7-phar-7.4.33-150200.3.46.2 php7-phar-debuginfo-7.4.33-150200.3.46.2 php7-posix-7.4.33-150200.3.46.2 php7-posix-debuginfo-7.4.33-150200.3.46.2 php7-readline-7.4.33-150200.3.46.2 php7-readline-debuginfo-7.4.33-150200.3.46.2 php7-shmop-7.4.33-150200.3.46.2 php7-shmop-debuginfo-7.4.33-150200.3.46.2 php7-snmp-7.4.33-150200.3.46.2 php7-snmp-debuginfo-7.4.33-150200.3.46.2 php7-soap-7.4.33-150200.3.46.2 php7-soap-debuginfo-7.4.33-150200.3.46.2 php7-sockets-7.4.33-150200.3.46.2 php7-sockets-debuginfo-7.4.33-150200.3.46.2 php7-sodium-7.4.33-150200.3.46.2 php7-sodium-debuginfo-7.4.33-150200.3.46.2 php7-sqlite-7.4.33-150200.3.46.2 php7-sqlite-debuginfo-7.4.33-150200.3.46.2 php7-sysvmsg-7.4.33-150200.3.46.2 php7-sysvmsg-debuginfo-7.4.33-150200.3.46.2 php7-sysvsem-7.4.33-150200.3.46.2 php7-sysvsem-debuginfo-7.4.33-150200.3.46.2 php7-sysvshm-7.4.33-150200.3.46.2 php7-sysvshm-debuginfo-7.4.33-150200.3.46.2 php7-tidy-7.4.33-150200.3.46.2 php7-tidy-debuginfo-7.4.33-150200.3.46.2 php7-tokenizer-7.4.33-150200.3.46.2 php7-tokenizer-debuginfo-7.4.33-150200.3.46.2 php7-xmlreader-7.4.33-150200.3.46.2 php7-xmlreader-debuginfo-7.4.33-150200.3.46.2 php7-xmlrpc-7.4.33-150200.3.46.2 php7-xmlrpc-debuginfo-7.4.33-150200.3.46.2 php7-xmlwriter-7.4.33-150200.3.46.2 php7-xmlwriter-debuginfo-7.4.33-150200.3.46.2 php7-xsl-7.4.33-150200.3.46.2 php7-xsl-debuginfo-7.4.33-150200.3.46.2 php7-zip-7.4.33-150200.3.46.2 php7-zip-debuginfo-7.4.33-150200.3.46.2 php7-zlib-7.4.33-150200.3.46.2 php7-zlib-debuginfo-7.4.33-150200.3.46.2 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): apache2-mod_php7-7.4.33-150200.3.46.2 apache2-mod_php7-debuginfo-7.4.33-150200.3.46.2 php7-7.4.33-150200.3.46.2 php7-bcmath-7.4.33-150200.3.46.2 php7-bcmath-debuginfo-7.4.33-150200.3.46.2 php7-bz2-7.4.33-150200.3.46.2 php7-bz2-debuginfo-7.4.33-150200.3.46.2 php7-calendar-7.4.33-150200.3.46.2 php7-calendar-debuginfo-7.4.33-150200.3.46.2 php7-ctype-7.4.33-150200.3.46.2 php7-ctype-debuginfo-7.4.33-150200.3.46.2 php7-curl-7.4.33-150200.3.46.2 php7-curl-debuginfo-7.4.33-150200.3.46.2 php7-dba-7.4.33-150200.3.46.2 php7-dba-debuginfo-7.4.33-150200.3.46.2 php7-debuginfo-7.4.33-150200.3.46.2 php7-debugsource-7.4.33-150200.3.46.2 php7-devel-7.4.33-150200.3.46.2 php7-dom-7.4.33-150200.3.46.2 php7-dom-debuginfo-7.4.33-150200.3.46.2 php7-enchant-7.4.33-150200.3.46.2 php7-enchant-debuginfo-7.4.33-150200.3.46.2 php7-exif-7.4.33-150200.3.46.2 php7-exif-debuginfo-7.4.33-150200.3.46.2 php7-fastcgi-7.4.33-150200.3.46.2 php7-fastcgi-debuginfo-7.4.33-150200.3.46.2 php7-fileinfo-7.4.33-150200.3.46.2 php7-fileinfo-debuginfo-7.4.33-150200.3.46.2 php7-fpm-7.4.33-150200.3.46.2 php7-fpm-debuginfo-7.4.33-150200.3.46.2 php7-ftp-7.4.33-150200.3.46.2 php7-ftp-debuginfo-7.4.33-150200.3.46.2 php7-gd-7.4.33-150200.3.46.2 php7-gd-debuginfo-7.4.33-150200.3.46.2 php7-gettext-7.4.33-150200.3.46.2 php7-gettext-debuginfo-7.4.33-150200.3.46.2 php7-gmp-7.4.33-150200.3.46.2 php7-gmp-debuginfo-7.4.33-150200.3.46.2 php7-iconv-7.4.33-150200.3.46.2 php7-iconv-debuginfo-7.4.33-150200.3.46.2 php7-intl-7.4.33-150200.3.46.2 php7-intl-debuginfo-7.4.33-150200.3.46.2 php7-json-7.4.33-150200.3.46.2 php7-json-debuginfo-7.4.33-150200.3.46.2 php7-ldap-7.4.33-150200.3.46.2 php7-ldap-debuginfo-7.4.33-150200.3.46.2 php7-mbstring-7.4.33-150200.3.46.2 php7-mbstring-debuginfo-7.4.33-150200.3.46.2 php7-mysql-7.4.33-150200.3.46.2 php7-mysql-debuginfo-7.4.33-150200.3.46.2 php7-odbc-7.4.33-150200.3.46.2 php7-odbc-debuginfo-7.4.33-150200.3.46.2 php7-opcache-7.4.33-150200.3.46.2 php7-opcache-debuginfo-7.4.33-150200.3.46.2 php7-openssl-7.4.33-150200.3.46.2 php7-openssl-debuginfo-7.4.33-150200.3.46.2 php7-pcntl-7.4.33-150200.3.46.2 php7-pcntl-debuginfo-7.4.33-150200.3.46.2 php7-pdo-7.4.33-150200.3.46.2 php7-pdo-debuginfo-7.4.33-150200.3.46.2 php7-pgsql-7.4.33-150200.3.46.2 php7-pgsql-debuginfo-7.4.33-150200.3.46.2 php7-phar-7.4.33-150200.3.46.2 php7-phar-debuginfo-7.4.33-150200.3.46.2 php7-posix-7.4.33-150200.3.46.2 php7-posix-debuginfo-7.4.33-150200.3.46.2 php7-readline-7.4.33-150200.3.46.2 php7-readline-debuginfo-7.4.33-150200.3.46.2 php7-shmop-7.4.33-150200.3.46.2 php7-shmop-debuginfo-7.4.33-150200.3.46.2 php7-snmp-7.4.33-150200.3.46.2 php7-snmp-debuginfo-7.4.33-150200.3.46.2 php7-soap-7.4.33-150200.3.46.2 php7-soap-debuginfo-7.4.33-150200.3.46.2 php7-sockets-7.4.33-150200.3.46.2 php7-sockets-debuginfo-7.4.33-150200.3.46.2 php7-sodium-7.4.33-150200.3.46.2 php7-sodium-debuginfo-7.4.33-150200.3.46.2 php7-sqlite-7.4.33-150200.3.46.2 php7-sqlite-debuginfo-7.4.33-150200.3.46.2 php7-sysvmsg-7.4.33-150200.3.46.2 php7-sysvmsg-debuginfo-7.4.33-150200.3.46.2 php7-sysvsem-7.4.33-150200.3.46.2 php7-sysvsem-debuginfo-7.4.33-150200.3.46.2 php7-sysvshm-7.4.33-150200.3.46.2 php7-sysvshm-debuginfo-7.4.33-150200.3.46.2 php7-tidy-7.4.33-150200.3.46.2 php7-tidy-debuginfo-7.4.33-150200.3.46.2 php7-tokenizer-7.4.33-150200.3.46.2 php7-tokenizer-debuginfo-7.4.33-150200.3.46.2 php7-xmlreader-7.4.33-150200.3.46.2 php7-xmlreader-debuginfo-7.4.33-150200.3.46.2 php7-xmlrpc-7.4.33-150200.3.46.2 php7-xmlrpc-debuginfo-7.4.33-150200.3.46.2 php7-xmlwriter-7.4.33-150200.3.46.2 php7-xmlwriter-debuginfo-7.4.33-150200.3.46.2 php7-xsl-7.4.33-150200.3.46.2 php7-xsl-debuginfo-7.4.33-150200.3.46.2 php7-zip-7.4.33-150200.3.46.2 php7-zip-debuginfo-7.4.33-150200.3.46.2 php7-zlib-7.4.33-150200.3.46.2 php7-zlib-debuginfo-7.4.33-150200.3.46.2 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): apache2-mod_php7-7.4.33-150200.3.46.2 apache2-mod_php7-debuginfo-7.4.33-150200.3.46.2 php7-7.4.33-150200.3.46.2 php7-bcmath-7.4.33-150200.3.46.2 php7-bcmath-debuginfo-7.4.33-150200.3.46.2 php7-bz2-7.4.33-150200.3.46.2 php7-bz2-debuginfo-7.4.33-150200.3.46.2 php7-calendar-7.4.33-150200.3.46.2 php7-calendar-debuginfo-7.4.33-150200.3.46.2 php7-ctype-7.4.33-150200.3.46.2 php7-ctype-debuginfo-7.4.33-150200.3.46.2 php7-curl-7.4.33-150200.3.46.2 php7-curl-debuginfo-7.4.33-150200.3.46.2 php7-dba-7.4.33-150200.3.46.2 php7-dba-debuginfo-7.4.33-150200.3.46.2 php7-debuginfo-7.4.33-150200.3.46.2 php7-debugsource-7.4.33-150200.3.46.2 php7-devel-7.4.33-150200.3.46.2 php7-dom-7.4.33-150200.3.46.2 php7-dom-debuginfo-7.4.33-150200.3.46.2 php7-enchant-7.4.33-150200.3.46.2 php7-enchant-debuginfo-7.4.33-150200.3.46.2 php7-exif-7.4.33-150200.3.46.2 php7-exif-debuginfo-7.4.33-150200.3.46.2 php7-fastcgi-7.4.33-150200.3.46.2 php7-fastcgi-debuginfo-7.4.33-150200.3.46.2 php7-fileinfo-7.4.33-150200.3.46.2 php7-fileinfo-debuginfo-7.4.33-150200.3.46.2 php7-fpm-7.4.33-150200.3.46.2 php7-fpm-debuginfo-7.4.33-150200.3.46.2 php7-ftp-7.4.33-150200.3.46.2 php7-ftp-debuginfo-7.4.33-150200.3.46.2 php7-gd-7.4.33-150200.3.46.2 php7-gd-debuginfo-7.4.33-150200.3.46.2 php7-gettext-7.4.33-150200.3.46.2 php7-gettext-debuginfo-7.4.33-150200.3.46.2 php7-gmp-7.4.33-150200.3.46.2 php7-gmp-debuginfo-7.4.33-150200.3.46.2 php7-iconv-7.4.33-150200.3.46.2 php7-iconv-debuginfo-7.4.33-150200.3.46.2 php7-intl-7.4.33-150200.3.46.2 php7-intl-debuginfo-7.4.33-150200.3.46.2 php7-json-7.4.33-150200.3.46.2 php7-json-debuginfo-7.4.33-150200.3.46.2 php7-ldap-7.4.33-150200.3.46.2 php7-ldap-debuginfo-7.4.33-150200.3.46.2 php7-mbstring-7.4.33-150200.3.46.2 php7-mbstring-debuginfo-7.4.33-150200.3.46.2 php7-mysql-7.4.33-150200.3.46.2 php7-mysql-debuginfo-7.4.33-150200.3.46.2 php7-odbc-7.4.33-150200.3.46.2 php7-odbc-debuginfo-7.4.33-150200.3.46.2 php7-opcache-7.4.33-150200.3.46.2 php7-opcache-debuginfo-7.4.33-150200.3.46.2 php7-openssl-7.4.33-150200.3.46.2 php7-openssl-debuginfo-7.4.33-150200.3.46.2 php7-pcntl-7.4.33-150200.3.46.2 php7-pcntl-debuginfo-7.4.33-150200.3.46.2 php7-pdo-7.4.33-150200.3.46.2 php7-pdo-debuginfo-7.4.33-150200.3.46.2 php7-pgsql-7.4.33-150200.3.46.2 php7-pgsql-debuginfo-7.4.33-150200.3.46.2 php7-phar-7.4.33-150200.3.46.2 php7-phar-debuginfo-7.4.33-150200.3.46.2 php7-posix-7.4.33-150200.3.46.2 php7-posix-debuginfo-7.4.33-150200.3.46.2 php7-readline-7.4.33-150200.3.46.2 php7-readline-debuginfo-7.4.33-150200.3.46.2 php7-shmop-7.4.33-150200.3.46.2 php7-shmop-debuginfo-7.4.33-150200.3.46.2 php7-snmp-7.4.33-150200.3.46.2 php7-snmp-debuginfo-7.4.33-150200.3.46.2 php7-soap-7.4.33-150200.3.46.2 php7-soap-debuginfo-7.4.33-150200.3.46.2 php7-sockets-7.4.33-150200.3.46.2 php7-sockets-debuginfo-7.4.33-150200.3.46.2 php7-sodium-7.4.33-150200.3.46.2 php7-sodium-debuginfo-7.4.33-150200.3.46.2 php7-sqlite-7.4.33-150200.3.46.2 php7-sqlite-debuginfo-7.4.33-150200.3.46.2 php7-sysvmsg-7.4.33-150200.3.46.2 php7-sysvmsg-debuginfo-7.4.33-150200.3.46.2 php7-sysvsem-7.4.33-150200.3.46.2 php7-sysvsem-debuginfo-7.4.33-150200.3.46.2 php7-sysvshm-7.4.33-150200.3.46.2 php7-sysvshm-debuginfo-7.4.33-150200.3.46.2 php7-tidy-7.4.33-150200.3.46.2 php7-tidy-debuginfo-7.4.33-150200.3.46.2 php7-tokenizer-7.4.33-150200.3.46.2 php7-tokenizer-debuginfo-7.4.33-150200.3.46.2 php7-xmlreader-7.4.33-150200.3.46.2 php7-xmlreader-debuginfo-7.4.33-150200.3.46.2 php7-xmlrpc-7.4.33-150200.3.46.2 php7-xmlrpc-debuginfo-7.4.33-150200.3.46.2 php7-xmlwriter-7.4.33-150200.3.46.2 php7-xmlwriter-debuginfo-7.4.33-150200.3.46.2 php7-xsl-7.4.33-150200.3.46.2 php7-xsl-debuginfo-7.4.33-150200.3.46.2 php7-zip-7.4.33-150200.3.46.2 php7-zip-debuginfo-7.4.33-150200.3.46.2 php7-zlib-7.4.33-150200.3.46.2 php7-zlib-debuginfo-7.4.33-150200.3.46.2 - SUSE Linux Enterprise Module for Web Scripting 15-SP3 (aarch64 ppc64le s390x x86_64): apache2-mod_php7-7.4.33-150200.3.46.2 apache2-mod_php7-debuginfo-7.4.33-150200.3.46.2 php7-7.4.33-150200.3.46.2 php7-bcmath-7.4.33-150200.3.46.2 php7-bcmath-debuginfo-7.4.33-150200.3.46.2 php7-bz2-7.4.33-150200.3.46.2 php7-bz2-debuginfo-7.4.33-150200.3.46.2 php7-calendar-7.4.33-150200.3.46.2 php7-calendar-debuginfo-7.4.33-150200.3.46.2 php7-ctype-7.4.33-150200.3.46.2 php7-ctype-debuginfo-7.4.33-150200.3.46.2 php7-curl-7.4.33-150200.3.46.2 php7-curl-debuginfo-7.4.33-150200.3.46.2 php7-dba-7.4.33-150200.3.46.2 php7-dba-debuginfo-7.4.33-150200.3.46.2 php7-debuginfo-7.4.33-150200.3.46.2 php7-debugsource-7.4.33-150200.3.46.2 php7-devel-7.4.33-150200.3.46.2 php7-dom-7.4.33-150200.3.46.2 php7-dom-debuginfo-7.4.33-150200.3.46.2 php7-enchant-7.4.33-150200.3.46.2 php7-enchant-debuginfo-7.4.33-150200.3.46.2 php7-exif-7.4.33-150200.3.46.2 php7-exif-debuginfo-7.4.33-150200.3.46.2 php7-fastcgi-7.4.33-150200.3.46.2 php7-fastcgi-debuginfo-7.4.33-150200.3.46.2 php7-fileinfo-7.4.33-150200.3.46.2 php7-fileinfo-debuginfo-7.4.33-150200.3.46.2 php7-fpm-7.4.33-150200.3.46.2 php7-fpm-debuginfo-7.4.33-150200.3.46.2 php7-ftp-7.4.33-150200.3.46.2 php7-ftp-debuginfo-7.4.33-150200.3.46.2 php7-gd-7.4.33-150200.3.46.2 php7-gd-debuginfo-7.4.33-150200.3.46.2 php7-gettext-7.4.33-150200.3.46.2 php7-gettext-debuginfo-7.4.33-150200.3.46.2 php7-gmp-7.4.33-150200.3.46.2 php7-gmp-debuginfo-7.4.33-150200.3.46.2 php7-iconv-7.4.33-150200.3.46.2 php7-iconv-debuginfo-7.4.33-150200.3.46.2 php7-intl-7.4.33-150200.3.46.2 php7-intl-debuginfo-7.4.33-150200.3.46.2 php7-json-7.4.33-150200.3.46.2 php7-json-debuginfo-7.4.33-150200.3.46.2 php7-ldap-7.4.33-150200.3.46.2 php7-ldap-debuginfo-7.4.33-150200.3.46.2 php7-mbstring-7.4.33-150200.3.46.2 php7-mbstring-debuginfo-7.4.33-150200.3.46.2 php7-mysql-7.4.33-150200.3.46.2 php7-mysql-debuginfo-7.4.33-150200.3.46.2 php7-odbc-7.4.33-150200.3.46.2 php7-odbc-debuginfo-7.4.33-150200.3.46.2 php7-opcache-7.4.33-150200.3.46.2 php7-opcache-debuginfo-7.4.33-150200.3.46.2 php7-openssl-7.4.33-150200.3.46.2 php7-openssl-debuginfo-7.4.33-150200.3.46.2 php7-pcntl-7.4.33-150200.3.46.2 php7-pcntl-debuginfo-7.4.33-150200.3.46.2 php7-pdo-7.4.33-150200.3.46.2 php7-pdo-debuginfo-7.4.33-150200.3.46.2 php7-pgsql-7.4.33-150200.3.46.2 php7-pgsql-debuginfo-7.4.33-150200.3.46.2 php7-phar-7.4.33-150200.3.46.2 php7-phar-debuginfo-7.4.33-150200.3.46.2 php7-posix-7.4.33-150200.3.46.2 php7-posix-debuginfo-7.4.33-150200.3.46.2 php7-readline-7.4.33-150200.3.46.2 php7-readline-debuginfo-7.4.33-150200.3.46.2 php7-shmop-7.4.33-150200.3.46.2 php7-shmop-debuginfo-7.4.33-150200.3.46.2 php7-snmp-7.4.33-150200.3.46.2 php7-snmp-debuginfo-7.4.33-150200.3.46.2 php7-soap-7.4.33-150200.3.46.2 php7-soap-debuginfo-7.4.33-150200.3.46.2 php7-sockets-7.4.33-150200.3.46.2 php7-sockets-debuginfo-7.4.33-150200.3.46.2 php7-sodium-7.4.33-150200.3.46.2 php7-sodium-debuginfo-7.4.33-150200.3.46.2 php7-sqlite-7.4.33-150200.3.46.2 php7-sqlite-debuginfo-7.4.33-150200.3.46.2 php7-sysvmsg-7.4.33-150200.3.46.2 php7-sysvmsg-debuginfo-7.4.33-150200.3.46.2 php7-sysvsem-7.4.33-150200.3.46.2 php7-sysvsem-debuginfo-7.4.33-150200.3.46.2 php7-sysvshm-7.4.33-150200.3.46.2 php7-sysvshm-debuginfo-7.4.33-150200.3.46.2 php7-tidy-7.4.33-150200.3.46.2 php7-tidy-debuginfo-7.4.33-150200.3.46.2 php7-tokenizer-7.4.33-150200.3.46.2 php7-tokenizer-debuginfo-7.4.33-150200.3.46.2 php7-xmlreader-7.4.33-150200.3.46.2 php7-xmlreader-debuginfo-7.4.33-150200.3.46.2 php7-xmlrpc-7.4.33-150200.3.46.2 php7-xmlrpc-debuginfo-7.4.33-150200.3.46.2 php7-xmlwriter-7.4.33-150200.3.46.2 php7-xmlwriter-debuginfo-7.4.33-150200.3.46.2 php7-xsl-7.4.33-150200.3.46.2 php7-xsl-debuginfo-7.4.33-150200.3.46.2 php7-zip-7.4.33-150200.3.46.2 php7-zip-debuginfo-7.4.33-150200.3.46.2 php7-zlib-7.4.33-150200.3.46.2 php7-zlib-debuginfo-7.4.33-150200.3.46.2 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (aarch64 ppc64le s390x x86_64): php7-debuginfo-7.4.33-150200.3.46.2 php7-debugsource-7.4.33-150200.3.46.2 php7-embed-7.4.33-150200.3.46.2 php7-embed-debuginfo-7.4.33-150200.3.46.2 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): apache2-mod_php7-7.4.33-150200.3.46.2 apache2-mod_php7-debuginfo-7.4.33-150200.3.46.2 php7-7.4.33-150200.3.46.2 php7-bcmath-7.4.33-150200.3.46.2 php7-bcmath-debuginfo-7.4.33-150200.3.46.2 php7-bz2-7.4.33-150200.3.46.2 php7-bz2-debuginfo-7.4.33-150200.3.46.2 php7-calendar-7.4.33-150200.3.46.2 php7-calendar-debuginfo-7.4.33-150200.3.46.2 php7-ctype-7.4.33-150200.3.46.2 php7-ctype-debuginfo-7.4.33-150200.3.46.2 php7-curl-7.4.33-150200.3.46.2 php7-curl-debuginfo-7.4.33-150200.3.46.2 php7-dba-7.4.33-150200.3.46.2 php7-dba-debuginfo-7.4.33-150200.3.46.2 php7-debuginfo-7.4.33-150200.3.46.2 php7-debugsource-7.4.33-150200.3.46.2 php7-devel-7.4.33-150200.3.46.2 php7-dom-7.4.33-150200.3.46.2 php7-dom-debuginfo-7.4.33-150200.3.46.2 php7-enchant-7.4.33-150200.3.46.2 php7-enchant-debuginfo-7.4.33-150200.3.46.2 php7-exif-7.4.33-150200.3.46.2 php7-exif-debuginfo-7.4.33-150200.3.46.2 php7-fastcgi-7.4.33-150200.3.46.2 php7-fastcgi-debuginfo-7.4.33-150200.3.46.2 php7-fileinfo-7.4.33-150200.3.46.2 php7-fileinfo-debuginfo-7.4.33-150200.3.46.2 php7-fpm-7.4.33-150200.3.46.2 php7-fpm-debuginfo-7.4.33-150200.3.46.2 php7-ftp-7.4.33-150200.3.46.2 php7-ftp-debuginfo-7.4.33-150200.3.46.2 php7-gd-7.4.33-150200.3.46.2 php7-gd-debuginfo-7.4.33-150200.3.46.2 php7-gettext-7.4.33-150200.3.46.2 php7-gettext-debuginfo-7.4.33-150200.3.46.2 php7-gmp-7.4.33-150200.3.46.2 php7-gmp-debuginfo-7.4.33-150200.3.46.2 php7-iconv-7.4.33-150200.3.46.2 php7-iconv-debuginfo-7.4.33-150200.3.46.2 php7-intl-7.4.33-150200.3.46.2 php7-intl-debuginfo-7.4.33-150200.3.46.2 php7-json-7.4.33-150200.3.46.2 php7-json-debuginfo-7.4.33-150200.3.46.2 php7-ldap-7.4.33-150200.3.46.2 php7-ldap-debuginfo-7.4.33-150200.3.46.2 php7-mbstring-7.4.33-150200.3.46.2 php7-mbstring-debuginfo-7.4.33-150200.3.46.2 php7-mysql-7.4.33-150200.3.46.2 php7-mysql-debuginfo-7.4.33-150200.3.46.2 php7-odbc-7.4.33-150200.3.46.2 php7-odbc-debuginfo-7.4.33-150200.3.46.2 php7-opcache-7.4.33-150200.3.46.2 php7-opcache-debuginfo-7.4.33-150200.3.46.2 php7-openssl-7.4.33-150200.3.46.2 php7-openssl-debuginfo-7.4.33-150200.3.46.2 php7-pcntl-7.4.33-150200.3.46.2 php7-pcntl-debuginfo-7.4.33-150200.3.46.2 php7-pdo-7.4.33-150200.3.46.2 php7-pdo-debuginfo-7.4.33-150200.3.46.2 php7-pgsql-7.4.33-150200.3.46.2 php7-pgsql-debuginfo-7.4.33-150200.3.46.2 php7-phar-7.4.33-150200.3.46.2 php7-phar-debuginfo-7.4.33-150200.3.46.2 php7-posix-7.4.33-150200.3.46.2 php7-posix-debuginfo-7.4.33-150200.3.46.2 php7-readline-7.4.33-150200.3.46.2 php7-readline-debuginfo-7.4.33-150200.3.46.2 php7-shmop-7.4.33-150200.3.46.2 php7-shmop-debuginfo-7.4.33-150200.3.46.2 php7-snmp-7.4.33-150200.3.46.2 php7-snmp-debuginfo-7.4.33-150200.3.46.2 php7-soap-7.4.33-150200.3.46.2 php7-soap-debuginfo-7.4.33-150200.3.46.2 php7-sockets-7.4.33-150200.3.46.2 php7-sockets-debuginfo-7.4.33-150200.3.46.2 php7-sodium-7.4.33-150200.3.46.2 php7-sodium-debuginfo-7.4.33-150200.3.46.2 php7-sqlite-7.4.33-150200.3.46.2 php7-sqlite-debuginfo-7.4.33-150200.3.46.2 php7-sysvmsg-7.4.33-150200.3.46.2 php7-sysvmsg-debuginfo-7.4.33-150200.3.46.2 php7-sysvsem-7.4.33-150200.3.46.2 php7-sysvsem-debuginfo-7.4.33-150200.3.46.2 php7-sysvshm-7.4.33-150200.3.46.2 php7-sysvshm-debuginfo-7.4.33-150200.3.46.2 php7-tidy-7.4.33-150200.3.46.2 php7-tidy-debuginfo-7.4.33-150200.3.46.2 php7-tokenizer-7.4.33-150200.3.46.2 php7-tokenizer-debuginfo-7.4.33-150200.3.46.2 php7-xmlreader-7.4.33-150200.3.46.2 php7-xmlreader-debuginfo-7.4.33-150200.3.46.2 php7-xmlrpc-7.4.33-150200.3.46.2 php7-xmlrpc-debuginfo-7.4.33-150200.3.46.2 php7-xmlwriter-7.4.33-150200.3.46.2 php7-xmlwriter-debuginfo-7.4.33-150200.3.46.2 php7-xsl-7.4.33-150200.3.46.2 php7-xsl-debuginfo-7.4.33-150200.3.46.2 php7-zip-7.4.33-150200.3.46.2 php7-zip-debuginfo-7.4.33-150200.3.46.2 php7-zlib-7.4.33-150200.3.46.2 php7-zlib-debuginfo-7.4.33-150200.3.46.2 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): apache2-mod_php7-7.4.33-150200.3.46.2 apache2-mod_php7-debuginfo-7.4.33-150200.3.46.2 php7-7.4.33-150200.3.46.2 php7-bcmath-7.4.33-150200.3.46.2 php7-bcmath-debuginfo-7.4.33-150200.3.46.2 php7-bz2-7.4.33-150200.3.46.2 php7-bz2-debuginfo-7.4.33-150200.3.46.2 php7-calendar-7.4.33-150200.3.46.2 php7-calendar-debuginfo-7.4.33-150200.3.46.2 php7-ctype-7.4.33-150200.3.46.2 php7-ctype-debuginfo-7.4.33-150200.3.46.2 php7-curl-7.4.33-150200.3.46.2 php7-curl-debuginfo-7.4.33-150200.3.46.2 php7-dba-7.4.33-150200.3.46.2 php7-dba-debuginfo-7.4.33-150200.3.46.2 php7-debuginfo-7.4.33-150200.3.46.2 php7-debugsource-7.4.33-150200.3.46.2 php7-devel-7.4.33-150200.3.46.2 php7-dom-7.4.33-150200.3.46.2 php7-dom-debuginfo-7.4.33-150200.3.46.2 php7-enchant-7.4.33-150200.3.46.2 php7-enchant-debuginfo-7.4.33-150200.3.46.2 php7-exif-7.4.33-150200.3.46.2 php7-exif-debuginfo-7.4.33-150200.3.46.2 php7-fastcgi-7.4.33-150200.3.46.2 php7-fastcgi-debuginfo-7.4.33-150200.3.46.2 php7-fileinfo-7.4.33-150200.3.46.2 php7-fileinfo-debuginfo-7.4.33-150200.3.46.2 php7-fpm-7.4.33-150200.3.46.2 php7-fpm-debuginfo-7.4.33-150200.3.46.2 php7-ftp-7.4.33-150200.3.46.2 php7-ftp-debuginfo-7.4.33-150200.3.46.2 php7-gd-7.4.33-150200.3.46.2 php7-gd-debuginfo-7.4.33-150200.3.46.2 php7-gettext-7.4.33-150200.3.46.2 php7-gettext-debuginfo-7.4.33-150200.3.46.2 php7-gmp-7.4.33-150200.3.46.2 php7-gmp-debuginfo-7.4.33-150200.3.46.2 php7-iconv-7.4.33-150200.3.46.2 php7-iconv-debuginfo-7.4.33-150200.3.46.2 php7-intl-7.4.33-150200.3.46.2 php7-intl-debuginfo-7.4.33-150200.3.46.2 php7-json-7.4.33-150200.3.46.2 php7-json-debuginfo-7.4.33-150200.3.46.2 php7-ldap-7.4.33-150200.3.46.2 php7-ldap-debuginfo-7.4.33-150200.3.46.2 php7-mbstring-7.4.33-150200.3.46.2 php7-mbstring-debuginfo-7.4.33-150200.3.46.2 php7-mysql-7.4.33-150200.3.46.2 php7-mysql-debuginfo-7.4.33-150200.3.46.2 php7-odbc-7.4.33-150200.3.46.2 php7-odbc-debuginfo-7.4.33-150200.3.46.2 php7-opcache-7.4.33-150200.3.46.2 php7-opcache-debuginfo-7.4.33-150200.3.46.2 php7-openssl-7.4.33-150200.3.46.2 php7-openssl-debuginfo-7.4.33-150200.3.46.2 php7-pcntl-7.4.33-150200.3.46.2 php7-pcntl-debuginfo-7.4.33-150200.3.46.2 php7-pdo-7.4.33-150200.3.46.2 php7-pdo-debuginfo-7.4.33-150200.3.46.2 php7-pgsql-7.4.33-150200.3.46.2 php7-pgsql-debuginfo-7.4.33-150200.3.46.2 php7-phar-7.4.33-150200.3.46.2 php7-phar-debuginfo-7.4.33-150200.3.46.2 php7-posix-7.4.33-150200.3.46.2 php7-posix-debuginfo-7.4.33-150200.3.46.2 php7-readline-7.4.33-150200.3.46.2 php7-readline-debuginfo-7.4.33-150200.3.46.2 php7-shmop-7.4.33-150200.3.46.2 php7-shmop-debuginfo-7.4.33-150200.3.46.2 php7-snmp-7.4.33-150200.3.46.2 php7-snmp-debuginfo-7.4.33-150200.3.46.2 php7-soap-7.4.33-150200.3.46.2 php7-soap-debuginfo-7.4.33-150200.3.46.2 php7-sockets-7.4.33-150200.3.46.2 php7-sockets-debuginfo-7.4.33-150200.3.46.2 php7-sodium-7.4.33-150200.3.46.2 php7-sodium-debuginfo-7.4.33-150200.3.46.2 php7-sqlite-7.4.33-150200.3.46.2 php7-sqlite-debuginfo-7.4.33-150200.3.46.2 php7-sysvmsg-7.4.33-150200.3.46.2 php7-sysvmsg-debuginfo-7.4.33-150200.3.46.2 php7-sysvsem-7.4.33-150200.3.46.2 php7-sysvsem-debuginfo-7.4.33-150200.3.46.2 php7-sysvshm-7.4.33-150200.3.46.2 php7-sysvshm-debuginfo-7.4.33-150200.3.46.2 php7-tidy-7.4.33-150200.3.46.2 php7-tidy-debuginfo-7.4.33-150200.3.46.2 php7-tokenizer-7.4.33-150200.3.46.2 php7-tokenizer-debuginfo-7.4.33-150200.3.46.2 php7-xmlreader-7.4.33-150200.3.46.2 php7-xmlreader-debuginfo-7.4.33-150200.3.46.2 php7-xmlrpc-7.4.33-150200.3.46.2 php7-xmlrpc-debuginfo-7.4.33-150200.3.46.2 php7-xmlwriter-7.4.33-150200.3.46.2 php7-xmlwriter-debuginfo-7.4.33-150200.3.46.2 php7-xsl-7.4.33-150200.3.46.2 php7-xsl-debuginfo-7.4.33-150200.3.46.2 php7-zip-7.4.33-150200.3.46.2 php7-zip-debuginfo-7.4.33-150200.3.46.2 php7-zlib-7.4.33-150200.3.46.2 php7-zlib-debuginfo-7.4.33-150200.3.46.2 - SUSE Enterprise Storage 7 (aarch64 x86_64): apache2-mod_php7-7.4.33-150200.3.46.2 apache2-mod_php7-debuginfo-7.4.33-150200.3.46.2 php7-7.4.33-150200.3.46.2 php7-bcmath-7.4.33-150200.3.46.2 php7-bcmath-debuginfo-7.4.33-150200.3.46.2 php7-bz2-7.4.33-150200.3.46.2 php7-bz2-debuginfo-7.4.33-150200.3.46.2 php7-calendar-7.4.33-150200.3.46.2 php7-calendar-debuginfo-7.4.33-150200.3.46.2 php7-ctype-7.4.33-150200.3.46.2 php7-ctype-debuginfo-7.4.33-150200.3.46.2 php7-curl-7.4.33-150200.3.46.2 php7-curl-debuginfo-7.4.33-150200.3.46.2 php7-dba-7.4.33-150200.3.46.2 php7-dba-debuginfo-7.4.33-150200.3.46.2 php7-debuginfo-7.4.33-150200.3.46.2 php7-debugsource-7.4.33-150200.3.46.2 php7-devel-7.4.33-150200.3.46.2 php7-dom-7.4.33-150200.3.46.2 php7-dom-debuginfo-7.4.33-150200.3.46.2 php7-enchant-7.4.33-150200.3.46.2 php7-enchant-debuginfo-7.4.33-150200.3.46.2 php7-exif-7.4.33-150200.3.46.2 php7-exif-debuginfo-7.4.33-150200.3.46.2 php7-fastcgi-7.4.33-150200.3.46.2 php7-fastcgi-debuginfo-7.4.33-150200.3.46.2 php7-fileinfo-7.4.33-150200.3.46.2 php7-fileinfo-debuginfo-7.4.33-150200.3.46.2 php7-fpm-7.4.33-150200.3.46.2 php7-fpm-debuginfo-7.4.33-150200.3.46.2 php7-ftp-7.4.33-150200.3.46.2 php7-ftp-debuginfo-7.4.33-150200.3.46.2 php7-gd-7.4.33-150200.3.46.2 php7-gd-debuginfo-7.4.33-150200.3.46.2 php7-gettext-7.4.33-150200.3.46.2 php7-gettext-debuginfo-7.4.33-150200.3.46.2 php7-gmp-7.4.33-150200.3.46.2 php7-gmp-debuginfo-7.4.33-150200.3.46.2 php7-iconv-7.4.33-150200.3.46.2 php7-iconv-debuginfo-7.4.33-150200.3.46.2 php7-intl-7.4.33-150200.3.46.2 php7-intl-debuginfo-7.4.33-150200.3.46.2 php7-json-7.4.33-150200.3.46.2 php7-json-debuginfo-7.4.33-150200.3.46.2 php7-ldap-7.4.33-150200.3.46.2 php7-ldap-debuginfo-7.4.33-150200.3.46.2 php7-mbstring-7.4.33-150200.3.46.2 php7-mbstring-debuginfo-7.4.33-150200.3.46.2 php7-mysql-7.4.33-150200.3.46.2 php7-mysql-debuginfo-7.4.33-150200.3.46.2 php7-odbc-7.4.33-150200.3.46.2 php7-odbc-debuginfo-7.4.33-150200.3.46.2 php7-opcache-7.4.33-150200.3.46.2 php7-opcache-debuginfo-7.4.33-150200.3.46.2 php7-openssl-7.4.33-150200.3.46.2 php7-openssl-debuginfo-7.4.33-150200.3.46.2 php7-pcntl-7.4.33-150200.3.46.2 php7-pcntl-debuginfo-7.4.33-150200.3.46.2 php7-pdo-7.4.33-150200.3.46.2 php7-pdo-debuginfo-7.4.33-150200.3.46.2 php7-pgsql-7.4.33-150200.3.46.2 php7-pgsql-debuginfo-7.4.33-150200.3.46.2 php7-phar-7.4.33-150200.3.46.2 php7-phar-debuginfo-7.4.33-150200.3.46.2 php7-posix-7.4.33-150200.3.46.2 php7-posix-debuginfo-7.4.33-150200.3.46.2 php7-readline-7.4.33-150200.3.46.2 php7-readline-debuginfo-7.4.33-150200.3.46.2 php7-shmop-7.4.33-150200.3.46.2 php7-shmop-debuginfo-7.4.33-150200.3.46.2 php7-snmp-7.4.33-150200.3.46.2 php7-snmp-debuginfo-7.4.33-150200.3.46.2 php7-soap-7.4.33-150200.3.46.2 php7-soap-debuginfo-7.4.33-150200.3.46.2 php7-sockets-7.4.33-150200.3.46.2 php7-sockets-debuginfo-7.4.33-150200.3.46.2 php7-sodium-7.4.33-150200.3.46.2 php7-sodium-debuginfo-7.4.33-150200.3.46.2 php7-sqlite-7.4.33-150200.3.46.2 php7-sqlite-debuginfo-7.4.33-150200.3.46.2 php7-sysvmsg-7.4.33-150200.3.46.2 php7-sysvmsg-debuginfo-7.4.33-150200.3.46.2 php7-sysvsem-7.4.33-150200.3.46.2 php7-sysvsem-debuginfo-7.4.33-150200.3.46.2 php7-sysvshm-7.4.33-150200.3.46.2 php7-sysvshm-debuginfo-7.4.33-150200.3.46.2 php7-tidy-7.4.33-150200.3.46.2 php7-tidy-debuginfo-7.4.33-150200.3.46.2 php7-tokenizer-7.4.33-150200.3.46.2 php7-tokenizer-debuginfo-7.4.33-150200.3.46.2 php7-xmlreader-7.4.33-150200.3.46.2 php7-xmlreader-debuginfo-7.4.33-150200.3.46.2 php7-xmlrpc-7.4.33-150200.3.46.2 php7-xmlrpc-debuginfo-7.4.33-150200.3.46.2 php7-xmlwriter-7.4.33-150200.3.46.2 php7-xmlwriter-debuginfo-7.4.33-150200.3.46.2 php7-xsl-7.4.33-150200.3.46.2 php7-xsl-debuginfo-7.4.33-150200.3.46.2 php7-zip-7.4.33-150200.3.46.2 php7-zip-debuginfo-7.4.33-150200.3.46.2 php7-zlib-7.4.33-150200.3.46.2 php7-zlib-debuginfo-7.4.33-150200.3.46.2 References: https://www.suse.com/security/cve/CVE-2017-8923.html https://www.suse.com/security/cve/CVE-2020-7068.html https://www.suse.com/security/cve/CVE-2020-7069.html https://www.suse.com/security/cve/CVE-2020-7070.html https://www.suse.com/security/cve/CVE-2020-7071.html https://www.suse.com/security/cve/CVE-2021-21702.html https://www.suse.com/security/cve/CVE-2021-21703.html https://www.suse.com/security/cve/CVE-2021-21704.html https://www.suse.com/security/cve/CVE-2021-21705.html https://www.suse.com/security/cve/CVE-2021-21706.html https://www.suse.com/security/cve/CVE-2021-21707.html https://www.suse.com/security/cve/CVE-2021-21708.html https://www.suse.com/security/cve/CVE-2022-31625.html https://www.suse.com/security/cve/CVE-2022-31626.html https://www.suse.com/security/cve/CVE-2022-31628.html https://www.suse.com/security/cve/CVE-2022-31629.html https://www.suse.com/security/cve/CVE-2022-31630.html https://www.suse.com/security/cve/CVE-2022-37454.html https://bugzilla.suse.com/1203867 https://bugzilla.suse.com/1203870 https://bugzilla.suse.com/1204577 https://bugzilla.suse.com/1204979 From sle-updates at lists.suse.com Fri Nov 18 14:29:32 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 18 Nov 2022 15:29:32 +0100 (CET) Subject: SUSE-RU-2022:4066-1: important: Recommended update for timezone Message-ID: <20221118142932.10F77F3D4@maintenance.suse.de> SUSE Recommended Update: Recommended update for timezone ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:4066-1 Rating: important References: #1177460 #1202324 #1204649 #1205156 Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Enterprise Storage 7 SUSE Enterprise Storage 7.1 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Micro 5.3 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.1 SUSE Manager Retail Branch Server 4.2 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.1 SUSE Manager Server 4.2 SUSE Manager Server 4.3 openSUSE Leap 15.3 openSUSE Leap 15.4 openSUSE Leap Micro 5.2 ______________________________________________________________________________ An update that has four recommended fixes can now be installed. Description: This update for timezone fixes the following issues: Update timezone version from 2022a to 2022f (bsc#1177460, bsc#1204649, bsc#1205156): - Mexico will no longer observe DST except near the US border - Chihuahua moves to year-round -06 on 2022-10-30 - Fiji no longer observes DST - In vanguard form, GMT is now a Zone and Etc/GMT a link - zic now supports links to links, and vanguard form uses this - Simplify four Ontario zones - Fix a Y2438 bug when reading TZif data - Enable 64-bit time_t on 32-bit glibc platforms - Omit large-file support when no longer needed - Jordan and Syria switch from +02/+03 with DST to year-round +03 - Palestine transitions are now Saturdays at 02:00 - Simplify three Ukraine zones into one - Improve tzselect on intercontinental Zones - Chile's DST is delayed by a week in September 2022 (bsc#1202324) - Iran no longer observes DST after 2022 - Rename Europe/Kiev to Europe/Kyiv - New `zic -R` command option - Vanguard form now uses %z Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap Micro 5.2: zypper in -t patch openSUSE-Leap-Micro-5.2-2022-4066=1 - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-4066=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-4066=1 - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-4066=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-4066=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-4066=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-4066=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-4066=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-4066=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-4066=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-4066=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-4066=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-4066=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2022-4066=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-4066=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-4066=1 - SUSE Linux Enterprise Micro 5.3: zypper in -t patch SUSE-SLE-Micro-5.3-2022-4066=1 - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-4066=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-4066=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-4066=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-4066=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-4066=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-4066=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-4066=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-4066=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-4066=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-4066=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - openSUSE Leap Micro 5.2 (aarch64 x86_64): timezone-2022f-150000.75.15.1 timezone-debuginfo-2022f-150000.75.15.1 timezone-debugsource-2022f-150000.75.15.1 - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): timezone-2022f-150000.75.15.1 timezone-debuginfo-2022f-150000.75.15.1 timezone-debugsource-2022f-150000.75.15.1 - openSUSE Leap 15.4 (noarch): timezone-java-2022f-150000.75.15.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): timezone-2022f-150000.75.15.1 timezone-debuginfo-2022f-150000.75.15.1 timezone-debugsource-2022f-150000.75.15.1 - openSUSE Leap 15.3 (noarch): timezone-java-2022f-150000.75.15.1 - SUSE Manager Server 4.1 (ppc64le s390x x86_64): timezone-2022f-150000.75.15.1 timezone-debuginfo-2022f-150000.75.15.1 timezone-debugsource-2022f-150000.75.15.1 - SUSE Manager Server 4.1 (noarch): timezone-java-2022f-150000.75.15.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): timezone-2022f-150000.75.15.1 timezone-debuginfo-2022f-150000.75.15.1 timezone-debugsource-2022f-150000.75.15.1 - SUSE Manager Retail Branch Server 4.1 (noarch): timezone-java-2022f-150000.75.15.1 - SUSE Manager Proxy 4.1 (x86_64): timezone-2022f-150000.75.15.1 timezone-debuginfo-2022f-150000.75.15.1 timezone-debugsource-2022f-150000.75.15.1 - SUSE Manager Proxy 4.1 (noarch): timezone-java-2022f-150000.75.15.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): timezone-2022f-150000.75.15.1 timezone-debuginfo-2022f-150000.75.15.1 timezone-debugsource-2022f-150000.75.15.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (noarch): timezone-java-2022f-150000.75.15.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): timezone-2022f-150000.75.15.1 timezone-debuginfo-2022f-150000.75.15.1 timezone-debugsource-2022f-150000.75.15.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (noarch): timezone-java-2022f-150000.75.15.1 - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): timezone-2022f-150000.75.15.1 timezone-debuginfo-2022f-150000.75.15.1 timezone-debugsource-2022f-150000.75.15.1 - SUSE Linux Enterprise Server for SAP 15 (noarch): timezone-java-2022f-150000.75.15.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): timezone-2022f-150000.75.15.1 timezone-debuginfo-2022f-150000.75.15.1 timezone-debugsource-2022f-150000.75.15.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (noarch): timezone-java-2022f-150000.75.15.1 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): timezone-2022f-150000.75.15.1 timezone-debuginfo-2022f-150000.75.15.1 timezone-debugsource-2022f-150000.75.15.1 - SUSE Linux Enterprise Server 15-SP2-BCL (noarch): timezone-java-2022f-150000.75.15.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): timezone-2022f-150000.75.15.1 timezone-debuginfo-2022f-150000.75.15.1 timezone-debugsource-2022f-150000.75.15.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (noarch): timezone-java-2022f-150000.75.15.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): timezone-2022f-150000.75.15.1 timezone-debuginfo-2022f-150000.75.15.1 timezone-debugsource-2022f-150000.75.15.1 - SUSE Linux Enterprise Server 15-SP1-BCL (noarch): timezone-java-2022f-150000.75.15.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): timezone-2022f-150000.75.15.1 timezone-debuginfo-2022f-150000.75.15.1 timezone-debugsource-2022f-150000.75.15.1 - SUSE Linux Enterprise Server 15-LTSS (noarch): timezone-java-2022f-150000.75.15.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): timezone-2022f-150000.75.15.1 timezone-debuginfo-2022f-150000.75.15.1 timezone-debugsource-2022f-150000.75.15.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (noarch): timezone-java-2022f-150000.75.15.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): timezone-2022f-150000.75.15.1 timezone-debuginfo-2022f-150000.75.15.1 timezone-debugsource-2022f-150000.75.15.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch): timezone-java-2022f-150000.75.15.1 - SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64): timezone-2022f-150000.75.15.1 timezone-debuginfo-2022f-150000.75.15.1 timezone-debugsource-2022f-150000.75.15.1 - SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64): timezone-2022f-150000.75.15.1 timezone-debuginfo-2022f-150000.75.15.1 timezone-debugsource-2022f-150000.75.15.1 - SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64): timezone-2022f-150000.75.15.1 timezone-debuginfo-2022f-150000.75.15.1 timezone-debugsource-2022f-150000.75.15.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): timezone-2022f-150000.75.15.1 timezone-debuginfo-2022f-150000.75.15.1 timezone-debugsource-2022f-150000.75.15.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (noarch): timezone-java-2022f-150000.75.15.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): timezone-2022f-150000.75.15.1 timezone-debuginfo-2022f-150000.75.15.1 timezone-debugsource-2022f-150000.75.15.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (noarch): timezone-java-2022f-150000.75.15.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): timezone-2022f-150000.75.15.1 timezone-debuginfo-2022f-150000.75.15.1 timezone-debugsource-2022f-150000.75.15.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (noarch): timezone-java-2022f-150000.75.15.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): timezone-2022f-150000.75.15.1 timezone-debuginfo-2022f-150000.75.15.1 timezone-debugsource-2022f-150000.75.15.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (noarch): timezone-java-2022f-150000.75.15.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): timezone-2022f-150000.75.15.1 timezone-debuginfo-2022f-150000.75.15.1 timezone-debugsource-2022f-150000.75.15.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (noarch): timezone-java-2022f-150000.75.15.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): timezone-2022f-150000.75.15.1 timezone-debuginfo-2022f-150000.75.15.1 timezone-debugsource-2022f-150000.75.15.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (noarch): timezone-java-2022f-150000.75.15.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): timezone-2022f-150000.75.15.1 timezone-debuginfo-2022f-150000.75.15.1 timezone-debugsource-2022f-150000.75.15.1 - SUSE Enterprise Storage 7 (noarch): timezone-java-2022f-150000.75.15.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): timezone-2022f-150000.75.15.1 timezone-debuginfo-2022f-150000.75.15.1 timezone-debugsource-2022f-150000.75.15.1 - SUSE Enterprise Storage 6 (noarch): timezone-java-2022f-150000.75.15.1 - SUSE CaaS Platform 4.0 (x86_64): timezone-2022f-150000.75.15.1 timezone-debuginfo-2022f-150000.75.15.1 timezone-debugsource-2022f-150000.75.15.1 - SUSE CaaS Platform 4.0 (noarch): timezone-java-2022f-150000.75.15.1 References: https://bugzilla.suse.com/1177460 https://bugzilla.suse.com/1202324 https://bugzilla.suse.com/1204649 https://bugzilla.suse.com/1205156 From sle-updates at lists.suse.com Fri Nov 18 17:22:51 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 18 Nov 2022 18:22:51 +0100 (CET) Subject: SUSE-SU-2022:4075-1: moderate: Security update for rubygem-loofah Message-ID: <20221118172251.18352F3E2@maintenance.suse.de> SUSE Security Update: Security update for rubygem-loofah ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:4075-1 Rating: moderate References: #1154751 Cross-References: CVE-2018-8048 CVE-2019-15587 CVSS scores: CVE-2018-8048 (NVD) : 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVE-2018-8048 (SUSE): 5.4 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N CVE-2019-15587 (NVD) : 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2019-15587 (SUSE): 6.3 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L Affected Products: SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud Crowbar 9 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for rubygem-loofah fixes the following issues: - CVE-2019-15587: Fixed issue in sanitization of crafted SVG elements (bsc#1154751). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2022-4075=1 - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2022-4075=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): ruby2.1-rubygem-loofah-2.0.2-3.11.1 - SUSE OpenStack Cloud Crowbar 8 (x86_64): ruby2.1-rubygem-loofah-2.0.2-3.11.1 References: https://www.suse.com/security/cve/CVE-2018-8048.html https://www.suse.com/security/cve/CVE-2019-15587.html https://bugzilla.suse.com/1154751 From sle-updates at lists.suse.com Fri Nov 18 17:23:28 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 18 Nov 2022 18:23:28 +0100 (CET) Subject: SUSE-SU-2022:4073-1: moderate: Security update for sccache Message-ID: <20221118172328.4077FF3E2@maintenance.suse.de> SUSE Security Update: Security update for sccache ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:4073-1 Rating: moderate References: #1181400 #1194119 #1196972 Cross-References: CVE-2021-45710 CVE-2022-24713 CVSS scores: CVE-2021-45710 (NVD) : 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-45710 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2022-24713 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-24713 (SUSE): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L Affected Products: SUSE Enterprise Storage 7.1 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Module for Development Tools 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 ______________________________________________________________________________ An update that solves two vulnerabilities and has one errata is now available. Description: This update for sccache fixes the following issues: Updated to version 0.3.0: - CVE-2022-24713: Fixed Regex denial of service (bsc#1196972). - CVE-2021-45710: Fixed tokio data race with memory corruption (bsc#1194119). - Added hardening to systemd service(s) (bsc#1181400). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-4073=1 - SUSE Linux Enterprise Module for Development Tools 15-SP3: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2022-4073=1 Package List: - openSUSE Leap 15.3 (aarch64 x86_64): sccache-0.3.0~git5.14a4b8b-150300.7.9.1 sccache-debuginfo-0.3.0~git5.14a4b8b-150300.7.9.1 sccache-debugsource-0.3.0~git5.14a4b8b-150300.7.9.1 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 x86_64): sccache-0.3.0~git5.14a4b8b-150300.7.9.1 sccache-debuginfo-0.3.0~git5.14a4b8b-150300.7.9.1 sccache-debugsource-0.3.0~git5.14a4b8b-150300.7.9.1 References: https://www.suse.com/security/cve/CVE-2021-45710.html https://www.suse.com/security/cve/CVE-2022-24713.html https://bugzilla.suse.com/1181400 https://bugzilla.suse.com/1194119 https://bugzilla.suse.com/1196972 From sle-updates at lists.suse.com Fri Nov 18 17:24:25 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 18 Nov 2022 18:24:25 +0100 (CET) Subject: SUSE-SU-2022:4071-1: important: Security update for python39 Message-ID: <20221118172425.70F5EF3E2@maintenance.suse.de> SUSE Security Update: Security update for python39 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:4071-1 Rating: important References: #1204886 #1205244 Cross-References: CVE-2022-42919 CVE-2022-45061 CVSS scores: CVE-2022-42919 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-42919 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-45061 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-45061 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Affected Products: SUSE Enterprise Storage 7.1 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Development Tools 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for python39 fixes the following issues: Security fixes: - CVE-2022-42919: Fixed local privilege escalation via the multiprocessing forkserver start method (bsc#1204886). - CVE-2022-45061: Fixed a quadratic IDNA decoding time (bsc#1205244). Other fixes: - Allow building of documentation with the latest Sphinx 5.3.0 (gh#python/cpython#98366). - Update to 3.9.15: - Fix multiplying a list by an integer (list *= int): detect the integer overflow when the new allocated length is close to the maximum size. - Fix a shell code injection vulnerability in the get-remote-certificate.py example script. The script no longer uses a shell to run openssl commands. (originally filed as CVE-2022-37460, later withdrawn) - Fix command line parsing: reject -X int_max_str_digits option with no value (invalid) when the PYTHONINTMAXSTRDIGITS environment variable is set to a valid limit. - When ValueError is raised if an integer is larger than the limit, mention the sys.set_int_max_str_digits() function in the error message. - Update bundled libexpat to 2.4.9 Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-4071=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-4071=1 - SUSE Linux Enterprise Module for Development Tools 15-SP3: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2022-4071=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-4071=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): libpython3_9-1_0-3.9.15-150300.4.21.1 libpython3_9-1_0-debuginfo-3.9.15-150300.4.21.1 python39-3.9.15-150300.4.21.1 python39-base-3.9.15-150300.4.21.1 python39-base-debuginfo-3.9.15-150300.4.21.1 python39-core-debugsource-3.9.15-150300.4.21.1 python39-curses-3.9.15-150300.4.21.1 python39-curses-debuginfo-3.9.15-150300.4.21.1 python39-dbm-3.9.15-150300.4.21.1 python39-dbm-debuginfo-3.9.15-150300.4.21.1 python39-debuginfo-3.9.15-150300.4.21.1 python39-debugsource-3.9.15-150300.4.21.1 python39-devel-3.9.15-150300.4.21.1 python39-doc-3.9.15-150300.4.21.1 python39-doc-devhelp-3.9.15-150300.4.21.1 python39-idle-3.9.15-150300.4.21.1 python39-testsuite-3.9.15-150300.4.21.1 python39-testsuite-debuginfo-3.9.15-150300.4.21.1 python39-tk-3.9.15-150300.4.21.1 python39-tk-debuginfo-3.9.15-150300.4.21.1 python39-tools-3.9.15-150300.4.21.1 - openSUSE Leap 15.4 (x86_64): libpython3_9-1_0-32bit-3.9.15-150300.4.21.1 libpython3_9-1_0-32bit-debuginfo-3.9.15-150300.4.21.1 python39-32bit-3.9.15-150300.4.21.1 python39-32bit-debuginfo-3.9.15-150300.4.21.1 python39-base-32bit-3.9.15-150300.4.21.1 python39-base-32bit-debuginfo-3.9.15-150300.4.21.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): libpython3_9-1_0-3.9.15-150300.4.21.1 libpython3_9-1_0-debuginfo-3.9.15-150300.4.21.1 python39-3.9.15-150300.4.21.1 python39-base-3.9.15-150300.4.21.1 python39-base-debuginfo-3.9.15-150300.4.21.1 python39-core-debugsource-3.9.15-150300.4.21.1 python39-curses-3.9.15-150300.4.21.1 python39-curses-debuginfo-3.9.15-150300.4.21.1 python39-dbm-3.9.15-150300.4.21.1 python39-dbm-debuginfo-3.9.15-150300.4.21.1 python39-debuginfo-3.9.15-150300.4.21.1 python39-debugsource-3.9.15-150300.4.21.1 python39-devel-3.9.15-150300.4.21.1 python39-doc-3.9.15-150300.4.21.1 python39-doc-devhelp-3.9.15-150300.4.21.1 python39-idle-3.9.15-150300.4.21.1 python39-testsuite-3.9.15-150300.4.21.1 python39-testsuite-debuginfo-3.9.15-150300.4.21.1 python39-tk-3.9.15-150300.4.21.1 python39-tk-debuginfo-3.9.15-150300.4.21.1 python39-tools-3.9.15-150300.4.21.1 - openSUSE Leap 15.3 (x86_64): libpython3_9-1_0-32bit-3.9.15-150300.4.21.1 libpython3_9-1_0-32bit-debuginfo-3.9.15-150300.4.21.1 python39-32bit-3.9.15-150300.4.21.1 python39-32bit-debuginfo-3.9.15-150300.4.21.1 python39-base-32bit-3.9.15-150300.4.21.1 python39-base-32bit-debuginfo-3.9.15-150300.4.21.1 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 ppc64le s390x x86_64): python39-core-debugsource-3.9.15-150300.4.21.1 python39-tools-3.9.15-150300.4.21.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): libpython3_9-1_0-3.9.15-150300.4.21.1 libpython3_9-1_0-debuginfo-3.9.15-150300.4.21.1 python39-3.9.15-150300.4.21.1 python39-base-3.9.15-150300.4.21.1 python39-base-debuginfo-3.9.15-150300.4.21.1 python39-core-debugsource-3.9.15-150300.4.21.1 python39-curses-3.9.15-150300.4.21.1 python39-curses-debuginfo-3.9.15-150300.4.21.1 python39-dbm-3.9.15-150300.4.21.1 python39-dbm-debuginfo-3.9.15-150300.4.21.1 python39-debuginfo-3.9.15-150300.4.21.1 python39-debugsource-3.9.15-150300.4.21.1 python39-devel-3.9.15-150300.4.21.1 python39-idle-3.9.15-150300.4.21.1 python39-tk-3.9.15-150300.4.21.1 python39-tk-debuginfo-3.9.15-150300.4.21.1 References: https://www.suse.com/security/cve/CVE-2022-42919.html https://www.suse.com/security/cve/CVE-2022-45061.html https://bugzilla.suse.com/1204886 https://bugzilla.suse.com/1205244 From sle-updates at lists.suse.com Fri Nov 18 17:26:06 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 18 Nov 2022 18:26:06 +0100 (CET) Subject: SUSE-SU-2022:4072-1: important: Security update for the Linux Kernel Message-ID: <20221118172606.C7B19F3E2@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:4072-1 Rating: important References: #1065729 #1071995 #1152472 #1152489 #1188238 #1194869 #1196018 #1196632 #1199904 #1200567 #1200692 #1200788 #1202187 #1202686 #1202700 #1202914 #1203098 #1203229 #1203290 #1203435 #1203514 #1203699 #1203767 #1203802 #1203922 #1204017 #1204142 #1204166 #1204168 #1204171 #1204241 #1204353 #1204354 #1204355 #1204402 #1204413 #1204415 #1204417 #1204428 #1204431 #1204439 #1204470 #1204479 #1204498 #1204533 #1204569 #1204574 #1204575 #1204619 #1204635 #1204637 #1204646 #1204647 #1204650 #1204653 #1204693 #1204705 #1204719 #1204728 #1204753 #1204868 #1204926 #1204933 #1204934 #1204947 #1204957 #1204963 #1204970 PED-1082 PED-1084 PED-1085 PED-1096 PED-1211 PED-1649 PED-634 PED-676 PED-678 PED-679 PED-707 PED-732 PED-813 PED-817 PED-822 PED-825 PED-833 PED-842 PED-846 PED-850 PED-851 PED-856 PED-857 SLE-13847 SLE-9246 Cross-References: CVE-2022-1882 CVE-2022-2153 CVE-2022-28748 CVE-2022-2964 CVE-2022-2978 CVE-2022-3169 CVE-2022-33981 CVE-2022-3424 CVE-2022-3435 CVE-2022-3521 CVE-2022-3524 CVE-2022-3526 CVE-2022-3535 CVE-2022-3542 CVE-2022-3545 CVE-2022-3565 CVE-2022-3577 CVE-2022-3586 CVE-2022-3594 CVE-2022-3619 CVE-2022-3621 CVE-2022-3625 CVE-2022-3628 CVE-2022-3629 CVE-2022-3633 CVE-2022-3640 CVE-2022-3646 CVE-2022-3649 CVE-2022-40476 CVE-2022-40768 CVE-2022-42703 CVE-2022-43750 CVSS scores: CVE-2022-1882 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-1882 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-2153 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-2153 (SUSE): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2022-28748 (SUSE): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N CVE-2022-2964 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-2964 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-2978 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-2978 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3169 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3169 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-33981 (NVD) : 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L CVE-2022-33981 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3424 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3435 (NVD) : 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVE-2022-3435 (SUSE): 5.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H CVE-2022-3521 (NVD) : 2.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L CVE-2022-3521 (SUSE): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-3524 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-3524 (SUSE): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3526 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-3526 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-3535 (NVD) : 3.5 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L CVE-2022-3535 (SUSE): 2.3 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L CVE-2022-3542 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3542 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-3545 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3545 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-3565 (NVD) : 8 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3565 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-3577 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3577 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3586 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3586 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3594 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-3594 (SUSE): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-3619 (NVD) : 4.3 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2022-3619 (SUSE): 5.3 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-3621 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-3621 (SUSE): 4.3 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3625 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3625 (SUSE): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2022-3628 (SUSE): 4.6 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-3629 (NVD) : 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L CVE-2022-3629 (SUSE): 2.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L CVE-2022-3633 (NVD) : 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L CVE-2022-3633 (SUSE): 2.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L CVE-2022-3640 (NVD) : 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-3640 (SUSE): 7.1 CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-3646 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2022-3646 (SUSE): 2.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L CVE-2022-3649 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-3649 (SUSE): 3.1 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L CVE-2022-40476 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-40476 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-40768 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-40768 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-42703 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-42703 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-43750 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-43750 (SUSE): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Availability 15-SP4 SUSE Linux Enterprise High Performance Computing SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Micro 5.3 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Module for Development Tools 15-SP4 SUSE Linux Enterprise Module for Legacy Software 15-SP4 SUSE Linux Enterprise Module for Live Patching 15-SP4 SUSE Linux Enterprise Server SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Linux Enterprise Workstation Extension 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that solves 32 vulnerabilities, contains 25 features and has 36 fixes is now available. Description: The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-28748: Fixed a leak of kernel memory over the network by ax88179_178a devices (bsc#1196018). - CVE-2022-1882: Fixed a use-after-free flaw in free_pipe_info() that could allow a local user to crash or potentially escalate their privileges on the system (bsc#1199904). - CVE-2022-2964: Fixed memory corruption issues in ax88179_178a devices (bnc#1202686). - CVE-2022-3169: Fixed an denial of service though request to NVME_IOCTL_RESET and NVME_IOCTL_SUBSYS_RESET (bsc#1203290). - CVE-2022-33981: Fixed a use-after-free in floppy driver (bnc#1200692). - CVE-2022-3424: Fixed use-after-free in gru_set_context_option(), gru_fault() and gru_handle_user_call_os() that could lead to kernel panic (bsc#1204166). - CVE-2022-3435: Fixed an out-of-bounds read in fib_nh_match() of the file net/ipv4/fib_semantics.c (bsc#1204171). - CVE-2022-3521: Fixed race condition in kcm_tx_work() in net/kcm/kcmsock.c (bnc#1204355). - CVE-2022-3524: Fixed memory leak in ipv6_renew_options() in the IPv6 handler (bnc#1204354). - CVE-2022-3526: Fixed a memory leak in macvlan_handle_frame() from drivers/net/macvlan.c (bnc#1204353). - CVE-2022-3545: Fixed use-after-free in area_cache_get() in drivers/net/ethernet/netronome/nfp/nfpcore/nfp_cppcore.c (bnc#1204415). - CVE-2022-3565: Fixed use-after-free in del_timer() in drivers/isdn/mISDN/l1oip_core.c (bnc#1204431). - CVE-2022-3621: Fixed null pointer dereference in nilfs_bmap_lookup_at_level() in fs/nilfs2/inode.c (bnc#1204574). - CVE-2022-3625: Fixed use-after-free in devlink_param_set()/devlink_param_get() in net/core/devlink.c (bnc#1204637). - CVE-2022-3628: Fixed potential buffer overflow in brcmf_fweh_event_worker() in wifi/brcmfmac (bsc#1204868). - CVE-2022-3640: Fixed use-after-free in l2cap_conn_del() in net/bluetooth/l2cap_core.c (bnc#1204619). - CVE-2022-3646: Fixed memory leak in nilfs_attach_log_writer() in fs/nilfs2/segment.c (bnc#1204646). - CVE-2022-40476: Fixed a null pointer dereference in fs/io_uring.c (bnc#1203435). - CVE-2022-40768: Fixed information disclosure in stex_queuecommand_lck (bnc#1203514). - CVE-2022-43750: Fixed vulnerability in usbmon that allowed a user-space client to corrupt the monitor's internal memory (bnc#1204653). The following non-security bugs were fixed: - acpi: APEI: do not add task_work to kernel thread to avoid memory leak (git-fixes). - acpi: HMAT: Release platform device in case of platform_device_add_data() fails (git-fixes). - acpi: extlog: Handle multiple records (git-fixes). - acpi: tables: FPDT: Do not call acpi_os_map_memory() on invalid phys address (git-fixes). - acpi: video: Add Toshiba Satellite/Portege Z830 quirk (git-fixes). - acpi: video: Make backlight class device registration a separate step (v2) (git-fixes). - acpi: x86: Add a quirk for Dell Inspiron 14 2-in-1 for StorageD3Enable (git-fixes). - alsa: Use del_timer_sync() before freeing timer (git-fixes). - alsa: ac97: fix possible memory leak in snd_ac97_dev_register() (git-fixes). - alsa: aoa: Fix I2S device accounting (git-fixes). - alsa: aoa: i2sbus: fix possible memory leak in i2sbus_add_dev() (git-fixes). - alsa: asihpi - Remove useless code in hpi_meter_get_peak() (git-fixes). - alsa: au88x0: use explicitly signed char (git-fixes). - alsa: dmaengine: increment buffer pointer atomically (git-fixes). - alsa: hda/cs_dsp_ctl: Fix mutex inversion when creating controls (bsc#1203699). - alsa: hda/hdmi: Do not skip notification handling during PM operation (git-fixes). - alsa: hda/hdmi: Fix the converter allocation for the silent stream (git-fixes). - alsa: hda/hdmi: Fix the converter reuse for the silent stream (git-fixes). - alsa: hda/hdmi: change type for the 'assigned' variable (git-fixes). - alsa: hda/realtek: Add Intel Reference SSID to support headset keys (git-fixes). - alsa: hda/realtek: Add another HP ZBook G9 model quirks (bsc#1203699). - alsa: hda/realtek: Add quirk for ASUS GV601R laptop (git-fixes). - alsa: hda/realtek: Add quirk for ASUS Zenbook using CS35L41 (bsc#1203922). - alsa: hda/realtek: Correct pin configs for ASUS G533Z (git-fixes). - alsa: hda/realtek: remove ALC289_FIXUP_DUAL_SPK for Dell 5530 (git-fixes). - alsa: hda: Fix position reporting on Poulsbo (git-fixes). - alsa: hda: cs35l41: Remove suspend/resume hda hooks (bsc#1203699). - alsa: hda: cs35l41: Support System Suspend (bsc#1203699). - alsa: hda: hda_cs_dsp_ctl: Ensure pwr_lock is held before reading/writing controls (bsc#1203699). - alsa: hda: hda_cs_dsp_ctl: Minor clean and redundant code removal (bsc#1203699). - alsa: hiface: fix repeated words in comments (git-fixes). - alsa: line6: Replace sprintf() with sysfs_emit() (git-fixes). - alsa: line6: remove line6_set_raw declaration (git-fixes). - alsa: oss: Fix potential deadlock at unregistration (git-fixes). - alsa: rawmidi: Drop register_mutex in snd_rawmidi_free() (git-fixes). - alsa: rme9652: use explicitly signed char (git-fixes). - alsa: scarlett2: Add Focusrite Clarett+ 8Pre support (git-fixes). - alsa: scarlett2: Add support for the internal "standalone" switch (git-fixes). - alsa: scarlett2: Split scarlett2_config_items[] into 3 sections (git-fixes). - alsa: usb-audio: Add mixer mapping for Gigabyte B450/550 Mobos (git-fixes). - alsa: usb-audio: Add quirk to enable Avid Mbox 3 support (git-fixes). - alsa: usb-audio: Add quirks for M-Audio Fast Track C400/600 (git-fixes). - alsa: usb-audio: Fix NULL dererence at error path (git-fixes). - alsa: usb-audio: Fix last interface check for registration (git-fixes). - alsa: usb-audio: Fix potential memory leaks (git-fixes). - alsa: usb-audio: Fix regression with Dell Dock jack detection (bsc#1204719). - alsa: usb-audio: Register card at the last interface (git-fixes). - alsa: usb-audio: make read-only array marker static const (git-fixes). - alsa: usb-audio: remove redundant assignment to variable c (git-fixes). - alsa: usb-audio: scarlett2: Use struct_size() helper in scarlett2_usb() (git-fixes). - alsa: usb/6fire: fix repeated words in comments (git-fixes). - arm64/bti: Disable in kernel BTI when cross section thunks are broken (git-fixes) - arm64/mm: Consolidate TCR_EL1 fields (git-fixes). - arm64: dts: imx8mp: Add snps,gfladj-refclk-lpm-sel quirk to USB nodes (git-fixes). - arm64: dts: imx8mq-librem5: Add bq25895 as max17055's power supply (git-fixes). - arm64: dts: qcom: sc7280: Cleanup the lpasscc node (git-fixes). - arm64: dts: ti: k3-j7200: fix main pinmux range (git-fixes). - arm64: ftrace: fix module PLTs with mcount (git-fixes). - arm64: mte: Avoid setting PG_mte_tagged if no tags cleared or restored (git-fixes). - arm64: topology: move store_cpu_topology() to shared code (git-fixes). - arm: 9242/1: kasan: Only map modules if CONFIG_KASAN_VMALLOC=n (git-fixes). - arm: 9244/1: dump: Fix wrong pg_level in walk_pmd() (git-fixes). - arm: 9247/1: mm: set readonly for MT_MEMORY_RO with ARM_LPAE (git-fixes). - arm: Drop CMDLINE_* dependency on ATAGS (git-fixes). - arm: decompressor: Include .data.rel.ro.local (git-fixes). - arm: defconfig: clean up multi_v4t and multi_v5 configs (git-fixes). - arm: defconfig: drop CONFIG_PTP_1588_CLOCK=y (git-fixes). - arm: defconfig: drop CONFIG_SERIAL_OMAP references (git-fixes). - arm: defconfig: drop CONFIG_USB_FSL_USB2 (git-fixes). - arm: dts: armada-38x: Add gpio-ranges for pin muxing (git-fixes). - arm: dts: exynos: correct s5k6a3 reset polarity on Midas family (git-fixes). - arm: dts: exynos: fix polarity of VBUS GPIO of Origen (git-fixes). - arm: dts: fix Moxa SDIO 'compatible', remove 'sdhci' misnomer (git-fixes). - arm: dts: imx6dl: add missing properties for sram (git-fixes). - arm: dts: imx6q: add missing properties for sram (git-fixes). - arm: dts: imx6qdl-kontron-samx6i: hook up DDC i2c bus (git-fixes). - arm: dts: imx6qp: add missing properties for sram (git-fixes). - arm: dts: imx6sl: add missing properties for sram (git-fixes). - arm: dts: imx6sll: add missing properties for sram (git-fixes). - arm: dts: imx6sx: add missing properties for sram (git-fixes). - arm: dts: imx7d-sdb: config the max pressure for tsc2046 (git-fixes). - arm: dts: integrator: Tag PCI host with device_type (git-fixes). - arm: dts: kirkwood: lsxl: fix serial line (git-fixes). - arm: dts: kirkwood: lsxl: remove first ethernet port (git-fixes). - arm: dts: turris-omnia: Add label for wan port (git-fixes). - arm: dts: turris-omnia: Fix mpp26 pin name and comment (git-fixes). - asoc: SOF: pci: Change DMI match info to support all Chrome platforms (git-fixes). - asoc: codecs: tx-macro: fix kcontrol put (git-fixes). - asoc: da7219: Fix an error handling path in da7219_register_dai_clks() (git-fixes). - asoc: eureka-tlv320: Hold reference returned from of_find_xxx API (git-fixes). - asoc: fsl_sai: Remove unnecessary FIFO reset in ISR (git-fixes). - asoc: mt6359: fix tests for platform_get_irq() failure (git-fixes). - asoc: mt6660: Fix PM disable depth imbalance in mt6660_i2c_probe (git-fixes). - asoc: qcom: lpass-cpu: Mark HDMI TX parity register as volatile (git-fixes). - asoc: qcom: lpass-cpu: mark HDMI TX registers as volatile (git-fixes). - asoc: rsnd: Add check for rsnd_mod_power_on (git-fixes). - asoc: tas2764: Allow mono streams (git-fixes). - asoc: tas2764: Drop conflicting set_bias_level power setting (git-fixes). - asoc: tas2764: Fix mute/unmute (git-fixes). - asoc: wcd9335: fix order of Slimbus unprepare/disable (git-fixes). - asoc: wcd934x: fix order of Slimbus unprepare/disable (git-fixes). - asoc: wm5102: Fix PM disable depth imbalance in wm5102_probe (git-fixes). - asoc: wm5110: Fix PM disable depth imbalance in wm5110_probe (git-fixes). - asoc: wm8997: Fix PM disable depth imbalance in wm8997_probe (git-fixes). - asoc: wm_adsp: Handle optional legacy support (git-fixes). - ata: ahci-imx: Fix MODULE_ALIAS (git-fixes). - ata: fix ata_id_has_devslp() (git-fixes). - ata: fix ata_id_has_dipm() (git-fixes). - ata: fix ata_id_has_ncq_autosense() (git-fixes). - ata: fix ata_id_sense_reporting_enabled() and ata_id_has_sense_reporting() (git-fixes). - ata: libahci_platform: Sanity check the DT child nodes number (git-fixes). - ata: pata_legacy: fix pdc20230_set_piomode() (git-fixes). - bluetooth: L2CAP: Fix use-after-free caused by l2cap_reassemble_sdu (git-fixes). - bluetooth: L2CAP: Fix user-after-free (git-fixes). - bluetooth: L2CAP: initialize delayed works at l2cap_chan_create() (git-fixes). - bluetooth: RFCOMM: Fix possible deadlock on socket shutdown/release (git-fixes). - bluetooth: btintel: Mark Intel controller to support LE_STATES quirk (git-fixes). - bluetooth: hci_sysfs: Fix attempting to call device_add multiple times (git-fixes). - bluetooth: virtio_bt: Use skb_put to set length (git-fixes). - bnxt_en: Fix bnxt_refclk_read() (git-fixes). - bnxt_en: Fix bnxt_reinit_after_abort() code path (git-fixes). - bnxt_en: fix livepatch query (git-fixes). - bnxt_en: reclaim max resources if sriov enable fails (git-fixes). - bonding: 802.3ad: fix no transmission of LACPDUs (git-fixes). - bonding: ARP monitor spams NETDEV_NOTIFY_PEERS notifiers (git-fixes). - can: bcm: check the result of can_send() in bcm_can_tx() (git-fixes). - can: j1939: transport: j1939_session_skb_drop_old(): spin_unlock_irqrestore() before kfree_skb() (git-fixes). - can: kvaser_usb: Fix possible completions during init_completion (git-fixes). - can: kvaser_usb: Fix use of uninitialized completion (git-fixes). - can: kvaser_usb: kvaser_usb_leaf: fix CAN clock frequency regression (git-fixes). - can: kvaser_usb: replace run-time checks with struct kvaser_usb_driver_info (git-fixes). - can: kvaser_usb_leaf: Fix CAN state after restart (git-fixes). - can: kvaser_usb_leaf: Fix TX queue out of sync after restart (git-fixes). - can: mcp251x: mcp251x_can_probe(): add missing unregister_candev() in error path (git-fixes). - can: mcp251xfd: mcp251xfd_register_get_dev_id(): fix endianness conversion (git-fixes). - can: mcp251xfd: mcp251xfd_register_get_dev_id(): use correct length to read dev_id (git-fixes). - can: mscan: mpc5xxx: mpc5xxx_can_probe(): add missing put_clock() in error path (git-fixes). - cgroup/cpuset: Enable update_tasks_cpumask() on top_cpuset (bsc#1204753). - clk: ast2600: BCLK comes from EPLL (git-fixes). - clk: at91: fix the build with binutils 2.27 (git-fixes). - clk: baikal-t1: Add SATA internal ref clock buffer (git-fixes). - clk: baikal-t1: Add shared xGMAC ref/ptp clocks internal parent (git-fixes). - clk: baikal-t1: Fix invalid xGMAC PTP clock divider (git-fixes). - clk: bcm2835: Make peripheral PLLC critical (git-fixes). - clk: bcm2835: Round UART input clock up (bsc#1188238) - clk: bcm2835: fix bcm2835_clock_rate_from_divisor declaration (git-fixes). - clk: bcm: rpi: Add support for VEC clock (bsc#1196632) - clk: berlin: Add of_node_put() for of_get_parent() (git-fixes). - clk: imx: scu: fix memleak on platform_device_add() fails (git-fixes). - clk: mediatek: mt8183: mfgcfg: Propagate rate changes to parent (git-fixes). - clk: meson: Hold reference returned by of_get_parent() (git-fixes). - clk: oxnas: Hold reference returned by of_get_parent() (git-fixes). - clk: qcom: apss-ipq6018: mark apcs_alias0_core_clk as critical (git-fixes). - clk: qcom: gcc-msm8916: use ARRAY_SIZE instead of specifying num_parents (git-fixes). - clk: qoriq: Hold reference returned by of_get_parent() (git-fixes). - clk: sprd: Hold reference returned by of_get_parent() (git-fixes). - clk: tegra20: Fix refcount leak in tegra20_clock_init (git-fixes). - clk: tegra: Fix refcount leak in tegra114_clock_init (git-fixes). - clk: tegra: Fix refcount leak in tegra210_clock_init (git-fixes). - clk: ti: dra7-atl: Fix reference leak in of_dra7_atl_clk_probe (git-fixes). - clk: vc5: Fix 5P49V6901 outputs disabling when enabling FOD (git-fixes). - clk: zynqmp: Fix stack-out-of-bounds in strncpy` (git-fixes). - clk: zynqmp: pll: rectify rate rounding in zynqmp_pll_round_rate (git-fixes). - cpufreq: qcom: fix memory leak in error path (git-fixes). - cpufreq: qcom: fix writes in read-only memory region (git-fixes). - crypto: akcipher - default implementation for setting a private key (git-fixes). - crypto: cavium - prevent integer overflow loading firmware (git-fixes). - crypto: ccp - Release dma channels before dmaengine unrgister (git-fixes). - crypto: hisilicon/zip - fix mismatch in get/set sgl_sge_nr (git-fixes). - crypto: inside-secure - Change swab to swab32 (git-fixes). - crypto: inside-secure - Replace generic aes with libaes (git-fixes). - crypto: marvell/octeontx - prevent integer overflows (git-fixes). - crypto: qat - fix default value of WDT timer (git-fixes). - crypto: sahara - do not sleep when in softirq (git-fixes). - device property: Fix documentation for *_match_string() APIs (git-fixes). - dmaengine: hisilicon: Add multi-thread support for a DMA channel (git-fixes). - dmaengine: hisilicon: Disable channels when unregister hisi_dma (git-fixes). - dmaengine: hisilicon: Fix CQ head update (git-fixes). - dmaengine: idxd: change bandwidth token to read buffers (jsc#PED-679). - dmaengine: idxd: deprecate token sysfs attributes for read buffers (jsc#PED-679). - dmaengine: idxd: force wq context cleanup on device disable path (git-fixes). - dmaengine: ioat: stop mod_timer from resurrecting deleted timer in __cleanup() (git-fixes). - dmaengine: mxs: use platform_driver_register (git-fixes). - dmaengine: ti: k3-udma: Reset UDMA_CHAN_RT byte counters to prevent overflow (git-fixes). - dmaengine: xilinx_dma: Fix devm_platform_ioremap_resource error handling (git-fixes). - dmaengine: xilinx_dma: Report error in case of dma_set_mask_and_coherent API failure (git-fixes). - dmaengine: xilinx_dma: cleanup for fetching xlnx,num-fstores property (git-fixes). - dpaa2-eth: trace the allocated address instead of page struct (git-fixes). - drivers: hv: vmbus: Fix handling of messages with transaction ID of zero (bsc#1204017). - drivers: hv: vmbus: Introduce vmbus_request_addr_match() (bsc#1204017). - drivers: hv: vmbus: Introduce vmbus_sendpacket_getid() (bsc#1204017). - drivers: hv: vmbus: Introduce {lock,unlock}_requestor() (bsc#1204017). - drivers: serial: jsm: fix some leaks in probe (git-fixes). - drm/amd/display: Assume an LTTPR is always present on fixed_vs links (git-fixes). - drm/amd/display: Changed pipe split policy to allow for multi-display (bsc#1152472) Backporting notes: * remove changes to non-existing 201 and 31 directories - drm/amd/display: Correct MPC split policy for DCN301 (git-fixes). - drm/amd/display: Fix build breakage with CONFIG_DEBUG_FS=n (git-fixes). - drm/amd/display: Fix double cursor on non-video RGB MPO (git-fixes). - drm/amd/display: Fix vblank refcount in vrr transition (git-fixes). - drm/amd/display: Remove interface for periodic interrupt 1 (git-fixes). - drm/amd/display: skip audio setup when audio stream is enabled (git-fixes). - drm/amd/display: update gamut remap if plane has changed (git-fixes). - drm/amd/pm: smu7_hwmgr: fix potential off-by-one overflow in 'performance_levels' (git-fixes). - drm/amdgpu/display: change pipe policy for DCN 2.0 (git-fixes). - drm/amdgpu/display: change pipe policy for DCN 2.1 (git-fixes). - drm/amdgpu/gfx10: add wraparound gpu counter check for APUs as well (bsc#1152472) Backporting notes: * also fix default branch - drm/amdgpu/gfx9: switch to golden tsc registers for renoir+ (bsc#1152472) Backporting notes: * replace IP_VERSION() with CHIP_ constants - drm/amdgpu: add missing pci_disable_device() in amdgpu_pmops_runtime_resume() (git-fixes). - drm/amdgpu: fix initial connector audio value (git-fixes). - drm/amdgpu: fix sdma doorbell init ordering on APUs (git-fixes). - drm/amdkfd: Fix memory leak in kfd_mem_dmamap_userptr() (git-fixes). - drm/bridge: Avoid uninitialized variable warning (git-fixes). - drm/bridge: megachips: Fix a null pointer dereference bug (git-fixes). - drm/bridge: parade-ps8640: Fix regulator supply order (git-fixes). - drm/i915/dp: Reset frl trained flag before restarting FRL training (git-fixes). - drm/i915/ehl: Update MOCS table for EHL (git-fixes). - drm/i915/gvt: fix a memory leak in intel_gvt_init_vgpu_types (git-fixes). - drm/i915/hdmi: convert intel_hdmi_to_dev to intel_hdmi_to_i915 (bsc#1152489) - drm/i915: Reject unsupported TMDS rates on ICL+ (git-fixes). - drm/komeda: Fix handling of atomic commits in the atomic_commit_tail hook (git-fixes). - drm/meson: explicitly remove aggregate driver at module unload time (git-fixes). - drm/mipi-dsi: Detach devices when removing the host (git-fixes). - drm/msm/dp: Silence inconsistent indent warning (git-fixes). - drm/msm/dp: correct 1.62G link rate at dp_catalog_ctrl_config_msa() (git-fixes). - drm/msm/dp: fix IRQ lifetime (git-fixes). - drm/msm/dpu: Fix comment typo (git-fixes). - drm/msm/dpu: index dpu_kms->hw_vbif using vbif_idx (git-fixes). - drm/msm/dsi: fix memory corruption with too many bridges (git-fixes). - drm/msm/hdmi: fix memory corruption with too many bridges (git-fixes). - drm/msm: Fix return type of mdp4_lvds_connector_mode_valid (git-fixes). - drm/msm: Make .remove and .shutdown HW shutdown consistent (git-fixes). - drm/msm: fix use-after-free on probe deferral (git-fixes). - drm/nouveau/kms/nv140-: Disable interlacing (git-fixes). - drm/nouveau/nouveau_bo: fix potential memory leak in nouveau_bo_alloc() (git-fixes). - drm/nouveau: fix a use-after-free in nouveau_gem_prime_import_sg_table() (git-fixes). - drm/nouveau: wait for the exclusive fence after the shared ones v2 (bsc#1152472) Backporting notes: * context changes - drm/omap: dss: Fix refcount leak bugs (git-fixes). - drm/scheduler: quieten kernel-doc warnings (git-fixes). - drm/virtio: Check whether transferred 2D BO is shmem (git-fixes). - drm/virtio: Unlock reservations on virtio_gpu_object_shmem_init() error (git-fixes). - drm: Prevent drm_copy_field() to attempt copying a NULL pointer (git-fixes). - drm: Use size_t type for len variable in drm_copy_field() (git-fixes). - drm: bridge: adv7511: fix CEC power down control register offset (git-fixes). - drm: bridge: dw_hdmi: only trigger hotplug event on link change (git-fixes). - drm: fix drm_mipi_dbi build errors (git-fixes). - drm: panel-orientation-quirks: Add quirk for Anbernic Win600 (git-fixes). - drm:pl111: Add of_node_put() when breaking out of for_each_available_child_of_node() (git-fixes). - drop Dell Dock regression fix patch again (bsc#1204719) - drop verbose nvme logging feature (bsc#1200567) - dt-bindings: crypto: ti,sa2ul: drop dma-coherent property (git-fixes). - dt-bindings: display/msm: dpu-sc7180: add missing DPU opp-table (git-fixes). - dt-bindings: display/msm: dpu-sdm845: add missing DPU opp-table (git-fixes). - dt-bindings: mtd: intel: lgm-nand: Fix compatible string (git-fixes). - dt-bindings: mtd: intel: lgm-nand: Fix maximum chip select value (git-fixes). - dt-bindings: pci: microchip,pcie-host: fix missing clocks properties (git-fixes). - dt-bindings: pci: microchip,pcie-host: fix missing dma-ranges (git-fixes). - dt-bindings: phy: qcom,qmp-usb3-dp: fix bogus clock-cells property (git-fixes). - dt-bindings: phy: qcom,qmp: fix bogus clock-cells property (git-fixes). - dyndbg: fix module.dyndbg handling (git-fixes). - dyndbg: fix static_branch manipulation (git-fixes). - dyndbg: let query-modname override actual module name (git-fixes). - efi: Correct Macmini DMI match in uefi cert quirk (git-fixes). - efi: libstub: drop pointless get_memory_map() call (git-fixes). - fbdev: cyber2000fb: fix missing pci_disable_device() (git-fixes). - fbdev: da8xx-fb: Fix error handling in .remove() (git-fixes). - fec: Fix timer capture timing in `fec_ptp_enable_pps()` (git-fixes). - firmware: arm_scmi: Add SCMI PM driver remove routine (git-fixes). - firmware: arm_scmi: Harden accesses to the sensor domains (git-fixes). - firmware: arm_scmi: Improve checks in the info_get operations (git-fixes). - firmware: google: Test spinlock on panic path to avoid lockups (git-fixes). - fpga: prevent integer overflow in dfl_feature_ioctl_set_irq() (git-fixes). - fs/binfmt_elf: Fix memory leak in load_elf_binary() (git-fixes). - ftrace: Fix char print issue in print_ip_ins() (git-fixes). - ftrace: Properly unset FTRACE_HASH_FL_MOD (git-fixes). - fuse: fix deadlock between atomic O_TRUNC and page invalidation (bsc#1204533). - gcov: support GCC 12.1 and newer compilers (git-fixes). - gpu: lontium-lt9611: Fix NULL pointer dereference in lt9611_connector_init() (git-fixes). - hid: hid-logitech-hidpp: avoid unnecessary assignments in hidpp_connect_event (git-fixes). - hid: hidraw: fix memory leak in hidraw_release() (git-fixes). - hid: magicmouse: Do not set BTN_MOUSE on double report (git-fixes). - hid: multitouch: Add memory barriers (git-fixes). - hid: roccat: Fix use-after-free in roccat_read() (git-fixes). - hinic: Avoid some over memory allocation (git-fixes). - hsi: omap_ssi: Fix refcount leak in ssi_probe (git-fixes). - hsi: omap_ssi_port: Fix dma_map_sg error check (git-fixes). - hwmon/coretemp: Handle large core ID value (git-fixes). - hwmon: (sht4x) do not overflow clamping operation on 32-bit platforms (git-fixes). - i2c: designware: Fix handling of real but unexpected device interrupts (git-fixes). - i2c: i801: Add support for Intel Ice Lake PCH-N (jsc#PED-634). - i2c: i801: Add support for Intel Meteor Lake-P (jsc#PED-732). - i2c: i801: Add support for Intel Raptor Lake PCH-S (jsc#PED-634). - i2c: i801: Improve handling of chip-specific feature definitions (jsc#PED-634). - i2c: qcom-cci: Fix ordering of pm_runtime_xx and i2c_add_adapter (git-fixes). - i40e: Fix call trace in setup_tx_descriptors (git-fixes). - i40e: Fix dropped jumbo frames statistics (git-fixes). - i40e: Fix to stop tx_timeout recovery if GLOBR fails (git-fixes). - iavf: Fix adminq error handling (git-fixes). - iavf: Fix handling of dummy receive descriptors (git-fixes). - iavf: Fix reset error handling (git-fixes). - ib/core: Fix a nested dead lock as part of ODP flow (git-fixes) - ib/rdmavt: Add __init/__exit annotations to module init/exit funcs (git-fixes) - ice: Fix switchdev rules book keeping (git-fixes). - ice: check (DD | EOF) bits on Rx descriptor rather than (EOP | RS) (git-fixes). - ice: do not setup vlan for loopback VSI (git-fixes). - igb: Make DMA faster when CPU is active on the PCIe link (git-fixes). - igb: fix a use-after-free issue in igb_clean_tx_ring (git-fixes). - iio: ABI: Fix wrong format of differential capacitance channel ABI (git-fixes). - iio: adc: ad7923: fix channel readings for some variants (git-fixes). - iio: adc: at91-sama5d2_adc: check return status for pressure and touch (git-fixes). - iio: adc: at91-sama5d2_adc: disable/prepare buffer on suspend/resume (git-fixes). - iio: adc: at91-sama5d2_adc: fix AT91_SAMA5D2_MR_TRACKTIM_MAX (git-fixes). - iio: adc: at91-sama5d2_adc: lock around oversampling and sample freq (git-fixes). - iio: adc: mcp3911: use correct id bits (git-fixes). - iio: adxl372: Fix unsafe buffer attributes (git-fixes). - iio: bmc150-accel-core: Fix unsafe buffer attributes (git-fixes). - iio: dac: ad5593r: Fix i2c read protocol requirements (git-fixes). - iio: inkern: fix return value in devm_of_iio_channel_get_by_name() (git-fixes). - iio: inkern: only release the device node when done with it (git-fixes). - iio: light: tsl2583: Fix module unloading (git-fixes). - iio: ltc2497: Fix reading conversion results (git-fixes). - iio: magnetometer: yas530: Change data type of hard_offsets to signed (git-fixes). - iio: pressure: dps310: Refactor startup procedure (git-fixes). - iio: pressure: dps310: Reset chip after timeout (git-fixes). - iio: temperature: ltc2983: allocate iio channels once (git-fixes). - ima: fix blocking of security.ima xattrs of unsupported algorithms (git-fixes). - input: i8042 - fix refount leak on sparc (git-fixes). - input: synaptics-rmi4 - fix firmware update operations with bootloader v8 (git-fixes). - input: xpad - add supported devices as contributed on github (git-fixes). - input: xpad - fix wireless 360 controller breaking after suspend (git-fixes). - iommu/vt-d: Do not falsely log intel_iommu is unsupported kernel option (bsc#1204947). - ip: Fix data-races around sysctl_ip_fwd_update_priority (git-fixes). - ipv4: Fix data-races around sysctl_fib_multipath_hash_policy (git-fixes). - irqchip/ls-extirq: Fix invalid wait context by avoiding to use regmap (git-fixes). - isdn: mISDN: netjet: fix wrong check of device registration (git-fixes). - ixgbe: Add locking to prevent panic when setting sriov_numvfs to zero (git-fixes). - ixgbe: fix bcast packets Rx on VF after promisc removal (git-fixes). - ixgbe: fix unexpected VLAN Rx in promisc mode on VF (git-fixes). - kABI: Fix after adding trace_iterator.wait_index (git-fixes). - kABI: Fix kABI after backport Add pmc->intr to refactor kvm_perf_overflow{_intr}() (git-fixes). - kABI: Fix kABI after backport Always set kvm_run->if_flag (git-fixes). - kABI: Fix kABI after backport Forcibly leave nested virt when SMM state is toggled (git-fixes). - kABI: Fix kABI after backport Refactoring find_arch_event() to pmc_perf_hw_id() (git-fixes). - kABI: Fix kABI after backport Update vPMCs when retiring branch instructions (git-fixes). - kabi/severities: ignore CS35L41-specific exports (bsc#1203699) - kbuild: Add skip_encoding_btf_enum64 option to pahole (git-fixes). - kbuild: remove the target in signal traps when interrupted (git-fixes). - kbuild: rpm-pkg: fix breakage when V=1 is used (git-fixes). - kernfs: fix use-after-free in __kernfs_remove (git-fixes). - kselftest/arm64: Fix validatation termination record after EXTRA_CONTEXT (git-fixes). - kvm: SVM: Exit to userspace on ENOMEM/EFAULT GHCB errors (git-fixes). - kvm: VMX: Inject #PF on ENCLS as "emulated" #PF (git-fixes). - kvm: fix avic_set_running for preemptable kernels (git-fixes). - kvm: nVMX: Ignore SIPI that arrives in L2 when vCPU is not in WFS (git-fixes). - kvm: nVMX: Unconditionally purge queued/injected events on nested "exit" (git-fixes). - kvm: s390: Clarify SIGP orders versus STOP/RESTART (git-fixes). - kvm: s390: pv: do not present the ecall interrupt twice (bsc#1203229 LTC#199905). - kvm: s390x: fix SCK locking (git-fixes). - kvm: x86/emulator: Fix handing of POP SS to correctly set interruptibility (git-fixes). - kvm: x86/mmu: Do not advance iterator after restart due to yielding (git-fixes). - kvm: x86/mmu: Retry page fault if root is invalidated by memslot update (git-fixes). - kvm: x86/pmu: Add pmc->intr to refactor kvm_perf_overflow{_intr}() (git-fixes). - kvm: x86/pmu: Do not truncate the PerfEvtSeln MSR when creating a perf event (git-fixes). - kvm: x86/pmu: Fix available_event_types check for REF_CPU_CYCLES event (git-fixes). - kvm: x86/pmu: Refactoring find_arch_event() to pmc_perf_hw_id() (git-fixes). - kvm: x86: Add KVM_CAP_ENABLE_CAP to x86 (git-fixes). - kvm: x86: Add compat handler for KVM_X86_SET_MSR_FILTER (git-fixes). - kvm: x86: Always set kvm_run->if_flag (git-fixes). - kvm: x86: Forcibly leave nested virt when SMM state is toggled (git-fixes). - kvm: x86: Inject #UD on emulated XSETBV if XSAVES isn't enabled (git-fixes). - kvm: x86: Keep MSR_IA32_XSS unchanged for INIT (git-fixes). - kvm: x86: Register perf callbacks after calling vendor's hardware_setup() (git-fixes). - kvm: x86: Sync the states size with the XCR0/IA32_XSS at, any time (git-fixes). - kvm: x86: Update vPMCs when retiring branch instructions (git-fixes). - kvm: x86: Update vPMCs when retiring instructions (git-fixes). - kvm: x86: do not report preemption if the steal time cache is stale (git-fixes). - kvm: x86: nSVM/nVMX: set nested_run_pending on VM entry which is a result of RSM (git-fixes). - kvm: x86: nSVM: fix potential NULL derefernce on nested migration (git-fixes). - kvm: x86: nSVM: mark vmcb01 as dirty when restoring SMM saved state (git-fixes). - lib/sg_pool: change module_init(sg_pool_init) to subsys_initcall (git-fixes). - livepatch: Add a missing newline character in klp_module_coming() (bsc#1071995). - livepatch: fix race between fork and KLP transition (bsc#1071995). - mISDN: fix possible memory leak in mISDN_register_device() (git-fixes). - mISDN: hfcpci: Fix use-after-free bug in hfcpci_softirq (git-fixes). - mac802154: Fix LQI recording (git-fixes). - macvlan: enforce a consistent minimal mtu (git-fixes). - mailbox: bcm-ferxrm-mailbox: Fix error check for dma_map_sg (git-fixes). - mailbox: mpfs: account for mbox offsets while sending (git-fixes). - mailbox: mpfs: fix handling of the reg property (git-fixes). - media: atomisp: prevent integer overflow in sh_css_set_black_frame() (git-fixes). - media: cedrus: Fix endless loop in cedrus_h265_skip_bits() (git-fixes). - media: cedrus: Set the platform driver data earlier (git-fixes). - media: cx88: Fix a null-ptr-deref bug in buffer_prepare() (git-fixes). - media: ipu3-imgu: Fix NULL pointer dereference in active selection access (git-fixes). - media: mceusb: set timeout to at least timeout provided (git-fixes). - media: meson: vdec: add missing clk_disable_unprepare on error in vdec_hevc_start() (git-fixes). - media: uvcvideo: Fix memory leak in uvc_gpio_parse (git-fixes). - media: uvcvideo: Use entity get_cur in uvc_ctrl_set (git-fixes). - media: v4l2-compat-ioctl32.c: zero buffer passed to v4l2_compat_get_array_args() (git-fixes). - media: v4l2-dv-timings: add sanity checks for blanking values (git-fixes). - media: v4l2: Fix v4l2_i2c_subdev_set_name function documentation (git-fixes). - media: venus: dec: Handle the case where find_format fails (git-fixes). - media: videodev2.h: V4L2_DV_BT_BLANKING_HEIGHT should check 'interlaced' (git-fixes). - media: vivid: dev->bitmap_cap wasn't freed in all cases (git-fixes). - media: vivid: s_fbuf: add more sanity checks (git-fixes). - media: vivid: set num_in/outputs to 0 if not supported (git-fixes). - media: xilinx: vipp: Fix refcount leak in xvip_graph_dma_init (git-fixes). - memory: of: Fix refcount leak bug in of_get_ddr_timings() (git-fixes). - memory: of: Fix refcount leak bug in of_lpddr3_get_ddr_timings() (git-fixes). - memory: pl353-smc: Fix refcount leak bug in pl353_smc_probe() (git-fixes). - mfd: fsl-imx25: Fix an error handling path in mx25_tsadc_setup_irq() (git-fixes). - mfd: fsl-imx25: Fix check for platform_get_irq() errors (git-fixes). - mfd: intel-lpss: Add Intel Raptor Lake PCH-S PCI IDs (jsc#PED-634). - mfd: intel_soc_pmic: Fix an error handling path in intel_soc_pmic_i2c_probe() (git-fixes). - mfd: lp8788: Fix an error handling path in lp8788_irq_init() and lp8788_irq_init() (git-fixes). - mfd: lp8788: Fix an error handling path in lp8788_probe() (git-fixes). - mfd: sm501: Add check for platform_driver_register() (git-fixes). - misc: ocxl: fix possible refcount leak in afu_ioctl() (git-fixes). - misc: pci_endpoint_test: Aggregate params checking for xfer (git-fixes). - misc: pci_endpoint_test: Fix pci_endpoint_test_{copy,write,read}() panic (git-fixes). - mlxsw: spectrum: Clear PTP configuration after unregistering the netdevice (git-fixes). - mlxsw: spectrum_cnt: Reorder counter pools (git-fixes). - mlxsw: spectrum_router: Fix IPv4 nexthop gateway indication (git-fixes). - mm/hugetlb: fix races when looking up a CONT-PTE/PMD size hugetlb page (bsc#1204575). - mmc: au1xmmc: Fix an error handling path in au1xmmc_probe() (git-fixes). - mmc: core: Fix kernel panic when remove non-standard SDIO card (git-fixes). - mmc: core: Replace with already defined values for readability (git-fixes). - mmc: core: Terminate infinite loop in SD-UHS voltage switch (git-fixes). - mmc: sdhci-esdhc-imx: Propagate ESDHC_FLAG_HS400* only on 8bit bus (git-fixes). - mmc: sdhci-msm: add compatible string check for sdm670 (git-fixes). - mmc: sdhci-pci-core: Disable ES for ASUS BIOS on Jasper Lake (git-fixes). - mmc: sdhci-sprd: Fix minimum clock limit (git-fixes). - mmc: sdhci_am654: 'select', not 'depends' REGMAP_MMIO (git-fixes). - mmc: wmt-sdmmc: Fix an error handling path in wmt_mci_probe() (git-fixes). - move upstreamed BT fixes into sorted section - move upstreamed patches into sorted section - move upstreamed sound patches into sorted section - mtd: devices: docg3: check the return value of devm_ioremap() in the probe (git-fixes). - mtd: rawnand: atmel: Unmap streaming DMA mappings (git-fixes). - mtd: rawnand: fsl_elbc: Fix none ECC mode (git-fixes). - mtd: rawnand: intel: Do not re-define NAND_DATA_IFACE_CHECK_ONLY (git-fixes). - mtd: rawnand: intel: Read the chip-select line from the correct OF node (git-fixes). - mtd: rawnand: intel: Remove undocumented compatible string (git-fixes). - mtd: rawnand: marvell: Use correct logic for nand-keep-config (git-fixes). - mtd: rawnand: meson: fix bit map use in meson_nfc_ecc_correct() (git-fixes). - net/dsa/hirschmann: Add missing of_node_get() in hellcreek_led_setup() (git-fixes). - net/ice: fix initializing the bitmap in the switch code (git-fixes). - net/ieee802154: fix uninit value bug in dgram_sendmsg (git-fixes). - net/mlx4_en: Fix wrong return value on ioctl EEPROM query failure (git-fixes). - net/mlx5e: Disable softirq in mlx5e_activate_rq to avoid race condition (git-fixes). - net/mlx5e: Fix enabling sriov while tc nic rules are offloaded (git-fixes). - net/mlx5e: Properly disable vlan strip on non-UL reps (git-fixes). - net/mlx5e: Remove WARN_ON when trying to offload an unsupported TLS cipher/version (git-fixes). - net/mlx5e: Ring the TX doorbell on DMA errors (git-fixes). - net/mlx5e: TC, fix decap fallback to uplink when int port not supported (git-fixes). - net/mlx5e: Update netdev features after changing XDP state (git-fixes). - net/mlx5e: xsk: Account for XSK RQ UMRs when calculating ICOSQ size (git-fixes). - net: altera: Fix refcount leak in altera_tse_mdio_create (git-fixes). - net: atlantic: fix aq_vec index out of range error (git-fixes). - net: bcmgenet: Indicate MAC is in charge of PHY PM (git-fixes). - net: bgmac: Fix a BUG triggered by wrong bytes_compl (git-fixes). - net: bgmac: Fix an erroneous kfree() in bgmac_remove() (git-fixes). - net: bgmac: support MDIO described in DT (git-fixes). - net: bonding: fix possible NULL deref in rlb code (git-fixes). - net: bonding: fix use-after-free after 802.3ad slave unbind (git-fixes). - net: chelsio: cxgb4: Avoid potential negative array offset (git-fixes). - net: dp83822: disable false carrier interrupt (git-fixes). - net: dp83822: disable rx error interrupt (git-fixes). - net: dsa: bcm_sf2: force pause link settings (git-fixes). - net: dsa: ksz9477: port mirror sniffing limited to one port (git-fixes). - net: dsa: lantiq_gswip: Fix refcount leak in gswip_gphy_fw_list (git-fixes). - net: dsa: microchip: ksz9477: fix fdb_dump last invalid entry (git-fixes). - net: dsa: microchip: ksz_common: Fix refcount leak bug (git-fixes). - net: dsa: mv88e6060: prevent crash on an unused port (git-fixes). - net: dsa: mv88e6xxx: use BMSR_ANEGCOMPLETE bit for filling an_complete (git-fixes). - net: dsa: sja1105: fix buffer overflow in sja1105_setup_devlink_regions() (git-fixes). - net: dsa: sja1105: silent spi_device_id warnings (git-fixes). - net: dsa: vitesse-vsc73xx: silent spi_device_id warnings (git-fixes). - net: ethernet: bgmac: Fix refcount leak in bcma_mdio_mii_register (git-fixes). - net: ethernet: ti: am65-cpsw: Fix devlink port register sequence (git-fixes). - net: ethernet: ti: davinci_mdio: Add workaround for errata i2329 (git-fixes). - net: ethernet: ti: davinci_mdio: fix build for mdio bitbang uses (git-fixes). - net: fix IFF_TX_SKB_NO_LINEAR definition (git-fixes). - net: ftgmac100: Hold reference returned by of_get_child_by_name() (git-fixes). - net: hns3: do not push link state to VF if unalive (git-fixes). - net: hns3: set port base vlan tbl_sta to false before removing old vlan (git-fixes). - net: huawei: hinic: Use devm_kcalloc() instead of devm_kzalloc() (git-fixes). - net: ieee802154: return -EINVAL for unknown addr type (git-fixes). - net: ipa: do not assume SMEM is page-aligned (git-fixes). - net: ipvtap - add __init/__exit annotations to module init/exit funcs (git-fixes). - net: moxa: get rid of asymmetry in DMA mapping/unmapping (git-fixes). - net: moxa: pass pdev instead of ndev to DMA functions (git-fixes). - net: mscc: ocelot: fix address of SYS_COUNT_TX_AGING counter (git-fixes). - net: pcs: xpcs: propagate xpcs_read error to xpcs_get_state_c37_sgmii (git-fixes). - net: phy: dp83822: disable MDI crossover status change interrupt (git-fixes). - net: phy: dp83867: Extend RX strap quirk for SGMII mode (git-fixes). - net: stmmac: fix dma queue left shift overflow issue (git-fixes). - net: stmmac: fix leaks in probe (git-fixes). - net: stmmac: fix pm runtime issue in stmmac_dvr_remove() (git-fixes). - net: stmmac: fix unbalanced ptp clock issue in suspend/resume flow (git-fixes). - net: stmmac: remove redunctant disable xPCS EEE call (git-fixes). - net: sungem_phy: Add of_node_put() for reference returned by of_get_parent() (git-fixes). - net: tap: NULL pointer derefence in dev_parse_header_protocol when skb->dev is null (git-fixes). - net: usb: qmi_wwan: Add new usb-id for Dell branded EM7455 (git-fixes). - net: usb: r8152: Add in new Devices that are supported for Mac-Passthru (git-fixes). - netdevsim: fib: Fix reference count leak on route deletion failure (git-fixes). - nfc: fdp: Fix potential memory leak in fdp_nci_send() (git-fixes). - nfc: nfcmrvl: Fix potential memory leak in nfcmrvl_i2c_nci_send() (git-fixes). - nfc: nxp-nci: Fix potential memory leak in nxp_nci_send() (git-fixes). - nfc: s3fwrn5: Fix potential memory leak in s3fwrn5_nci_send() (git-fixes). - nfp: ethtool: fix the display error of `ethtool -m DEVNAME` (git-fixes). - nfs: Fix another fsync() issue after a server reboot (git-fixes). - nfsv4: Fixes for nfs4_inode_return_delegation() (git-fixes). - nvme: do not print verbose errors for internal passthrough requests (bsc#1202187). - nvmem: core: Check input parameter for NULL in nvmem_unregister() (bsc#1204241). - octeontx2-af: Apply tx nibble fixup always (git-fixes). - octeontx2-af: Fix key checking for source mac (git-fixes). - octeontx2-af: Fix mcam entry resource leak (git-fixes). - octeontx2-af: suppress external profile loading warning (git-fixes). - octeontx2-pf: Fix NIX_AF_TL3_TL2X_LINKX_CFG register configuration (git-fixes). - octeontx2-pf: Fix UDP/TCP src and dst port tc filters (git-fixes). - octeontx2-pf: cn10k: Fix egress ratelimit configuration (git-fixes). - openvswitch: Fix double reporting of drops in dropwatch (git-fixes). - openvswitch: Fix overreporting of drops in dropwatch (git-fixes). - openvswitch: add nf_ct_is_confirmed check before assigning the helper (git-fixes). - openvswitch: switch from WARN to pr_warn (git-fixes). - overflow.h: restore __ab_c_size (git-fixes). - overflow: Implement size_t saturating arithmetic helpers (jsc#PED-1211). - pci/aspm: Correct LTR_L1.2_THRESHOLD computation (git-fixes). - pci/aspm: Ignore L1 PM Substates if device lacks capability (git-fixes). - pci: Fix used_buses calculation in pci_scan_child_bus_extend() (git-fixes). - pci: Sanitise firmware BAR assignments behind a PCI-PCI bridge (git-fixes). - pci: hv: Fix synchronization between channel callback and hv_compose_msi_msg() (bsc#1204017). - pci: hv: Fix synchronization between channel callback and hv_pci_bus_exit() (bsc#1204017). - pci: hv: Use vmbus_requestor to generate transaction IDs for VMbus hardening (bsc#1204017). - pci: mediatek-gen3: Change driver name to mtk-pcie-gen3 (git-fixes). - phy: amlogic: phy-meson-axg-mipi-pcie-analog: Hold reference returned by of_get_parent() (git-fixes). - phy: qualcomm: call clk_disable_unprepare in the error handling (git-fixes). - pinctrl: Ingenic: JZ4755 bug fixes (git-fixes). - pinctrl: alderlake: Add Intel Alder Lake-N pin controller support (jsc#PED-676). - pinctrl: alderlake: Add Raptor Lake-S ACPI ID (jsc#PED-634). - pinctrl: alderlake: Fix register offsets for ADL-N variant (jsc#PED-676). - pinctrl: armada-37xx: Add missing GPIO-only pins (git-fixes). - pinctrl: armada-37xx: Checks for errors in gpio_request_enable callback (git-fixes). - pinctrl: armada-37xx: Fix definitions for MPP pins 20-22 (git-fixes). - pinctrl: microchip-sgpio: Correct the fwnode_irq_get() return value check (git-fixes). - platform/chrome: cros_ec: Notify the PM of wake events during resume (git-fixes). - platform/chrome: cros_ec_proto: Update version on GET_NEXT_EVENT failure (git-fixes). - platform/chrome: cros_ec_typec: Correct alt mode index (git-fixes). - platform/chrome: fix double-free in chromeos_laptop_prepare() (git-fixes). - platform/chrome: fix memory corruption in ioctl (git-fixes). - platform/x86: asus-wmi: Document the dgpu_disable sysfs attribute (git-fixes). - platform/x86: asus-wmi: Document the egpu_enable sysfs attribute (git-fixes). - platform/x86: asus-wmi: Document the panel_od sysfs attribute (git-fixes). - platform/x86: msi-laptop: Change DMI match / alias strings to fix module autoloading (git-fixes). - platform/x86: msi-laptop: Fix old-ec check for backlight registering (git-fixes). - platform/x86: msi-laptop: Fix resource cleanup (git-fixes). - plip: avoid rcu debug splat (git-fixes). - pm: domains: Fix handling of unavailable/disabled idle states (git-fixes). - pm: hibernate: Allow hybrid sleep to work with s2idle (git-fixes). - power: supply: adp5061: fix out-of-bounds read in adp5061_get_chg_type() (git-fixes). - powerpc/64: Remove unused SYS_CALL_TABLE symbol (jsc#SLE-9246 git-fixes). - powerpc/64: pcpu setup avoid reading mmu_linear_psize on 64e or radix (bsc#1204413 ltc#200176). - powerpc/64s: Fix build failure when CONFIG_PPC_64S_HASH_MMU is not set (bsc#1204413 ltc#200176). - powerpc/64s: Make flush_and_reload_slb a no-op when radix is enabled (bsc#1204413 ltc#200176). - powerpc/64s: Make hash MMU support configurable (bsc#1204413 ltc#200176). - powerpc/64s: Move and rename do_bad_slb_fault as it is not hash specific (bsc#1204413 ltc#200176). - powerpc/64s: Move hash MMU support code under CONFIG_PPC_64S_HASH_MMU (bsc#1204413 ltc#200176). - powerpc/64s: Rename hash_hugetlbpage.c to hugetlbpage.c (bsc#1204413 ltc#200176). - powerpc/fadump: align destination address to pagesize (bsc#1204728 ltc#200074). - powerpc/kprobes: Fix null pointer reference in arch_prepare_kprobe() (jsc#SLE-13847 git-fixes). - powerpc/mm/64s: Drop pgd_huge() (bsc#1065729). - powerpc/pci_dn: Add missing of_node_put() (bsc#1065729). - powerpc/powernv: add missing of_node_put() in opal_export_attrs() (bsc#1065729). - powerpc/pseries/vas: Add VAS IRQ primary handler (bsc#1204413 ltc#200176). - powerpc/pseries: Stop selecting PPC_HASH_MMU_NATIVE (bsc#1204413 ltc#200176). - powerpc/pseries: lparcfg do not include slb_size line in radix mode (bsc#1204413 ltc#200176). - powerpc: Ignore DSI error caused by the copy/paste instruction (bsc#1204413 ltc#200176). - powerpc: Rename PPC_NATIVE to PPC_HASH_MMU_NATIVE (bsc#1204413 ltc#200176). Update config files. - powerpc: make memremap_compat_align 64s-only (bsc#1204413 ltc#200176). - printk: add missing memory barrier to wake_up_klogd() (bsc#1204934). - printk: use atomic updates for klogd work (bsc#1204934). - printk: wake waiters for safe and NMI contexts (bsc#1204934). - r8152: add PID for the Lenovo OneLink+ Dock (git-fixes). - rdma/cma: Fix arguments order in net device validation (git-fixes) - rdma/hfi1: Fix potential integer multiplication overflow errors (git-fixes) - rdma/hns: Add the detection for CMDQ status in the device initialization process (git-fixes) - rdma/irdma: Add support for address handle re-use (git-fixes) - rdma/irdma: Align AE id codes to correct flush code and event (git-fixes) - rdma/irdma: Do not advertise 1GB page size for x722 (git-fixes) - rdma/irdma: Fix VLAN connection with wildcard address (git-fixes) - rdma/irdma: Fix a window for use-after-free (git-fixes) - rdma/irdma: Fix setting of QP context err_rq_idx_valid field (git-fixes) - rdma/irdma: Fix sleep from invalid context BUG (git-fixes) - rdma/irdma: Move union irdma_sockaddr to header file (git-fixes) - rdma/irdma: Remove the unnecessary variable saddr (git-fixes) - rdma/irdma: Report RNR NAK generation in device caps (git-fixes) - rdma/irdma: Report the correct max cqes from query device (git-fixes) - rdma/irdma: Return correct WC error for bind operation failure (git-fixes) - rdma/irdma: Return error on MR deregister CQP failure (git-fixes) - rdma/irdma: Use net_type to check network type (git-fixes) - rdma/irdma: Validate udata inlen and outlen (git-fixes) - rdma/mlx5: Add missing check for return value in get namespace flow (git-fixes) - rdma/mlx5: Do not compare mkey tags in DEVX indirect mkey (git-fixes) - rdma/qedr: Fix potential memory leak in __qedr_alloc_mr() (git-fixes) - rdma/qedr: Fix reporting QP timeout attribute (git-fixes) - rdma/rxe: Fix "kernel NULL pointer dereference" error (git-fixes) - rdma/rxe: Fix deadlock in rxe_do_local_ops() (git-fixes) - rdma/rxe: Fix error unwind in rxe_create_qp() (git-fixes) - rdma/rxe: Fix mw bind to allow any consumer key portion (git-fixes) - rdma/rxe: Fix resize_finish() in rxe_queue.c (git-fixes) - rdma/rxe: Fix rnr retry behavior (git-fixes) - rdma/rxe: Fix the error caused by qp->sk (git-fixes) - rdma/rxe: For invalidate compare according to set keys in mr (git-fixes) - rdma/rxe: Generate a completion for unsupported/invalid opcode (git-fixes) - rdma/siw: Always consume all skbuf data in sk_data_ready() upcall. (git-fixes) - rdma/siw: Fix QP destroy to wait for all references dropped. (git-fixes) - rdma/siw: Fix duplicated reported IW_CM_EVENT_CONNECT_REPLY event (git-fixes) - rdma/siw: Pass a pointer to virt_to_page() (git-fixes) - rdma/srp: Fix srp_abort() (git-fixes) - rdma/srp: Handle dev_set_name() failure (git-fixes) - rdma/srp: Rework the srp_add_port() error path (git-fixes) - rdma/srp: Set scmnd->result only when scmnd is not NULL (git-fixes) - rdma/srp: Support more than 255 rdma ports (git-fixes) - rdma/srp: Use the attribute group mechanism for sysfs attributes (git-fixes) - rdma/srpt: Duplicate port name members (git-fixes) - rdma/srpt: Fix a use-after-free (git-fixes) - rdma/srpt: Introduce a reference count in struct srpt_device (git-fixes) - rdma/usnic: fix set-but-not-unused variable 'flags' warning (git-fixes) - rdma: remove useless condition in siw_create_cq() (git-fixes) - regulator: core: Prevent integer underflow (git-fixes). - remoteproc: imx_rproc: Simplify some error message (git-fixes). - revert "SUNRPC: Remove unreachable error condition" (git-fixes). - revert "crypto: qat - reduce size of mapped region" (git-fixes). - revert "drm/amdgpu: use dirty framebuffer helper" (git-fixes). - revert "usb: storage: Add quirk for Samsung Fit flash" (git-fixes). - revert "workqueue: remove unused cancel_work()" (bsc#1204933). - ring-buffer: Add ring_buffer_wake_waiters() (git-fixes). - ring-buffer: Allow splice to read previous partially read pages (git-fixes). - ring-buffer: Check for NULL cpu_buffer in ring_buffer_wake_waiters() (bsc#1204705). - ring-buffer: Check pending waiters when doing wake ups as well (git-fixes). - ring-buffer: Fix race between reset page and reading page (git-fixes). - ring-buffer: Have the shortest_full queue be the shortest not longest (git-fixes). - rose: Fix NULL pointer dereference in rose_send_frame() (git-fixes). - rpm/check-for-config-changes: loosen pattern for AS_HAS_* This is needed to handle CONFIG_AS_HAS_NON_CONST_LEB128. - rpmsg: qcom: glink: replace strncpy() with strscpy_pad() (git-fixes). - rtc: stmp3xxx: Add failure handling for stmp3xxx_wdt_register() (git-fixes). - s390/dasd: fix Oops in dasd_alias_get_start_dev due to missing pavgroup (git-fixes). - s390/smp: enforce lowcore protection on CPU restart (git-fixes). - sbitmap: Avoid leaving waitqueue in invalid state in __sbq_wake_up() (git-fixes). - sbitmap: fix possible io hung due to lost wakeup (git-fixes). - scsi: libsas: Fix use-after-free bug in smp_execute_task_sg() (git-fixes). - scsi: lpfc: Create a sysfs entry called lpfc_xcvr_data for transceiver info (bsc#1204957). - scsi: lpfc: Fix hard lockup when reading the rx_monitor from debugfs (bsc#1204957). - scsi: lpfc: Fix memory leak in lpfc_create_port() (bsc#1204957). - scsi: lpfc: Fix spelling mistake "unsolicted" -> "unsolicited" (bsc#1204957). - scsi: lpfc: Log when congestion management limits are in effect (bsc#1204957). - scsi: lpfc: Set sli4_param's cmf option to zero when CMF is turned off (bsc#1204957). - scsi: lpfc: Update lpfc version to 14.2.0.8 (bsc#1204957). - scsi: lpfc: Update the obsolete adapter list (bsc#1204142). - scsi: mpi3mr: Schedule IRQ kthreads only on non-RT kernels (bnc#1204498). - scsi: qla2xxx: Fix serialization of DCBX TLV data request (bsc#1204963). - scsi: qla2xxx: Use transport-defined speed mask for supported_speeds (bsc#1204963). - scsi: scsi_transport_fc: Use %u for dev_loss_tmo (bsc#1202914). - scsi: ufs: ufs-pci: Add support for Intel ADL (jsc#PED-707). - scsi: ufs: ufs-pci: Add support for Intel MTL (jsc#PED-732). - selftest: tpm2: Add Client.__del__() to close /dev/tpm* handle (git-fixes). - selftests/livepatch: better synchronize test_klp_callbacks_busy (bsc#1071995). - selftests/pidfd_test: Remove the erroneous ',' (git-fixes). - selftests/powerpc: Skip energy_scale_info test on older firmware (git-fixes). - selftests: netfilter: Fix nft_fib.sh for all.rp_filter=1 (git-fixes). - selinux: allow FIOCLEX and FIONCLEX with policy capability (git-fixes). - selinux: enable use of both GFP_KERNEL and GFP_ATOMIC in convert_context() (git-fixes). - selinux: use "grep -E" instead of "egrep" (git-fixes). - serial: 8250: Fix restoring termios speed after suspend (git-fixes). - serial: core: move RS485 configuration tasks from drivers into core (git-fixes). - sfc: disable softirqs for ptp TX (git-fixes). - sfc: fix kernel panic when creating VF (git-fixes). - sfc: fix use after free when disabling sriov (git-fixes). - signal: break out of wait loops on kthread_stop() (bsc#1204926). - slimbus: qcom-ngd: cleanup in probe error path (git-fixes). - slimbus: qcom-ngd: use correct error in message of pdr_add_lookup() failure (git-fixes). - soc/tegra: fuse: Drop Kconfig dependency on TEGRA20_APB_DMA (git-fixes). - soc: qcom: smem_state: Add refcounting for the 'state->of_node' (git-fixes). - soc: qcom: smsm: Fix refcount leak bugs in qcom_smsm_probe() (git-fixes). - soc: sunxi: sram: Fix probe function ordering issues (git-fixes). - soc: sunxi_sram: Make use of the helper function devm_platform_ioremap_resource() (git-fixes). - soundwire: cadence: Do not overwrite msg->buf during write commands (git-fixes). - soundwire: intel: fix error handling on dai registration issues (git-fixes). - spi: Ensure that sg_table won't be used after being freed (git-fixes). - spi: pxa2xx: Add support for Intel Meteor Lake-P (jsc#PED-732). - spi: pxa2xx: Add support for Intel Raptor Lake PCH-S (jsc#PED-634). - spmi: pmic-arb: correct duplicate APID to PPID mapping logic (git-fixes). - spmi: pmic-arb: do not ack and clear peripheral interrupts in cleanup_irq (git-fixes). - staging: rtl8723bs: fix a potential memory leak in rtw_init_cmd_priv() (git-fixes). - staging: rtl8723bs: fix potential memory leak in rtw_init_drv_sw() (git-fixes). - staging: vt6655: fix potential memory leak (git-fixes). - staging: vt6655: fix some erroneous memory clean-up loops (git-fixes). - stmmac: intel: Add a missing clk_disable_unprepare() call in intel_eth_pci_remove() (git-fixes). - stmmac: intel: Fix an error handling path in intel_eth_pci_probe() (git-fixes). - thermal/drivers/qcom/tsens-v0_1: Fix MSM8939 fourth sensor hw_id (git-fixes). - thermal: cpufreq_cooling: Check the policy first in cpufreq_cooling_register() (git-fixes). - thermal: int340x: Mode setting with new OS handshake (jsc#PED-678). - thermal: int340x: Update OS policy capability handshake (jsc#PED-678). - thermal: intel_powerclamp: Use first online CPU as control_cpu (git-fixes). - thermal: intel_powerclamp: Use get_cpu() instead of smp_processor_id() to avoid crash (git-fixes). - thunderbolt: Add back Intel Falcon Ridge end-to-end flow control workaround (git-fixes). - thunderbolt: Add missing device ID to tb_switch_is_alpine_ridge() (git-fixes). - thunderbolt: Add support for Intel Raptor Lake (jsc#PED-634). - thunderbolt: Disable LTTPR on Intel Titan Ridge (git-fixes). - thunderbolt: Explicitly enable lane adapter hotplug events at startup (git-fixes). - thunderbolt: Explicitly reset plug events delay back to USB4 spec value (git-fixes). - thunderbolt: Fix buffer allocation of devices with no DisplayPort adapters (git-fixes). - tracing/osnoise: Fix possible recursive locking in stop_per_cpu_kthreads (git-fixes). - tracing: Add "(fault)" name injection to kernel probes (git-fixes). - tracing: Add ioctl() to force ring buffer waiters to wake up (git-fixes). - tracing: Disable interrupt or preemption before acquiring arch_spinlock_t (git-fixes). - tracing: Do not free snapshot if tracer is on cmdline (git-fixes). - tracing: Fix reading strings from synthetic events (git-fixes). - tracing: Move duplicate code of trace_kprobe/eprobe.c into header (git-fixes). - tracing: Replace deprecated CPU-hotplug functions (git-fixes). - tracing: Simplify conditional compilation code in tracing_set_tracer() (git-fixes). - tracing: Wake up ring buffer waiters on closing of the file (git-fixes). - tracing: Wake up waiters when tracing is disabled (git-fixes). - tracing: kprobe: Fix kprobe event gen test module on exit (git-fixes).++ kernel-source.spec (revision 4)Release: <RELEASE>.g76cfe60Provides: %name-srchash-76cfe60e3ab724313d9fba4cf5ebaf12ad49ea0e - tracing: kprobe: Make gen test module work in arm and riscv (git-fixes). - tty: serial: fsl_lpuart: disable dma rx/tx use flags in lpuart_dma_shutdown (git-fixes). - tty: xilinx_uartps: Fix the ignore_status (git-fixes). - uas: add no-uas quirk for Hiksemi usb_disk (git-fixes). - uas: ignore UAS for Thinkplus chips (git-fixes). - udmabuf: Set ubuf->sg = NULL if the creation of sg table fails (git-fixes). - update kabi files. Refresh from Nov 2022 MU - 5.14.21-150400.24.28.1 - update patches.suse/kbuild-Add-skip_encoding_btf_enum64-option-to-pahole.patch (bsc#1204693). - usb-storage: Add Hiksemi USB3-FW to IGNORE_UAS (git-fixes). - usb/hcd: Fix dma_map_sg error check (git-fixes). - usb: add RESET_RESUME quirk for NVIDIA Jetson devices in RCM (git-fixes). - usb: add quirks for Lenovo OneLink+ Dock (git-fixes). - usb: bdc: change state when port disconnected (git-fixes). - usb: cdc-wdm: Use skb_put_data() instead of skb_put/memcpy pair (git-fixes). - usb: common: debug: Check non-standard control requests (git-fixes). - usb: dwc3: core: Enable GUCTL1 bit 10 for fixing termination error after resume bug (git-fixes). - usb: dwc3: gadget: Do not set IMI for no_interrupt (git-fixes). - usb: dwc3: gadget: Stop processing more requests on IMI (git-fixes). - usb: ehci: Fix a function name in comments (git-fixes). - usb: gadget: bdc: fix typo in comment (git-fixes). - usb: gadget: f_fs: stricter integer overflow checks (git-fixes). - usb: gadget: function: fix dangling pnp_string in f_printer.c (git-fixes). - usb: host: xhci-plat: suspend and resume clocks (git-fixes). - usb: host: xhci-plat: suspend/resume clks for brcm (git-fixes). - usb: host: xhci: Fix potential memory leak in xhci_alloc_stream_info() (git-fixes). - usb: idmouse: fix an uninit-value in idmouse_open (git-fixes). - usb: mon: make mmapped memory read only (git-fixes). - usb: mtu3: fix failed runtime suspend in host only mode (git-fixes). - usb: musb: Fix musb_gadget.c rxstate overflow bug (git-fixes). - usb: serial: console: move mutex_unlock() before usb_serial_put() (git-fixes). - usb: serial: ftdi_sio: fix 300 bps rate for SIO (git-fixes). - usb: serial: qcserial: add new usb-id for Dell branded EM7455 (git-fixes). - usb: typec: tcpm: fix typo in comment (git-fixes). - usb: xhci: add XHCI_SPURIOUS_SUCCESS to ASM1042 despite being a V0.96 controller (git-fixes). - virt: vbox: convert to use dev_groups (git-fixes). - vsock: fix possible infinite sleep in vsock_connectible_wait_data() (git-fixes). - vsock: remove the unused 'wait' in vsock_connectible_recvmsg() (git-fixes). - watchdog/hpwdt: Include nmi.h only if CONFIG_HPWDT_NMI_DECODING (git-fixes). - watchdog: armada_37xx_wdt: Fix .set_timeout callback (git-fixes). - watchdog: ftwdt010_wdt: fix test for platform_get_irq() failure (git-fixes). - wifi: ath9k: avoid uninit memory read in ath9k_htc_rx_msg() (git-fixes). - wifi: brcmfmac: fix invalid address access when enabling SCAN log level (git-fixes). - wifi: brcmfmac: fix use-after-free bug in brcmf_netdev_start_xmit() (git-fixes). - wifi: cfg80211/mac80211: reject bad MBSSID elements (git-fixes). - wifi: cfg80211: fix ieee80211_data_to_8023_exthdr handling of small packets (git-fixes). - wifi: cfg80211: update hidden BSSes to avoid WARN_ON (git-fixes). - wifi: iwlwifi: mvm: fix double list_add at iwl_mvm_mac_wake_tx_queue (other cases) (git-fixes). - wifi: mac80211: do not drop packets smaller than the LLC-SNAP header on fast-rx (git-fixes). - wifi: mac80211: fix decap offload for stations on AP_VLAN interfaces (git-fixes). - wifi: mac80211: fix probe req HE capabilities access (git-fixes). - wifi: mac80211_hwsim: avoid mac80211 warning on bad rate (git-fixes). - wifi: mt76: mt7921: reset msta->airtime_ac while clearing up hw value (git-fixes). - wifi: rt2x00: correctly set BBP register 86 for MT7620 (git-fixes). - wifi: rt2x00: do not run Rt5592 IQ calibration on MT7620 (git-fixes). - wifi: rt2x00: set SoC wmac clock register (git-fixes). - wifi: rt2x00: set VGC gain for both chains of MT7620 (git-fixes). - wifi: rt2x00: set correct TX_SW_CFG1 MAC register for MT7620 (git-fixes). - wwan_hwsim: fix possible memory leak in wwan_hwsim_dev_new() (git-fixes). - x86/boot: Do not propagate uninitialized boot_params->cc_blob_address (bsc#1204970). - x86/boot: Fix the setup data types max limit (bsc#1204970). - x86/compressed/64: Add identity mappings for setup_data entries (bsc#1204970). - x86/sev: Annotate stack change in the #VC handler (bsc#1204970). - x86/sev: Do not use cc_platform_has() for early SEV-SNP calls (bsc#1204970). - x86/sev: Remove duplicated assignment to variable info (bsc#1204970). - xen/gntdev: Prevent leaking grants (git-fixes). - xhci-pci: Set runtime PM as default policy on all xHC 1.2 or later devices (git-fixes). - xhci: Add quirk to reset host back to default state at shutdown (git-fixes). - xhci: Do not show warning for reinit on known broken suspend (git-fixes). - xhci: Remove device endpoints from bandwidth list when freeing the device (git-fixes). - xhci: dbc: Fix memory leak in xhci_alloc_dbc() (git-fixes). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-4072=1 - SUSE Linux Enterprise Workstation Extension 15-SP4: zypper in -t patch SUSE-SLE-Product-WE-15-SP4-2022-4072=1 - SUSE Linux Enterprise Module for Live Patching 15-SP4: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2022-4072=1 Please note that this is the initial kernel livepatch without fixes itself, this livepatch package is later updated by seperate standalone livepatch updates. - SUSE Linux Enterprise Module for Legacy Software 15-SP4: zypper in -t patch SUSE-SLE-Module-Legacy-15-SP4-2022-4072=1 - SUSE Linux Enterprise Module for Development Tools 15-SP4: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2022-4072=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-4072=1 - SUSE Linux Enterprise Micro 5.3: zypper in -t patch SUSE-SLE-Micro-5.3-2022-4072=1 - SUSE Linux Enterprise High Availability 15-SP4: zypper in -t patch SUSE-SLE-Product-HA-15-SP4-2022-4072=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): cluster-md-kmp-default-5.14.21-150400.24.33.2 cluster-md-kmp-default-debuginfo-5.14.21-150400.24.33.2 dlm-kmp-default-5.14.21-150400.24.33.2 dlm-kmp-default-debuginfo-5.14.21-150400.24.33.2 gfs2-kmp-default-5.14.21-150400.24.33.2 gfs2-kmp-default-debuginfo-5.14.21-150400.24.33.2 kernel-default-5.14.21-150400.24.33.2 kernel-default-base-5.14.21-150400.24.33.2.150400.24.11.4 kernel-default-base-rebuild-5.14.21-150400.24.33.2.150400.24.11.4 kernel-default-debuginfo-5.14.21-150400.24.33.2 kernel-default-debugsource-5.14.21-150400.24.33.2 kernel-default-devel-5.14.21-150400.24.33.2 kernel-default-devel-debuginfo-5.14.21-150400.24.33.2 kernel-default-extra-5.14.21-150400.24.33.2 kernel-default-extra-debuginfo-5.14.21-150400.24.33.2 kernel-default-livepatch-5.14.21-150400.24.33.2 kernel-default-livepatch-devel-5.14.21-150400.24.33.2 kernel-default-optional-5.14.21-150400.24.33.2 kernel-default-optional-debuginfo-5.14.21-150400.24.33.2 kernel-obs-build-5.14.21-150400.24.33.1 kernel-obs-build-debugsource-5.14.21-150400.24.33.1 kernel-obs-qa-5.14.21-150400.24.33.1 kernel-syms-5.14.21-150400.24.33.1 kselftests-kmp-default-5.14.21-150400.24.33.2 kselftests-kmp-default-debuginfo-5.14.21-150400.24.33.2 ocfs2-kmp-default-5.14.21-150400.24.33.2 ocfs2-kmp-default-debuginfo-5.14.21-150400.24.33.2 reiserfs-kmp-default-5.14.21-150400.24.33.2 reiserfs-kmp-default-debuginfo-5.14.21-150400.24.33.2 - openSUSE Leap 15.4 (aarch64 ppc64le x86_64): kernel-kvmsmall-5.14.21-150400.24.33.2 kernel-kvmsmall-debuginfo-5.14.21-150400.24.33.2 kernel-kvmsmall-debugsource-5.14.21-150400.24.33.2 kernel-kvmsmall-devel-5.14.21-150400.24.33.2 kernel-kvmsmall-devel-debuginfo-5.14.21-150400.24.33.2 kernel-kvmsmall-livepatch-devel-5.14.21-150400.24.33.2 - openSUSE Leap 15.4 (ppc64le x86_64): kernel-debug-5.14.21-150400.24.33.2 kernel-debug-debuginfo-5.14.21-150400.24.33.2 kernel-debug-debugsource-5.14.21-150400.24.33.2 kernel-debug-devel-5.14.21-150400.24.33.2 kernel-debug-devel-debuginfo-5.14.21-150400.24.33.2 kernel-debug-livepatch-devel-5.14.21-150400.24.33.2 - openSUSE Leap 15.4 (aarch64): cluster-md-kmp-64kb-5.14.21-150400.24.33.2 cluster-md-kmp-64kb-debuginfo-5.14.21-150400.24.33.2 dlm-kmp-64kb-5.14.21-150400.24.33.2 dlm-kmp-64kb-debuginfo-5.14.21-150400.24.33.2 dtb-allwinner-5.14.21-150400.24.33.1 dtb-altera-5.14.21-150400.24.33.1 dtb-amazon-5.14.21-150400.24.33.1 dtb-amd-5.14.21-150400.24.33.1 dtb-amlogic-5.14.21-150400.24.33.1 dtb-apm-5.14.21-150400.24.33.1 dtb-apple-5.14.21-150400.24.33.1 dtb-arm-5.14.21-150400.24.33.1 dtb-broadcom-5.14.21-150400.24.33.1 dtb-cavium-5.14.21-150400.24.33.1 dtb-exynos-5.14.21-150400.24.33.1 dtb-freescale-5.14.21-150400.24.33.1 dtb-hisilicon-5.14.21-150400.24.33.1 dtb-lg-5.14.21-150400.24.33.1 dtb-marvell-5.14.21-150400.24.33.1 dtb-mediatek-5.14.21-150400.24.33.1 dtb-nvidia-5.14.21-150400.24.33.1 dtb-qcom-5.14.21-150400.24.33.1 dtb-renesas-5.14.21-150400.24.33.1 dtb-rockchip-5.14.21-150400.24.33.1 dtb-socionext-5.14.21-150400.24.33.1 dtb-sprd-5.14.21-150400.24.33.1 dtb-xilinx-5.14.21-150400.24.33.1 gfs2-kmp-64kb-5.14.21-150400.24.33.2 gfs2-kmp-64kb-debuginfo-5.14.21-150400.24.33.2 kernel-64kb-5.14.21-150400.24.33.2 kernel-64kb-debuginfo-5.14.21-150400.24.33.2 kernel-64kb-debugsource-5.14.21-150400.24.33.2 kernel-64kb-devel-5.14.21-150400.24.33.2 kernel-64kb-devel-debuginfo-5.14.21-150400.24.33.2 kernel-64kb-extra-5.14.21-150400.24.33.2 kernel-64kb-extra-debuginfo-5.14.21-150400.24.33.2 kernel-64kb-livepatch-devel-5.14.21-150400.24.33.2 kernel-64kb-optional-5.14.21-150400.24.33.2 kernel-64kb-optional-debuginfo-5.14.21-150400.24.33.2 kselftests-kmp-64kb-5.14.21-150400.24.33.2 kselftests-kmp-64kb-debuginfo-5.14.21-150400.24.33.2 ocfs2-kmp-64kb-5.14.21-150400.24.33.2 ocfs2-kmp-64kb-debuginfo-5.14.21-150400.24.33.2 reiserfs-kmp-64kb-5.14.21-150400.24.33.2 reiserfs-kmp-64kb-debuginfo-5.14.21-150400.24.33.2 - openSUSE Leap 15.4 (noarch): kernel-devel-5.14.21-150400.24.33.1 kernel-docs-5.14.21-150400.24.33.2 kernel-docs-html-5.14.21-150400.24.33.2 kernel-macros-5.14.21-150400.24.33.1 kernel-source-5.14.21-150400.24.33.1 kernel-source-vanilla-5.14.21-150400.24.33.1 - openSUSE Leap 15.4 (s390x): kernel-zfcpdump-5.14.21-150400.24.33.2 kernel-zfcpdump-debuginfo-5.14.21-150400.24.33.2 kernel-zfcpdump-debugsource-5.14.21-150400.24.33.2 - SUSE Linux Enterprise Workstation Extension 15-SP4 (x86_64): kernel-default-debuginfo-5.14.21-150400.24.33.2 kernel-default-debugsource-5.14.21-150400.24.33.2 kernel-default-extra-5.14.21-150400.24.33.2 kernel-default-extra-debuginfo-5.14.21-150400.24.33.2 - SUSE Linux Enterprise Module for Live Patching 15-SP4 (ppc64le s390x x86_64): kernel-default-debuginfo-5.14.21-150400.24.33.2 kernel-default-debugsource-5.14.21-150400.24.33.2 kernel-default-livepatch-5.14.21-150400.24.33.2 kernel-default-livepatch-devel-5.14.21-150400.24.33.2 kernel-livepatch-5_14_21-150400_24_33-default-1-150400.9.3.4 kernel-livepatch-5_14_21-150400_24_33-default-debuginfo-1-150400.9.3.4 kernel-livepatch-SLE15-SP4_Update_5-debugsource-1-150400.9.3.4 - SUSE Linux Enterprise Module for Legacy Software 15-SP4 (aarch64 ppc64le s390x x86_64): kernel-default-debuginfo-5.14.21-150400.24.33.2 kernel-default-debugsource-5.14.21-150400.24.33.2 reiserfs-kmp-default-5.14.21-150400.24.33.2 reiserfs-kmp-default-debuginfo-5.14.21-150400.24.33.2 - SUSE Linux Enterprise Module for Development Tools 15-SP4 (aarch64 ppc64le s390x x86_64): kernel-obs-build-5.14.21-150400.24.33.1 kernel-obs-build-debugsource-5.14.21-150400.24.33.1 kernel-syms-5.14.21-150400.24.33.1 - SUSE Linux Enterprise Module for Development Tools 15-SP4 (noarch): kernel-docs-5.14.21-150400.24.33.2 kernel-source-5.14.21-150400.24.33.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): kernel-default-5.14.21-150400.24.33.2 kernel-default-base-5.14.21-150400.24.33.2.150400.24.11.4 kernel-default-debuginfo-5.14.21-150400.24.33.2 kernel-default-debugsource-5.14.21-150400.24.33.2 kernel-default-devel-5.14.21-150400.24.33.2 kernel-default-devel-debuginfo-5.14.21-150400.24.33.2 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64): kernel-64kb-5.14.21-150400.24.33.2 kernel-64kb-debuginfo-5.14.21-150400.24.33.2 kernel-64kb-debugsource-5.14.21-150400.24.33.2 kernel-64kb-devel-5.14.21-150400.24.33.2 kernel-64kb-devel-debuginfo-5.14.21-150400.24.33.2 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (noarch): kernel-devel-5.14.21-150400.24.33.1 kernel-macros-5.14.21-150400.24.33.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (s390x): kernel-zfcpdump-5.14.21-150400.24.33.2 kernel-zfcpdump-debuginfo-5.14.21-150400.24.33.2 kernel-zfcpdump-debugsource-5.14.21-150400.24.33.2 - SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64): kernel-default-5.14.21-150400.24.33.2 kernel-default-base-5.14.21-150400.24.33.2.150400.24.11.4 kernel-default-debuginfo-5.14.21-150400.24.33.2 kernel-default-debugsource-5.14.21-150400.24.33.2 - SUSE Linux Enterprise High Availability 15-SP4 (aarch64 ppc64le s390x x86_64): cluster-md-kmp-default-5.14.21-150400.24.33.2 cluster-md-kmp-default-debuginfo-5.14.21-150400.24.33.2 dlm-kmp-default-5.14.21-150400.24.33.2 dlm-kmp-default-debuginfo-5.14.21-150400.24.33.2 gfs2-kmp-default-5.14.21-150400.24.33.2 gfs2-kmp-default-debuginfo-5.14.21-150400.24.33.2 kernel-default-debuginfo-5.14.21-150400.24.33.2 kernel-default-debugsource-5.14.21-150400.24.33.2 ocfs2-kmp-default-5.14.21-150400.24.33.2 ocfs2-kmp-default-debuginfo-5.14.21-150400.24.33.2 References: https://www.suse.com/security/cve/CVE-2022-1882.html https://www.suse.com/security/cve/CVE-2022-2153.html https://www.suse.com/security/cve/CVE-2022-28748.html https://www.suse.com/security/cve/CVE-2022-2964.html https://www.suse.com/security/cve/CVE-2022-2978.html https://www.suse.com/security/cve/CVE-2022-3169.html https://www.suse.com/security/cve/CVE-2022-33981.html https://www.suse.com/security/cve/CVE-2022-3424.html https://www.suse.com/security/cve/CVE-2022-3435.html https://www.suse.com/security/cve/CVE-2022-3521.html https://www.suse.com/security/cve/CVE-2022-3524.html https://www.suse.com/security/cve/CVE-2022-3526.html https://www.suse.com/security/cve/CVE-2022-3535.html https://www.suse.com/security/cve/CVE-2022-3542.html https://www.suse.com/security/cve/CVE-2022-3545.html https://www.suse.com/security/cve/CVE-2022-3565.html https://www.suse.com/security/cve/CVE-2022-3577.html https://www.suse.com/security/cve/CVE-2022-3586.html https://www.suse.com/security/cve/CVE-2022-3594.html https://www.suse.com/security/cve/CVE-2022-3619.html https://www.suse.com/security/cve/CVE-2022-3621.html https://www.suse.com/security/cve/CVE-2022-3625.html https://www.suse.com/security/cve/CVE-2022-3628.html https://www.suse.com/security/cve/CVE-2022-3629.html https://www.suse.com/security/cve/CVE-2022-3633.html https://www.suse.com/security/cve/CVE-2022-3640.html https://www.suse.com/security/cve/CVE-2022-3646.html https://www.suse.com/security/cve/CVE-2022-3649.html https://www.suse.com/security/cve/CVE-2022-40476.html https://www.suse.com/security/cve/CVE-2022-40768.html https://www.suse.com/security/cve/CVE-2022-42703.html https://www.suse.com/security/cve/CVE-2022-43750.html https://bugzilla.suse.com/1065729 https://bugzilla.suse.com/1071995 https://bugzilla.suse.com/1152472 https://bugzilla.suse.com/1152489 https://bugzilla.suse.com/1188238 https://bugzilla.suse.com/1194869 https://bugzilla.suse.com/1196018 https://bugzilla.suse.com/1196632 https://bugzilla.suse.com/1199904 https://bugzilla.suse.com/1200567 https://bugzilla.suse.com/1200692 https://bugzilla.suse.com/1200788 https://bugzilla.suse.com/1202187 https://bugzilla.suse.com/1202686 https://bugzilla.suse.com/1202700 https://bugzilla.suse.com/1202914 https://bugzilla.suse.com/1203098 https://bugzilla.suse.com/1203229 https://bugzilla.suse.com/1203290 https://bugzilla.suse.com/1203435 https://bugzilla.suse.com/1203514 https://bugzilla.suse.com/1203699 https://bugzilla.suse.com/1203767 https://bugzilla.suse.com/1203802 https://bugzilla.suse.com/1203922 https://bugzilla.suse.com/1204017 https://bugzilla.suse.com/1204142 https://bugzilla.suse.com/1204166 https://bugzilla.suse.com/1204168 https://bugzilla.suse.com/1204171 https://bugzilla.suse.com/1204241 https://bugzilla.suse.com/1204353 https://bugzilla.suse.com/1204354 https://bugzilla.suse.com/1204355 https://bugzilla.suse.com/1204402 https://bugzilla.suse.com/1204413 https://bugzilla.suse.com/1204415 https://bugzilla.suse.com/1204417 https://bugzilla.suse.com/1204428 https://bugzilla.suse.com/1204431 https://bugzilla.suse.com/1204439 https://bugzilla.suse.com/1204470 https://bugzilla.suse.com/1204479 https://bugzilla.suse.com/1204498 https://bugzilla.suse.com/1204533 https://bugzilla.suse.com/1204569 https://bugzilla.suse.com/1204574 https://bugzilla.suse.com/1204575 https://bugzilla.suse.com/1204619 https://bugzilla.suse.com/1204635 https://bugzilla.suse.com/1204637 https://bugzilla.suse.com/1204646 https://bugzilla.suse.com/1204647 https://bugzilla.suse.com/1204650 https://bugzilla.suse.com/1204653 https://bugzilla.suse.com/1204693 https://bugzilla.suse.com/1204705 https://bugzilla.suse.com/1204719 https://bugzilla.suse.com/1204728 https://bugzilla.suse.com/1204753 https://bugzilla.suse.com/1204868 https://bugzilla.suse.com/1204926 https://bugzilla.suse.com/1204933 https://bugzilla.suse.com/1204934 https://bugzilla.suse.com/1204947 https://bugzilla.suse.com/1204957 https://bugzilla.suse.com/1204963 https://bugzilla.suse.com/1204970 From sle-updates at lists.suse.com Fri Nov 18 17:32:39 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 18 Nov 2022 18:32:39 +0100 (CET) Subject: SUSE-SU-2022:4077-1: important: Security update for sudo Message-ID: <20221118173239.A5810F3E2@maintenance.suse.de> SUSE Security Update: Security update for sudo ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:4077-1 Rating: important References: #1190818 #1203201 #1204986 Cross-References: CVE-2022-43995 CVSS scores: CVE-2022-43995 (NVD) : 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H CVE-2022-43995 (SUSE): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H Affected Products: SUSE Enterprise Storage 7.1 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 openSUSE Leap Micro 5.2 ______________________________________________________________________________ An update that solves one vulnerability and has two fixes is now available. Description: This update for sudo fixes the following issues: - CVE-2022-43995: Fixed a potential heap-based buffer over-read when entering a passwor dof seven characters or fewer and using the crypt() password backend (bsc#1204986). - Fix wrong information output in the error message (bsc#1190818). - Make sure SIGCHLD is not ignored when sudo is executed; fixes race condition (bsc#1203201). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap Micro 5.2: zypper in -t patch openSUSE-Leap-Micro-5.2-2022-4077=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-4077=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-4077=1 - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-4077=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-4077=1 Package List: - openSUSE Leap Micro 5.2 (aarch64 x86_64): sudo-1.9.5p2-150300.3.13.1 sudo-debuginfo-1.9.5p2-150300.3.13.1 sudo-debugsource-1.9.5p2-150300.3.13.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): sudo-1.9.5p2-150300.3.13.1 sudo-debuginfo-1.9.5p2-150300.3.13.1 sudo-debugsource-1.9.5p2-150300.3.13.1 sudo-devel-1.9.5p2-150300.3.13.1 sudo-plugin-python-1.9.5p2-150300.3.13.1 sudo-plugin-python-debuginfo-1.9.5p2-150300.3.13.1 sudo-test-1.9.5p2-150300.3.13.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): sudo-1.9.5p2-150300.3.13.1 sudo-debuginfo-1.9.5p2-150300.3.13.1 sudo-debugsource-1.9.5p2-150300.3.13.1 sudo-devel-1.9.5p2-150300.3.13.1 sudo-plugin-python-1.9.5p2-150300.3.13.1 sudo-plugin-python-debuginfo-1.9.5p2-150300.3.13.1 - SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64): sudo-1.9.5p2-150300.3.13.1 sudo-debuginfo-1.9.5p2-150300.3.13.1 sudo-debugsource-1.9.5p2-150300.3.13.1 - SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64): sudo-1.9.5p2-150300.3.13.1 sudo-debuginfo-1.9.5p2-150300.3.13.1 sudo-debugsource-1.9.5p2-150300.3.13.1 References: https://www.suse.com/security/cve/CVE-2022-43995.html https://bugzilla.suse.com/1190818 https://bugzilla.suse.com/1203201 https://bugzilla.suse.com/1204986 From sle-updates at lists.suse.com Fri Nov 18 17:33:39 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 18 Nov 2022 18:33:39 +0100 (CET) Subject: SUSE-SU-2022:4074-1: important: Security update for python-Twisted Message-ID: <20221118173339.AC83EF3E2@maintenance.suse.de> SUSE Security Update: Security update for python-Twisted ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:4074-1 Rating: important References: #1204781 Cross-References: CVE-2019-12387 CVE-2020-10108 CVE-2022-21712 CVE-2022-39348 CVSS scores: CVE-2019-12387 (NVD) : 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVE-2019-12387 (SUSE): 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVE-2020-10108 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2020-10108 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVE-2022-21712 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2022-21712 (SUSE): 7.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N CVE-2022-39348 (NVD) : 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2022-39348 (SUSE): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L Affected Products: HPE Helion Openstack 8 SUSE Linux Enterprise High Performance Computing 12 SUSE Linux Enterprise Module for Web Scripting 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP Applications 12 SUSE Linux Enterprise Server for SAP Applications 12-SP3 SUSE Linux Enterprise Server for SAP Applications 12-SP4 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud Crowbar 9 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for python-Twisted fixes the following issues: - CVE-2022-39348: Fixed NameVirtualHost Host header injection (bsc#1204781). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2022-4074=1 - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2022-4074=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2022-4074=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2022-4074=1 - SUSE Linux Enterprise Module for Web Scripting 12: zypper in -t patch SUSE-SLE-Module-Web-Scripting-12-2022-4074=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2022-4074=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): python-Twisted-15.2.1-9.23.1 python-Twisted-debuginfo-15.2.1-9.23.1 python-Twisted-debugsource-15.2.1-9.23.1 - SUSE OpenStack Cloud Crowbar 8 (x86_64): python-Twisted-15.2.1-9.23.1 python-Twisted-debuginfo-15.2.1-9.23.1 python-Twisted-debugsource-15.2.1-9.23.1 - SUSE OpenStack Cloud 9 (x86_64): python-Twisted-15.2.1-9.23.1 python-Twisted-debuginfo-15.2.1-9.23.1 python-Twisted-debugsource-15.2.1-9.23.1 - SUSE OpenStack Cloud 8 (x86_64): python-Twisted-15.2.1-9.23.1 python-Twisted-debuginfo-15.2.1-9.23.1 python-Twisted-debugsource-15.2.1-9.23.1 - SUSE Linux Enterprise Module for Web Scripting 12 (aarch64 ppc64le s390x x86_64): python-Twisted-15.2.1-9.23.1 python-Twisted-debuginfo-15.2.1-9.23.1 python-Twisted-debugsource-15.2.1-9.23.1 - HPE Helion Openstack 8 (x86_64): python-Twisted-15.2.1-9.23.1 python-Twisted-debuginfo-15.2.1-9.23.1 python-Twisted-debugsource-15.2.1-9.23.1 References: https://www.suse.com/security/cve/CVE-2019-12387.html https://www.suse.com/security/cve/CVE-2020-10108.html https://www.suse.com/security/cve/CVE-2022-21712.html https://www.suse.com/security/cve/CVE-2022-39348.html https://bugzilla.suse.com/1204781 From sle-updates at lists.suse.com Fri Nov 18 17:34:28 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 18 Nov 2022 18:34:28 +0100 (CET) Subject: SUSE-RU-2022:4076-1: moderate: Recommended update for jsoup Message-ID: <20221118173428.E972EF3E2@maintenance.suse.de> SUSE Recommended Update: Recommended update for jsoup ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:4076-1 Rating: moderate References: Affected Products: SUSE Enterprise Storage 7.1 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Development Tools 15-SP3 SUSE Linux Enterprise Module for Development Tools 15-SP4 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.2 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.2 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.2 SUSE Manager Server 4.3 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has 0 recommended fixes can now be installed. Description: This update for jsoup fixes the following issues: - Fix typo in the ant *-build.xml file that caused errors while building eclipse. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-4076=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-4076=1 - SUSE Linux Enterprise Module for Development Tools 15-SP4: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2022-4076=1 - SUSE Linux Enterprise Module for Development Tools 15-SP3: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2022-4076=1 Package List: - openSUSE Leap 15.4 (noarch): jsoup-1.15.3-150200.3.9.1 jsoup-javadoc-1.15.3-150200.3.9.1 - openSUSE Leap 15.3 (noarch): jsoup-1.15.3-150200.3.9.1 jsoup-javadoc-1.15.3-150200.3.9.1 - SUSE Linux Enterprise Module for Development Tools 15-SP4 (noarch): jsoup-1.15.3-150200.3.9.1 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (noarch): jsoup-1.15.3-150200.3.9.1 References: From sle-updates at lists.suse.com Fri Nov 18 20:24:22 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 18 Nov 2022 21:24:22 +0100 (CET) Subject: SUSE-SU-2022:4081-1: Security update for dpkg Message-ID: <20221118202422.B939BF3E2@maintenance.suse.de> SUSE Security Update: Security update for dpkg ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:4081-1 Rating: low References: #1199944 Cross-References: CVE-2022-1664 CVSS scores: CVE-2022-1664 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-1664 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Enterprise Storage 7 SUSE Enterprise Storage 7.1 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Micro 5.3 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Module for Development Tools 15-SP3 SUSE Linux Enterprise Module for Development Tools 15-SP4 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.1 SUSE Manager Retail Branch Server 4.2 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.1 SUSE Manager Server 4.2 SUSE Manager Server 4.3 openSUSE Leap 15.3 openSUSE Leap 15.4 openSUSE Leap Micro 5.2 openSUSE Leap Micro 5.3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for dpkg fixes the following issues: - CVE-2022-1664: Fixed a directory traversal vulnerability in Dpkg::Source::Archive (bsc#1199944). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap Micro 5.3: zypper in -t patch openSUSE-Leap-Micro-5.3-2022-4081=1 - openSUSE Leap Micro 5.2: zypper in -t patch openSUSE-Leap-Micro-5.2-2022-4081=1 - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-4081=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-4081=1 - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-4081=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-4081=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-4081=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-4081=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-4081=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-4081=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-4081=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-4081=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-4081=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-4081=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2022-4081=1 - SUSE Linux Enterprise Module for Development Tools 15-SP4: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2022-4081=1 - SUSE Linux Enterprise Module for Development Tools 15-SP3: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2022-4081=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-4081=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-4081=1 - SUSE Linux Enterprise Micro 5.3: zypper in -t patch SUSE-SLE-Micro-5.3-2022-4081=1 - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-4081=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-4081=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-4081=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-4081=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-4081=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-4081=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-4081=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-4081=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-4081=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-4081=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - openSUSE Leap Micro 5.3 (aarch64 x86_64): update-alternatives-1.19.0.4-150000.4.4.1 update-alternatives-debuginfo-1.19.0.4-150000.4.4.1 update-alternatives-debugsource-1.19.0.4-150000.4.4.1 - openSUSE Leap Micro 5.2 (aarch64 x86_64): update-alternatives-1.19.0.4-150000.4.4.1 update-alternatives-debuginfo-1.19.0.4-150000.4.4.1 update-alternatives-debugsource-1.19.0.4-150000.4.4.1 - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): dpkg-1.19.0.4-150000.4.4.1 dpkg-debuginfo-1.19.0.4-150000.4.4.1 dpkg-debugsource-1.19.0.4-150000.4.4.1 dpkg-devel-1.19.0.4-150000.4.4.1 update-alternatives-1.19.0.4-150000.4.4.1 update-alternatives-debuginfo-1.19.0.4-150000.4.4.1 update-alternatives-debugsource-1.19.0.4-150000.4.4.1 - openSUSE Leap 15.4 (noarch): dpkg-lang-1.19.0.4-150000.4.4.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): dpkg-1.19.0.4-150000.4.4.1 dpkg-debuginfo-1.19.0.4-150000.4.4.1 dpkg-debugsource-1.19.0.4-150000.4.4.1 dpkg-devel-1.19.0.4-150000.4.4.1 update-alternatives-1.19.0.4-150000.4.4.1 update-alternatives-debuginfo-1.19.0.4-150000.4.4.1 update-alternatives-debugsource-1.19.0.4-150000.4.4.1 - openSUSE Leap 15.3 (noarch): dpkg-lang-1.19.0.4-150000.4.4.1 - SUSE Manager Server 4.1 (ppc64le s390x x86_64): dpkg-1.19.0.4-150000.4.4.1 dpkg-debuginfo-1.19.0.4-150000.4.4.1 dpkg-debugsource-1.19.0.4-150000.4.4.1 dpkg-devel-1.19.0.4-150000.4.4.1 update-alternatives-1.19.0.4-150000.4.4.1 update-alternatives-debuginfo-1.19.0.4-150000.4.4.1 update-alternatives-debugsource-1.19.0.4-150000.4.4.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): dpkg-1.19.0.4-150000.4.4.1 dpkg-debuginfo-1.19.0.4-150000.4.4.1 dpkg-debugsource-1.19.0.4-150000.4.4.1 dpkg-devel-1.19.0.4-150000.4.4.1 update-alternatives-1.19.0.4-150000.4.4.1 update-alternatives-debuginfo-1.19.0.4-150000.4.4.1 update-alternatives-debugsource-1.19.0.4-150000.4.4.1 - SUSE Manager Proxy 4.1 (x86_64): dpkg-1.19.0.4-150000.4.4.1 dpkg-debuginfo-1.19.0.4-150000.4.4.1 dpkg-debugsource-1.19.0.4-150000.4.4.1 dpkg-devel-1.19.0.4-150000.4.4.1 update-alternatives-1.19.0.4-150000.4.4.1 update-alternatives-debuginfo-1.19.0.4-150000.4.4.1 update-alternatives-debugsource-1.19.0.4-150000.4.4.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): dpkg-1.19.0.4-150000.4.4.1 dpkg-debuginfo-1.19.0.4-150000.4.4.1 dpkg-debugsource-1.19.0.4-150000.4.4.1 dpkg-devel-1.19.0.4-150000.4.4.1 update-alternatives-1.19.0.4-150000.4.4.1 update-alternatives-debuginfo-1.19.0.4-150000.4.4.1 update-alternatives-debugsource-1.19.0.4-150000.4.4.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): dpkg-1.19.0.4-150000.4.4.1 dpkg-debuginfo-1.19.0.4-150000.4.4.1 dpkg-debugsource-1.19.0.4-150000.4.4.1 dpkg-devel-1.19.0.4-150000.4.4.1 update-alternatives-1.19.0.4-150000.4.4.1 update-alternatives-debuginfo-1.19.0.4-150000.4.4.1 update-alternatives-debugsource-1.19.0.4-150000.4.4.1 - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): dpkg-1.19.0.4-150000.4.4.1 dpkg-debuginfo-1.19.0.4-150000.4.4.1 dpkg-debugsource-1.19.0.4-150000.4.4.1 dpkg-devel-1.19.0.4-150000.4.4.1 update-alternatives-1.19.0.4-150000.4.4.1 update-alternatives-debuginfo-1.19.0.4-150000.4.4.1 update-alternatives-debugsource-1.19.0.4-150000.4.4.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): dpkg-1.19.0.4-150000.4.4.1 dpkg-debuginfo-1.19.0.4-150000.4.4.1 dpkg-debugsource-1.19.0.4-150000.4.4.1 dpkg-devel-1.19.0.4-150000.4.4.1 update-alternatives-1.19.0.4-150000.4.4.1 update-alternatives-debuginfo-1.19.0.4-150000.4.4.1 update-alternatives-debugsource-1.19.0.4-150000.4.4.1 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): dpkg-1.19.0.4-150000.4.4.1 dpkg-debuginfo-1.19.0.4-150000.4.4.1 dpkg-debugsource-1.19.0.4-150000.4.4.1 dpkg-devel-1.19.0.4-150000.4.4.1 update-alternatives-1.19.0.4-150000.4.4.1 update-alternatives-debuginfo-1.19.0.4-150000.4.4.1 update-alternatives-debugsource-1.19.0.4-150000.4.4.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): dpkg-1.19.0.4-150000.4.4.1 dpkg-debuginfo-1.19.0.4-150000.4.4.1 dpkg-debugsource-1.19.0.4-150000.4.4.1 dpkg-devel-1.19.0.4-150000.4.4.1 update-alternatives-1.19.0.4-150000.4.4.1 update-alternatives-debuginfo-1.19.0.4-150000.4.4.1 update-alternatives-debugsource-1.19.0.4-150000.4.4.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): dpkg-1.19.0.4-150000.4.4.1 dpkg-debuginfo-1.19.0.4-150000.4.4.1 dpkg-debugsource-1.19.0.4-150000.4.4.1 dpkg-devel-1.19.0.4-150000.4.4.1 update-alternatives-1.19.0.4-150000.4.4.1 update-alternatives-debuginfo-1.19.0.4-150000.4.4.1 update-alternatives-debugsource-1.19.0.4-150000.4.4.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): dpkg-1.19.0.4-150000.4.4.1 dpkg-debuginfo-1.19.0.4-150000.4.4.1 dpkg-debugsource-1.19.0.4-150000.4.4.1 dpkg-devel-1.19.0.4-150000.4.4.1 update-alternatives-1.19.0.4-150000.4.4.1 update-alternatives-debuginfo-1.19.0.4-150000.4.4.1 update-alternatives-debugsource-1.19.0.4-150000.4.4.1 - SUSE Linux Enterprise Module for Development Tools 15-SP4 (aarch64 ppc64le s390x x86_64): dpkg-1.19.0.4-150000.4.4.1 dpkg-debuginfo-1.19.0.4-150000.4.4.1 dpkg-debugsource-1.19.0.4-150000.4.4.1 dpkg-devel-1.19.0.4-150000.4.4.1 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 ppc64le s390x x86_64): dpkg-1.19.0.4-150000.4.4.1 dpkg-debuginfo-1.19.0.4-150000.4.4.1 dpkg-debugsource-1.19.0.4-150000.4.4.1 dpkg-devel-1.19.0.4-150000.4.4.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): update-alternatives-1.19.0.4-150000.4.4.1 update-alternatives-debuginfo-1.19.0.4-150000.4.4.1 update-alternatives-debugsource-1.19.0.4-150000.4.4.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): update-alternatives-1.19.0.4-150000.4.4.1 update-alternatives-debuginfo-1.19.0.4-150000.4.4.1 update-alternatives-debugsource-1.19.0.4-150000.4.4.1 - SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64): update-alternatives-1.19.0.4-150000.4.4.1 update-alternatives-debuginfo-1.19.0.4-150000.4.4.1 update-alternatives-debugsource-1.19.0.4-150000.4.4.1 - SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64): update-alternatives-1.19.0.4-150000.4.4.1 update-alternatives-debuginfo-1.19.0.4-150000.4.4.1 update-alternatives-debugsource-1.19.0.4-150000.4.4.1 - SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64): update-alternatives-1.19.0.4-150000.4.4.1 update-alternatives-debuginfo-1.19.0.4-150000.4.4.1 update-alternatives-debugsource-1.19.0.4-150000.4.4.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): dpkg-1.19.0.4-150000.4.4.1 dpkg-debuginfo-1.19.0.4-150000.4.4.1 dpkg-debugsource-1.19.0.4-150000.4.4.1 dpkg-devel-1.19.0.4-150000.4.4.1 update-alternatives-1.19.0.4-150000.4.4.1 update-alternatives-debuginfo-1.19.0.4-150000.4.4.1 update-alternatives-debugsource-1.19.0.4-150000.4.4.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): dpkg-1.19.0.4-150000.4.4.1 dpkg-debuginfo-1.19.0.4-150000.4.4.1 dpkg-debugsource-1.19.0.4-150000.4.4.1 dpkg-devel-1.19.0.4-150000.4.4.1 update-alternatives-1.19.0.4-150000.4.4.1 update-alternatives-debuginfo-1.19.0.4-150000.4.4.1 update-alternatives-debugsource-1.19.0.4-150000.4.4.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): dpkg-1.19.0.4-150000.4.4.1 dpkg-debuginfo-1.19.0.4-150000.4.4.1 dpkg-debugsource-1.19.0.4-150000.4.4.1 dpkg-devel-1.19.0.4-150000.4.4.1 update-alternatives-1.19.0.4-150000.4.4.1 update-alternatives-debuginfo-1.19.0.4-150000.4.4.1 update-alternatives-debugsource-1.19.0.4-150000.4.4.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): dpkg-1.19.0.4-150000.4.4.1 dpkg-debuginfo-1.19.0.4-150000.4.4.1 dpkg-debugsource-1.19.0.4-150000.4.4.1 dpkg-devel-1.19.0.4-150000.4.4.1 update-alternatives-1.19.0.4-150000.4.4.1 update-alternatives-debuginfo-1.19.0.4-150000.4.4.1 update-alternatives-debugsource-1.19.0.4-150000.4.4.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): dpkg-1.19.0.4-150000.4.4.1 dpkg-debuginfo-1.19.0.4-150000.4.4.1 dpkg-debugsource-1.19.0.4-150000.4.4.1 dpkg-devel-1.19.0.4-150000.4.4.1 update-alternatives-1.19.0.4-150000.4.4.1 update-alternatives-debuginfo-1.19.0.4-150000.4.4.1 update-alternatives-debugsource-1.19.0.4-150000.4.4.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): dpkg-1.19.0.4-150000.4.4.1 dpkg-debuginfo-1.19.0.4-150000.4.4.1 dpkg-debugsource-1.19.0.4-150000.4.4.1 dpkg-devel-1.19.0.4-150000.4.4.1 update-alternatives-1.19.0.4-150000.4.4.1 update-alternatives-debuginfo-1.19.0.4-150000.4.4.1 update-alternatives-debugsource-1.19.0.4-150000.4.4.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): dpkg-1.19.0.4-150000.4.4.1 dpkg-debuginfo-1.19.0.4-150000.4.4.1 dpkg-debugsource-1.19.0.4-150000.4.4.1 dpkg-devel-1.19.0.4-150000.4.4.1 update-alternatives-1.19.0.4-150000.4.4.1 update-alternatives-debuginfo-1.19.0.4-150000.4.4.1 update-alternatives-debugsource-1.19.0.4-150000.4.4.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): dpkg-1.19.0.4-150000.4.4.1 dpkg-debuginfo-1.19.0.4-150000.4.4.1 dpkg-debugsource-1.19.0.4-150000.4.4.1 dpkg-devel-1.19.0.4-150000.4.4.1 update-alternatives-1.19.0.4-150000.4.4.1 update-alternatives-debuginfo-1.19.0.4-150000.4.4.1 update-alternatives-debugsource-1.19.0.4-150000.4.4.1 - SUSE CaaS Platform 4.0 (x86_64): dpkg-1.19.0.4-150000.4.4.1 dpkg-debuginfo-1.19.0.4-150000.4.4.1 dpkg-debugsource-1.19.0.4-150000.4.4.1 dpkg-devel-1.19.0.4-150000.4.4.1 update-alternatives-1.19.0.4-150000.4.4.1 update-alternatives-debuginfo-1.19.0.4-150000.4.4.1 update-alternatives-debugsource-1.19.0.4-150000.4.4.1 References: https://www.suse.com/security/cve/CVE-2022-1664.html https://bugzilla.suse.com/1199944 From sle-updates at lists.suse.com Fri Nov 18 20:26:09 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 18 Nov 2022 21:26:09 +0100 (CET) Subject: SUSE-SU-2022:4085-1: important: Security update for MozillaThunderbird Message-ID: <20221118202609.2EB4CF3E2@maintenance.suse.de> SUSE Security Update: Security update for MozillaThunderbird ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:4085-1 Rating: important References: #1204421 #1205270 Cross-References: CVE-2022-42927 CVE-2022-42928 CVE-2022-42929 CVE-2022-42932 CVE-2022-45403 CVE-2022-45404 CVE-2022-45405 CVE-2022-45406 CVE-2022-45408 CVE-2022-45409 CVE-2022-45410 CVE-2022-45411 CVE-2022-45412 CVE-2022-45416 CVE-2022-45418 CVE-2022-45420 CVE-2022-45421 CVSS scores: CVE-2022-42927 (SUSE): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-42928 (SUSE): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-42929 (SUSE): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVE-2022-42932 (SUSE): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Affected Products: SUSE Enterprise Storage 7.1 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Linux Enterprise Workstation Extension 15-SP3 SUSE Linux Enterprise Workstation Extension 15-SP4 SUSE Manager Proxy 4.2 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.2 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.2 SUSE Manager Server 4.3 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes 17 vulnerabilities is now available. Description: This update for MozillaThunderbird fixes the following issues: - Fixed various security issues (MFSA 2022-49, bsc#1205270): * CVE-2022-45403 (bmo#1762078) Service Workers might have learned size of cross-origin media files * CVE-2022-45404 (bmo#1790815) Fullscreen notification bypass * CVE-2022-45405 (bmo#1791314) Use-after-free in InputStream implementation * CVE-2022-45406 (bmo#1791975) Use-after-free of a JavaScript Realm * CVE-2022-45408 (bmo#1793829) Fullscreen notification bypass via windowName * CVE-2022-45409 (bmo#1796901) Use-after-free in Garbage Collection * CVE-2022-45410 (bmo#1658869) ServiceWorker-intercepted requests bypassed SameSite cookie policy * CVE-2022-45411 (bmo#1790311) Cross-Site Tracing was possible via non-standard override headers * CVE-2022-45412 (bmo#1791029) Symlinks may resolve to partially uninitialized buffers * CVE-2022-45416 (bmo#1793676) Keystroke Side-Channel Leakage * CVE-2022-45418 (bmo#1795815) Custom mouse cursor could have been drawn over browser UI * CVE-2022-45420 (bmo#1792643) Iframe contents could be rendered outside the iframe * CVE-2022-45421 (bmo#1767920, bmo#1789808, bmo#1794061) Memory safety bugs fixed in Thunderbird 102.5 - Fixed various security issues: (MFSA 2022-46, bsc#1204421): * CVE-2022-42927 (bmo#1789128) Same-origin policy violation could have leaked cross-origin URLs * CVE-2022-42928 (bmo#1791520) Memory Corruption in JS Engine * CVE-2022-42929 (bmo#1789439) Denial of Service via window.print * CVE-2022-42932 (bmo#1789729, bmo#1791363, bmo#1792041) Memory safety bugs fixed in Thunderbird 102.4 - Mozilla Thunderbird 102.5 * changed: `Ctrl+N` shortcut to create new contacts from address book restored (bmo#1751288) * fixed: Account Settings UI did not update to reflect default identity changes (bmo#1782646) * fixed: New POP mail notifications were incorrectly shown for messages marked by filters as read or junk (bmo#1787531) * fixed: Connecting to an IMAP server configured to use `PREAUTH` caused Thunderbird to hang (bmo#1798161) * fixed: Error responses received in greeting header from NNTP servers did not display error message (bmo#1792281) * fixed: News messages sent using "Send Later" failed to send after going back online (bmo#1794997) * fixed: "Download/Sync Now..." did not completely sync all newsgroups before going offline (bmo#1795547) * fixed: Username was missing from error dialog on failed login to news server (bmo#1796964) * fixed: Thunderbird can now fetch RSS channel feeds with incomplete channel URL (bmo#1794775) * fixed: Add-on "Contribute" button in Add-ons Manager did not work (bmo#1795751) * fixed: Help text for `/part` Matrix command was incorrect (bmo#1795578) * fixed: Invite Attendees dialog did not fetch free/busy info for attendees with encoded characters in their name (bmo#1797927) - Mozilla Thunderbird 102.4.2 * changed: "Address Book" button in Account Central will now create a CardDAV address book instead of a local address book (bmo#1793903) * fixed: Messages fetched from POP server in `Fetch headers only` mode disappeared when moved to different folder by filter action (bmo#1793374) * fixed: Thunderbird re-downloaded locally deleted messages from a POP server when "Leave messages on server" and "Until I delete them" were enabled (bmo#1796903) * fixed: Multiple password prompts for the same POP account could be displayed (bmo#1786920) * fixed: IMAP authentication failed on next startup if ImapMail folder was deleted by user (bmo#1793599) * fixed: Retrieving passwords for authenticated NNTP accounts could fail due to obsolete preferences in a users profile on every startup (bmo#1770594) * fixed: `Get Next n Messages` did not consistently fetch all messages requested from NNTP server (bmo#1794185) * fixed: `Get Messages` button unable to fetch messages from NNTP server if root folder not selected (bmo#1792362) * fixed: Thunderbird text branding did not always match locale of localized build (bmo#1786199) * fixed: Thunderbird installer and Thunderbird updater created Windows shortcuts with different names (bmo#1787264) * fixed: LDAP search filters unable to work with non-ASCII characters (bmo#1794306) * fixed: "Today" highlighting in Calendar Month view did not update after date change at midnight (bmo#1795176) - Mozilla Thunderbird 102.4.1 * new: Thunderbird will now catch and report errors parsing vCards that contain incorrectly formatted dates (bmo#1793415) * fixed: Dynamic language switching did not update interface when switched to right-to-left languages (bmo#1794289) * fixed: Custom header data was discarded after messages were saved as draft and reopened (bmo#195716) * fixed: `-remote` command line argument did not work, affecting integration with various applications such as LibreOffice (bmo#1793323) * fixed: Messages received via some SMS-to-email services could not display images (bmo#1774805) * fixed: VCards with nickname field set could not be edited (bmo#1793877) * fixed: Some recurring events were missing from Agenda on first load (bmo#1771168) * fixed: Download requests for remote ICS calendars incorrectly set "Accept" header to text/xml (bmo#1793757) * fixed: Monthly events created on the 31st of a month with <30 days placed first occurrence 1-2 days after the beginning of the following month (bmo#1266797) * fixed: Various visual and UX improvements (bmo#1781437,bmo#1785314,bmo#1794139,bmo#1794155,bmo#1794399) * changed: Thunderbird will automatically detect and repair OpenPGP key storage corruption caused by using the profile import tool in Thunderbird 102 (bmo#1790610) * fixed: POP message download into a large folder (~13000 messages) caused Thunderbird to temporarily freeze (bmo#1792675) * fixed: Forwarding messages with special characters in Subject failed on Windows (bmo#1782173) * fixed: Links for FileLink attachments were not added when attachment filename contained Unicode characters (bmo#1789589) * fixed: Address Book display pane continued to show contacts after deletion (bmo#1777808) * fixed: Printing address book did not include all contact details (bmo#1782076) * fixed: CardDAV contacts without a Name property did not save to Google Contacts (bmo#1792101) * fixed: "Publish Calendar" did not work (bmo#1794471) * fixed: Calendar database storage improvements (bmo#1792124) * fixed: Incorrectly handled error responses from CalDAV servers sometimes caused events to disappear from calendar (bmo#1792923) * fixed: Various visual and UX improvements (bmo#1776093,bmo#17 80040,bmo#1780425,bmo#1792876,bmo#1792872,bmo#1793466,bmo#179 3543) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-4085=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-4085=1 - SUSE Linux Enterprise Workstation Extension 15-SP4: zypper in -t patch SUSE-SLE-Product-WE-15-SP4-2022-4085=1 - SUSE Linux Enterprise Workstation Extension 15-SP3: zypper in -t patch SUSE-SLE-Product-WE-15-SP3-2022-4085=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2022-4085=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP3-2022-4085=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): MozillaThunderbird-102.5.0-150200.8.90.1 MozillaThunderbird-debuginfo-102.5.0-150200.8.90.1 MozillaThunderbird-debugsource-102.5.0-150200.8.90.1 MozillaThunderbird-translations-common-102.5.0-150200.8.90.1 MozillaThunderbird-translations-other-102.5.0-150200.8.90.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): MozillaThunderbird-102.5.0-150200.8.90.1 MozillaThunderbird-debuginfo-102.5.0-150200.8.90.1 MozillaThunderbird-debugsource-102.5.0-150200.8.90.1 MozillaThunderbird-translations-common-102.5.0-150200.8.90.1 MozillaThunderbird-translations-other-102.5.0-150200.8.90.1 - SUSE Linux Enterprise Workstation Extension 15-SP4 (x86_64): MozillaThunderbird-102.5.0-150200.8.90.1 MozillaThunderbird-debuginfo-102.5.0-150200.8.90.1 MozillaThunderbird-debugsource-102.5.0-150200.8.90.1 MozillaThunderbird-translations-common-102.5.0-150200.8.90.1 MozillaThunderbird-translations-other-102.5.0-150200.8.90.1 - SUSE Linux Enterprise Workstation Extension 15-SP3 (x86_64): MozillaThunderbird-102.5.0-150200.8.90.1 MozillaThunderbird-debuginfo-102.5.0-150200.8.90.1 MozillaThunderbird-debugsource-102.5.0-150200.8.90.1 MozillaThunderbird-translations-common-102.5.0-150200.8.90.1 MozillaThunderbird-translations-other-102.5.0-150200.8.90.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 (aarch64 ppc64le s390x): MozillaThunderbird-102.5.0-150200.8.90.1 MozillaThunderbird-debuginfo-102.5.0-150200.8.90.1 MozillaThunderbird-debugsource-102.5.0-150200.8.90.1 MozillaThunderbird-translations-common-102.5.0-150200.8.90.1 MozillaThunderbird-translations-other-102.5.0-150200.8.90.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (aarch64 ppc64le s390x): MozillaThunderbird-102.5.0-150200.8.90.1 MozillaThunderbird-debuginfo-102.5.0-150200.8.90.1 MozillaThunderbird-debugsource-102.5.0-150200.8.90.1 MozillaThunderbird-translations-common-102.5.0-150200.8.90.1 MozillaThunderbird-translations-other-102.5.0-150200.8.90.1 References: https://www.suse.com/security/cve/CVE-2022-42927.html https://www.suse.com/security/cve/CVE-2022-42928.html https://www.suse.com/security/cve/CVE-2022-42929.html https://www.suse.com/security/cve/CVE-2022-42932.html https://www.suse.com/security/cve/CVE-2022-45403.html https://www.suse.com/security/cve/CVE-2022-45404.html https://www.suse.com/security/cve/CVE-2022-45405.html https://www.suse.com/security/cve/CVE-2022-45406.html https://www.suse.com/security/cve/CVE-2022-45408.html https://www.suse.com/security/cve/CVE-2022-45409.html https://www.suse.com/security/cve/CVE-2022-45410.html https://www.suse.com/security/cve/CVE-2022-45411.html https://www.suse.com/security/cve/CVE-2022-45412.html https://www.suse.com/security/cve/CVE-2022-45416.html https://www.suse.com/security/cve/CVE-2022-45418.html https://www.suse.com/security/cve/CVE-2022-45420.html https://www.suse.com/security/cve/CVE-2022-45421.html https://bugzilla.suse.com/1204421 https://bugzilla.suse.com/1205270 From sle-updates at lists.suse.com Fri Nov 18 20:27:41 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 18 Nov 2022 21:27:41 +0100 (CET) Subject: SUSE-SU-2022:4100-1: important: Security update for the Linux Kernel (Live Patch 16 for SLE 15 SP3) Message-ID: <20221118202741.72C01F3E2@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 16 for SLE 15 SP3) ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:4100-1 Rating: important References: #1202087 #1203613 #1204170 #1204289 #1204381 Cross-References: CVE-2021-33655 CVE-2022-2588 CVE-2022-42703 CVE-2022-42722 CVSS scores: CVE-2021-33655 (NVD) : 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2021-33655 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-2588 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-42703 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-42703 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-42722 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-42722 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Module for Live Patching 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 ______________________________________________________________________________ An update that solves four vulnerabilities and has one errata is now available. Description: This update for the Linux Kernel 5.3.18-150300_59_60 fixes several issues. The following security issues were fixed: - CVE-2021-33655: Fixed out of bounds write with ioctl FBIOPUT_VSCREENINFO (bnc#1201635). - CVE-2022-2588: Fixed use-after-free in cls_route (bsc#1202096). - CVE-2022-42703: Fixed use-after-free in mm/rmap.c related to leaf anon_vma double reuse (bnc#1204168). - CVE-2022-42722: Fixed crash in beacon protection for P2P-device. (bsc#1204125) - Fixed incorrect handling of empty arguments array in execve() (bsc#1200571). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Live Patching 15-SP3: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2022-4099=1 SUSE-SLE-Module-Live-Patching-15-SP3-2022-4100=1 SUSE-SLE-Module-Live-Patching-15-SP3-2022-4101=1 SUSE-SLE-Module-Live-Patching-15-SP3-2022-4102=1 SUSE-SLE-Module-Live-Patching-15-SP3-2022-4103=1 SUSE-SLE-Module-Live-Patching-15-SP3-2022-4104=1 SUSE-SLE-Module-Live-Patching-15-SP3-2022-4105=1 SUSE-SLE-Module-Live-Patching-15-SP3-2022-4106=1 SUSE-SLE-Module-Live-Patching-15-SP3-2022-4107=1 SUSE-SLE-Module-Live-Patching-15-SP3-2022-4108=1 SUSE-SLE-Module-Live-Patching-15-SP3-2022-4109=1 SUSE-SLE-Module-Live-Patching-15-SP3-2022-4110=1 Package List: - SUSE Linux Enterprise Module for Live Patching 15-SP3 (ppc64le s390x x86_64): kernel-livepatch-5_3_18-150300_59_43-default-16-150300.2.2 kernel-livepatch-5_3_18-150300_59_43-default-debuginfo-16-150300.2.2 kernel-livepatch-5_3_18-150300_59_46-default-16-150300.2.2 kernel-livepatch-5_3_18-150300_59_46-default-debuginfo-16-150300.2.2 kernel-livepatch-5_3_18-150300_59_49-default-15-150300.2.2 kernel-livepatch-5_3_18-150300_59_54-default-14-150300.2.2 kernel-livepatch-5_3_18-150300_59_60-default-13-150300.2.2 kernel-livepatch-5_3_18-150300_59_63-default-10-150300.2.2 kernel-livepatch-5_3_18-150300_59_68-default-9-150300.2.2 kernel-livepatch-5_3_18-150300_59_71-default-8-150300.2.1 kernel-livepatch-5_3_18-150300_59_76-default-7-150300.2.1 kernel-livepatch-5_3_18-59_34-default-18-150300.2.2 kernel-livepatch-5_3_18-59_34-default-debuginfo-18-150300.2.2 kernel-livepatch-5_3_18-59_37-default-17-150300.2.2 kernel-livepatch-5_3_18-59_37-default-debuginfo-17-150300.2.2 kernel-livepatch-5_3_18-59_40-default-17-150300.2.2 kernel-livepatch-SLE15-SP3_Update_10-debugsource-17-150300.2.2 kernel-livepatch-SLE15-SP3_Update_9-debugsource-18-150300.2.2 - SUSE Linux Enterprise Module for Live Patching 15-SP3 (ppc64le x86_64): kernel-livepatch-5_3_18-59_40-default-debuginfo-17-150300.2.2 References: https://www.suse.com/security/cve/CVE-2021-33655.html https://www.suse.com/security/cve/CVE-2022-2588.html https://www.suse.com/security/cve/CVE-2022-42703.html https://www.suse.com/security/cve/CVE-2022-42722.html https://bugzilla.suse.com/1202087 https://bugzilla.suse.com/1203613 https://bugzilla.suse.com/1204170 https://bugzilla.suse.com/1204289 https://bugzilla.suse.com/1204381 From sle-updates at lists.suse.com Fri Nov 18 20:29:38 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 18 Nov 2022 21:29:38 +0100 (CET) Subject: SUSE-SU-2022:4082-1: important: Security update for openjpeg Message-ID: <20221118202938.CA65DF3E2@maintenance.suse.de> SUSE Security Update: Security update for openjpeg ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:4082-1 Rating: important References: #1140205 #1149789 #1179821 #1180043 #1180044 #1180046 Cross-References: CVE-2018-20846 CVE-2018-21010 CVE-2020-27824 CVE-2020-27842 CVE-2020-27843 CVE-2020-27845 CVSS scores: CVE-2018-20846 (NVD) : 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2018-20846 (SUSE): 5.5 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2018-21010 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2018-21010 (SUSE): 7.8 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2020-27824 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2020-27824 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L CVE-2020-27842 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2020-27842 (SUSE): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L CVE-2020-27843 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2020-27843 (SUSE): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L CVE-2020-27845 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2020-27845 (SUSE): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L Affected Products: SUSE Enterprise Storage 7.1 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Desktop Applications 15-SP3 SUSE Linux Enterprise Module for Desktop Applications 15-SP4 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.2 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.2 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.2 SUSE Manager Server 4.3 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes 6 vulnerabilities is now available. Description: This update for openjpeg fixes the following issues: - CVE-2018-20846: Fixed an Out-of-bounds accesses in pi_next_lrcp, pi_next_rlcp, pi_next_rpcl, pi_next_pcrl, pi_next_rpcl, and pi_next_cprl in openmj2/pi. (bsc#1140205) - CVE-2018-21010: Fixed a heap buffer overflow in color_apply_icc_profile in bin/common/color.c (bsc#1149789) - CVE-2020-27824: Fixed an OOB read in opj_dwt_calc_explicit_stepsizes() (bsc#1179821) - CVE-2020-27842: Fixed null pointer dereference in opj_tgt_reset function in lib/openjp2/tgt.c (bsc#1180043) - CVE-2020-27843: Fixed an out-of-bounds read in opj_t2_encode_packet function in openjp2/t2.c (bsc#1180044) - CVE-2020-27845: Fixed a heap-based buffer over-read in functions opj_pi_next_rlcp, opj_pi_next_rpcl and opj_pi_next_lrcp in openjp2/pi.c (bsc#1180046) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-4082=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-4082=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-4082=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-4082=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-4082=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2022-4082=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP4: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP4-2022-4082=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP3-2022-4082=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-4082=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-4082=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-4082=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-4082=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): libopenjpeg1-1.5.2-150000.4.10.1 libopenjpeg1-debuginfo-1.5.2-150000.4.10.1 openjpeg-1.5.2-150000.4.10.1 openjpeg-debuginfo-1.5.2-150000.4.10.1 openjpeg-debugsource-1.5.2-150000.4.10.1 openjpeg-devel-1.5.2-150000.4.10.1 - openSUSE Leap 15.4 (x86_64): libopenjpeg1-32bit-1.5.2-150000.4.10.1 libopenjpeg1-32bit-debuginfo-1.5.2-150000.4.10.1 openjpeg-devel-32bit-1.5.2-150000.4.10.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): libopenjpeg1-1.5.2-150000.4.10.1 libopenjpeg1-debuginfo-1.5.2-150000.4.10.1 openjpeg-1.5.2-150000.4.10.1 openjpeg-debuginfo-1.5.2-150000.4.10.1 openjpeg-debugsource-1.5.2-150000.4.10.1 openjpeg-devel-1.5.2-150000.4.10.1 - openSUSE Leap 15.3 (x86_64): libopenjpeg1-32bit-1.5.2-150000.4.10.1 libopenjpeg1-32bit-debuginfo-1.5.2-150000.4.10.1 openjpeg-devel-32bit-1.5.2-150000.4.10.1 - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): libopenjpeg1-1.5.2-150000.4.10.1 libopenjpeg1-debuginfo-1.5.2-150000.4.10.1 openjpeg-debuginfo-1.5.2-150000.4.10.1 openjpeg-debugsource-1.5.2-150000.4.10.1 openjpeg-devel-1.5.2-150000.4.10.1 - SUSE Linux Enterprise Server for SAP 15 (x86_64): libopenjpeg1-32bit-1.5.2-150000.4.10.1 libopenjpeg1-32bit-debuginfo-1.5.2-150000.4.10.1 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): libopenjpeg1-1.5.2-150000.4.10.1 libopenjpeg1-debuginfo-1.5.2-150000.4.10.1 openjpeg-debuginfo-1.5.2-150000.4.10.1 openjpeg-debugsource-1.5.2-150000.4.10.1 openjpeg-devel-1.5.2-150000.4.10.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): libopenjpeg1-1.5.2-150000.4.10.1 libopenjpeg1-32bit-1.5.2-150000.4.10.1 libopenjpeg1-32bit-debuginfo-1.5.2-150000.4.10.1 libopenjpeg1-debuginfo-1.5.2-150000.4.10.1 openjpeg-debuginfo-1.5.2-150000.4.10.1 openjpeg-debugsource-1.5.2-150000.4.10.1 openjpeg-devel-1.5.2-150000.4.10.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): libopenjpeg1-1.5.2-150000.4.10.1 libopenjpeg1-debuginfo-1.5.2-150000.4.10.1 openjpeg-debuginfo-1.5.2-150000.4.10.1 openjpeg-debugsource-1.5.2-150000.4.10.1 openjpeg-devel-1.5.2-150000.4.10.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP4 (aarch64 ppc64le s390x x86_64): libopenjpeg1-1.5.2-150000.4.10.1 libopenjpeg1-debuginfo-1.5.2-150000.4.10.1 openjpeg-debuginfo-1.5.2-150000.4.10.1 openjpeg-debugsource-1.5.2-150000.4.10.1 openjpeg-devel-1.5.2-150000.4.10.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (aarch64 ppc64le s390x x86_64): libopenjpeg1-1.5.2-150000.4.10.1 libopenjpeg1-debuginfo-1.5.2-150000.4.10.1 openjpeg-debuginfo-1.5.2-150000.4.10.1 openjpeg-debugsource-1.5.2-150000.4.10.1 openjpeg-devel-1.5.2-150000.4.10.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): libopenjpeg1-1.5.2-150000.4.10.1 libopenjpeg1-debuginfo-1.5.2-150000.4.10.1 openjpeg-debuginfo-1.5.2-150000.4.10.1 openjpeg-debugsource-1.5.2-150000.4.10.1 openjpeg-devel-1.5.2-150000.4.10.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): libopenjpeg1-1.5.2-150000.4.10.1 libopenjpeg1-debuginfo-1.5.2-150000.4.10.1 openjpeg-debuginfo-1.5.2-150000.4.10.1 openjpeg-debugsource-1.5.2-150000.4.10.1 openjpeg-devel-1.5.2-150000.4.10.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): libopenjpeg1-1.5.2-150000.4.10.1 libopenjpeg1-debuginfo-1.5.2-150000.4.10.1 openjpeg-debuginfo-1.5.2-150000.4.10.1 openjpeg-debugsource-1.5.2-150000.4.10.1 openjpeg-devel-1.5.2-150000.4.10.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): libopenjpeg1-1.5.2-150000.4.10.1 libopenjpeg1-debuginfo-1.5.2-150000.4.10.1 openjpeg-debuginfo-1.5.2-150000.4.10.1 openjpeg-debugsource-1.5.2-150000.4.10.1 openjpeg-devel-1.5.2-150000.4.10.1 References: https://www.suse.com/security/cve/CVE-2018-20846.html https://www.suse.com/security/cve/CVE-2018-21010.html https://www.suse.com/security/cve/CVE-2020-27824.html https://www.suse.com/security/cve/CVE-2020-27842.html https://www.suse.com/security/cve/CVE-2020-27843.html https://www.suse.com/security/cve/CVE-2020-27845.html https://bugzilla.suse.com/1140205 https://bugzilla.suse.com/1149789 https://bugzilla.suse.com/1179821 https://bugzilla.suse.com/1180043 https://bugzilla.suse.com/1180044 https://bugzilla.suse.com/1180046 From sle-updates at lists.suse.com Fri Nov 18 20:32:00 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 18 Nov 2022 21:32:00 +0100 (CET) Subject: SUSE-SU-2022:4078-1: moderate: Security update for java-11-openjdk Message-ID: <20221118203200.E7C71F3E2@maintenance.suse.de> SUSE Security Update: Security update for java-11-openjdk ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:4078-1 Rating: moderate References: #1203476 #1204468 #1204471 #1204472 #1204473 #1204475 #1204480 #1204523 Cross-References: CVE-2022-21618 CVE-2022-21619 CVE-2022-21624 CVE-2022-21626 CVE-2022-21628 CVE-2022-39399 CVSS scores: CVE-2022-21618 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVE-2022-21618 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVE-2022-21619 (NVD) : 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N CVE-2022-21619 (SUSE): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N CVE-2022-21624 (NVD) : 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N CVE-2022-21624 (SUSE): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N CVE-2022-21626 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2022-21626 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2022-21628 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2022-21628 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2022-39399 (NVD) : 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N CVE-2022-39399 (SUSE): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Enterprise Storage 7 SUSE Enterprise Storage 7.1 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.1 SUSE Manager Retail Branch Server 4.2 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.1 SUSE Manager Server 4.2 SUSE Manager Server 4.3 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that solves 6 vulnerabilities and has two fixes is now available. Description: This update for java-11-openjdk fixes the following issues: - Update to jdk-11.0.17+8 (October 2022 CPU) - CVE-2022-39399: Improve HTTP/2 client usage(bsc#1204480) - CVE-2022-21628: Better HttpServer service (bsc#1204472) - CVE-2022-21624: Enhance icon presentations (bsc#1204475) - CVE-2022-21619: Improve NTLM support (bsc#1204473) - CVE-2022-21626: Key X509 usages (bsc#1204471) - CVE-2022-21618: Wider MultiByte (bsc#1204468) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-4078=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-4078=1 - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-4078=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-4078=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-4078=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-4078=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-4078=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-4078=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-4078=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-4078=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-4078=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-4078=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2022-4078=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2022-4078=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP3-2022-4078=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-4078=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-4078=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-4078=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-4078=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-4078=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-4078=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-4078=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-4078=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-4078=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-4078=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): java-11-openjdk-11.0.17.0-150000.3.86.2 java-11-openjdk-accessibility-11.0.17.0-150000.3.86.2 java-11-openjdk-accessibility-debuginfo-11.0.17.0-150000.3.86.2 java-11-openjdk-debugsource-11.0.17.0-150000.3.86.2 java-11-openjdk-demo-11.0.17.0-150000.3.86.2 java-11-openjdk-devel-11.0.17.0-150000.3.86.2 java-11-openjdk-headless-11.0.17.0-150000.3.86.2 java-11-openjdk-jmods-11.0.17.0-150000.3.86.2 java-11-openjdk-src-11.0.17.0-150000.3.86.2 - openSUSE Leap 15.4 (noarch): java-11-openjdk-javadoc-11.0.17.0-150000.3.86.2 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): java-11-openjdk-11.0.17.0-150000.3.86.2 java-11-openjdk-accessibility-11.0.17.0-150000.3.86.2 java-11-openjdk-accessibility-debuginfo-11.0.17.0-150000.3.86.2 java-11-openjdk-debugsource-11.0.17.0-150000.3.86.2 java-11-openjdk-demo-11.0.17.0-150000.3.86.2 java-11-openjdk-devel-11.0.17.0-150000.3.86.2 java-11-openjdk-headless-11.0.17.0-150000.3.86.2 java-11-openjdk-jmods-11.0.17.0-150000.3.86.2 java-11-openjdk-src-11.0.17.0-150000.3.86.2 - openSUSE Leap 15.3 (noarch): java-11-openjdk-javadoc-11.0.17.0-150000.3.86.2 - SUSE Manager Server 4.1 (ppc64le s390x x86_64): java-11-openjdk-11.0.17.0-150000.3.86.2 java-11-openjdk-debugsource-11.0.17.0-150000.3.86.2 java-11-openjdk-demo-11.0.17.0-150000.3.86.2 java-11-openjdk-devel-11.0.17.0-150000.3.86.2 java-11-openjdk-headless-11.0.17.0-150000.3.86.2 - SUSE Manager Retail Branch Server 4.1 (x86_64): java-11-openjdk-11.0.17.0-150000.3.86.2 java-11-openjdk-debugsource-11.0.17.0-150000.3.86.2 java-11-openjdk-demo-11.0.17.0-150000.3.86.2 java-11-openjdk-devel-11.0.17.0-150000.3.86.2 java-11-openjdk-headless-11.0.17.0-150000.3.86.2 - SUSE Manager Proxy 4.1 (x86_64): java-11-openjdk-11.0.17.0-150000.3.86.2 java-11-openjdk-debugsource-11.0.17.0-150000.3.86.2 java-11-openjdk-demo-11.0.17.0-150000.3.86.2 java-11-openjdk-devel-11.0.17.0-150000.3.86.2 java-11-openjdk-headless-11.0.17.0-150000.3.86.2 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): java-11-openjdk-11.0.17.0-150000.3.86.2 java-11-openjdk-debugsource-11.0.17.0-150000.3.86.2 java-11-openjdk-demo-11.0.17.0-150000.3.86.2 java-11-openjdk-devel-11.0.17.0-150000.3.86.2 java-11-openjdk-headless-11.0.17.0-150000.3.86.2 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): java-11-openjdk-11.0.17.0-150000.3.86.2 java-11-openjdk-debugsource-11.0.17.0-150000.3.86.2 java-11-openjdk-demo-11.0.17.0-150000.3.86.2 java-11-openjdk-devel-11.0.17.0-150000.3.86.2 java-11-openjdk-headless-11.0.17.0-150000.3.86.2 - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): java-11-openjdk-11.0.17.0-150000.3.86.2 java-11-openjdk-debugsource-11.0.17.0-150000.3.86.2 java-11-openjdk-demo-11.0.17.0-150000.3.86.2 java-11-openjdk-devel-11.0.17.0-150000.3.86.2 java-11-openjdk-headless-11.0.17.0-150000.3.86.2 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): java-11-openjdk-11.0.17.0-150000.3.86.2 java-11-openjdk-debugsource-11.0.17.0-150000.3.86.2 java-11-openjdk-demo-11.0.17.0-150000.3.86.2 java-11-openjdk-devel-11.0.17.0-150000.3.86.2 java-11-openjdk-headless-11.0.17.0-150000.3.86.2 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): java-11-openjdk-11.0.17.0-150000.3.86.2 java-11-openjdk-debugsource-11.0.17.0-150000.3.86.2 java-11-openjdk-demo-11.0.17.0-150000.3.86.2 java-11-openjdk-devel-11.0.17.0-150000.3.86.2 java-11-openjdk-headless-11.0.17.0-150000.3.86.2 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): java-11-openjdk-11.0.17.0-150000.3.86.2 java-11-openjdk-debugsource-11.0.17.0-150000.3.86.2 java-11-openjdk-demo-11.0.17.0-150000.3.86.2 java-11-openjdk-devel-11.0.17.0-150000.3.86.2 java-11-openjdk-headless-11.0.17.0-150000.3.86.2 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): java-11-openjdk-11.0.17.0-150000.3.86.2 java-11-openjdk-debugsource-11.0.17.0-150000.3.86.2 java-11-openjdk-demo-11.0.17.0-150000.3.86.2 java-11-openjdk-devel-11.0.17.0-150000.3.86.2 java-11-openjdk-headless-11.0.17.0-150000.3.86.2 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): java-11-openjdk-11.0.17.0-150000.3.86.2 java-11-openjdk-debugsource-11.0.17.0-150000.3.86.2 java-11-openjdk-demo-11.0.17.0-150000.3.86.2 java-11-openjdk-devel-11.0.17.0-150000.3.86.2 java-11-openjdk-headless-11.0.17.0-150000.3.86.2 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 (noarch): java-11-openjdk-javadoc-11.0.17.0-150000.3.86.2 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (aarch64 ppc64le s390x x86_64): java-11-openjdk-jmods-11.0.17.0-150000.3.86.2 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (noarch): java-11-openjdk-javadoc-11.0.17.0-150000.3.86.2 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): java-11-openjdk-11.0.17.0-150000.3.86.2 java-11-openjdk-debugsource-11.0.17.0-150000.3.86.2 java-11-openjdk-demo-11.0.17.0-150000.3.86.2 java-11-openjdk-devel-11.0.17.0-150000.3.86.2 java-11-openjdk-headless-11.0.17.0-150000.3.86.2 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): java-11-openjdk-11.0.17.0-150000.3.86.2 java-11-openjdk-debugsource-11.0.17.0-150000.3.86.2 java-11-openjdk-demo-11.0.17.0-150000.3.86.2 java-11-openjdk-devel-11.0.17.0-150000.3.86.2 java-11-openjdk-headless-11.0.17.0-150000.3.86.2 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): java-11-openjdk-11.0.17.0-150000.3.86.2 java-11-openjdk-debugsource-11.0.17.0-150000.3.86.2 java-11-openjdk-demo-11.0.17.0-150000.3.86.2 java-11-openjdk-devel-11.0.17.0-150000.3.86.2 java-11-openjdk-headless-11.0.17.0-150000.3.86.2 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): java-11-openjdk-11.0.17.0-150000.3.86.2 java-11-openjdk-debugsource-11.0.17.0-150000.3.86.2 java-11-openjdk-demo-11.0.17.0-150000.3.86.2 java-11-openjdk-devel-11.0.17.0-150000.3.86.2 java-11-openjdk-headless-11.0.17.0-150000.3.86.2 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): java-11-openjdk-11.0.17.0-150000.3.86.2 java-11-openjdk-debugsource-11.0.17.0-150000.3.86.2 java-11-openjdk-demo-11.0.17.0-150000.3.86.2 java-11-openjdk-devel-11.0.17.0-150000.3.86.2 java-11-openjdk-headless-11.0.17.0-150000.3.86.2 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): java-11-openjdk-11.0.17.0-150000.3.86.2 java-11-openjdk-debugsource-11.0.17.0-150000.3.86.2 java-11-openjdk-demo-11.0.17.0-150000.3.86.2 java-11-openjdk-devel-11.0.17.0-150000.3.86.2 java-11-openjdk-headless-11.0.17.0-150000.3.86.2 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): java-11-openjdk-11.0.17.0-150000.3.86.2 java-11-openjdk-debugsource-11.0.17.0-150000.3.86.2 java-11-openjdk-demo-11.0.17.0-150000.3.86.2 java-11-openjdk-devel-11.0.17.0-150000.3.86.2 java-11-openjdk-headless-11.0.17.0-150000.3.86.2 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): java-11-openjdk-11.0.17.0-150000.3.86.2 java-11-openjdk-debugsource-11.0.17.0-150000.3.86.2 java-11-openjdk-demo-11.0.17.0-150000.3.86.2 java-11-openjdk-devel-11.0.17.0-150000.3.86.2 java-11-openjdk-headless-11.0.17.0-150000.3.86.2 - SUSE Enterprise Storage 7 (aarch64 x86_64): java-11-openjdk-11.0.17.0-150000.3.86.2 java-11-openjdk-debugsource-11.0.17.0-150000.3.86.2 java-11-openjdk-demo-11.0.17.0-150000.3.86.2 java-11-openjdk-devel-11.0.17.0-150000.3.86.2 java-11-openjdk-headless-11.0.17.0-150000.3.86.2 - SUSE Enterprise Storage 6 (aarch64 x86_64): java-11-openjdk-11.0.17.0-150000.3.86.2 java-11-openjdk-debugsource-11.0.17.0-150000.3.86.2 java-11-openjdk-demo-11.0.17.0-150000.3.86.2 java-11-openjdk-devel-11.0.17.0-150000.3.86.2 java-11-openjdk-headless-11.0.17.0-150000.3.86.2 - SUSE CaaS Platform 4.0 (x86_64): java-11-openjdk-11.0.17.0-150000.3.86.2 java-11-openjdk-debugsource-11.0.17.0-150000.3.86.2 java-11-openjdk-demo-11.0.17.0-150000.3.86.2 java-11-openjdk-devel-11.0.17.0-150000.3.86.2 java-11-openjdk-headless-11.0.17.0-150000.3.86.2 References: https://www.suse.com/security/cve/CVE-2022-21618.html https://www.suse.com/security/cve/CVE-2022-21619.html https://www.suse.com/security/cve/CVE-2022-21624.html https://www.suse.com/security/cve/CVE-2022-21626.html https://www.suse.com/security/cve/CVE-2022-21628.html https://www.suse.com/security/cve/CVE-2022-39399.html https://bugzilla.suse.com/1203476 https://bugzilla.suse.com/1204468 https://bugzilla.suse.com/1204471 https://bugzilla.suse.com/1204472 https://bugzilla.suse.com/1204473 https://bugzilla.suse.com/1204475 https://bugzilla.suse.com/1204480 https://bugzilla.suse.com/1204523 From sle-updates at lists.suse.com Fri Nov 18 20:34:16 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 18 Nov 2022 21:34:16 +0100 (CET) Subject: SUSE-SU-2022:4083-1: important: Security update for MozillaFirefox Message-ID: <20221118203416.63E25F3E2@maintenance.suse.de> SUSE Security Update: Security update for MozillaFirefox ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:4083-1 Rating: important References: #1205270 Cross-References: CVE-2022-45403 CVE-2022-45404 CVE-2022-45405 CVE-2022-45406 CVE-2022-45408 CVE-2022-45409 CVE-2022-45410 CVE-2022-45411 CVE-2022-45412 CVE-2022-45416 CVE-2022-45418 CVE-2022-45420 CVE-2022-45421 Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server for SAP 15-SP1 ______________________________________________________________________________ An update that fixes 13 vulnerabilities is now available. Description: This update for MozillaFirefox fixes the following issues: Update to Firefox Extended Support Release 102.5.0 ESR (MFSA 2022-48, bsc#1205270): - CVE-2022-45403: Service Workers might have learned size of cross-origin media files - CVE-2022-45404: Fullscreen notification bypass - CVE-2022-45405: Use-after-free in InputStream implementation - CVE-2022-45406: Use-after-free of a JavaScript Realm - CVE-2022-45408: Fullscreen notification bypass via windowName - CVE-2022-45409: Use-after-free in Garbage Collection - CVE-2022-45410: ServiceWorker-intercepted requests bypassed SameSite cookie policy - CVE-2022-45411: Cross-Site Tracing was possible via non-standard override headers - CVE-2022-45412: Symlinks may resolve to partially uninitialized buffers - CVE-2022-45416: Keystroke Side-Channel Leakage - CVE-2022-45418: Custom mouse cursor could have been drawn over browser UI - CVE-2022-45420: Iframe contents could be rendered outside the iframe - CVE-2022-45421: Memory safety bugs fixed in Firefox 107 and Firefox ESR 102.5 Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-4083=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-4083=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-4083=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-4083=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2022-4083=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-4083=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-4083=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-4083=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-4083=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-4083=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): MozillaFirefox-102.5.0-150000.150.65.1 MozillaFirefox-debuginfo-102.5.0-150000.150.65.1 MozillaFirefox-debugsource-102.5.0-150000.150.65.1 MozillaFirefox-devel-102.5.0-150000.150.65.1 MozillaFirefox-translations-common-102.5.0-150000.150.65.1 MozillaFirefox-translations-other-102.5.0-150000.150.65.1 - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): MozillaFirefox-102.5.0-150000.150.65.1 MozillaFirefox-debuginfo-102.5.0-150000.150.65.1 MozillaFirefox-debugsource-102.5.0-150000.150.65.1 MozillaFirefox-devel-102.5.0-150000.150.65.1 MozillaFirefox-translations-common-102.5.0-150000.150.65.1 MozillaFirefox-translations-other-102.5.0-150000.150.65.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): MozillaFirefox-102.5.0-150000.150.65.1 MozillaFirefox-debuginfo-102.5.0-150000.150.65.1 MozillaFirefox-debugsource-102.5.0-150000.150.65.1 MozillaFirefox-devel-102.5.0-150000.150.65.1 MozillaFirefox-translations-common-102.5.0-150000.150.65.1 MozillaFirefox-translations-other-102.5.0-150000.150.65.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): MozillaFirefox-102.5.0-150000.150.65.1 MozillaFirefox-debuginfo-102.5.0-150000.150.65.1 MozillaFirefox-debugsource-102.5.0-150000.150.65.1 MozillaFirefox-devel-102.5.0-150000.150.65.1 MozillaFirefox-translations-common-102.5.0-150000.150.65.1 MozillaFirefox-translations-other-102.5.0-150000.150.65.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): MozillaFirefox-102.5.0-150000.150.65.1 MozillaFirefox-debuginfo-102.5.0-150000.150.65.1 MozillaFirefox-debugsource-102.5.0-150000.150.65.1 MozillaFirefox-devel-102.5.0-150000.150.65.1 MozillaFirefox-translations-common-102.5.0-150000.150.65.1 MozillaFirefox-translations-other-102.5.0-150000.150.65.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): MozillaFirefox-102.5.0-150000.150.65.1 MozillaFirefox-debuginfo-102.5.0-150000.150.65.1 MozillaFirefox-debugsource-102.5.0-150000.150.65.1 MozillaFirefox-devel-102.5.0-150000.150.65.1 MozillaFirefox-translations-common-102.5.0-150000.150.65.1 MozillaFirefox-translations-other-102.5.0-150000.150.65.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): MozillaFirefox-102.5.0-150000.150.65.1 MozillaFirefox-debuginfo-102.5.0-150000.150.65.1 MozillaFirefox-debugsource-102.5.0-150000.150.65.1 MozillaFirefox-devel-102.5.0-150000.150.65.1 MozillaFirefox-translations-common-102.5.0-150000.150.65.1 MozillaFirefox-translations-other-102.5.0-150000.150.65.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): MozillaFirefox-102.5.0-150000.150.65.1 MozillaFirefox-debuginfo-102.5.0-150000.150.65.1 MozillaFirefox-debugsource-102.5.0-150000.150.65.1 MozillaFirefox-devel-102.5.0-150000.150.65.1 MozillaFirefox-translations-common-102.5.0-150000.150.65.1 MozillaFirefox-translations-other-102.5.0-150000.150.65.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): MozillaFirefox-102.5.0-150000.150.65.1 MozillaFirefox-debuginfo-102.5.0-150000.150.65.1 MozillaFirefox-debugsource-102.5.0-150000.150.65.1 MozillaFirefox-devel-102.5.0-150000.150.65.1 MozillaFirefox-translations-common-102.5.0-150000.150.65.1 MozillaFirefox-translations-other-102.5.0-150000.150.65.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): MozillaFirefox-102.5.0-150000.150.65.1 MozillaFirefox-debuginfo-102.5.0-150000.150.65.1 MozillaFirefox-debugsource-102.5.0-150000.150.65.1 MozillaFirefox-devel-102.5.0-150000.150.65.1 MozillaFirefox-translations-common-102.5.0-150000.150.65.1 MozillaFirefox-translations-other-102.5.0-150000.150.65.1 - SUSE CaaS Platform 4.0 (x86_64): MozillaFirefox-102.5.0-150000.150.65.1 MozillaFirefox-debuginfo-102.5.0-150000.150.65.1 MozillaFirefox-debugsource-102.5.0-150000.150.65.1 MozillaFirefox-devel-102.5.0-150000.150.65.1 MozillaFirefox-translations-common-102.5.0-150000.150.65.1 MozillaFirefox-translations-other-102.5.0-150000.150.65.1 References: https://www.suse.com/security/cve/CVE-2022-45403.html https://www.suse.com/security/cve/CVE-2022-45404.html https://www.suse.com/security/cve/CVE-2022-45405.html https://www.suse.com/security/cve/CVE-2022-45406.html https://www.suse.com/security/cve/CVE-2022-45408.html https://www.suse.com/security/cve/CVE-2022-45409.html https://www.suse.com/security/cve/CVE-2022-45410.html https://www.suse.com/security/cve/CVE-2022-45411.html https://www.suse.com/security/cve/CVE-2022-45412.html https://www.suse.com/security/cve/CVE-2022-45416.html https://www.suse.com/security/cve/CVE-2022-45418.html https://www.suse.com/security/cve/CVE-2022-45420.html https://www.suse.com/security/cve/CVE-2022-45421.html https://bugzilla.suse.com/1205270 From sle-updates at lists.suse.com Fri Nov 18 20:35:22 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 18 Nov 2022 21:35:22 +0100 (CET) Subject: SUSE-SU-2022:4080-1: moderate: Security update for java-11-openjdk Message-ID: <20221118203522.D945AF3E2@maintenance.suse.de> SUSE Security Update: Security update for java-11-openjdk ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:4080-1 Rating: moderate References: #1203476 #1204468 #1204471 #1204472 #1204473 #1204475 #1204480 #1204523 Cross-References: CVE-2022-21618 CVE-2022-21619 CVE-2022-21624 CVE-2022-21626 CVE-2022-21628 CVE-2022-39399 CVSS scores: CVE-2022-21618 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVE-2022-21618 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVE-2022-21619 (NVD) : 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N CVE-2022-21619 (SUSE): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N CVE-2022-21624 (NVD) : 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N CVE-2022-21624 (SUSE): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N CVE-2022-21626 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2022-21626 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2022-21628 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2022-21628 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2022-39399 (NVD) : 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N CVE-2022-39399 (SUSE): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N Affected Products: SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that solves 6 vulnerabilities and has two fixes is now available. Description: This update for java-11-openjdk fixes the following issues: - Update to jdk-11.0.17+8 (October 2022 CPU) - CVE-2022-39399: Improve HTTP/2 client usage(bsc#1204480) - CVE-2022-21628: Better HttpServer service (bsc#1204472) - CVE-2022-21624: Enhance icon presentations (bsc#1204475) - CVE-2022-21619: Improve NTLM support (bsc#1204473) - CVE-2022-21626: Key X509 usages (bsc#1204471) - CVE-2022-21618: Wider MultiByte (bsc#1204468) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-4080=1 Package List: - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): java-11-openjdk-11.0.17.0-3.49.2 java-11-openjdk-debugsource-11.0.17.0-3.49.2 java-11-openjdk-demo-11.0.17.0-3.49.2 java-11-openjdk-devel-11.0.17.0-3.49.2 java-11-openjdk-headless-11.0.17.0-3.49.2 References: https://www.suse.com/security/cve/CVE-2022-21618.html https://www.suse.com/security/cve/CVE-2022-21619.html https://www.suse.com/security/cve/CVE-2022-21624.html https://www.suse.com/security/cve/CVE-2022-21626.html https://www.suse.com/security/cve/CVE-2022-21628.html https://www.suse.com/security/cve/CVE-2022-39399.html https://bugzilla.suse.com/1203476 https://bugzilla.suse.com/1204468 https://bugzilla.suse.com/1204471 https://bugzilla.suse.com/1204472 https://bugzilla.suse.com/1204473 https://bugzilla.suse.com/1204475 https://bugzilla.suse.com/1204480 https://bugzilla.suse.com/1204523 From sle-updates at lists.suse.com Fri Nov 18 20:36:41 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 18 Nov 2022 21:36:41 +0100 (CET) Subject: SUSE-SU-2022:4079-1: moderate: Security update for java-17-openjdk Message-ID: <20221118203641.DD9D2F3E2@maintenance.suse.de> SUSE Security Update: Security update for java-17-openjdk ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:4079-1 Rating: moderate References: #1203476 #1204468 #1204472 #1204473 #1204475 #1204480 Cross-References: CVE-2022-21618 CVE-2022-21619 CVE-2022-21624 CVE-2022-21628 CVE-2022-39399 CVSS scores: CVE-2022-21618 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVE-2022-21618 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVE-2022-21619 (NVD) : 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N CVE-2022-21619 (SUSE): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N CVE-2022-21624 (NVD) : 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N CVE-2022-21624 (SUSE): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N CVE-2022-21628 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2022-21628 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2022-39399 (NVD) : 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N CVE-2022-39399 (SUSE): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that solves 5 vulnerabilities and has one errata is now available. Description: This update for java-17-openjdk fixes the following issues: - Update to jdk-17.0.5+8 (October 2022 CPU) - CVE-2022-39399: Improve HTTP/2 client usage(bsc#1204480) - CVE-2022-21628: Better HttpServer service (bsc#1204472) - CVE-2022-21624: Enhance icon presentations (bsc#1204475) - CVE-2022-21619: Improve NTLM support (bsc#1204473) - CVE-2022-21618: Wider MultiByte (bsc#1204468) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-4079=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-4079=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): java-17-openjdk-17.0.5.0-150400.3.6.1 java-17-openjdk-accessibility-17.0.5.0-150400.3.6.1 java-17-openjdk-accessibility-debuginfo-17.0.5.0-150400.3.6.1 java-17-openjdk-debuginfo-17.0.5.0-150400.3.6.1 java-17-openjdk-debugsource-17.0.5.0-150400.3.6.1 java-17-openjdk-demo-17.0.5.0-150400.3.6.1 java-17-openjdk-devel-17.0.5.0-150400.3.6.1 java-17-openjdk-devel-debuginfo-17.0.5.0-150400.3.6.1 java-17-openjdk-headless-17.0.5.0-150400.3.6.1 java-17-openjdk-headless-debuginfo-17.0.5.0-150400.3.6.1 java-17-openjdk-jmods-17.0.5.0-150400.3.6.1 java-17-openjdk-src-17.0.5.0-150400.3.6.1 - openSUSE Leap 15.4 (noarch): java-17-openjdk-javadoc-17.0.5.0-150400.3.6.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): java-17-openjdk-17.0.5.0-150400.3.6.1 java-17-openjdk-debuginfo-17.0.5.0-150400.3.6.1 java-17-openjdk-debugsource-17.0.5.0-150400.3.6.1 java-17-openjdk-demo-17.0.5.0-150400.3.6.1 java-17-openjdk-devel-17.0.5.0-150400.3.6.1 java-17-openjdk-devel-debuginfo-17.0.5.0-150400.3.6.1 java-17-openjdk-headless-17.0.5.0-150400.3.6.1 java-17-openjdk-headless-debuginfo-17.0.5.0-150400.3.6.1 References: https://www.suse.com/security/cve/CVE-2022-21618.html https://www.suse.com/security/cve/CVE-2022-21619.html https://www.suse.com/security/cve/CVE-2022-21624.html https://www.suse.com/security/cve/CVE-2022-21628.html https://www.suse.com/security/cve/CVE-2022-39399.html https://bugzilla.suse.com/1203476 https://bugzilla.suse.com/1204468 https://bugzilla.suse.com/1204472 https://bugzilla.suse.com/1204473 https://bugzilla.suse.com/1204475 https://bugzilla.suse.com/1204480 From sle-updates at lists.suse.com Fri Nov 18 20:37:50 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 18 Nov 2022 21:37:50 +0100 (CET) Subject: SUSE-SU-2022:4113-1: important: Security update for the Linux Kernel (Live Patch 0 for SLE 15 SP4) Message-ID: <20221118203750.842E1F3E2@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 0 for SLE 15 SP4) ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:4113-1 Rating: important References: #1200058 #1202087 #1202685 #1203613 #1204170 #1204289 #1204381 Cross-References: CVE-2021-33655 CVE-2022-1882 CVE-2022-2588 CVE-2022-2959 CVE-2022-42703 CVE-2022-42722 CVSS scores: CVE-2021-33655 (NVD) : 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2021-33655 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-1882 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-1882 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-2588 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-2959 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-2959 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-42703 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-42703 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-42722 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-42722 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Live Patching 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 ______________________________________________________________________________ An update that solves 6 vulnerabilities and has one errata is now available. Description: This update for the Linux Kernel 5.14.21-150400_22 fixes several issues. The following security issues were fixed: - CVE-2021-33655: Fixed out of bounds write with ioctl FBIOPUT_VSCREENINFO (bnc#1201635). - CVE-2022-1882: Fixed a use-after-free flaw in free_pipe_info() that could allow a local user to crash or potentially escalate their privileges on the system (bsc#1199904). - CVE-2022-2588: Fixed use-after-free in cls_route (bsc#1202096). - CVE-2022-2959: Fixed a race condition that was found inside the watch queue due to a missing lock in pipe_resize_ring() (bnc#1202681). - CVE-2022-42703: Fixed use-after-free in mm/rmap.c related to leaf anon_vma double reuse (bnc#1204168). - CVE-2022-42722: Fixed crash in beacon protection for P2P-device. (bsc#1204125) - Fixed incorrect handling of empty arguments array in execve() (bsc#1200571). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Live Patching 15-SP4: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2022-4113=1 Package List: - SUSE Linux Enterprise Module for Live Patching 15-SP4 (ppc64le s390x x86_64): kernel-livepatch-5_14_21-150400_22-default-8-150400.4.21.1 kernel-livepatch-5_14_21-150400_22-default-debuginfo-8-150400.4.21.1 kernel-livepatch-SLE15-SP4_Update_0-debugsource-8-150400.4.21.1 References: https://www.suse.com/security/cve/CVE-2021-33655.html https://www.suse.com/security/cve/CVE-2022-1882.html https://www.suse.com/security/cve/CVE-2022-2588.html https://www.suse.com/security/cve/CVE-2022-2959.html https://www.suse.com/security/cve/CVE-2022-42703.html https://www.suse.com/security/cve/CVE-2022-42722.html https://bugzilla.suse.com/1200058 https://bugzilla.suse.com/1202087 https://bugzilla.suse.com/1202685 https://bugzilla.suse.com/1203613 https://bugzilla.suse.com/1204170 https://bugzilla.suse.com/1204289 https://bugzilla.suse.com/1204381 From sle-updates at lists.suse.com Fri Nov 18 20:39:09 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 18 Nov 2022 21:39:09 +0100 (CET) Subject: SUSE-SU-2022:4084-1: important: Security update for nodejs16 Message-ID: <20221118203909.927A0F3E2@maintenance.suse.de> SUSE Security Update: Security update for nodejs16 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:4084-1 Rating: important References: #1205119 Cross-References: CVE-2022-43548 CVSS scores: CVE-2022-43548 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Affected Products: SUSE Enterprise Storage 7.1 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Module for Web Scripting 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for nodejs16 fixes the following issues: - Update to LTS versino 16.18.1. - CVE-2022-43548: Fixed DNS rebinding in --inspect via invalid octal IP address (bsc#1205119). - Update to LTS version 16.18.0: * http: throw error on content-length mismatch * stream: add ReadableByteStream.tee() * deps: npm updated to 8.19.2 Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-4084=1 - SUSE Linux Enterprise Module for Web Scripting 15-SP3: zypper in -t patch SUSE-SLE-Module-Web-Scripting-15-SP3-2022-4084=1 Package List: - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): nodejs16-16.18.1-150300.7.15.1 nodejs16-debuginfo-16.18.1-150300.7.15.1 nodejs16-debugsource-16.18.1-150300.7.15.1 nodejs16-devel-16.18.1-150300.7.15.1 npm16-16.18.1-150300.7.15.1 - openSUSE Leap 15.3 (noarch): nodejs16-docs-16.18.1-150300.7.15.1 - SUSE Linux Enterprise Module for Web Scripting 15-SP3 (aarch64 ppc64le s390x x86_64): nodejs16-16.18.1-150300.7.15.1 nodejs16-debuginfo-16.18.1-150300.7.15.1 nodejs16-debugsource-16.18.1-150300.7.15.1 nodejs16-devel-16.18.1-150300.7.15.1 npm16-16.18.1-150300.7.15.1 - SUSE Linux Enterprise Module for Web Scripting 15-SP3 (noarch): nodejs16-docs-16.18.1-150300.7.15.1 References: https://www.suse.com/security/cve/CVE-2022-43548.html https://bugzilla.suse.com/1205119 From sle-updates at lists.suse.com Fri Nov 18 23:23:30 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 19 Nov 2022 00:23:30 +0100 (CET) Subject: SUSE-SU-2022:4112-1: important: Security update for the Linux Kernel (Live Patch 31 for SLE 15 SP1) Message-ID: <20221118232330.54F88F457@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 31 for SLE 15 SP1) ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:4112-1 Rating: important References: #1202087 #1203613 #1204170 #1204381 Cross-References: CVE-2021-33655 CVE-2022-2588 CVE-2022-42703 CVSS scores: CVE-2021-33655 (NVD) : 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2021-33655 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-2588 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-42703 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-42703 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP1 SUSE Linux Enterprise High Performance Computing 15-SP2 SUSE Linux Enterprise Live Patching 12-SP4 SUSE Linux Enterprise Live Patching 12-SP5 SUSE Linux Enterprise Module for Live Patching 15-SP1 SUSE Linux Enterprise Module for Live Patching 15-SP2 SUSE Linux Enterprise Server 15-SP1 SUSE Linux Enterprise Server 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP1 SUSE Linux Enterprise Server for SAP Applications 15-SP2 ______________________________________________________________________________ An update that solves three vulnerabilities and has one errata is now available. Description: This update for the Linux Kernel 4.12.14-150100_197_114 fixes several issues. The following security issues were fixed: - CVE-2021-33655: Fixed out of bounds write with ioctl FBIOPUT_VSCREENINFO (bnc#1201635). - CVE-2022-2588: Fixed use-after-free in cls_route (bsc#1202096). - CVE-2022-42703: Fixed use-after-free in mm/rmap.c related to leaf anon_vma double reuse (bnc#1204168). - Fixed incorrect handling of empty arguments array in execve() (bsc#1200571). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Live Patching 15-SP2: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP2-2022-4092=1 SUSE-SLE-Module-Live-Patching-15-SP2-2022-4093=1 SUSE-SLE-Module-Live-Patching-15-SP2-2022-4094=1 SUSE-SLE-Module-Live-Patching-15-SP2-2022-4095=1 SUSE-SLE-Module-Live-Patching-15-SP2-2022-4096=1 SUSE-SLE-Module-Live-Patching-15-SP2-2022-4097=1 SUSE-SLE-Module-Live-Patching-15-SP2-2022-4098=1 - SUSE Linux Enterprise Module for Live Patching 15-SP1: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP1-2022-4086=1 SUSE-SLE-Module-Live-Patching-15-SP1-2022-4087=1 SUSE-SLE-Module-Live-Patching-15-SP1-2022-4088=1 SUSE-SLE-Module-Live-Patching-15-SP1-2022-4089=1 SUSE-SLE-Module-Live-Patching-15-SP1-2022-4090=1 - SUSE Linux Enterprise Live Patching 12-SP5: zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2022-4091=1 SUSE-SLE-Live-Patching-12-SP5-2022-4111=1 SUSE-SLE-Live-Patching-12-SP5-2022-4112=1 SUSE-SLE-Live-Patching-12-SP5-2022-4119=1 SUSE-SLE-Live-Patching-12-SP5-2022-4120=1 SUSE-SLE-Live-Patching-12-SP5-2022-4121=1 SUSE-SLE-Live-Patching-12-SP5-2022-4122=1 SUSE-SLE-Live-Patching-12-SP5-2022-4123=1 - SUSE Linux Enterprise Live Patching 12-SP4: zypper in -t patch SUSE-SLE-Live-Patching-12-SP4-2022-4114=1 SUSE-SLE-Live-Patching-12-SP4-2022-4115=1 SUSE-SLE-Live-Patching-12-SP4-2022-4116=1 SUSE-SLE-Live-Patching-12-SP4-2022-4117=1 SUSE-SLE-Live-Patching-12-SP4-2022-4118=1 Package List: - SUSE Linux Enterprise Module for Live Patching 15-SP2 (ppc64le s390x x86_64): kernel-livepatch-5_3_18-150200_24_112-default-10-150200.2.2 kernel-livepatch-5_3_18-150200_24_112-default-debuginfo-10-150200.2.2 kernel-livepatch-5_3_18-150200_24_115-default-8-150200.2.1 kernel-livepatch-5_3_18-150200_24_115-default-debuginfo-8-150200.2.1 kernel-livepatch-5_3_18-24_102-default-15-150200.2.2 kernel-livepatch-5_3_18-24_102-default-debuginfo-15-150200.2.2 kernel-livepatch-5_3_18-24_107-default-14-150200.2.2 kernel-livepatch-5_3_18-24_107-default-debuginfo-14-150200.2.2 kernel-livepatch-5_3_18-24_93-default-18-150200.2.2 kernel-livepatch-5_3_18-24_93-default-debuginfo-18-150200.2.2 kernel-livepatch-5_3_18-24_96-default-17-150200.2.2 kernel-livepatch-5_3_18-24_96-default-debuginfo-17-150200.2.2 kernel-livepatch-5_3_18-24_99-default-16-150200.2.2 kernel-livepatch-5_3_18-24_99-default-debuginfo-16-150200.2.2 kernel-livepatch-SLE15-SP2_Update_21-debugsource-18-150200.2.2 kernel-livepatch-SLE15-SP2_Update_22-debugsource-17-150200.2.2 kernel-livepatch-SLE15-SP2_Update_23-debugsource-16-150200.2.2 kernel-livepatch-SLE15-SP2_Update_24-debugsource-15-150200.2.2 kernel-livepatch-SLE15-SP2_Update_26-debugsource-10-150200.2.2 kernel-livepatch-SLE15-SP2_Update_27-debugsource-8-150200.2.1 - SUSE Linux Enterprise Module for Live Patching 15-SP2 (ppc64le x86_64): kernel-livepatch-SLE15-SP2_Update_25-debugsource-14-150200.2.2 - SUSE Linux Enterprise Module for Live Patching 15-SP1 (ppc64le x86_64): kernel-livepatch-4_12_14-150100_197_111-default-9-150100.2.2 kernel-livepatch-4_12_14-150100_197_114-default-6-150100.2.1 kernel-livepatch-4_12_14-197_102-default-15-150100.2.2 kernel-livepatch-4_12_14-197_105-default-11-150100.2.2 kernel-livepatch-4_12_14-197_108-default-10-150100.2.2 - SUSE Linux Enterprise Live Patching 12-SP5 (ppc64le s390x x86_64): kgraft-patch-4_12_14-122_103-default-16-2.2 kgraft-patch-4_12_14-122_106-default-14-2.2 kgraft-patch-4_12_14-122_110-default-12-2.2 kgraft-patch-4_12_14-122_113-default-11-2.2 kgraft-patch-4_12_14-122_116-default-9-2.2 kgraft-patch-4_12_14-122_121-default-7-2.2 kgraft-patch-4_12_14-122_124-default-6-2.1 kgraft-patch-4_12_14-122_98-default-16-2.2 - SUSE Linux Enterprise Live Patching 12-SP4 (ppc64le s390x x86_64): kgraft-patch-4_12_14-95_83-default-15-2.2 kgraft-patch-4_12_14-95_88-default-11-2.2 kgraft-patch-4_12_14-95_93-default-10-2.2 kgraft-patch-4_12_14-95_96-default-9-2.2 kgraft-patch-4_12_14-95_99-default-6-2.1 References: https://www.suse.com/security/cve/CVE-2021-33655.html https://www.suse.com/security/cve/CVE-2022-2588.html https://www.suse.com/security/cve/CVE-2022-42703.html https://bugzilla.suse.com/1202087 https://bugzilla.suse.com/1203613 https://bugzilla.suse.com/1204170 https://bugzilla.suse.com/1204381 From sle-updates at lists.suse.com Fri Nov 18 23:25:51 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 19 Nov 2022 00:25:51 +0100 (CET) Subject: SUSE-SU-2022:4129-1: important: Security update for the Linux Kernel (Live Patch 30 for SLE 15) Message-ID: <20221118232551.8F90FF457@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 30 for SLE 15) ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:4129-1 Rating: important References: #1201742 #1201752 #1202087 #1203613 #1204170 #1204381 Cross-References: CVE-2020-36557 CVE-2020-36558 CVE-2021-33655 CVE-2022-2588 CVE-2022-42703 CVSS scores: CVE-2020-36557 (NVD) : 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2020-36557 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2020-36558 (NVD) : 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2020-36558 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-33655 (NVD) : 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2021-33655 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-2588 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-42703 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-42703 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise High Performance Computing 15 SUSE Linux Enterprise Module for Live Patching 15 SUSE Linux Enterprise Server 15 SUSE Linux Enterprise Server for SAP Applications 15 ______________________________________________________________________________ An update that solves 5 vulnerabilities and has one errata is now available. Description: This update for the Linux Kernel 4.12.14-150000_150_92 fixes several issues. The following security issues were fixed: - CVE-2020-36557: Fixed a race condition between the VT_DISALLOCATE ioctl and closing/opening of ttys that could have led to a use-after-free (bnc#1201429). - CVE-2020-36558: Fixed a race condition involving VT_RESIZEX which could lead to a NULL pointer dereference and general protection fault (bnc#1200910). - CVE-2021-33655: Fixed out of bounds write with ioctl FBIOPUT_VSCREENINFO (bnc#1201635). - CVE-2022-2588: Fixed use-after-free in cls_route (bsc#1202096). - CVE-2022-42703: Fixed use-after-free in mm/rmap.c related to leaf anon_vma double reuse (bnc#1204168). - Fixed incorrect handling of empty arguments array in execve() (bsc#1200571). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Live Patching 15: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-2022-4125=1 SUSE-SLE-Module-Live-Patching-15-2022-4126=1 SUSE-SLE-Module-Live-Patching-15-2022-4127=1 SUSE-SLE-Module-Live-Patching-15-2022-4128=1 SUSE-SLE-Module-Live-Patching-15-2022-4129=1 Package List: - SUSE Linux Enterprise Module for Live Patching 15 (ppc64le x86_64): kernel-livepatch-4_12_14-150000_150_89-default-9-150000.2.2 kernel-livepatch-4_12_14-150000_150_89-default-debuginfo-9-150000.2.2 kernel-livepatch-4_12_14-150000_150_92-default-6-150000.2.1 kernel-livepatch-4_12_14-150000_150_92-default-debuginfo-6-150000.2.1 kernel-livepatch-4_12_14-150_78-default-15-150000.2.2 kernel-livepatch-4_12_14-150_78-default-debuginfo-15-150000.2.2 kernel-livepatch-4_12_14-150_83-default-11-150000.2.2 kernel-livepatch-4_12_14-150_83-default-debuginfo-11-150000.2.2 kernel-livepatch-4_12_14-150_86-default-10-150000.2.2 kernel-livepatch-4_12_14-150_86-default-debuginfo-10-150000.2.2 References: https://www.suse.com/security/cve/CVE-2020-36557.html https://www.suse.com/security/cve/CVE-2020-36558.html https://www.suse.com/security/cve/CVE-2021-33655.html https://www.suse.com/security/cve/CVE-2022-2588.html https://www.suse.com/security/cve/CVE-2022-42703.html https://bugzilla.suse.com/1201742 https://bugzilla.suse.com/1201752 https://bugzilla.suse.com/1202087 https://bugzilla.suse.com/1203613 https://bugzilla.suse.com/1204170 https://bugzilla.suse.com/1204381 From sle-updates at lists.suse.com Fri Nov 18 23:27:17 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 19 Nov 2022 00:27:17 +0100 (CET) Subject: SUSE-SU-2022:4130-1: important: Security update for frr Message-ID: <20221118232718.06D86F457@maintenance.suse.de> SUSE Security Update: Security update for frr ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:4130-1 Rating: important References: #1202085 #1204124 Cross-References: CVE-2022-37035 CVE-2022-42917 CVSS scores: CVE-2022-37035 (NVD) : 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-37035 (SUSE): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Enterprise Storage 7.1 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Server Applications 15-SP3 SUSE Linux Enterprise Module for Server Applications 15-SP4 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.2 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.2 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.2 SUSE Manager Server 4.3 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for frr fixes the following issues: - CVE-2022-37035: Fixed a possible use-after-free due to a race condition related to bgp_notify_send_with_data() and bgp_process_packet() (bsc#1202085). - CVE-2022-42917: Fixed a privilege escalation from frr to root in frr config creation (bsc#1204124). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-4130=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-4130=1 - SUSE Linux Enterprise Module for Server Applications 15-SP4: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP4-2022-4130=1 - SUSE Linux Enterprise Module for Server Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP3-2022-4130=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): frr-7.4-150300.4.10.1 frr-debuginfo-7.4-150300.4.10.1 frr-debugsource-7.4-150300.4.10.1 frr-devel-7.4-150300.4.10.1 libfrr0-7.4-150300.4.10.1 libfrr0-debuginfo-7.4-150300.4.10.1 libfrr_pb0-7.4-150300.4.10.1 libfrr_pb0-debuginfo-7.4-150300.4.10.1 libfrrcares0-7.4-150300.4.10.1 libfrrcares0-debuginfo-7.4-150300.4.10.1 libfrrfpm_pb0-7.4-150300.4.10.1 libfrrfpm_pb0-debuginfo-7.4-150300.4.10.1 libfrrgrpc_pb0-7.4-150300.4.10.1 libfrrgrpc_pb0-debuginfo-7.4-150300.4.10.1 libfrrospfapiclient0-7.4-150300.4.10.1 libfrrospfapiclient0-debuginfo-7.4-150300.4.10.1 libfrrsnmp0-7.4-150300.4.10.1 libfrrsnmp0-debuginfo-7.4-150300.4.10.1 libfrrzmq0-7.4-150300.4.10.1 libfrrzmq0-debuginfo-7.4-150300.4.10.1 libmlag_pb0-7.4-150300.4.10.1 libmlag_pb0-debuginfo-7.4-150300.4.10.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): frr-7.4-150300.4.10.1 frr-debuginfo-7.4-150300.4.10.1 frr-debugsource-7.4-150300.4.10.1 frr-devel-7.4-150300.4.10.1 libfrr0-7.4-150300.4.10.1 libfrr0-debuginfo-7.4-150300.4.10.1 libfrr_pb0-7.4-150300.4.10.1 libfrr_pb0-debuginfo-7.4-150300.4.10.1 libfrrcares0-7.4-150300.4.10.1 libfrrcares0-debuginfo-7.4-150300.4.10.1 libfrrfpm_pb0-7.4-150300.4.10.1 libfrrfpm_pb0-debuginfo-7.4-150300.4.10.1 libfrrgrpc_pb0-7.4-150300.4.10.1 libfrrgrpc_pb0-debuginfo-7.4-150300.4.10.1 libfrrospfapiclient0-7.4-150300.4.10.1 libfrrospfapiclient0-debuginfo-7.4-150300.4.10.1 libfrrsnmp0-7.4-150300.4.10.1 libfrrsnmp0-debuginfo-7.4-150300.4.10.1 libfrrzmq0-7.4-150300.4.10.1 libfrrzmq0-debuginfo-7.4-150300.4.10.1 libmlag_pb0-7.4-150300.4.10.1 libmlag_pb0-debuginfo-7.4-150300.4.10.1 - SUSE Linux Enterprise Module for Server Applications 15-SP4 (aarch64 ppc64le s390x x86_64): frr-7.4-150300.4.10.1 frr-debuginfo-7.4-150300.4.10.1 frr-debugsource-7.4-150300.4.10.1 frr-devel-7.4-150300.4.10.1 libfrr0-7.4-150300.4.10.1 libfrr0-debuginfo-7.4-150300.4.10.1 libfrr_pb0-7.4-150300.4.10.1 libfrr_pb0-debuginfo-7.4-150300.4.10.1 libfrrcares0-7.4-150300.4.10.1 libfrrcares0-debuginfo-7.4-150300.4.10.1 libfrrfpm_pb0-7.4-150300.4.10.1 libfrrfpm_pb0-debuginfo-7.4-150300.4.10.1 libfrrgrpc_pb0-7.4-150300.4.10.1 libfrrgrpc_pb0-debuginfo-7.4-150300.4.10.1 libfrrospfapiclient0-7.4-150300.4.10.1 libfrrospfapiclient0-debuginfo-7.4-150300.4.10.1 libfrrsnmp0-7.4-150300.4.10.1 libfrrsnmp0-debuginfo-7.4-150300.4.10.1 libfrrzmq0-7.4-150300.4.10.1 libfrrzmq0-debuginfo-7.4-150300.4.10.1 libmlag_pb0-7.4-150300.4.10.1 libmlag_pb0-debuginfo-7.4-150300.4.10.1 - SUSE Linux Enterprise Module for Server Applications 15-SP3 (aarch64 ppc64le s390x x86_64): frr-7.4-150300.4.10.1 frr-debuginfo-7.4-150300.4.10.1 frr-debugsource-7.4-150300.4.10.1 frr-devel-7.4-150300.4.10.1 libfrr0-7.4-150300.4.10.1 libfrr0-debuginfo-7.4-150300.4.10.1 libfrr_pb0-7.4-150300.4.10.1 libfrr_pb0-debuginfo-7.4-150300.4.10.1 libfrrcares0-7.4-150300.4.10.1 libfrrcares0-debuginfo-7.4-150300.4.10.1 libfrrfpm_pb0-7.4-150300.4.10.1 libfrrfpm_pb0-debuginfo-7.4-150300.4.10.1 libfrrgrpc_pb0-7.4-150300.4.10.1 libfrrgrpc_pb0-debuginfo-7.4-150300.4.10.1 libfrrospfapiclient0-7.4-150300.4.10.1 libfrrospfapiclient0-debuginfo-7.4-150300.4.10.1 libfrrsnmp0-7.4-150300.4.10.1 libfrrsnmp0-debuginfo-7.4-150300.4.10.1 libfrrzmq0-7.4-150300.4.10.1 libfrrzmq0-debuginfo-7.4-150300.4.10.1 libmlag_pb0-7.4-150300.4.10.1 libmlag_pb0-debuginfo-7.4-150300.4.10.1 References: https://www.suse.com/security/cve/CVE-2022-37035.html https://www.suse.com/security/cve/CVE-2022-42917.html https://bugzilla.suse.com/1202085 https://bugzilla.suse.com/1204124 From sle-updates at lists.suse.com Fri Nov 18 23:28:16 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 19 Nov 2022 00:28:16 +0100 (CET) Subject: SUSE-SU-2022:4124-1: Security update for 389-ds Message-ID: <20221118232816.BDA1BF457@maintenance.suse.de> SUSE Security Update: Security update for 389-ds ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:4124-1 Rating: low References: #1194119 #1204493 #1204748 #1205146 Cross-References: CVE-2021-45710 CVSS scores: CVE-2021-45710 (NVD) : 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-45710 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L Affected Products: SUSE Enterprise Storage 7.1 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Module for Server Applications 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 ______________________________________________________________________________ An update that solves one vulnerability and has three fixes is now available. Description: This update for 389-ds fixes the following issues: - CVE-2021-45710: Fixed tokio data race with memory corruption (bsc#1194119). - Update to version 2.0.16~git56.d15a0a7. - Failure to migrate from openldap if pwdPolicyChecker present (bsc#1205146). - Resolve issue with checklist post migration when dds is present (bsc#1204748). - Improve reliability of migrations from openldap when dynamic directory services is configured (bsc#1204493). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-4124=1 - SUSE Linux Enterprise Module for Server Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP3-2022-4124=1 Package List: - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): 389-ds-1.4.4.19~git59.136fc84-150300.3.27.1 389-ds-debuginfo-1.4.4.19~git59.136fc84-150300.3.27.1 389-ds-debugsource-1.4.4.19~git59.136fc84-150300.3.27.1 389-ds-devel-1.4.4.19~git59.136fc84-150300.3.27.1 389-ds-snmp-1.4.4.19~git59.136fc84-150300.3.27.1 389-ds-snmp-debuginfo-1.4.4.19~git59.136fc84-150300.3.27.1 lib389-1.4.4.19~git59.136fc84-150300.3.27.1 libsvrcore0-1.4.4.19~git59.136fc84-150300.3.27.1 libsvrcore0-debuginfo-1.4.4.19~git59.136fc84-150300.3.27.1 - SUSE Linux Enterprise Module for Server Applications 15-SP3 (aarch64 ppc64le s390x x86_64): 389-ds-1.4.4.19~git59.136fc84-150300.3.27.1 389-ds-debuginfo-1.4.4.19~git59.136fc84-150300.3.27.1 389-ds-debugsource-1.4.4.19~git59.136fc84-150300.3.27.1 389-ds-devel-1.4.4.19~git59.136fc84-150300.3.27.1 lib389-1.4.4.19~git59.136fc84-150300.3.27.1 libsvrcore0-1.4.4.19~git59.136fc84-150300.3.27.1 libsvrcore0-debuginfo-1.4.4.19~git59.136fc84-150300.3.27.1 References: https://www.suse.com/security/cve/CVE-2021-45710.html https://bugzilla.suse.com/1194119 https://bugzilla.suse.com/1204493 https://bugzilla.suse.com/1204748 https://bugzilla.suse.com/1205146 From sle-updates at lists.suse.com Sat Nov 19 08:27:27 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 19 Nov 2022 09:27:27 +0100 (CET) Subject: SUSE-CU-2022:3036-1: Security update of bci/dotnet-aspnet Message-ID: <20221119082727.2573BF3CC@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-aspnet ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3036-1 Container Tags : bci/dotnet-aspnet:3.1 , bci/dotnet-aspnet:3.1-42.32 , bci/dotnet-aspnet:3.1.30 , bci/dotnet-aspnet:3.1.30-42.32 Container Release : 42.32 Severity : important Type : security References : 1177460 1202324 1204179 1204649 1204968 1205156 CVE-2022-3821 ----------------------------------------------------------------- The container bci/dotnet-aspnet was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3999-1 Released: Tue Nov 15 17:08:04 2022 Summary: Security update for systemd Type: security Severity: moderate References: 1204179,1204968,CVE-2022-3821 This update for systemd fixes the following issues: - CVE-2022-3821: Fixed buffer overrun in format_timespan() function (bsc#1204968). - Import commit 0cd50eedcc0692c1f907b24424215f8db7d3b428 * 0469b9f2bc pstore: do not try to load all known pstore modules * ad05f54439 pstore: Run after modules are loaded * ccad817445 core: Add trigger limit for path units * 281d818fe3 core/mount: also add default before dependency for automount mount units * ffe5b4afa8 logind: fix crash in logind on user-specified message string - Document udev naming scheme (bsc#1204179) - Make 'sle15-sp3' net naming scheme still available for backward compatibility reason ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4066-1 Released: Fri Nov 18 10:43:00 2022 Summary: Recommended update for timezone Type: recommended Severity: important References: 1177460,1202324,1204649,1205156 This update for timezone fixes the following issues: Update timezone version from 2022a to 2022f (bsc#1177460, bsc#1204649, bsc#1205156): - Mexico will no longer observe DST except near the US border - Chihuahua moves to year-round -06 on 2022-10-30 - Fiji no longer observes DST - In vanguard form, GMT is now a Zone and Etc/GMT a link - zic now supports links to links, and vanguard form uses this - Simplify four Ontario zones - Fix a Y2438 bug when reading TZif data - Enable 64-bit time_t on 32-bit glibc platforms - Omit large-file support when no longer needed - Jordan and Syria switch from +02/+03 with DST to year-round +03 - Palestine transitions are now Saturdays at 02:00 - Simplify three Ukraine zones into one - Improve tzselect on intercontinental Zones - Chile's DST is delayed by a week in September 2022 (bsc#1202324) - Iran no longer observes DST after 2022 - Rename Europe/Kiev to Europe/Kyiv - New `zic -R` command option - Vanguard form now uses %z The following package changes have been done: - libsystemd0-249.12-150400.8.13.1 updated - timezone-2022f-150000.75.15.1 updated - container:sles15-image-15.0.0-27.14.16 updated From sle-updates at lists.suse.com Sat Nov 19 08:29:23 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 19 Nov 2022 09:29:23 +0100 (CET) Subject: SUSE-CU-2022:3037-1: Security update of bci/dotnet-aspnet Message-ID: <20221119082923.A97A5F3CC@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-aspnet ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3037-1 Container Tags : bci/dotnet-aspnet:5.0 , bci/dotnet-aspnet:5.0-27.47 , bci/dotnet-aspnet:5.0.17 , bci/dotnet-aspnet:5.0.17-27.47 Container Release : 27.47 Severity : important Type : security References : 1177460 1202324 1204179 1204649 1204968 1205156 CVE-2022-3821 ----------------------------------------------------------------- The container bci/dotnet-aspnet was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3999-1 Released: Tue Nov 15 17:08:04 2022 Summary: Security update for systemd Type: security Severity: moderate References: 1204179,1204968,CVE-2022-3821 This update for systemd fixes the following issues: - CVE-2022-3821: Fixed buffer overrun in format_timespan() function (bsc#1204968). - Import commit 0cd50eedcc0692c1f907b24424215f8db7d3b428 * 0469b9f2bc pstore: do not try to load all known pstore modules * ad05f54439 pstore: Run after modules are loaded * ccad817445 core: Add trigger limit for path units * 281d818fe3 core/mount: also add default before dependency for automount mount units * ffe5b4afa8 logind: fix crash in logind on user-specified message string - Document udev naming scheme (bsc#1204179) - Make 'sle15-sp3' net naming scheme still available for backward compatibility reason ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4066-1 Released: Fri Nov 18 10:43:00 2022 Summary: Recommended update for timezone Type: recommended Severity: important References: 1177460,1202324,1204649,1205156 This update for timezone fixes the following issues: Update timezone version from 2022a to 2022f (bsc#1177460, bsc#1204649, bsc#1205156): - Mexico will no longer observe DST except near the US border - Chihuahua moves to year-round -06 on 2022-10-30 - Fiji no longer observes DST - In vanguard form, GMT is now a Zone and Etc/GMT a link - zic now supports links to links, and vanguard form uses this - Simplify four Ontario zones - Fix a Y2438 bug when reading TZif data - Enable 64-bit time_t on 32-bit glibc platforms - Omit large-file support when no longer needed - Jordan and Syria switch from +02/+03 with DST to year-round +03 - Palestine transitions are now Saturdays at 02:00 - Simplify three Ukraine zones into one - Improve tzselect on intercontinental Zones - Chile's DST is delayed by a week in September 2022 (bsc#1202324) - Iran no longer observes DST after 2022 - Rename Europe/Kiev to Europe/Kyiv - New `zic -R` command option - Vanguard form now uses %z The following package changes have been done: - libsystemd0-249.12-150400.8.13.1 updated - timezone-2022f-150000.75.15.1 updated - container:sles15-image-15.0.0-27.14.16 updated From sle-updates at lists.suse.com Sat Nov 19 08:31:32 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 19 Nov 2022 09:31:32 +0100 (CET) Subject: SUSE-CU-2022:3038-1: Security update of bci/dotnet-aspnet Message-ID: <20221119083132.1B97FF3CC@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-aspnet ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3038-1 Container Tags : bci/dotnet-aspnet:6.0 , bci/dotnet-aspnet:6.0-22.47 , bci/dotnet-aspnet:6.0.9 , bci/dotnet-aspnet:6.0.9-22.47 Container Release : 22.47 Severity : important Type : security References : 1177460 1202324 1204179 1204649 1204968 1205156 CVE-2022-3821 ----------------------------------------------------------------- The container bci/dotnet-aspnet was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3999-1 Released: Tue Nov 15 17:08:04 2022 Summary: Security update for systemd Type: security Severity: moderate References: 1204179,1204968,CVE-2022-3821 This update for systemd fixes the following issues: - CVE-2022-3821: Fixed buffer overrun in format_timespan() function (bsc#1204968). - Import commit 0cd50eedcc0692c1f907b24424215f8db7d3b428 * 0469b9f2bc pstore: do not try to load all known pstore modules * ad05f54439 pstore: Run after modules are loaded * ccad817445 core: Add trigger limit for path units * 281d818fe3 core/mount: also add default before dependency for automount mount units * ffe5b4afa8 logind: fix crash in logind on user-specified message string - Document udev naming scheme (bsc#1204179) - Make 'sle15-sp3' net naming scheme still available for backward compatibility reason ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4066-1 Released: Fri Nov 18 10:43:00 2022 Summary: Recommended update for timezone Type: recommended Severity: important References: 1177460,1202324,1204649,1205156 This update for timezone fixes the following issues: Update timezone version from 2022a to 2022f (bsc#1177460, bsc#1204649, bsc#1205156): - Mexico will no longer observe DST except near the US border - Chihuahua moves to year-round -06 on 2022-10-30 - Fiji no longer observes DST - In vanguard form, GMT is now a Zone and Etc/GMT a link - zic now supports links to links, and vanguard form uses this - Simplify four Ontario zones - Fix a Y2438 bug when reading TZif data - Enable 64-bit time_t on 32-bit glibc platforms - Omit large-file support when no longer needed - Jordan and Syria switch from +02/+03 with DST to year-round +03 - Palestine transitions are now Saturdays at 02:00 - Simplify three Ukraine zones into one - Improve tzselect on intercontinental Zones - Chile's DST is delayed by a week in September 2022 (bsc#1202324) - Iran no longer observes DST after 2022 - Rename Europe/Kiev to Europe/Kyiv - New `zic -R` command option - Vanguard form now uses %z The following package changes have been done: - libsystemd0-249.12-150400.8.13.1 updated - timezone-2022f-150000.75.15.1 updated - container:sles15-image-15.0.0-27.14.16 updated From sle-updates at lists.suse.com Sat Nov 19 08:33:51 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 19 Nov 2022 09:33:51 +0100 (CET) Subject: SUSE-CU-2022:3039-1: Security update of bci/dotnet-sdk Message-ID: <20221119083351.E1CA2F3CC@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-sdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3039-1 Container Tags : bci/dotnet-sdk:3.1 , bci/dotnet-sdk:3.1-47.30 , bci/dotnet-sdk:3.1.30 , bci/dotnet-sdk:3.1.30-47.30 Container Release : 47.30 Severity : important Type : security References : 1177460 1202324 1204179 1204649 1204968 1205156 CVE-2022-3821 ----------------------------------------------------------------- The container bci/dotnet-sdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3999-1 Released: Tue Nov 15 17:08:04 2022 Summary: Security update for systemd Type: security Severity: moderate References: 1204179,1204968,CVE-2022-3821 This update for systemd fixes the following issues: - CVE-2022-3821: Fixed buffer overrun in format_timespan() function (bsc#1204968). - Import commit 0cd50eedcc0692c1f907b24424215f8db7d3b428 * 0469b9f2bc pstore: do not try to load all known pstore modules * ad05f54439 pstore: Run after modules are loaded * ccad817445 core: Add trigger limit for path units * 281d818fe3 core/mount: also add default before dependency for automount mount units * ffe5b4afa8 logind: fix crash in logind on user-specified message string - Document udev naming scheme (bsc#1204179) - Make 'sle15-sp3' net naming scheme still available for backward compatibility reason ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4066-1 Released: Fri Nov 18 10:43:00 2022 Summary: Recommended update for timezone Type: recommended Severity: important References: 1177460,1202324,1204649,1205156 This update for timezone fixes the following issues: Update timezone version from 2022a to 2022f (bsc#1177460, bsc#1204649, bsc#1205156): - Mexico will no longer observe DST except near the US border - Chihuahua moves to year-round -06 on 2022-10-30 - Fiji no longer observes DST - In vanguard form, GMT is now a Zone and Etc/GMT a link - zic now supports links to links, and vanguard form uses this - Simplify four Ontario zones - Fix a Y2438 bug when reading TZif data - Enable 64-bit time_t on 32-bit glibc platforms - Omit large-file support when no longer needed - Jordan and Syria switch from +02/+03 with DST to year-round +03 - Palestine transitions are now Saturdays at 02:00 - Simplify three Ukraine zones into one - Improve tzselect on intercontinental Zones - Chile's DST is delayed by a week in September 2022 (bsc#1202324) - Iran no longer observes DST after 2022 - Rename Europe/Kiev to Europe/Kyiv - New `zic -R` command option - Vanguard form now uses %z The following package changes have been done: - libsystemd0-249.12-150400.8.13.1 updated - timezone-2022f-150000.75.15.1 updated - container:sles15-image-15.0.0-27.14.16 updated From sle-updates at lists.suse.com Sat Nov 19 08:36:05 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 19 Nov 2022 09:36:05 +0100 (CET) Subject: SUSE-CU-2022:3040-1: Security update of bci/dotnet-sdk Message-ID: <20221119083605.867F7F3CC@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-sdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3040-1 Container Tags : bci/dotnet-sdk:6.0 , bci/dotnet-sdk:6.0-24.46 , bci/dotnet-sdk:6.0.9 , bci/dotnet-sdk:6.0.9-24.46 Container Release : 24.46 Severity : important Type : security References : 1177460 1202324 1204179 1204649 1204968 1205156 CVE-2022-3821 ----------------------------------------------------------------- The container bci/dotnet-sdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3999-1 Released: Tue Nov 15 17:08:04 2022 Summary: Security update for systemd Type: security Severity: moderate References: 1204179,1204968,CVE-2022-3821 This update for systemd fixes the following issues: - CVE-2022-3821: Fixed buffer overrun in format_timespan() function (bsc#1204968). - Import commit 0cd50eedcc0692c1f907b24424215f8db7d3b428 * 0469b9f2bc pstore: do not try to load all known pstore modules * ad05f54439 pstore: Run after modules are loaded * ccad817445 core: Add trigger limit for path units * 281d818fe3 core/mount: also add default before dependency for automount mount units * ffe5b4afa8 logind: fix crash in logind on user-specified message string - Document udev naming scheme (bsc#1204179) - Make 'sle15-sp3' net naming scheme still available for backward compatibility reason ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4066-1 Released: Fri Nov 18 10:43:00 2022 Summary: Recommended update for timezone Type: recommended Severity: important References: 1177460,1202324,1204649,1205156 This update for timezone fixes the following issues: Update timezone version from 2022a to 2022f (bsc#1177460, bsc#1204649, bsc#1205156): - Mexico will no longer observe DST except near the US border - Chihuahua moves to year-round -06 on 2022-10-30 - Fiji no longer observes DST - In vanguard form, GMT is now a Zone and Etc/GMT a link - zic now supports links to links, and vanguard form uses this - Simplify four Ontario zones - Fix a Y2438 bug when reading TZif data - Enable 64-bit time_t on 32-bit glibc platforms - Omit large-file support when no longer needed - Jordan and Syria switch from +02/+03 with DST to year-round +03 - Palestine transitions are now Saturdays at 02:00 - Simplify three Ukraine zones into one - Improve tzselect on intercontinental Zones - Chile's DST is delayed by a week in September 2022 (bsc#1202324) - Iran no longer observes DST after 2022 - Rename Europe/Kiev to Europe/Kyiv - New `zic -R` command option - Vanguard form now uses %z The following package changes have been done: - libsystemd0-249.12-150400.8.13.1 updated - timezone-2022f-150000.75.15.1 updated - container:sles15-image-15.0.0-27.14.16 updated From sle-updates at lists.suse.com Sat Nov 19 08:38:15 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 19 Nov 2022 09:38:15 +0100 (CET) Subject: SUSE-CU-2022:3041-1: Security update of bci/dotnet-runtime Message-ID: <20221119083815.AB204F3CC@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-runtime ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3041-1 Container Tags : bci/dotnet-runtime:3.1 , bci/dotnet-runtime:3.1-48.30 , bci/dotnet-runtime:3.1.30 , bci/dotnet-runtime:3.1.30-48.30 Container Release : 48.30 Severity : important Type : security References : 1177460 1202324 1204179 1204649 1204968 1205156 CVE-2022-3821 ----------------------------------------------------------------- The container bci/dotnet-runtime was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3999-1 Released: Tue Nov 15 17:08:04 2022 Summary: Security update for systemd Type: security Severity: moderate References: 1204179,1204968,CVE-2022-3821 This update for systemd fixes the following issues: - CVE-2022-3821: Fixed buffer overrun in format_timespan() function (bsc#1204968). - Import commit 0cd50eedcc0692c1f907b24424215f8db7d3b428 * 0469b9f2bc pstore: do not try to load all known pstore modules * ad05f54439 pstore: Run after modules are loaded * ccad817445 core: Add trigger limit for path units * 281d818fe3 core/mount: also add default before dependency for automount mount units * ffe5b4afa8 logind: fix crash in logind on user-specified message string - Document udev naming scheme (bsc#1204179) - Make 'sle15-sp3' net naming scheme still available for backward compatibility reason ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4066-1 Released: Fri Nov 18 10:43:00 2022 Summary: Recommended update for timezone Type: recommended Severity: important References: 1177460,1202324,1204649,1205156 This update for timezone fixes the following issues: Update timezone version from 2022a to 2022f (bsc#1177460, bsc#1204649, bsc#1205156): - Mexico will no longer observe DST except near the US border - Chihuahua moves to year-round -06 on 2022-10-30 - Fiji no longer observes DST - In vanguard form, GMT is now a Zone and Etc/GMT a link - zic now supports links to links, and vanguard form uses this - Simplify four Ontario zones - Fix a Y2438 bug when reading TZif data - Enable 64-bit time_t on 32-bit glibc platforms - Omit large-file support when no longer needed - Jordan and Syria switch from +02/+03 with DST to year-round +03 - Palestine transitions are now Saturdays at 02:00 - Simplify three Ukraine zones into one - Improve tzselect on intercontinental Zones - Chile's DST is delayed by a week in September 2022 (bsc#1202324) - Iran no longer observes DST after 2022 - Rename Europe/Kiev to Europe/Kyiv - New `zic -R` command option - Vanguard form now uses %z The following package changes have been done: - libsystemd0-249.12-150400.8.13.1 updated - timezone-2022f-150000.75.15.1 updated - container:sles15-image-15.0.0-27.14.16 updated From sle-updates at lists.suse.com Sat Nov 19 08:40:09 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 19 Nov 2022 09:40:09 +0100 (CET) Subject: SUSE-CU-2022:3042-1: Security update of bci/dotnet-runtime Message-ID: <20221119084009.22BD5F3CC@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-runtime ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3042-1 Container Tags : bci/dotnet-runtime:5.0 , bci/dotnet-runtime:5.0-34.46 , bci/dotnet-runtime:5.0.17 , bci/dotnet-runtime:5.0.17-34.46 Container Release : 34.46 Severity : important Type : security References : 1177460 1202324 1204179 1204649 1204968 1205156 CVE-2022-3821 ----------------------------------------------------------------- The container bci/dotnet-runtime was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3999-1 Released: Tue Nov 15 17:08:04 2022 Summary: Security update for systemd Type: security Severity: moderate References: 1204179,1204968,CVE-2022-3821 This update for systemd fixes the following issues: - CVE-2022-3821: Fixed buffer overrun in format_timespan() function (bsc#1204968). - Import commit 0cd50eedcc0692c1f907b24424215f8db7d3b428 * 0469b9f2bc pstore: do not try to load all known pstore modules * ad05f54439 pstore: Run after modules are loaded * ccad817445 core: Add trigger limit for path units * 281d818fe3 core/mount: also add default before dependency for automount mount units * ffe5b4afa8 logind: fix crash in logind on user-specified message string - Document udev naming scheme (bsc#1204179) - Make 'sle15-sp3' net naming scheme still available for backward compatibility reason ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4066-1 Released: Fri Nov 18 10:43:00 2022 Summary: Recommended update for timezone Type: recommended Severity: important References: 1177460,1202324,1204649,1205156 This update for timezone fixes the following issues: Update timezone version from 2022a to 2022f (bsc#1177460, bsc#1204649, bsc#1205156): - Mexico will no longer observe DST except near the US border - Chihuahua moves to year-round -06 on 2022-10-30 - Fiji no longer observes DST - In vanguard form, GMT is now a Zone and Etc/GMT a link - zic now supports links to links, and vanguard form uses this - Simplify four Ontario zones - Fix a Y2438 bug when reading TZif data - Enable 64-bit time_t on 32-bit glibc platforms - Omit large-file support when no longer needed - Jordan and Syria switch from +02/+03 with DST to year-round +03 - Palestine transitions are now Saturdays at 02:00 - Simplify three Ukraine zones into one - Improve tzselect on intercontinental Zones - Chile's DST is delayed by a week in September 2022 (bsc#1202324) - Iran no longer observes DST after 2022 - Rename Europe/Kiev to Europe/Kyiv - New `zic -R` command option - Vanguard form now uses %z The following package changes have been done: - libsystemd0-249.12-150400.8.13.1 updated - timezone-2022f-150000.75.15.1 updated - container:sles15-image-15.0.0-27.14.16 updated From sle-updates at lists.suse.com Sat Nov 19 08:41:57 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 19 Nov 2022 09:41:57 +0100 (CET) Subject: SUSE-CU-2022:3043-1: Security update of bci/dotnet-runtime Message-ID: <20221119084157.125BBF3CC@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-runtime ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3043-1 Container Tags : bci/dotnet-runtime:6.0 , bci/dotnet-runtime:6.0-21.46 , bci/dotnet-runtime:6.0.9 , bci/dotnet-runtime:6.0.9-21.46 Container Release : 21.46 Severity : important Type : security References : 1177460 1202324 1204179 1204649 1204968 1205156 CVE-2022-3821 ----------------------------------------------------------------- The container bci/dotnet-runtime was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3999-1 Released: Tue Nov 15 17:08:04 2022 Summary: Security update for systemd Type: security Severity: moderate References: 1204179,1204968,CVE-2022-3821 This update for systemd fixes the following issues: - CVE-2022-3821: Fixed buffer overrun in format_timespan() function (bsc#1204968). - Import commit 0cd50eedcc0692c1f907b24424215f8db7d3b428 * 0469b9f2bc pstore: do not try to load all known pstore modules * ad05f54439 pstore: Run after modules are loaded * ccad817445 core: Add trigger limit for path units * 281d818fe3 core/mount: also add default before dependency for automount mount units * ffe5b4afa8 logind: fix crash in logind on user-specified message string - Document udev naming scheme (bsc#1204179) - Make 'sle15-sp3' net naming scheme still available for backward compatibility reason ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4066-1 Released: Fri Nov 18 10:43:00 2022 Summary: Recommended update for timezone Type: recommended Severity: important References: 1177460,1202324,1204649,1205156 This update for timezone fixes the following issues: Update timezone version from 2022a to 2022f (bsc#1177460, bsc#1204649, bsc#1205156): - Mexico will no longer observe DST except near the US border - Chihuahua moves to year-round -06 on 2022-10-30 - Fiji no longer observes DST - In vanguard form, GMT is now a Zone and Etc/GMT a link - zic now supports links to links, and vanguard form uses this - Simplify four Ontario zones - Fix a Y2438 bug when reading TZif data - Enable 64-bit time_t on 32-bit glibc platforms - Omit large-file support when no longer needed - Jordan and Syria switch from +02/+03 with DST to year-round +03 - Palestine transitions are now Saturdays at 02:00 - Simplify three Ukraine zones into one - Improve tzselect on intercontinental Zones - Chile's DST is delayed by a week in September 2022 (bsc#1202324) - Iran no longer observes DST after 2022 - Rename Europe/Kiev to Europe/Kyiv - New `zic -R` command option - Vanguard form now uses %z The following package changes have been done: - libsystemd0-249.12-150400.8.13.1 updated - timezone-2022f-150000.75.15.1 updated - container:sles15-image-15.0.0-27.14.16 updated From sle-updates at lists.suse.com Sat Nov 19 08:44:59 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 19 Nov 2022 09:44:59 +0100 (CET) Subject: SUSE-CU-2022:3044-1: Security update of bci/golang Message-ID: <20221119084459.C9086F3CC@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3044-1 Container Tags : bci/golang:1.16 , bci/golang:1.16-30.88 Container Release : 30.88 Severity : important Type : security References : 1177460 1199944 1202324 1204179 1204649 1204968 1205156 CVE-2022-1664 CVE-2022-3821 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3999-1 Released: Tue Nov 15 17:08:04 2022 Summary: Security update for systemd Type: security Severity: moderate References: 1204179,1204968,CVE-2022-3821 This update for systemd fixes the following issues: - CVE-2022-3821: Fixed buffer overrun in format_timespan() function (bsc#1204968). - Import commit 0cd50eedcc0692c1f907b24424215f8db7d3b428 * 0469b9f2bc pstore: do not try to load all known pstore modules * ad05f54439 pstore: Run after modules are loaded * ccad817445 core: Add trigger limit for path units * 281d818fe3 core/mount: also add default before dependency for automount mount units * ffe5b4afa8 logind: fix crash in logind on user-specified message string - Document udev naming scheme (bsc#1204179) - Make 'sle15-sp3' net naming scheme still available for backward compatibility reason ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4066-1 Released: Fri Nov 18 10:43:00 2022 Summary: Recommended update for timezone Type: recommended Severity: important References: 1177460,1202324,1204649,1205156 This update for timezone fixes the following issues: Update timezone version from 2022a to 2022f (bsc#1177460, bsc#1204649, bsc#1205156): - Mexico will no longer observe DST except near the US border - Chihuahua moves to year-round -06 on 2022-10-30 - Fiji no longer observes DST - In vanguard form, GMT is now a Zone and Etc/GMT a link - zic now supports links to links, and vanguard form uses this - Simplify four Ontario zones - Fix a Y2438 bug when reading TZif data - Enable 64-bit time_t on 32-bit glibc platforms - Omit large-file support when no longer needed - Jordan and Syria switch from +02/+03 with DST to year-round +03 - Palestine transitions are now Saturdays at 02:00 - Simplify three Ukraine zones into one - Improve tzselect on intercontinental Zones - Chile's DST is delayed by a week in September 2022 (bsc#1202324) - Iran no longer observes DST after 2022 - Rename Europe/Kiev to Europe/Kyiv - New `zic -R` command option - Vanguard form now uses %z ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4081-1 Released: Fri Nov 18 15:40:46 2022 Summary: Security update for dpkg Type: security Severity: low References: 1199944,CVE-2022-1664 This update for dpkg fixes the following issues: - CVE-2022-1664: Fixed a directory traversal vulnerability in Dpkg::Source::Archive (bsc#1199944). The following package changes have been done: - libudev1-249.12-150400.8.13.1 updated - libsystemd0-249.12-150400.8.13.1 updated - timezone-2022f-150000.75.15.1 updated - update-alternatives-1.19.0.4-150000.4.4.1 updated - container:sles15-image-15.0.0-27.14.16 updated From sle-updates at lists.suse.com Sat Nov 19 08:46:14 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 19 Nov 2022 09:46:14 +0100 (CET) Subject: SUSE-CU-2022:3045-1: Security update of bci/nodejs Message-ID: <20221119084614.28454F3CC@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3045-1 Container Tags : bci/node:16 , bci/node:16-11.31 , bci/node:latest , bci/nodejs:16 , bci/nodejs:16-11.31 , bci/nodejs:latest Container Release : 11.31 Severity : important Type : security References : 1177460 1199944 1202324 1204179 1204649 1204968 1205119 1205156 CVE-2022-1664 CVE-2022-3821 CVE-2022-43548 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3999-1 Released: Tue Nov 15 17:08:04 2022 Summary: Security update for systemd Type: security Severity: moderate References: 1204179,1204968,CVE-2022-3821 This update for systemd fixes the following issues: - CVE-2022-3821: Fixed buffer overrun in format_timespan() function (bsc#1204968). - Import commit 0cd50eedcc0692c1f907b24424215f8db7d3b428 * 0469b9f2bc pstore: do not try to load all known pstore modules * ad05f54439 pstore: Run after modules are loaded * ccad817445 core: Add trigger limit for path units * 281d818fe3 core/mount: also add default before dependency for automount mount units * ffe5b4afa8 logind: fix crash in logind on user-specified message string - Document udev naming scheme (bsc#1204179) - Make 'sle15-sp3' net naming scheme still available for backward compatibility reason ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4003-1 Released: Tue Nov 15 17:09:53 2022 Summary: Security update for nodejs16 Type: security Severity: important References: 1205119,CVE-2022-43548 This update for nodejs16 fixes the following issues: - Update to LTS versino 16.18.1: - CVE-2022-43548: Fixed DNS rebinding in --inspect via invalid octal IP address (bsc#1205119). - Update to LTS version 16.18.0: * http: throw error on content-length mismatch * stream: add ReadableByteStream.tee() * deps: npm updated to 8.19.2 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4066-1 Released: Fri Nov 18 10:43:00 2022 Summary: Recommended update for timezone Type: recommended Severity: important References: 1177460,1202324,1204649,1205156 This update for timezone fixes the following issues: Update timezone version from 2022a to 2022f (bsc#1177460, bsc#1204649, bsc#1205156): - Mexico will no longer observe DST except near the US border - Chihuahua moves to year-round -06 on 2022-10-30 - Fiji no longer observes DST - In vanguard form, GMT is now a Zone and Etc/GMT a link - zic now supports links to links, and vanguard form uses this - Simplify four Ontario zones - Fix a Y2438 bug when reading TZif data - Enable 64-bit time_t on 32-bit glibc platforms - Omit large-file support when no longer needed - Jordan and Syria switch from +02/+03 with DST to year-round +03 - Palestine transitions are now Saturdays at 02:00 - Simplify three Ukraine zones into one - Improve tzselect on intercontinental Zones - Chile's DST is delayed by a week in September 2022 (bsc#1202324) - Iran no longer observes DST after 2022 - Rename Europe/Kiev to Europe/Kyiv - New `zic -R` command option - Vanguard form now uses %z ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4081-1 Released: Fri Nov 18 15:40:46 2022 Summary: Security update for dpkg Type: security Severity: low References: 1199944,CVE-2022-1664 This update for dpkg fixes the following issues: - CVE-2022-1664: Fixed a directory traversal vulnerability in Dpkg::Source::Archive (bsc#1199944). The following package changes have been done: - libudev1-249.12-150400.8.13.1 updated - libsystemd0-249.12-150400.8.13.1 updated - timezone-2022f-150000.75.15.1 updated - update-alternatives-1.19.0.4-150000.4.4.1 updated - nodejs16-16.18.1-150400.3.12.1 updated - npm16-16.18.1-150400.3.12.1 updated - container:sles15-image-15.0.0-27.14.16 updated From sle-updates at lists.suse.com Sat Nov 19 08:49:18 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 19 Nov 2022 09:49:18 +0100 (CET) Subject: SUSE-CU-2022:3046-1: Security update of bci/openjdk Message-ID: <20221119084918.031CFF3CC@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3046-1 Container Tags : bci/openjdk:11 , bci/openjdk:11-32.33 , bci/openjdk:latest Container Release : 32.33 Severity : important Type : security References : 1177460 1199944 1202324 1203476 1204468 1204471 1204472 1204473 1204475 1204480 1204523 1204649 1205156 CVE-2022-1664 CVE-2022-21618 CVE-2022-21619 CVE-2022-21624 CVE-2022-21626 CVE-2022-21628 CVE-2022-39399 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4066-1 Released: Fri Nov 18 10:43:00 2022 Summary: Recommended update for timezone Type: recommended Severity: important References: 1177460,1202324,1204649,1205156 This update for timezone fixes the following issues: Update timezone version from 2022a to 2022f (bsc#1177460, bsc#1204649, bsc#1205156): - Mexico will no longer observe DST except near the US border - Chihuahua moves to year-round -06 on 2022-10-30 - Fiji no longer observes DST - In vanguard form, GMT is now a Zone and Etc/GMT a link - zic now supports links to links, and vanguard form uses this - Simplify four Ontario zones - Fix a Y2438 bug when reading TZif data - Enable 64-bit time_t on 32-bit glibc platforms - Omit large-file support when no longer needed - Jordan and Syria switch from +02/+03 with DST to year-round +03 - Palestine transitions are now Saturdays at 02:00 - Simplify three Ukraine zones into one - Improve tzselect on intercontinental Zones - Chile's DST is delayed by a week in September 2022 (bsc#1202324) - Iran no longer observes DST after 2022 - Rename Europe/Kiev to Europe/Kyiv - New `zic -R` command option - Vanguard form now uses %z ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4078-1 Released: Fri Nov 18 15:34:17 2022 Summary: Security update for java-11-openjdk Type: security Severity: moderate References: 1203476,1204468,1204471,1204472,1204473,1204475,1204480,1204523,CVE-2022-21618,CVE-2022-21619,CVE-2022-21624,CVE-2022-21626,CVE-2022-21628,CVE-2022-39399 This update for java-11-openjdk fixes the following issues: - Update to jdk-11.0.17+8 (October 2022 CPU) - CVE-2022-39399: Improve HTTP/2 client usage(bsc#1204480) - CVE-2022-21628: Better HttpServer service (bsc#1204472) - CVE-2022-21624: Enhance icon presentations (bsc#1204475) - CVE-2022-21619: Improve NTLM support (bsc#1204473) - CVE-2022-21626: Key X509 usages (bsc#1204471) - CVE-2022-21618: Wider MultiByte (bsc#1204468) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4081-1 Released: Fri Nov 18 15:40:46 2022 Summary: Security update for dpkg Type: security Severity: low References: 1199944,CVE-2022-1664 This update for dpkg fixes the following issues: - CVE-2022-1664: Fixed a directory traversal vulnerability in Dpkg::Source::Archive (bsc#1199944). The following package changes have been done: - timezone-2022f-150000.75.15.1 updated - update-alternatives-1.19.0.4-150000.4.4.1 updated - java-11-openjdk-headless-11.0.17.0-150000.3.86.2 updated - java-11-openjdk-11.0.17.0-150000.3.86.2 updated - container:sles15-image-15.0.0-27.14.16 updated From sle-updates at lists.suse.com Sat Nov 19 08:51:54 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 19 Nov 2022 09:51:54 +0100 (CET) Subject: SUSE-CU-2022:3047-1: Security update of suse/pcp Message-ID: <20221119085154.2579AF3CC@maintenance.suse.de> SUSE Container Update Advisory: suse/pcp ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3047-1 Container Tags : suse/pcp:5 , suse/pcp:5.2 , suse/pcp:5.2.2 , suse/pcp:5.2.2-11.74 , suse/pcp:latest Container Release : 11.74 Severity : important Type : security References : 1177460 1199944 1202324 1204649 1205156 CVE-2022-1664 ----------------------------------------------------------------- The container suse/pcp was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4066-1 Released: Fri Nov 18 10:43:00 2022 Summary: Recommended update for timezone Type: recommended Severity: important References: 1177460,1202324,1204649,1205156 This update for timezone fixes the following issues: Update timezone version from 2022a to 2022f (bsc#1177460, bsc#1204649, bsc#1205156): - Mexico will no longer observe DST except near the US border - Chihuahua moves to year-round -06 on 2022-10-30 - Fiji no longer observes DST - In vanguard form, GMT is now a Zone and Etc/GMT a link - zic now supports links to links, and vanguard form uses this - Simplify four Ontario zones - Fix a Y2438 bug when reading TZif data - Enable 64-bit time_t on 32-bit glibc platforms - Omit large-file support when no longer needed - Jordan and Syria switch from +02/+03 with DST to year-round +03 - Palestine transitions are now Saturdays at 02:00 - Simplify three Ukraine zones into one - Improve tzselect on intercontinental Zones - Chile's DST is delayed by a week in September 2022 (bsc#1202324) - Iran no longer observes DST after 2022 - Rename Europe/Kiev to Europe/Kyiv - New `zic -R` command option - Vanguard form now uses %z ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4081-1 Released: Fri Nov 18 15:40:46 2022 Summary: Security update for dpkg Type: security Severity: low References: 1199944,CVE-2022-1664 This update for dpkg fixes the following issues: - CVE-2022-1664: Fixed a directory traversal vulnerability in Dpkg::Source::Archive (bsc#1199944). The following package changes have been done: - timezone-2022f-150000.75.15.1 updated - update-alternatives-1.19.0.4-150000.4.4.1 updated - container:bci-bci-init-15.4-15.4-24.33 updated From sle-updates at lists.suse.com Sat Nov 19 08:53:26 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 19 Nov 2022 09:53:26 +0100 (CET) Subject: SUSE-CU-2022:3048-1: Security update of bci/python Message-ID: <20221119085326.8713CF3CC@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3048-1 Container Tags : bci/python:3 , bci/python:3.10 , bci/python:3.10-7.31 , bci/python:latest Container Release : 7.31 Severity : important Type : security References : 1177460 1199944 1202324 1204179 1204649 1204886 1204968 1205156 1205244 CVE-2022-1664 CVE-2022-3821 CVE-2022-42919 CVE-2022-45061 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3999-1 Released: Tue Nov 15 17:08:04 2022 Summary: Security update for systemd Type: security Severity: moderate References: 1204179,1204968,CVE-2022-3821 This update for systemd fixes the following issues: - CVE-2022-3821: Fixed buffer overrun in format_timespan() function (bsc#1204968). - Import commit 0cd50eedcc0692c1f907b24424215f8db7d3b428 * 0469b9f2bc pstore: do not try to load all known pstore modules * ad05f54439 pstore: Run after modules are loaded * ccad817445 core: Add trigger limit for path units * 281d818fe3 core/mount: also add default before dependency for automount mount units * ffe5b4afa8 logind: fix crash in logind on user-specified message string - Document udev naming scheme (bsc#1204179) - Make 'sle15-sp3' net naming scheme still available for backward compatibility reason ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4004-1 Released: Tue Nov 15 17:10:13 2022 Summary: Security update for python310 Type: security Severity: important References: 1204886,1205244,CVE-2022-42919,CVE-2022-45061 This update for python310 fixes the following issues: Security fixes: - CVE-2022-42919: Fixed local privilege escalation via the multiprocessing forkserver start method (bsc#1204886). - CVE-2022-45061: Fixed a quadratic IDNA decoding time (bsc#1205244). Other fixes: - allow building of documentation with the latest Sphinx 5.3.0 (gh#python/cpython#98366). - Update to 3.10.8: - Fix multiplying a list by an integer (list *= int): detect the integer overflow when the new allocated length is close to the maximum size. - Fix a shell code injection vulnerability in the get-remote-certificate.py example script. The script no longer uses a shell to run openssl commands. (originally filed as CVE-2022-37460, later withdrawn) - Fix command line parsing: reject -X int_max_str_digits option with no value (invalid) when the PYTHONINTMAXSTRDIGITS environment variable is set to a valid limit. - When ValueError is raised if an integer is larger than the limit, mention the sys.set_int_max_str_digits() function in the error message. - The deprecated mailcap module now refuses to inject unsafe text (filenames, MIME types, parameters) into shell commands. Instead of using such text, it will warn and act as if a match was not found (or for test commands, as if the test failed). - os.sched_yield() now release the GIL while calling sched_yield(2). - Bugfix: PyFunction_GetAnnotations() should return a borrowed reference. It was returning a new reference. - Fixed a missing incref/decref pair in Exception.__setstate__(). - Fix overly-broad source position information for chained comparisons used as branching conditions. - Fix undefined behaviour in _testcapimodule.c. - At Python exit, sometimes a thread holding the GIL can wait forever for a thread (usually a daemon thread) which requested to drop the GIL, whereas the thread already exited. To fix the race condition, the thread which requested the GIL drop now resets its request before exiting. - Fix a possible assertion failure, fatal error, or SystemError if a line tracing event raises an exception while opcode tracing is enabled. - Fix undefined behaviour in C code of null pointer arithmetic. - Do not expose KeyWrapper in _functools. - When loading a file with invalid UTF-8 inside a multi-line string, a correct SyntaxError is emitted. - Disable incorrect pickling of the C implemented classmethod descriptors. - Fix AttributeError missing name and obj attributes in . object.__getattribute__() bpo-42316: Document some places . where an assignment expression needs parentheses . - Wrap network errors consistently in urllib FTP support, so the test suite doesn???t fail when a network is available but the public internet is not reachable. - Fixes AttributeError when subprocess.check_output() is used with argument input=None and either of the arguments encoding or errors are used. - Avoid spurious tracebacks from asyncio when default executor cleanup is delayed until after the event loop is closed (e.g. as the result of a keyboard interrupt). - Avoid a crash in the C version of asyncio.Future.remove_done_callback() when an evil argument is passed. - Remove tokenize.NL check from tabnanny. - Make Semaphore run faster. - Fix generation of the default name of tkinter.Checkbutton. Previously, checkbuttons in different parent widgets could have the same short name and share the same state if arguments ???name??? and ???variable??? are not specified. Now they are globally unique. - Update bundled libexpat to 2.4.9 - Fix race condition in asyncio where process_exited() called before the pipe_data_received() leading to inconsistent output. - Fixed check in multiprocessing.resource_tracker that guarantees that the length of a write to a pipe is not greater than PIPE_BUF. - Corrected type annotation for dataclass attribute pstats.FunctionProfile.ncalls to be str. - Fix the faulthandler implementation of faulthandler.register(signal, chain=True) if the sigaction() function is not available: don???t call the previous signal handler if it???s NULL. - In inspect, fix overeager replacement of ???typing.??? in formatting annotations. - Fix asyncio.streams.StreamReaderProtocol to keep a strong reference to the created task, so that it???s not garbage collected - Fix handling compiler warnings (SyntaxWarning and DeprecationWarning) in codeop.compile_command() when checking for incomplete input. Previously it emitted warnings and raised a SyntaxError. Now it always returns None for incomplete input without emitting any warnings. - Fixed flickering of the turtle window when the tracer is turned off. - Allow asyncio.StreamWriter.drain() to be awaited concurrently by multiple tasks. - Fix broken asyncio.Semaphore when acquire is cancelled. - Fix ast.unparse() when ImportFrom.level is None - Improve performance of urllib.request.getproxies_environment when there are many environment variables - Fix ! in c domain ref target syntax via a conf.py patch, so it works as intended to disable ref target resolution. - Clarified the conflicting advice given in the ast documentation about ast.literal_eval() being ???safe??? for use on untrusted input while at the same time warning that it can crash the process. The latter statement is true and is deemed unfixable without a large amount of work unsuitable for a bugfix. So we keep the warning and no longer claim that literal_eval is safe. - Update tutorial introduction output to use 3.10+ SyntaxError invalid range. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4066-1 Released: Fri Nov 18 10:43:00 2022 Summary: Recommended update for timezone Type: recommended Severity: important References: 1177460,1202324,1204649,1205156 This update for timezone fixes the following issues: Update timezone version from 2022a to 2022f (bsc#1177460, bsc#1204649, bsc#1205156): - Mexico will no longer observe DST except near the US border - Chihuahua moves to year-round -06 on 2022-10-30 - Fiji no longer observes DST - In vanguard form, GMT is now a Zone and Etc/GMT a link - zic now supports links to links, and vanguard form uses this - Simplify four Ontario zones - Fix a Y2438 bug when reading TZif data - Enable 64-bit time_t on 32-bit glibc platforms - Omit large-file support when no longer needed - Jordan and Syria switch from +02/+03 with DST to year-round +03 - Palestine transitions are now Saturdays at 02:00 - Simplify three Ukraine zones into one - Improve tzselect on intercontinental Zones - Chile's DST is delayed by a week in September 2022 (bsc#1202324) - Iran no longer observes DST after 2022 - Rename Europe/Kiev to Europe/Kyiv - New `zic -R` command option - Vanguard form now uses %z ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4081-1 Released: Fri Nov 18 15:40:46 2022 Summary: Security update for dpkg Type: security Severity: low References: 1199944,CVE-2022-1664 This update for dpkg fixes the following issues: - CVE-2022-1664: Fixed a directory traversal vulnerability in Dpkg::Source::Archive (bsc#1199944). The following package changes have been done: - libudev1-249.12-150400.8.13.1 updated - libsystemd0-249.12-150400.8.13.1 updated - timezone-2022f-150000.75.15.1 updated - update-alternatives-1.19.0.4-150000.4.4.1 updated - libpython3_10-1_0-3.10.8-150400.4.15.1 updated - python310-base-3.10.8-150400.4.15.1 updated - python310-3.10.8-150400.4.15.1 updated - container:sles15-image-15.0.0-27.14.16 updated From sle-updates at lists.suse.com Sat Nov 19 08:55:22 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 19 Nov 2022 09:55:22 +0100 (CET) Subject: SUSE-CU-2022:3049-1: Security update of bci/python Message-ID: <20221119085522.D92A1F3CC@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3049-1 Container Tags : bci/python:3 , bci/python:3.6 , bci/python:3.6-30.31 Container Release : 30.31 Severity : important Type : security References : 1177460 1199944 1202324 1204179 1204649 1204968 1205156 CVE-2022-1664 CVE-2022-3821 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3999-1 Released: Tue Nov 15 17:08:04 2022 Summary: Security update for systemd Type: security Severity: moderate References: 1204179,1204968,CVE-2022-3821 This update for systemd fixes the following issues: - CVE-2022-3821: Fixed buffer overrun in format_timespan() function (bsc#1204968). - Import commit 0cd50eedcc0692c1f907b24424215f8db7d3b428 * 0469b9f2bc pstore: do not try to load all known pstore modules * ad05f54439 pstore: Run after modules are loaded * ccad817445 core: Add trigger limit for path units * 281d818fe3 core/mount: also add default before dependency for automount mount units * ffe5b4afa8 logind: fix crash in logind on user-specified message string - Document udev naming scheme (bsc#1204179) - Make 'sle15-sp3' net naming scheme still available for backward compatibility reason ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4066-1 Released: Fri Nov 18 10:43:00 2022 Summary: Recommended update for timezone Type: recommended Severity: important References: 1177460,1202324,1204649,1205156 This update for timezone fixes the following issues: Update timezone version from 2022a to 2022f (bsc#1177460, bsc#1204649, bsc#1205156): - Mexico will no longer observe DST except near the US border - Chihuahua moves to year-round -06 on 2022-10-30 - Fiji no longer observes DST - In vanguard form, GMT is now a Zone and Etc/GMT a link - zic now supports links to links, and vanguard form uses this - Simplify four Ontario zones - Fix a Y2438 bug when reading TZif data - Enable 64-bit time_t on 32-bit glibc platforms - Omit large-file support when no longer needed - Jordan and Syria switch from +02/+03 with DST to year-round +03 - Palestine transitions are now Saturdays at 02:00 - Simplify three Ukraine zones into one - Improve tzselect on intercontinental Zones - Chile's DST is delayed by a week in September 2022 (bsc#1202324) - Iran no longer observes DST after 2022 - Rename Europe/Kiev to Europe/Kyiv - New `zic -R` command option - Vanguard form now uses %z ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4081-1 Released: Fri Nov 18 15:40:46 2022 Summary: Security update for dpkg Type: security Severity: low References: 1199944,CVE-2022-1664 This update for dpkg fixes the following issues: - CVE-2022-1664: Fixed a directory traversal vulnerability in Dpkg::Source::Archive (bsc#1199944). The following package changes have been done: - libudev1-249.12-150400.8.13.1 updated - libsystemd0-249.12-150400.8.13.1 updated - timezone-2022f-150000.75.15.1 updated - update-alternatives-1.19.0.4-150000.4.4.1 updated - container:sles15-image-15.0.0-27.14.16 updated From sle-updates at lists.suse.com Sat Nov 19 08:58:27 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 19 Nov 2022 09:58:27 +0100 (CET) Subject: SUSE-CU-2022:3050-1: Security update of bci/ruby Message-ID: <20221119085827.EDB5FF3CC@maintenance.suse.de> SUSE Container Update Advisory: bci/ruby ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3050-1 Container Tags : bci/ruby:2 , bci/ruby:2.5 , bci/ruby:2.5-31.28 , bci/ruby:latest Container Release : 31.28 Severity : important Type : security References : 1177460 1199944 1202324 1204179 1204649 1204968 1205156 CVE-2022-1664 CVE-2022-3821 ----------------------------------------------------------------- The container bci/ruby was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3999-1 Released: Tue Nov 15 17:08:04 2022 Summary: Security update for systemd Type: security Severity: moderate References: 1204179,1204968,CVE-2022-3821 This update for systemd fixes the following issues: - CVE-2022-3821: Fixed buffer overrun in format_timespan() function (bsc#1204968). - Import commit 0cd50eedcc0692c1f907b24424215f8db7d3b428 * 0469b9f2bc pstore: do not try to load all known pstore modules * ad05f54439 pstore: Run after modules are loaded * ccad817445 core: Add trigger limit for path units * 281d818fe3 core/mount: also add default before dependency for automount mount units * ffe5b4afa8 logind: fix crash in logind on user-specified message string - Document udev naming scheme (bsc#1204179) - Make 'sle15-sp3' net naming scheme still available for backward compatibility reason ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4066-1 Released: Fri Nov 18 10:43:00 2022 Summary: Recommended update for timezone Type: recommended Severity: important References: 1177460,1202324,1204649,1205156 This update for timezone fixes the following issues: Update timezone version from 2022a to 2022f (bsc#1177460, bsc#1204649, bsc#1205156): - Mexico will no longer observe DST except near the US border - Chihuahua moves to year-round -06 on 2022-10-30 - Fiji no longer observes DST - In vanguard form, GMT is now a Zone and Etc/GMT a link - zic now supports links to links, and vanguard form uses this - Simplify four Ontario zones - Fix a Y2438 bug when reading TZif data - Enable 64-bit time_t on 32-bit glibc platforms - Omit large-file support when no longer needed - Jordan and Syria switch from +02/+03 with DST to year-round +03 - Palestine transitions are now Saturdays at 02:00 - Simplify three Ukraine zones into one - Improve tzselect on intercontinental Zones - Chile's DST is delayed by a week in September 2022 (bsc#1202324) - Iran no longer observes DST after 2022 - Rename Europe/Kiev to Europe/Kyiv - New `zic -R` command option - Vanguard form now uses %z ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4081-1 Released: Fri Nov 18 15:40:46 2022 Summary: Security update for dpkg Type: security Severity: low References: 1199944,CVE-2022-1664 This update for dpkg fixes the following issues: - CVE-2022-1664: Fixed a directory traversal vulnerability in Dpkg::Source::Archive (bsc#1199944). The following package changes have been done: - libudev1-249.12-150400.8.13.1 updated - libsystemd0-249.12-150400.8.13.1 updated - timezone-2022f-150000.75.15.1 updated - update-alternatives-1.19.0.4-150000.4.4.1 updated - container:sles15-image-15.0.0-27.14.16 updated From sle-updates at lists.suse.com Sat Nov 19 09:00:26 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 19 Nov 2022 10:00:26 +0100 (CET) Subject: SUSE-CU-2022:3051-1: Security update of bci/rust Message-ID: <20221119090026.78293F3CC@maintenance.suse.de> SUSE Container Update Advisory: bci/rust ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3051-1 Container Tags : bci/rust:1.59 , bci/rust:1.59-9.95 Container Release : 9.95 Severity : important Type : security References : 1177460 1199944 1202324 1204179 1204649 1204968 1205156 CVE-2022-1664 CVE-2022-3821 ----------------------------------------------------------------- The container bci/rust was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3999-1 Released: Tue Nov 15 17:08:04 2022 Summary: Security update for systemd Type: security Severity: moderate References: 1204179,1204968,CVE-2022-3821 This update for systemd fixes the following issues: - CVE-2022-3821: Fixed buffer overrun in format_timespan() function (bsc#1204968). - Import commit 0cd50eedcc0692c1f907b24424215f8db7d3b428 * 0469b9f2bc pstore: do not try to load all known pstore modules * ad05f54439 pstore: Run after modules are loaded * ccad817445 core: Add trigger limit for path units * 281d818fe3 core/mount: also add default before dependency for automount mount units * ffe5b4afa8 logind: fix crash in logind on user-specified message string - Document udev naming scheme (bsc#1204179) - Make 'sle15-sp3' net naming scheme still available for backward compatibility reason ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4066-1 Released: Fri Nov 18 10:43:00 2022 Summary: Recommended update for timezone Type: recommended Severity: important References: 1177460,1202324,1204649,1205156 This update for timezone fixes the following issues: Update timezone version from 2022a to 2022f (bsc#1177460, bsc#1204649, bsc#1205156): - Mexico will no longer observe DST except near the US border - Chihuahua moves to year-round -06 on 2022-10-30 - Fiji no longer observes DST - In vanguard form, GMT is now a Zone and Etc/GMT a link - zic now supports links to links, and vanguard form uses this - Simplify four Ontario zones - Fix a Y2438 bug when reading TZif data - Enable 64-bit time_t on 32-bit glibc platforms - Omit large-file support when no longer needed - Jordan and Syria switch from +02/+03 with DST to year-round +03 - Palestine transitions are now Saturdays at 02:00 - Simplify three Ukraine zones into one - Improve tzselect on intercontinental Zones - Chile's DST is delayed by a week in September 2022 (bsc#1202324) - Iran no longer observes DST after 2022 - Rename Europe/Kiev to Europe/Kyiv - New `zic -R` command option - Vanguard form now uses %z ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4081-1 Released: Fri Nov 18 15:40:46 2022 Summary: Security update for dpkg Type: security Severity: low References: 1199944,CVE-2022-1664 This update for dpkg fixes the following issues: - CVE-2022-1664: Fixed a directory traversal vulnerability in Dpkg::Source::Archive (bsc#1199944). The following package changes have been done: - libsystemd0-249.12-150400.8.13.1 updated - timezone-2022f-150000.75.15.1 updated - update-alternatives-1.19.0.4-150000.4.4.1 updated - container:sles15-image-15.0.0-27.14.16 updated From sle-updates at lists.suse.com Sat Nov 19 09:01:18 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 19 Nov 2022 10:01:18 +0100 (CET) Subject: SUSE-CU-2022:3052-1: Security update of bci/rust Message-ID: <20221119090118.1F146F3E2@maintenance.suse.de> SUSE Container Update Advisory: bci/rust ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3052-1 Container Tags : bci/rust:1.63 , bci/rust:1.63-4.11 Container Release : 4.11 Severity : important Type : security References : 1177460 1199944 1202324 1204179 1204649 1204968 1205156 CVE-2022-1664 CVE-2022-3821 ----------------------------------------------------------------- The container bci/rust was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3999-1 Released: Tue Nov 15 17:08:04 2022 Summary: Security update for systemd Type: security Severity: moderate References: 1204179,1204968,CVE-2022-3821 This update for systemd fixes the following issues: - CVE-2022-3821: Fixed buffer overrun in format_timespan() function (bsc#1204968). - Import commit 0cd50eedcc0692c1f907b24424215f8db7d3b428 * 0469b9f2bc pstore: do not try to load all known pstore modules * ad05f54439 pstore: Run after modules are loaded * ccad817445 core: Add trigger limit for path units * 281d818fe3 core/mount: also add default before dependency for automount mount units * ffe5b4afa8 logind: fix crash in logind on user-specified message string - Document udev naming scheme (bsc#1204179) - Make 'sle15-sp3' net naming scheme still available for backward compatibility reason ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4066-1 Released: Fri Nov 18 10:43:00 2022 Summary: Recommended update for timezone Type: recommended Severity: important References: 1177460,1202324,1204649,1205156 This update for timezone fixes the following issues: Update timezone version from 2022a to 2022f (bsc#1177460, bsc#1204649, bsc#1205156): - Mexico will no longer observe DST except near the US border - Chihuahua moves to year-round -06 on 2022-10-30 - Fiji no longer observes DST - In vanguard form, GMT is now a Zone and Etc/GMT a link - zic now supports links to links, and vanguard form uses this - Simplify four Ontario zones - Fix a Y2438 bug when reading TZif data - Enable 64-bit time_t on 32-bit glibc platforms - Omit large-file support when no longer needed - Jordan and Syria switch from +02/+03 with DST to year-round +03 - Palestine transitions are now Saturdays at 02:00 - Simplify three Ukraine zones into one - Improve tzselect on intercontinental Zones - Chile's DST is delayed by a week in September 2022 (bsc#1202324) - Iran no longer observes DST after 2022 - Rename Europe/Kiev to Europe/Kyiv - New `zic -R` command option - Vanguard form now uses %z ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4081-1 Released: Fri Nov 18 15:40:46 2022 Summary: Security update for dpkg Type: security Severity: low References: 1199944,CVE-2022-1664 This update for dpkg fixes the following issues: - CVE-2022-1664: Fixed a directory traversal vulnerability in Dpkg::Source::Archive (bsc#1199944). The following package changes have been done: - libsystemd0-249.12-150400.8.13.1 updated - timezone-2022f-150000.75.15.1 updated - update-alternatives-1.19.0.4-150000.4.4.1 updated - container:sles15-image-15.0.0-27.14.16 updated From sle-updates at lists.suse.com Sat Nov 19 09:03:05 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 19 Nov 2022 10:03:05 +0100 (CET) Subject: SUSE-CU-2022:3053-1: Security update of suse/sle15 Message-ID: <20221119090305.B2DF3F3CC@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3053-1 Container Tags : bci/bci-base:15.4 , bci/bci-base:15.4.27.14.16 , suse/sle15:15.4 , suse/sle15:15.4.27.14.16 Container Release : 27.14.16 Severity : important Type : security References : 1177460 1201590 1202324 1204179 1204649 1204968 1205156 CVE-2022-3821 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3999-1 Released: Tue Nov 15 17:08:04 2022 Summary: Security update for systemd Type: security Severity: moderate References: 1204179,1204968,CVE-2022-3821 This update for systemd fixes the following issues: - CVE-2022-3821: Fixed buffer overrun in format_timespan() function (bsc#1204968). - Import commit 0cd50eedcc0692c1f907b24424215f8db7d3b428 * 0469b9f2bc pstore: do not try to load all known pstore modules * ad05f54439 pstore: Run after modules are loaded * ccad817445 core: Add trigger limit for path units * 281d818fe3 core/mount: also add default before dependency for automount mount units * ffe5b4afa8 logind: fix crash in logind on user-specified message string - Document udev naming scheme (bsc#1204179) - Make 'sle15-sp3' net naming scheme still available for backward compatibility reason ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4062-1 Released: Fri Nov 18 09:05:07 2022 Summary: Recommended update for libusb-1_0 Type: recommended Severity: moderate References: 1201590 This update for libusb-1_0 fixes the following issues: - Fix regression where some devices no longer work if they have a configuration value of 0 (bsc#1201590) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4066-1 Released: Fri Nov 18 10:43:00 2022 Summary: Recommended update for timezone Type: recommended Severity: important References: 1177460,1202324,1204649,1205156 This update for timezone fixes the following issues: Update timezone version from 2022a to 2022f (bsc#1177460, bsc#1204649, bsc#1205156): - Mexico will no longer observe DST except near the US border - Chihuahua moves to year-round -06 on 2022-10-30 - Fiji no longer observes DST - In vanguard form, GMT is now a Zone and Etc/GMT a link - zic now supports links to links, and vanguard form uses this - Simplify four Ontario zones - Fix a Y2438 bug when reading TZif data - Enable 64-bit time_t on 32-bit glibc platforms - Omit large-file support when no longer needed - Jordan and Syria switch from +02/+03 with DST to year-round +03 - Palestine transitions are now Saturdays at 02:00 - Simplify three Ukraine zones into one - Improve tzselect on intercontinental Zones - Chile's DST is delayed by a week in September 2022 (bsc#1202324) - Iran no longer observes DST after 2022 - Rename Europe/Kiev to Europe/Kyiv - New `zic -R` command option - Vanguard form now uses %z The following package changes have been done: - libsystemd0-249.12-150400.8.13.1 updated - libudev1-249.12-150400.8.13.1 updated - libusb-1_0-0-1.0.24-150400.3.3.1 updated - timezone-2022f-150000.75.15.1 updated From sle-updates at lists.suse.com Sat Nov 19 14:18:34 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 19 Nov 2022 15:18:34 +0100 (CET) Subject: SUSE-RU-2022:4131-1: moderate: Recommended update for rust, rust1.65 Message-ID: <20221119141834.74F82F3E2@maintenance.suse.de> SUSE Recommended Update: Recommended update for rust, rust1.65 ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:4131-1 Rating: moderate References: #1196328 Affected Products: SUSE Enterprise Storage 7.1 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Development Tools 15-SP3 SUSE Linux Enterprise Module for Development Tools 15-SP4 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.2 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.2 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.2 SUSE Manager Server 4.3 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for rust, rust1.65 fixes the following issues: This update provides rust1.65 (jsc#SLE-18626) Version 1.65.0 (2022-11-03) ========================== Language -------- - Error on `as` casts of enums with `#[non_exhaustive]` variants - Stabilize `let else` - Stabilize generic associated types (GATs) - Add lints `let_underscore_drop`, `let_underscore_lock`, and `let_underscore_must_use` from Clippy - Stabilize `break`ing from arbitrary labeled blocks ("label-break-value") - Uninitialized integers, floats, and raw pointers are now considered immediate UB sage of `MaybeUninit` is the correct way to work with uninitialized memory. - Stabilize raw-dylib for Windows x86_64, aarch64, and thumbv7a - Do not allow `Drop` impl on foreign ADTs Compiler -------- - Stabilize -Csplit-debuginfo on Linux - Use niche-filling optimization even when multiple variants have data - Associated type projections are now verified to be well-formed prior to resolving the underlying type - Stringify non-shorthand visibility correctly - Normalize struct field types when unsizing - Update to LLVM 15 - Fix aarch64 call abi to correctly zeroext when needed - debuginfo: Generalize C++-like encoding for enums - Add `special_module_name` lint - Add support for generating unique profraw files by default when using `-C instrument-coverage` - Allow dynamic linking for iOS/tvOS targets Libraries --------- - Don't generate `PartialEq::ne` in derive(PartialEq) - Windows RNG: Use `BCRYPT_RNG_ALG_HANDLE` by default - Forbid mixing `System` with direct system allocator calls - Document no support for writing to non-blocking stdio/stderr - `std::layout::Layout` size must not overflow `isize::MAX` when rounded up to `align` This also changes the safety conditions on `Layout::from_size_align_unchecked`. Stabilized APIs --------------- - `std::backtrace::Backtrace` - `Bound::as_ref` - `std::io::read_to_string` - `<*const T>::cast_mut` - `<*mut T>::cast_const` Thse APIs are now stable in const contexts: - `<*const T>::offset_from` - `<*mut T>::offset_from` Cargo ----- - Apply GitHub fast path even for partial hashes - Do not add home bin path to PATH if it's already there - Take priority into account within the pending queue This slightly optimizes job scheduling by Cargo, with typically small improvements on larger crate graph builds. Compatibility Notes ------------------- - `std::layout::Layout` size must not overflow `isize::MAX` when rounded up to `align` This also changes the safety conditions on `Layout::from_size_align_unchecked`. - `PollFn` now only implements `Unpin` if the closure is `Unpin` This is a possible breaking change if users were relying on the blanket unpin implementation. See discussion on the PR for details of why this change was made. - Drop ExactSizeIterator impl from std::char::EscapeAscii This is a backwards-incompatible change to the standard library's surface area, but is unlikely to affect real world usage. - Do not consider a single repeated lifetime eligible for elision in the return type This behavior was unintentionally changed in 1.64.0, and this release reverts that change by making this an error again. - Reenable disabled early syntax gates as future-incompatibility lints - Update the minimum external LLVM to 13 - Don't duplicate file descriptors into stdio fds - Sunset RLS - Deny usage of `#![cfg_attr(..., crate_type = ...)]` to set the crate type This strengthens the forward compatibility lint deprecated_cfg_attr_crate_type_name to deny. - `llvm-has-rust-patches` allows setting the build system to treat the LLVM as having Rust-specific patches This option may need to be set for distributions that are building Rust with a patched LLVM via `llvm-config`, not the built-in LLVM. Changes in rust: - Update to version 1.65.0 - for details see the rust1.65 package - Enable armv6 again - bsc#1196328 This update also ships "cargo-auditable", a tool to embed crate information into ELF binaries. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-4131=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-4131=1 - SUSE Linux Enterprise Module for Development Tools 15-SP4: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2022-4131=1 - SUSE Linux Enterprise Module for Development Tools 15-SP3: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2022-4131=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): cargo-1.65.0-150300.21.38.1 cargo-auditable-0.5.2~0-150300.7.3.1 cargo-auditable-debuginfo-0.5.2~0-150300.7.3.1 cargo-auditable-debugsource-0.5.2~0-150300.7.3.1 cargo1.65-1.65.0-150300.7.3.1 cargo1.65-debuginfo-1.65.0-150300.7.3.1 rust-1.65.0-150300.21.38.1 rust1.65-1.65.0-150300.7.3.1 rust1.65-debuginfo-1.65.0-150300.7.3.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): cargo-1.65.0-150300.21.38.1 cargo-auditable-0.5.2~0-150300.7.3.1 cargo-auditable-debuginfo-0.5.2~0-150300.7.3.1 cargo-auditable-debugsource-0.5.2~0-150300.7.3.1 cargo1.65-1.65.0-150300.7.3.1 cargo1.65-debuginfo-1.65.0-150300.7.3.1 rust-1.65.0-150300.21.38.1 rust1.65-1.65.0-150300.7.3.1 rust1.65-debuginfo-1.65.0-150300.7.3.1 - SUSE Linux Enterprise Module for Development Tools 15-SP4 (aarch64 ppc64le s390x x86_64): cargo-1.65.0-150300.21.38.1 cargo-auditable-0.5.2~0-150300.7.3.1 cargo-auditable-debuginfo-0.5.2~0-150300.7.3.1 cargo-auditable-debugsource-0.5.2~0-150300.7.3.1 cargo1.65-1.65.0-150300.7.3.1 cargo1.65-debuginfo-1.65.0-150300.7.3.1 rust-1.65.0-150300.21.38.1 rust1.65-1.65.0-150300.7.3.1 rust1.65-debuginfo-1.65.0-150300.7.3.1 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 ppc64le s390x x86_64): cargo-1.65.0-150300.21.38.1 cargo-auditable-0.5.2~0-150300.7.3.1 cargo-auditable-debuginfo-0.5.2~0-150300.7.3.1 cargo-auditable-debugsource-0.5.2~0-150300.7.3.1 cargo1.65-1.65.0-150300.7.3.1 cargo1.65-debuginfo-1.65.0-150300.7.3.1 rust-1.65.0-150300.21.38.1 rust1.65-1.65.0-150300.7.3.1 rust1.65-debuginfo-1.65.0-150300.7.3.1 References: https://bugzilla.suse.com/1196328 From sle-updates at lists.suse.com Sun Nov 20 08:02:00 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 20 Nov 2022 09:02:00 +0100 (CET) Subject: SUSE-IU-2022:1124-1: Security update of sles-15-sp4-chost-byos-v20221118-x86-64 Message-ID: <20221120080200.D67CEF3CC@maintenance.suse.de> SUSE Image Update Advisory: sles-15-sp4-chost-byos-v20221118-x86-64 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2022:1124-1 Image Tags : sles-15-sp4-chost-byos-v20221118-x86-64:20221118 Image Release : Severity : critical Type : security References : 1027519 1027519 1065729 1071995 1087072 1121365 1152472 1152489 1167608 1177460 1177578 1180995 1185032 1187312 1188238 1190497 1190651 1190651 1190653 1190888 1192439 1193859 1193923 1194023 1194047 1194530 1194869 1194869 1195917 1196018 1196444 1196632 1196668 1196869 1197659 1198189 1198471 1198472 1199062 1199856 1199904 1199944 1200022 1200288 1200567 1200622 1200692 1200788 1201051 1201293 1201309 1201310 1201361 1201590 1201631 1201689 1201959 1201987 1201994 1202021 1202095 1202146 1202148 1202148 1202187 1202324 1202344 1202627 1202686 1202700 1202821 1202914 1202960 1202981 1203039 1203046 1203066 1203069 1203098 1203101 1203197 1203229 1203250 1203263 1203290 1203299 1203338 1203360 1203361 1203389 1203410 1203435 1203505 1203514 1203552 1203614 1203618 1203619 1203620 1203652 1203664 1203681 1203693 1203699 1203699 1203767 1203767 1203769 1203770 1203779 1203794 1203798 1203802 1203806 1203806 1203807 1203807 1203893 1203902 1203906 1203908 1203911 1203922 1203935 1203939 1203987 1203992 1204017 1204051 1204059 1204060 1204111 1204112 1204113 1204125 1204142 1204166 1204168 1204171 1204179 1204211 1204241 1204244 1204256 1204353 1204354 1204355 1204357 1204366 1204367 1204383 1204386 1204402 1204413 1204415 1204417 1204428 1204431 1204439 1204470 1204479 1204482 1204483 1204485 1204487 1204488 1204489 1204490 1204494 1204496 1204498 1204533 1204569 1204574 1204575 1204619 1204635 1204637 1204646 1204647 1204649 1204650 1204653 1204690 1204693 1204705 1204708 1204719 1204728 1204753 1204868 1204926 1204933 1204934 1204947 1204957 1204963 1204968 1204970 1204986 1205156 CVE-2021-22569 CVE-2021-46848 CVE-2022-1263 CVE-2022-1664 CVE-2022-1882 CVE-2022-1941 CVE-2022-2153 CVE-2022-2586 CVE-2022-2795 CVE-2022-28748 CVE-2022-2964 CVE-2022-2978 CVE-2022-3080 CVE-2022-3169 CVE-2022-3171 CVE-2022-3202 CVE-2022-32221 CVE-2022-32296 CVE-2022-3239 CVE-2022-3303 CVE-2022-33746 CVE-2022-33746 CVE-2022-33747 CVE-2022-33748 CVE-2022-33748 CVE-2022-33981 CVE-2022-3424 CVE-2022-3435 CVE-2022-3515 CVE-2022-3521 CVE-2022-3524 CVE-2022-3526 CVE-2022-3535 CVE-2022-3542 CVE-2022-3545 CVE-2022-3565 CVE-2022-3577 CVE-2022-3586 CVE-2022-3594 CVE-2022-3619 CVE-2022-3621 CVE-2022-3625 CVE-2022-3628 CVE-2022-3629 CVE-2022-3633 CVE-2022-3640 CVE-2022-3646 CVE-2022-3649 CVE-2022-38177 CVE-2022-38178 CVE-2022-3821 CVE-2022-39189 CVE-2022-40303 CVE-2022-40304 CVE-2022-40476 CVE-2022-40768 CVE-2022-41218 CVE-2022-41674 CVE-2022-41848 CVE-2022-41849 CVE-2022-42010 CVE-2022-42011 CVE-2022-42012 CVE-2022-42309 CVE-2022-42310 CVE-2022-42311 CVE-2022-42312 CVE-2022-42313 CVE-2022-42314 CVE-2022-42315 CVE-2022-42316 CVE-2022-42317 CVE-2022-42318 CVE-2022-42319 CVE-2022-42320 CVE-2022-42321 CVE-2022-42322 CVE-2022-42323 CVE-2022-42325 CVE-2022-42326 CVE-2022-42327 CVE-2022-42703 CVE-2022-42719 CVE-2022-42720 CVE-2022-42721 CVE-2022-42722 CVE-2022-42916 CVE-2022-43680 CVE-2022-43750 CVE-2022-43995 ----------------------------------------------------------------- The container sles-15-sp4-chost-byos-v20221118-x86-64 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3663-1 Released: Wed Oct 19 19:05:21 2022 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1121365,1180995,1190651,1190653,1190888,1193859,1198471,1198472,1201293,1202148,1203046,1203069 This update for openssl-1_1 fixes the following issues: - FIPS: Default to RFC-7919 groups for genparam and dhparam - FIPS: list only FIPS approved digest and public key algorithms [bsc#1121365, bsc#1190888, bsc#1193859, bsc#1198471, bsc#1198472] - FIPS: Add KAT for the RAND_DRBG implementation [bsc#1203069] - FIPS: openssl: RAND api should call into FIPS DRBG [bsc#1201293] * The FIPS_drbg implementation is not FIPS validated anymore. To provide backwards compatibility for applications that need FIPS compliant RNG number generation and use FIPS_drbg_generate, this function was re-wired to call the FIPS validated DRBG instance instead through the RAND_bytes() call. - FIPS: Fix minor memory leaks by FIPS patch [bsc#1203046] - FIPS: OpenSSL: Port openssl to use jitterentropy [bsc#1202148, jsc#SLE-24941] libcrypto.so now requires libjitterentropy3 library. - FIPS: OpenSSL Provide a service-level indicator [bsc#1190651] - FIPS: Add zeroization of temporary variables to the hmac integrity function FIPSCHECK_verify(). [bsc#1190653] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3670-1 Released: Thu Oct 20 10:44:13 2022 Summary: Recommended update for zchunk Type: recommended Severity: moderate References: 1204244 This update for zchunk fixes the following issues: - Make sure to ship libzck1 to Micro 5.3 (bsc#1204244) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3678-1 Released: Thu Oct 20 14:38:19 2022 Summary: Recommended update for kdump Type: recommended Severity: moderate References: 1187312,1201051,1202981 This update for kdump fixes the following issues: - Fix broken URL in manpage (bsc#1187312) - Fix network-related dracut options handling for fadump case (bsc#1201051) - use inst_binary to install kdump-save (bsc#1202981) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3683-1 Released: Fri Oct 21 11:48:39 2022 Summary: Security update for libksba Type: security Severity: critical References: 1204357,CVE-2022-3515 This update for libksba fixes the following issues: - CVE-2022-3515: Fixed a possible overflow in the TLV parser (bsc#1204357). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3692-1 Released: Fri Oct 21 16:15:07 2022 Summary: Security update for libxml2 Type: security Severity: important References: 1204366,1204367,CVE-2022-40303,CVE-2022-40304 This update for libxml2 fixes the following issues: - CVE-2022-40303: Fixed integer overflows with XML_PARSE_HUGE (bsc#1204366). - CVE-2022-40304: Fixed dict corruption caused by entity reference cycles (bsc#1204367). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3727-1 Released: Tue Oct 25 15:38:34 2022 Summary: Security update for xen Type: security Severity: moderate References: 1027519,1167608,1201631,1201994,1203806,1203807,CVE-2022-33746,CVE-2022-33748 This update for xen fixes the following issues: Updated to version 4.16.2 (bsc#1027519): - CVE-2022-33746: Fixed DoS due to excessively long P2M pool freeing (bsc#1203806). - CVE-2022-33748: Fixed DoS due to race in locking (bsc#1203807). Bugfixes: - Fixed Xen DomU unable to emulate audio device (bsc#1201994). - Fixed logic error in built-in default of max_event_channels (bsc#1167608, bsc#1201631). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3767-1 Released: Wed Oct 26 11:49:43 2022 Summary: Recommended update for bind Type: security Severity: important References: 1201689,1203250,1203614,1203618,1203619,1203620,CVE-2022-2795,CVE-2022-3080,CVE-2022-38177,CVE-2022-38178 This update for bind fixes the following issues: Update to release 9.16.33: - CVE-2022-2795: Fixed potential performance degredation due to missing database lookup limits when processing large delegations (bsc#1203614). - CVE-2022-3080: Fixed assertion failure when there was a stale CNAME in the cache for the incoming query and the stale-answer-client-timeout option is set to 0 (bsc#1203618). - CVE-2022-38177: Fixed a memory leak that could be externally triggered in the DNSSEC verification code for the ECDSA algorithm (bsc#1203619). - CVE-2022-38178: Fixed memory leaks that could be externally triggered in the DNSSEC verification code for the EdDSA algorithm (bsc#1203620). - Add systemd drop-in directory for named service (bsc#1201689). - Add modified createNamedConfInclude script and README-bind.chrootenv (bsc#1203250). - Feature Changes: - Response Rate Limiting (RRL) code now treats all QNAMEs that are subject to wildcard processing within a given zone as the same name, to prevent circumventing the limits enforced by RRL. - Zones using dnssec-policy now require dynamic DNS or inline-signing to be configured explicitly. - A backward-compatible approach was implemented for encoding internationalized domain names (IDN) in dig and converting the domain to IDNA2008 form; if that fails, BIND tries an IDNA2003 conversion. - The DNSSEC algorithms RSASHA1 and NSEC3RSASHA1 are now automatically disabled on systems where they are disallowed by the security policy. Primary zones using those algorithms need to be migrated to new algorithms prior to running on these systems, as graceful migration to different DNSSEC algorithms is not possible when RSASHA1 is disallowed by the operating system. - Log messages related to fetch limiting have been improved to provide more complete information. Specifically, the final counts of allowed and spilled fetches are now logged before the counter object is destroyed. - Non-dynamic zones that inherit dnssec-policy from the view or options blocks were not marked as inline-signed and therefore never scheduled to be re-signed. This has been fixed. - The old max-zone-ttl zone option was meant to be superseded by the max-zone-ttl option in dnssec-policy; however, the latter option was not fully effective. This has been corrected: zones no longer load if they contain TTLs greater than the limit configured in dnssec-policy. For zones with both the old max-zone-ttl option and dnssec-policy configured, the old option is ignored, and a warning is generated. - rndc dumpdb -expired was fixed to include expired RRsets, even if stale-cache-enable is set to no and the cache-cleaning time window has passed. (jsc#SLE-24600) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3784-1 Released: Wed Oct 26 18:03:28 2022 Summary: Security update for libtasn1 Type: security Severity: critical References: 1204690,CVE-2021-46848 This update for libtasn1 fixes the following issues: - CVE-2021-46848: Fixed off-by-one array size check that affects asn1_encode_simple_der (bsc#1204690) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3785-1 Released: Wed Oct 26 20:20:19 2022 Summary: Security update for curl Type: security Severity: important References: 1204383,1204386,CVE-2022-32221,CVE-2022-42916 This update for curl fixes the following issues: - CVE-2022-32221: Fixed POST following PUT confusion (bsc#1204383). - CVE-2022-42916: Fixed HSTS bypass via IDN (bsc#1204386). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3787-1 Released: Thu Oct 27 04:41:09 2022 Summary: Recommended update for permissions Type: recommended Severity: important References: 1194047,1203911 This update for permissions fixes the following issues: - Fix regression introduced by backport of security fix (bsc#1203911) - Add permissions for enlightenment helper on 32bit arches (bsc#1194047) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3799-1 Released: Thu Oct 27 14:59:06 2022 Summary: Recommended update for gnutls Type: recommended Severity: important References: 1202146,1203779 This update for gnutls fixes the following issues: - FIPS: Set error state when jent init failed in FIPS mode (bsc#1202146) - FIPS: Make XTS key check failure not fatal (bsc#1203779) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3806-1 Released: Thu Oct 27 17:21:11 2022 Summary: Security update for dbus-1 Type: security Severity: important References: 1087072,1204111,1204112,1204113,CVE-2022-42010,CVE-2022-42011,CVE-2022-42012 This update for dbus-1 fixes the following issues: - CVE-2022-42010: Fixed potential crash that could be triggered by an invalid signature (bsc#1204111). - CVE-2022-42011: Fixed an out of bounds read caused by a fixed length array (bsc#1204112). - CVE-2022-42012: Fixed a use-after-free that could be trigged by a message in non-native endianness with out-of-band Unix file descriptor (bsc#1204113). Bugfixes: - Disable asserts (bsc#1087072). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3812-1 Released: Mon Oct 31 09:44:26 2022 Summary: Recommended update for sudo Type: recommended Severity: moderate References: 1177578 This update for sudo fixes the following issues: - Removed redundant and confusing 'secure_path' settings in sudo-sudoers file (bsc#1177578). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3844-1 Released: Tue Nov 1 18:20:11 2022 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1185032,1190497,1194023,1194869,1195917,1196444,1196869,1197659,1198189,1200288,1200622,1201309,1201310,1201987,1202095,1202960,1203039,1203066,1203101,1203197,1203263,1203338,1203360,1203361,1203389,1203410,1203505,1203552,1203664,1203693,1203699,1203767,1203769,1203770,1203794,1203798,1203893,1203902,1203906,1203908,1203935,1203939,1203987,1203992,1204051,1204059,1204060,1204125,CVE-2022-1263,CVE-2022-2586,CVE-2022-3202,CVE-2022-32296,CVE-2022-3239,CVE-2022-3303,CVE-2022-39189,CVE-2022-41218,CVE-2022-41674,CVE-2022-41848,CVE-2022-41849,CVE-2022-42719,CVE-2022-42720,CVE-2022-42721,CVE-2022-42722 The SUSE Linux Enterprise 15 SP4 kernel was updated. The following security bugs were fixed: - CVE-2022-3303: Fixed a race condition in the sound subsystem due to improper locking (bnc#1203769). - CVE-2022-41218: Fixed an use-after-free caused by refcount races in drivers/media/dvb-core/dmxdev.c (bnc#1202960). - CVE-2022-3239: Fixed an use-after-free in the video4linux driver that could lead a local user to able to crash the system or escalate their privileges (bnc#1203552). - CVE-2022-41848: Fixed a race condition and resultant use-after-free if a physically proximate attacker removes a PCMCIA device while calling ioctl (bnc#1203987). - CVE-2022-41849: Fixed a race condition and resultant use-after-free if a physically proximate attacker removes a USB device while calling open (bnc#1203992). - CVE-2022-41674: Fixed a DoS issue where kernel can crash on the reception of specific WiFi Frames (bsc#1203770). - CVE-2022-1263: Fixed a NULL pointer dereference issue was found in KVM when releasing a vCPU with dirty ring support enabled. This flaw allowed an unprivileged local attacker on the host to issue specific ioctl calls, causing a kernel oops condition that results in a denial of service (bnc#1198189). - CVE-2022-32296: Fixed a bug which allowed TCP servers to identify clients by observing what source ports are used (bnc#1200288). - CVE-2022-3202: Fixed a NULL pointer dereference flaw in Journaled File System. This could allow a local attacker to crash the system or leak kernel internal information (bnc#1203389). - CVE-2022-39189: Fixed a bug in the x86 KVM subsystem which allows unprivileged guest users to compromise the guest kernel because TLB flush operations are mishandled (bnc#1203066). - CVE-2022-2586: Fixed a use-after-free which can be triggered when a nft table is deleted (bnc#1202095). - CVE-2022-42722: Fixed crash in beacon protection for P2P-device. (bsc#1204125) - CVE-2022-42719: Fixed MBSSID parsing use-after-free. (bsc#1204051) - CVE-2022-42721: Avoid nontransmitted BSS list corruption. (bsc#1204060) - CVE-2022-42720: Fixed BSS refcounting bugs. (bsc#1204059) The following non-security bugs were fixed: - ACPI / scan: Create platform device for CS35L41 (bsc#1203699). - ACPI: processor idle: Practically limit 'Dummy wait' workaround to old Intel systems (bsc#1203767). - ACPI: resource: skip IRQ override on AMD Zen platforms (git-fixes). - ACPI: scan: Add CLSA0101 Laptop Support (bsc#1203699). - ACPI: utils: Add api to read _SUB from ACPI (bsc#1203699). - ALSA: aloop: Fix random zeros in capture data when using jiffies timer (git-fixes). - ALSA: core: Fix double-free at snd_card_new() (git-fixes). - ALSA: cs35l41: Check hw_config before using it (bsc#1203699). - ALSA: cs35l41: Enable Internal Boost in shared lib (bsc#1203699). - ALSA: cs35l41: Move cs35l41_gpio_config to shared lib (bsc#1203699). - ALSA: cs35l41: Unify hardware configuration (bsc#1203699). - ALSA: emu10k1: Fix out of bounds access in snd_emu10k1_pcm_channel_alloc() (git-fixes). - ALSA: hda: add Intel 5 Series / 3400 PCI DID (git-fixes). - ALSA: hda: cs35l41: Add Amp Name based on channel and index (bsc#1203699). - ALSA: hda: cs35l41: Add Boost type flag (bsc#1203699). - ALSA: hda: cs35l41: Add calls to newly added test key function (bsc#1203699). - ALSA: hda: cs35l41: Add defaulted values into dsp bypass config sequence (bsc#1203699). - ALSA: hda: cs35l41: Add initial DSP support and firmware loading (bsc#1203699). - ALSA: hda: cs35l41: Add missing default cases (bsc#1203699). - ALSA: hda: cs35l41: Add module parameter to control firmware load (bsc#1203699). - ALSA: hda: cs35l41: Add support for CS35L41 in HDA systems (bsc#1203699). - ALSA: hda: cs35l41: Add Support for Interrupts (bsc#1203699). - ALSA: hda: cs35l41: Allow compilation test on non-ACPI configurations (bsc#1203699). - ALSA: hda: cs35l41: Always configure the DAI (bsc#1203699). - ALSA: hda: cs35l41: Avoid overwriting register patch (bsc#1203699). - ALSA: hda: cs35l41: Clarify support for CSC3551 without _DSD Properties (bsc#1203699). - ALSA: hda: cs35l41: Consolidate selections under SND_HDA_SCODEC_CS35L41 (bsc#1203699). - ALSA: hda: cs35l41: Do not dereference fwnode handle (bsc#1203699). - ALSA: hda: cs35l41: Drop wrong use of ACPI_PTR() (bsc#1203699). - ALSA: hda: cs35l41: Enable GPIO2 Interrupt for CLSA0100 laptops (bsc#1203699). - ALSA: hda: cs35l41: Fix comments wrt serial-multi-instantiate reference (bsc#1203699). - ALSA: hda: cs35l41: fix double free on error in probe() (bsc#1203699). - ALSA: hda: cs35l41: Fix error in spi cs35l41 hda driver name (bsc#1203699). - ALSA: hda: cs35l41: Fix I2S params comments (bsc#1203699). - ALSA: hda: cs35l41: Handle all external boost setups the same way (bsc#1203699). - ALSA: hda: cs35l41: Improve dev_err_probe() messaging (bsc#1203699). - ALSA: hda: cs35l41: Make cs35l41_hda_remove() return void (bsc#1203699). - ALSA: hda: cs35l41: Make use of the helper function dev_err_probe() (bsc#1203699). - ALSA: hda: cs35l41: Move boost config to initialization code (bsc#1203699). - ALSA: hda: cs35l41: Move cs35l41* calls to its own symbol namespace (bsc#1203699). - ALSA: hda: cs35l41: Move external boost handling to lib for ASoC use (bsc#1203699). - ALSA: hda: cs35l41: Mute the device before shutdown (bsc#1203699). - ALSA: hda: cs35l41: Put the device into safe mode for external boost (bsc#1203699). - ALSA: hda: cs35l41: Read Speaker Calibration data from UEFI variables (bsc#1203699). - ALSA: hda: cs35l41: Remove cs35l41_hda_reg_sequence struct (bsc#1203699). - ALSA: hda: cs35l41: Remove Set Channel Map api from binding (bsc#1203699). - ALSA: hda: cs35l41: Reorganize log for playback actions (bsc#1203699). - ALSA: hda: cs35l41: Save codec object inside component struct (bsc#1203699). - ALSA: hda: cs35l41: Save Subsystem ID inside CS35L41 Driver (bsc#1203699). - ALSA: hda: cs35l41: Set Speaker Position for CLSA0100 Laptop (bsc#1203699). - ALSA: hda: cs35l41: Support CLSA0101 (bsc#1203699). - ALSA: hda: cs35l41: Support Firmware switching and reloading (bsc#1203699). - ALSA: hda: cs35l41: Support Hibernation during Suspend (bsc#1203699). - ALSA: hda: cs35l41: Support multiple load paths for firmware (bsc#1203699). - ALSA: hda: cs35l41: Support reading subsystem id from ACPI (bsc#1203699). - ALSA: hda: cs35l41: Support Speaker ID for laptops (bsc#1203699). - ALSA: hda: cs35l41: Tidyup code (bsc#1203699). - ALSA: hda: cs35l41: Use the CS35L41 HDA internal define (bsc#1203699). - ALSA: hda: Fix dependencies of CS35L41 on SPI/I2C buses (bsc#1203699). - ALSA: hda: Fix dependency on ASoC cs35l41 codec (bsc#1203699). - ALSA: hda: Fix hang at HD-audio codec unbinding due to refcount saturation (git-fixes). - ALSA: hda: Fix Nvidia dp infoframe (git-fixes). - ALSA: hda: hda_cs_dsp_ctl: Add apis to write the controls directly (bsc#1203699). - ALSA: hda: hda_cs_dsp_ctl: Add fw id strings (bsc#1203699). - ALSA: hda: hda_cs_dsp_ctl: Add Library to support CS_DSP ALSA controls (bsc#1203699). - ALSA: hda: intel-dsp-config: Add RaptorLake PCI IDs (jsc#PED-720). - ALSA: hda/cs8409: Add new Dolphin HW variants (bsc#1203699). - ALSA: hda/cs8409: Add Speaker Playback Switch for Cyborg (bsc#1203699). - ALSA: hda/cs8409: Add Speaker Playback Switch for Warlock (bsc#1203699). - ALSA: hda/cs8409: change cs8409_fixups v.pins initializers to static (bsc#1203699). - ALSA: hda/cs8409: Disable HSBIAS_SENSE_EN for Cyborg (bsc#1203699). - ALSA: hda/cs8409: Fix Full Scale Volume setting for all variants (bsc#1203699). - ALSA: hda/cs8409: Fix Warlock to use mono mic configuration (bsc#1203699). - ALSA: hda/cs8409: Re-order quirk table into ascending order (bsc#1203699). - ALSA: hda/cs8409: Support manual mode detection for CS42L42 (bsc#1203699). - ALSA: hda/cs8409: Support new Dolphin Variants (bsc#1203699). - ALSA: hda/cs8409: Support new Odin Variants (bsc#1203699). - ALSA: hda/cs8409: Support new Warlock MLK Variants (bsc#1203699). - ALSA: hda/cs8409: Use general cs42l42 include in cs8409 hda driver (bsc#1203699). - ALSA: hda/realtek: Add a quirk for HP OMEN 16 (8902) mute LED (git-fixes). - ALSA: hda/realtek: Add CS35L41 support for Thinkpad laptops (bsc#1203699). - ALSA: hda/realtek: Add mute and micmut LED support for Zbook Fury 17 G9 (bsc#1203699). - ALSA: hda/realtek: Add pincfg for ASUS G513 HP jack (git-fixes). - ALSA: hda/realtek: Add pincfg for ASUS G533Z HP jack (git-fixes). - ALSA: hda/realtek: Add quirk for ASUS GA503R laptop (git-fixes). - ALSA: hda/realtek: Add quirk for HP Zbook Firefly 14 G9 model (bsc#1203699). - ALSA: hda/realtek: Add quirk for Huawei WRT-WX9 (git-fixes). - ALSA: hda/realtek: Add quirk for Lenovo Yoga7 14IAL7 (bsc#1203699). - ALSA: hda/realtek: Add quirks for ASUS Zenbooks using CS35L41 (bsc#1203699). - ALSA: hda/realtek: Add support for HP Laptops (bsc#1203699). - ALSA: hda/realtek: Add support for Legion 7 16ACHg6 laptop (bsc#1203699). - ALSA: hda/realtek: Enable 4-speaker output Dell Precision 5530 laptop (git-fixes). - ALSA: hda/realtek: Enable 4-speaker output Dell Precision 5570 laptop (git-fixes). - ALSA: hda/realtek: Enable mute/micmute LEDs and limit mic boost on EliteBook 845/865 G9 (bsc#1203699). - ALSA: hda/realtek: Enable mute/micmute LEDs support for HP Laptops (bsc#1203699). - ALSA: hda/realtek: Enable speaker and mute LEDs for HP laptops (bsc#1203699). - ALSA: hda/realtek: Fix LED on Zbook Studio G9 (bsc#1203699). - ALSA: hda/realtek: Fix mute led issue on thinkpad with cs35l41 s-codec (bsc#1203699). - ALSA: hda/realtek: More robust component matching for CS35L41 (bsc#1203699). - ALSA: hda/realtek: Re-arrange quirk table entries (git-fixes). - ALSA: hda/sigmatel: Fix unused variable warning for beep power change (git-fixes). - ALSA: hda/tegra: Add Tegra234 hda driver support (git-fixes). - ALSA: hda/tegra: Align BDL entry to 4KB boundary (git-fixes). - ALSA: hda/tegra: set depop delay for tegra (git-fixes). - ALSA: hda/tegra: Update scratch reg. communication (git-fixes). - ALSA: pcm: oss: Fix race at SNDCTL_DSP_SYNC (git-fixes). - ALSA: usb-audio: Fix an out-of-bounds bug in __snd_usb_parse_audio_interface() (git-fixes). - ALSA: usb-audio: Inform the delayed registration more properly (git-fixes). - ALSA: usb-audio: Register card again for iface over delayed_register option (git-fixes). - ALSA: usb-audio: Split endpoint setups for hw_params and prepare (git-fixes). - ARM: dts: am33xx: Fix MMCHS0 dma properties (git-fixes). - ARM: dts: imx: align SPI NOR node name with dtschema (git-fixes). - ARM: dts: imx6qdl-kontron-samx6i: fix spi-flash compatible (git-fixes). - arm64: dts: qcom: sm8350: fix UFS PHY serdes size (git-fixes). - arm64: dts: rockchip: Fix typo in lisense text for PX30.Core (git-fixes). - arm64: dts: rockchip: Pull up wlan wake# on Gru-Bob (git-fixes). - arm64: dts: rockchip: Remove 'enable-active-low' from rk3399-puma (git-fixes). - arm64: dts: rockchip: Set RK3399-Gru PCLK_EDP to 24 MHz (git-fixes). - arm64: errata: Add Cortex-A510 to the repeat tlbi list (git-fixes) Enable this errata fix configuration option to arm64/default. - arm64: kexec_file: use more system keyrings to verify kernel image signature (bsc#1196444). - arm64: lib: Import latest version of Arm Optimized Routines' strcmp (git-fixes) - arm64: select TRACE_IRQFLAGS_NMI_SUPPORT (git-fixes) - arm64: topology: fix possible overflow in amu_fie_setup() (git-fixes). - ASoC: cs35l41: Add ASP TX3/4 source to register patch (bsc#1203699). - ASoC: cs35l41: Add bindings for CS35L41 (bsc#1203699). - ASoC: cs35l41: Add common cs35l41 enter hibernate function (bsc#1203699). - ASoC: cs35l41: Add cs35l51/53 IDs (bsc#1203699). - ASoC: cs35l41: Add endianness flag in snd_soc_component_driver (bsc#1203699). - ASoC: cs35l41: Add one more variable in the debug log (bsc#1203699). - ASoC: cs35l41: Add one more variable in the debug log (bsc#1203699). - ASoC: cs35l41: Add support for CLSA3541 ACPI device ID (bsc#1203699). - ASoC: cs35l41: Add support for hibernate memory retention mode (bsc#1203699). - ASoC: cs35l41: Binding fixes (bsc#1203699). - ASoC: cs35l41: Change monitor widgets to siggens (bsc#1203699). - ASoC: cs35l41: Combine adjacent register writes (bsc#1203699). - ASoC: cs35l41: Convert tables to shared source code (bsc#1203699). - ASoC: cs35l41: Correct DSP power down (bsc#1203699). - ASoC: cs35l41: Correct handling of some registers in the cache (bsc#1203699). - ASoC: cs35l41: Correct some control names (bsc#1203699). - ASoC: cs35l41: Create shared function for boost configuration (bsc#1203699). - ASoC: cs35l41: Create shared function for errata patches (bsc#1203699). - ASoC: cs35l41: Create shared function for setting channels (bsc#1203699). - ASoC: cs35l41: CS35L41 Boosted Smart Amplifier (bsc#1203699). - ASoC: cs35l41: Do not overwrite returned error code (bsc#1203699). - ASoC: cs35l41: Do not print error when waking from hibernation (bsc#1203699). - ASoC: cs35l41: Document CS35l41 External Boost (bsc#1203699). - ASoC: cs35l41: DSP Support (bsc#1203699). - ASoC: cs35l41: Fix a bunch of trivial code formating/style issues (bsc#1203699). - ASoC: cs35l41: Fix a shift-out-of-bounds warning found by UBSAN (bsc#1203699). - ASoC: cs35l41: Fix an out-of-bounds access in otp_packed_element_t (bsc#1203699). - ASoC: cs35l41: Fix DSP mbox start command and global enable order (bsc#1203699). - ASoC: cs35l41: Fix GPIO2 configuration (bsc#1203699). - ASoC: cs35l41: Fix link problem (bsc#1203699). - ASoC: cs35l41: Fix max number of TX channels (bsc#1203699). - ASoC: cs35l41: Fix undefined reference to core functions (bsc#1203699). - ASoC: cs35l41: Fix use of an uninitialised variable (bsc#1203699). - ASoC: cs35l41: Fixup the error messages (bsc#1203699). - ASoC: cs35l41: Make cs35l41_remove() return void (bsc#1203699). - ASoC: cs35l41: Move cs_dsp config struct into shared code (bsc#1203699). - ASoC: cs35l41: Move cs35l41 exit hibernate function into shared code (bsc#1203699). - ASoC: cs35l41: Move cs35l41 fs errata into shared code (bsc#1203699). - ASoC: cs35l41: Move cs35l41_otp_unpack to shared code (bsc#1203699). - ASoC: cs35l41: Move cs35l41_set_cspl_mbox_cmd to shared code (bsc#1203699). - ASoC: cs35l41: Move power initializations to reg_sequence (bsc#1203699). - ASoC: cs35l41: Read System Name from ACPI _SUB to identify firmware (bsc#1203699). - ASoC: cs35l41: Remove incorrect comment (bsc#1203699). - ASoC: cs35l41: Remove unnecessary param (bsc#1203699). - ASoC: cs35l41: Set the max SPI speed for the whole device (bsc#1203699). - ASoC: cs35l41: Support external boost (bsc#1203699). - ASoC: cs35l41: Update handling of test key registers (bsc#1203699). - ASoC: cs35l41: Use regmap_read_poll_timeout to wait for OTP boot (bsc#1203699). - ASoC: cs42l42: Add control for audio slow-start switch (bsc#1203699). - ASoC: cs42l42: Add warnings about DETECT_MODE and PLL_START (bsc#1203699). - ASoC: cs42l42: Allow time for HP/ADC to power-up after enable (bsc#1203699). - ASoC: cs42l42: Always enable TS_PLUG and TS_UNPLUG interrupts (bsc#1203699). - ASoC: cs42l42: Change jack_detect_mutex to a lock of all IRQ handling (bsc#1203699). - ASoC: cs42l42: Do not claim to support 192k (bsc#1203699). - ASoC: cs42l42: Do not reconfigure the PLL while it is running (bsc#1203699). - ASoC: cs42l42: Fix WARN in remove() if running without an interrupt (bsc#1203699). - ASoC: cs42l42: free_irq() before powering-down on probe() fail (bsc#1203699). - ASoC: cs42l42: Handle system suspend (bsc#1203699). - ASoC: cs42l42: Implement Manual Type detection as fallback (bsc#1203699). - ASoC: cs42l42: Mark OSC_SWITCH_STATUS register volatile (bsc#1203699). - ASoC: cs42l42: Minor fix all errors reported by checkpatch.pl script (bsc#1203699). - ASoC: cs42l42: Move CS42L42 register descriptions to general include (bsc#1203699). - ASoC: cs42l42: Only report button state if there was a button interrupt (git-fixes). - ASoC: cs42l42: Prevent NULL pointer deref in interrupt handler (bsc#1203699). - ASoC: cs42l42: Remove redundant pll_divout member (bsc#1203699). - ASoC: cs42l42: Remove redundant writes to DETECT_MODE (bsc#1203699). - ASoC: cs42l42: Remove redundant writes to RS_PLUG/RS_UNPLUG masks (bsc#1203699). - ASoC: cs42l42: Remove unused runtime_suspend/runtime_resume callbacks (bsc#1203699). - ASoC: cs42l42: Report full jack status when plug is detected (bsc#1203699). - ASoC: cs42l42: Report initial jack state (bsc#1203699). - ASoC: cs42l42: Reset and power-down on remove() and failed probe() (bsc#1203699). - ASoC: cs42l42: Set correct SRC MCLK (bsc#1203699). - ASoC: cs42l42: Simplify reporting of jack unplug (bsc#1203699). - ASoC: cs42l42: Use PLL for SCLK > 12.288MHz (bsc#1203699). - ASoC: cs42l42: Use two thresholds and increased wait time for manual type detection (bsc#1203699). - ASoC: dt-bindings: cs42l42: Convert binding to yaml (bsc#1203699). - ASoC: imx-card: Fix refcount issue with of_node_put (git-fixes). - ASoC: mchp-spdiftx: Fix clang -Wbitfield-constant-conversion (git-fixes). - ASoC: mchp-spdiftx: remove references to mchp_i2s_caps (git-fixes). - ASoC: nau8824: Fix semaphore unbalance at error paths (git-fixes). - ASoC: qcom: sm8250: add missing module owner (git-fixes). - ASoC: SOF: Intel: pci-tgl: add ADL-PS support (jsc#PED-720). - ASoC: SOF: Intel: pci-tgl: add RPL-P support (jsc#PED-720). - ASoC: SOF: Intel: pci-tgl: add RPL-S support (jsc#PED-652). - ASoC: tas2770: Reinit regcache on reset (git-fixes). - ASoC: wm_adsp: Add support for 'toggle' preloaders (bsc#1203699). - ASoC: wm_adsp: Add trace caps to speaker protection FW (bsc#1203699). - ASoC: wm_adsp: Cancel ongoing work when removing controls (bsc#1203699). - ASoC: wm_adsp: Compressed stream DSP memory structs should be __packed (bsc#1203699). - ASoC: wm_adsp: Correct control read size when parsing compressed buffer (bsc#1203699). - ASoC: wm_adsp: Expand firmware loading search options (bsc#1203699). - ASoC: wm_adsp: Fix event for preloader (bsc#1203699). - ASoC: wm_adsp: Introduce cs_dsp logging macros (bsc#1203699). - ASoC: wm_adsp: Make compressed buffers optional (bsc#1203699). - ASoC: wm_adsp: Minor clean and redundant code removal (bsc#1203699). - ASoC: wm_adsp: Move check for control existence (bsc#1203699). - ASoC: wm_adsp: Move check of dsp->running to better place (bsc#1203699). - ASoC: wm_adsp: move firmware loading to client (bsc#1203699). - ASoC: wm_adsp: Move sys_config_size to wm_adsp (bsc#1203699). - ASoC: wm_adsp: Pass firmware names as parameters when starting DSP core (bsc#1203699). - ASoC: wm_adsp: remove a repeated including (bsc#1203699). - ASoC: wm_adsp: Remove pointless string comparison (bsc#1203699). - ASoC: wm_adsp: Remove the wmfw_add_ctl helper function (bsc#1203699). - ASoC: wm_adsp: Remove use of snd_ctl_elem_type_t (bsc#1203699). - ASoC: wm_adsp: Rename generic DSP support (bsc#1203699). - ASoC: wm_adsp: Separate generic cs_dsp_coeff_ctl handling (bsc#1203699). - ASoC: wm_adsp: Separate some ASoC and generic functions (bsc#1203699). - ASoC: wm_adsp: Separate wm_adsp specifics in cs_dsp_client_ops (bsc#1203699). - ASoC: wm_adsp: Split DSP power operations into helper functions (bsc#1203699). - ASoC: wm_adsp: Split out struct cs_dsp from struct wm_adsp (bsc#1203699). - ASoC: wm_adsp: Switch to using wm_coeff_read_ctrl for compressed buffers (bsc#1203699). - ASoC: wm_adsp: wm_adsp_control_add() error: uninitialized symbol 'ret' (bsc#1203699). - batman-adv: Fix hang up with small MTU hard-interface (git-fixes). - Bluetooth: btusb: mediatek: fix WMT failure during runtime suspend (git-fixes). - Bluetooth: hci_{ldisc,serdev}: check percpu_init_rwsem() failure (git-fixes). - Bluetooth: hci_core: Fix not handling link timeouts propertly (git-fixes). - bnx2x: fix built-in kernel driver load failure (git-fixes). - bnx2x: fix driver load from initrd (git-fixes). - btrfs: fix relocation crash due to premature return from btrfs_commit_transaction() (bsc#1203360). - btrfs: fix space cache corruption and potential double allocations (bsc#1203361). - can: gs_usb: gs_can_open(): fix race dev->can.state condition (git-fixes). - can: rx-offload: can_rx_offload_init_queue(): fix typo (git-fixes). - cgroup: Add missing cpus_read_lock() to cgroup_attach_task_all() (bsc#1196869). - cgroup: cgroup_get_from_id() must check the looked-up kn is a directory (bsc#1203906). - cgroup: Fix race condition at rebind_subsystems() (bsc#1203902). - cgroup: Fix threadgroup_rwsem cpus_read_lock() deadlock (bsc#1196869). - clk: bcm: rpi: Prevent out-of-bounds access (git-fixes). - clk: bcm: rpi: Use correct order for the parameters of devm_kcalloc() (git-fixes). - clk: imx: imx6sx: remove the SET_RATE_PARENT flag for QSPI clocks (git-fixes). - clk: ingenic-tcu: Properly enable registers before accessing timers (git-fixes). - clk: iproc: Do not rely on node name for correct PLL setup (git-fixes). - constraints: increase disk space for all architectures References: bsc#1203693 aarch64 is already suffering. SLE15-SP5 x86_64 stats show that it is very close to the limit. - crypto: arm64/gcm - Select AEAD for GHASH_ARM64_CE (git-fixes) - cs-dsp and serial-multi-instantiate enablement (bsc#1203699) - dmaengine: idxd: add helper for per interrupt handle drain (jsc#PED-682). - dmaengine: idxd: add knob for enqcmds retries (jsc#PED-755). - dmaengine: idxd: change MSIX allocation based on per wq activation (jsc#PED-664). - dmaengine: idxd: create locked version of idxd_quiesce() call (jsc#PED-682). - dmaengine: idxd: embed irq_entry in idxd_wq struct (jsc#PED-664). - dmaengine: idxd: fix descriptor flushing locking (jsc#PED-664). - dmaengine: idxd: fix retry value to be constant for duration of function call (git-fixes). - dmaengine: idxd: handle interrupt handle revoked event (jsc#PED-682). - dmaengine: idxd: handle invalid interrupt handle descriptors (jsc#PED-682). - dmaengine: idxd: int handle management refactoring (jsc#PED-682). - dmaengine: idxd: match type for retries var in idxd_enqcmds() (git-fixes). - dmaengine: idxd: move interrupt handle assignment (jsc#PED-682). - dmaengine: idxd: rework descriptor free path on failure (jsc#PED-682). - dmaengine: idxd: set defaults for wq configs (jsc#PED-688). - dmaengine: idxd: update IAA definitions for user header (jsc#PED-763). - dmaengine: ti: k3-udma-private: Fix refcount leak bug in of_xudma_dev_get() (git-fixes). - docs: i2c: i2c-topology: fix incorrect heading (git-fixes). - dpaa2-ptp: Fix refcount leak in dpaa2_ptp_probe (git-fixes). - drm/amd/amdgpu: fixing read wrong pf2vf data in SRIOV (git-fixes). - drm/amd/amdgpu: skip ucode loading if ucode_size == 0 (git-fixes). - drm/amd/display: Limit user regamma to a valid value (git-fixes). - drm/amd/display: Mark dml30's UseMinimumDCFCLK() as noinline for stack usage (git-fixes). - drm/amd/display: Reduce number of arguments of dml31's CalculateFlipSchedule() (git-fixes). - drm/amd/display: Reduce number of arguments of dml31's CalculateWatermarksAndDRAMSpeedChangeSupport() (git-fixes). - drm/amd/pm: disable BACO entry/exit completely on several sienna cichlid cards (git-fixes). - drm/amdgpu: Check num_gfx_rings for gfx v9_0 rb setup (git-fixes). - drm/amdgpu: do not register a dirty callback for non-atomic (git-fixes). - drm/amdgpu: make sure to init common IP before gmc (git-fixes). - drm/amdgpu: mmVM_L2_CNTL3 register not initialized correctly (git-fixes). - drm/amdgpu: move nbio ih_doorbell_range() into ih code for vega (git-fixes). - drm/amdgpu: move nbio sdma_doorbell_range() into sdma code for vega (git-fixes). - drm/amdgpu: Move psp_xgmi_terminate call from amdgpu_xgmi_remove_device to psp_hw_fini (git-fixes). - drm/amdgpu: Separate vf2pf work item init from virt data exchange (git-fixes). - drm/amdgpu: use dirty framebuffer helper (git-fixes). - drm/bridge: display-connector: implement bus fmts callbacks (git-fixes). - drm/bridge: lt8912b: add vsync hsync (git-fixes). - drm/bridge: lt8912b: fix corrupted image output (git-fixes). - drm/bridge: lt8912b: set hdmi or dvi mode (git-fixes). - drm/gem: Fix GEM handle release errors (git-fixes). - drm/gma500: Fix BUG: sleeping function called from invalid context errors (git-fixes). - drm/i915: Implement WaEdpLinkRateDataReload (git-fixes). - drm/i915: Skip wm/ddb readout for disabled pipes (git-fixes). - drm/i915/glk: ECS Liva Q2 needs GLK HDMI port timing quirk (git-fixes). - drm/i915/gt: Restrict forced preemption to the active context (git-fixes). - drm/mediatek: dsi: Add atomic {destroy,duplicate}_state, reset callbacks (git-fixes). - drm/mediatek: dsi: Move mtk_dsi_stop() call back to mtk_dsi_poweroff() (git-fixes). - drm/meson: Correct OSD1 global alpha value (git-fixes). - drm/meson: Fix OSD1 RGB to YCbCr coefficient (git-fixes). - drm/msm/rd: Fix FIFO-full deadlock (git-fixes). - drm/panel: simple: Fix innolux_g121i1_l01 bus_format (git-fixes). - drm/panfrost: devfreq: set opp to the recommended one to configure regulator (git-fixes). - drm/radeon: add a force flush to delay work when radeon (git-fixes). - drm/rockchip: Fix return type of cdn_dp_connector_mode_valid (git-fixes). - drm/tegra: vic: Fix build warning when CONFIG_PM=n (git-fixes). - dt-bindings: hwmon: (mr75203) fix 'intel,vm-map' property to be optional (git-fixes). - EDAC/dmc520: Do not print an error for each unconfigured interrupt line (bsc#1190497). - efi: capsule-loader: Fix use-after-free in efi_capsule_write (git-fixes). - efi: libstub: Disable struct randomization (git-fixes). - eth: alx: take rtnl_lock on resume (git-fixes). - eth: sun: cassini: remove dead code (git-fixes). - fbcon: Add option to enable legacy hardware acceleration (bsc#1152472) Backporting changes: * context fixes in other patch * update config - fbcon: Fix accelerated fbdev scrolling while logo is still shown (bsc#1152472) - fbdev: chipsfb: Add missing pci_disable_device() in chipsfb_pci_init() (git-fixes). - firmware: arm_scmi: Fix the asynchronous reset requests (git-fixes). - firmware: arm_scmi: Harden accesses to the reset domains (git-fixes). - firmware: cs_dsp: add driver to support firmware loading on Cirrus Logic DSPs (bsc#1203699). - firmware: cs_dsp: Add lockdep asserts to interface functions (bsc#1203699). - firmware: cs_dsp: Add memory chunk helpers (bsc#1203699). - firmware: cs_dsp: Add offset to cs_dsp read/write (bsc#1203699). - firmware: cs_dsp: Add pre_run callback (bsc#1203699). - firmware: cs_dsp: Add pre_stop callback (bsc#1203699). - firmware: cs_dsp: Add support for rev 2 coefficient files (bsc#1203699). - firmware: cs_dsp: Add version checks on coefficient loading (bsc#1203699). - firmware: cs_dsp: Allow creation of event controls (bsc#1203699). - firmware: cs_dsp: Clarify some kernel doc comments (bsc#1203699). - firmware: cs_dsp: Clear core reset for cache (bsc#1203699). - firmware: cs_dsp: Fix overrun of unterminated control name string (bsc#1203699). - firmware: cs_dsp: Move lockdep asserts to avoid potential null pointer (bsc#1203699). - firmware: cs_dsp: Perform NULL check in cs_dsp_coeff_write/read_ctrl (bsc#1203699). - firmware: cs_dsp: Print messages from bin files (bsc#1203699). - firmware: cs_dsp: tidy includes in cs_dsp.c and cs_dsp.h (bsc#1203699). - ftrace: Fix NULL pointer dereference in is_ftrace_trampoline when ftrace is dead (git-fixes). - fuse: Remove the control interface for virtio-fs (bsc#1203798). - gpio: mockup: fix NULL pointer dereference when removing debugfs (git-fixes). - gpio: mockup: remove gpio debugfs when remove device (git-fixes). - gpio: mpc8xxx: Fix support for IRQ_TYPE_LEVEL_LOW flow_type in mpc85xx (git-fixes). - gpio: mvebu: Fix check for pwm support on non-A8K platforms (git-fixes). - gpiolib: cdev: Set lineevent_state::irq after IRQ register successfully (git-fixes). - gve: Fix GFP flags when allocing pages (git-fixes). - hid: intel-ish-hid: ishtp: Fix ishtp client sending disordered message (git-fixes). - HID: ishtp-hid-clientHID: ishtp-hid-client: Fix comment typo (git-fixes). - hwmon: (gsc-hwmon) Call of_node_get() before of_find_xxx API (git-fixes). - hwmon: (mr75203) enable polling for all VM channels (git-fixes). - hwmon: (mr75203) fix multi-channel voltage reading (git-fixes). - hwmon: (mr75203) fix VM sensor allocation when 'intel,vm-map' not defined (git-fixes). - hwmon: (mr75203) fix voltage equation for negative source input (git-fixes). - hwmon: (mr75203) update pvt->v_num and vm_num to the actual number of used sensors (git-fixes). - hwmon: (pmbus/mp2888) Fix sensors readouts for MPS Multi-phase mp2888 controller (git-fixes). - hwmon: (tps23861) fix byte order in resistance register (git-fixes). - i2c: acpi: Add an i2c_acpi_client_count() helper function (bsc#1203699). - i2c: imx: If pm_runtime_get_sync() returned 1 device access is possible (git-fixes). - i2c: mlxbf: Fix frequency calculation (git-fixes). - i2c: mlxbf: incorrect base address passed during io write (git-fixes). - i2c: mlxbf: prevent stack overflow in mlxbf_i2c_smbus_start_transaction() (git-fixes). - i2c: mlxbf: support lock mechanism (git-fixes). - ice: Allow operation with reduced device MSI-X (bsc#1201987). - ice: arfs: fix use-after-free when freeing @rx_cpu_rmap (git-fixes). - ice: Do not skip not enabled queues in ice_vc_dis_qs_msg (git-fixes). - ice: fix crash when writing timestamp on RX rings (git-fixes). - ice: Fix KASAN error in LAG NETDEV_UNREGISTER handler (git-fixes). - ice: fix possible under reporting of ethtool Tx and Rx statistics (git-fixes). - ice: Fix race during aux device (un)plugging (git-fixes). - ice: Match on all profiles in slow-path (git-fixes). - ieee802154: cc2520: add rc code in cc2520_tx() (git-fixes). - igb: skip phy status check where unavailable (git-fixes). - Input: goodix - add compatible string for GT1158 (git-fixes). - Input: goodix - add support for GT1158 (git-fixes). - Input: iforce - add support for Boeder Force Feedback Wheel (git-fixes). - Input: iqs62x-keys - drop unused device node references (git-fixes). - Input: melfas_mip4 - fix return value check in mip4_probe() (git-fixes). - Input: snvs_pwrkey - fix SNVS_HPVIDR1 register address (git-fixes). - kABI workaround for spi changes (bsc#1203699). - kABI: Add back removed struct paca member (bsc#1203664 ltc#199236). - kABI: fix adding another field to scsi_device (bsc#1203039). - kABI: Fix kABI after SNP-Guest backport (jsc#SLE-19924, jsc#SLE-24814). - kbuild: disable header exports for UML in a straightforward way (git-fixes). - kexec, KEYS, s390: Make use of built-in and secondary keyring for signature verification (bsc#1196444). - kexec, KEYS: make the code in bzImage64_verify_sig generic (bsc#1196444). - kexec: clean up arch_kexec_kernel_verify_sig (bsc#1196444). - kexec: drop weak attribute from functions (bsc#1196444). - KVM: SVM: Create a separate mapping for the GHCB save area (jsc#SLE-19924, jsc#SLE-24814). - KVM: SVM: Create a separate mapping for the SEV-ES save area (jsc#SLE-19924, jsc#SLE-24814). - KVM: SVM: Define sev_features and VMPL field in the VMSA (jsc#SLE-19924, jsc#SLE-24814). - KVM: SVM: fix tsc scaling cache logic (bsc#1203263). - KVM: SVM: Update the SEV-ES save area mapping (jsc#SLE-19924, jsc#SLE-24814). - KVM: VMX: Heed the 'msr' argument in msr_write_intercepted() (git-fixes). - KVM: X86: Fix when shadow_root_level=5 and guest root_level 4 (git-fixes). - KVM: x86: hyper-v: Drop redundant 'ex' parameter from kvm_hv_send_ipi() (git-fixes). - KVM: x86: hyper-v: HVCALL_SEND_IPI_EX is an XMM fast hypercall (git-fixes). - KVM: x86: Move lookup of indexed CPUID leafs to helper (jsc#SLE-19924, jsc#SLE-24814). - libata: add ATA_HORKAGE_NOLPM for Pioneer BDR-207M and BDR-205 (git-fixes). - lockd: detect and reject lock arguments that overflow (git-fixes). - md-raid10: fix KASAN warning (git-fixes). - md: call __md_stop_writes in md_stop (git-fixes). - md: unlock mddev before reap sync_thread in action_store (bsc#1197659). - media: aspeed: Fix an error handling path in aspeed_video_probe() (git-fixes). - media: coda: Add more H264 levels for CODA960 (git-fixes). - media: coda: Fix reported H264 profile (git-fixes). - media: dvb_vb2: fix possible out of bound access (git-fixes). - media: exynos4-is: Change clk_disable to clk_disable_unprepare (git-fixes). - media: exynos4-is: Fix PM disable depth imbalance in fimc_is_probe (git-fixes). - media: flexcop-usb: fix endpoint type check (git-fixes). - media: imx-jpeg: Add pm-sleep support for imx-jpeg (git-fixes). - media: imx-jpeg: Correct some definition according specification (git-fixes). - media: imx-jpeg: Disable slot interrupt when frame done (git-fixes). - media: imx-jpeg: Fix potential array out of bounds in queue_setup (git-fixes). - media: imx-jpeg: Leave a blank space before the configuration data (git-fixes). - media: imx-jpeg: Refactor function mxc_jpeg_parse (git-fixes). - media: mceusb: Use new usb_control_msg_*() routines (git-fixes). - media: platform: mtk-mdp: Fix mdp_ipi_comm structure alignment. - media: rkvdec: Disable H.264 error detection (git-fixes). - media: st-delta: Fix PM disable depth imbalance in delta_probe (git-fixes). - media: vsp1: Fix offset calculation for plane cropping. - misc: cs35l41: Remove unused pdn variable (bsc#1203699). - mISDN: fix use-after-free bugs in l1oip timer handlers (git-fixes). - mlxsw: i2c: Fix initialization error flow (git-fixes). - mm: Fix PASID use-after-free issue (bsc#1203908). - mmc: core: Fix inconsistent sd3_bus_mode at UHS-I SD voltage switch failure (git-fixes). - mmc: hsq: Fix data stomping during mmc recovery (git-fixes). - mmc: moxart: fix 4-bit bus width and remove 8-bit bus width (git-fixes). - mwifiex: fix sleep in atomic context bugs caused by dev_coredumpv (git-fixes). - net: axienet: fix RX ring refill allocation failure handling (git-fixes). - net: axienet: reset core on initialization prior to MDIO access (git-fixes). - net: bcmgenet: hide status block before TX timestamping (git-fixes). - net: bcmgenet: Revert 'Use stronger register read/writes to assure ordering' (git-fixes). - net: cpsw: add missing of_node_put() in cpsw_probe_dt() (git-fixes). - net: dsa: bcm_sf2_cfp: fix an incorrect NULL check on list iterator (git-fixes). - net: dsa: bcm_sf2: Fix Wake-on-LAN with mac_link_down() (git-fixes). - net: dsa: felix: fix tagging protocol changes with multiple CPU ports (git-fixes). - net: dsa: felix: suppress -EPROBE_DEFER errors (git-fixes). - net: dsa: introduce helpers for iterating through ports using dp (git-fixes). - net: dsa: lantiq_gswip: Do not set GSWIP_MII_CFG_RMII_CLK (git-fixes). - net: dsa: lantiq_gswip: fix use after free in gswip_remove() (git-fixes). - net: dsa: microchip: fix bridging with more than two member ports (git-fixes). - net: dsa: mt7530: 1G can also support 1000BASE-X link mode (git-fixes). - net: dsa: mt7530: add missing of_node_put() in mt7530_setup() (git-fixes). - net: dsa: mv88e6xxx: Fix port_hidden_wait to account for port_base_addr (git-fixes). - net: dsa: mv88e6xxx: Fix refcount leak in mv88e6xxx_mdios_register (git-fixes). - net: dsa: restrict SMSC_LAN9303_I2C kconfig (git-fixes). - net: emaclite: Add error handling for of_address_to_resource() (git-fixes). - net: enetc: Use pci_release_region() to release some resources (git-fixes). - net: ethernet: mediatek: ppe: fix wrong size passed to memset() (git-fixes). - net: ethernet: mv643xx: Fix over zealous checking of_get_mac_address() (git-fixes). - net: ethernet: stmmac: fix altr_tse_pcs function when using a fixed-link (git-fixes). - net: ethernet: stmmac: fix write to sgmii_adapter_base (git-fixes). - net: fec: add missing of_node_put() in fec_enet_init_stop_mode() (git-fixes). - net: ftgmac100: access hardware register after clock ready (git-fixes). - net: hns3: add netdev reset check for hns3_set_tunable() (git-fixes). - net: hns3: fix the concurrency between functions reading debugfs (git-fixes). - net: ipa: get rid of a duplicate initialization (git-fixes). - net: ipa: kill ipa_cmd_pipeline_clear() (git-fixes). - net: ipa: record proper RX transaction count (git-fixes). - net: macb: Fix PTP one step sync support (git-fixes). - net: macb: Increment rx bd head after allocating skb and buffer (git-fixes). - net: mana: Add rmb after checking owner bits (git-fixes). - net: mana: Add support of XDP_REDIRECT action (bug#1201310, jsc#PED-529). - net: mana: Add the Linux MANA PF driver (bug#1201309, jsc#PED-529). - net: mdio: Fix ENOMEM return value in BCM6368 mux bus controller (git-fixes). - net: mscc: ocelot: avoid corrupting hardware counters when moving VCAP filters (git-fixes). - net: mscc: ocelot: fix all IP traffic getting trapped to CPU with PTP over IP (git-fixes). - net: mscc: ocelot: fix broken IP multicast flooding (git-fixes). - net: mscc: ocelot: fix last VCAP IS1/IS2 filter persisting in hardware when deleted (git-fixes). - net: mscc: ocelot: fix missing unlock on error in ocelot_hwstamp_set() (git-fixes). - net: mscc: ocelot: fix VCAP IS2 filters matching on both lookups (git-fixes). - net: mscc: ocelot: restrict tc-trap actions to VCAP IS2 lookup 0 (git-fixes). - net: phy: aquantia: wait for the suspend/resume operations to finish (git-fixes). - net: phy: at803x: move page selection fix to config_init (git-fixes). - net: phy: Do not WARN for PHY_UP state in mdio_bus_phy_resume() (git-fixes). - net: sparx5: depends on PTP_1588_CLOCK_OPTIONAL (git-fixes). - net: sparx5: uses, depends on BRIDGE or !BRIDGE (git-fixes). - net: stmmac: dwmac-qcom-ethqos: add platform level clocks management (git-fixes). - net: stmmac: dwmac-qcom-ethqos: Enable RGMII functional clock on resume (git-fixes). - net: stmmac: dwmac-sun8i: add missing of_node_put() in sun8i_dwmac_register_mdio_mux() (git-fixes). - net: stmmac: enhance XDP ZC driver level switching performance (git-fixes). - net: stmmac: fix out-of-bounds access in a selftest (git-fixes). - net: stmmac: Fix unset max_speed difference between DT and non-DT platforms (git-fixes). - net: stmmac: only enable DMA interrupts when ready (git-fixes). - net: stmmac: perserve TX and RX coalesce value during XDP setup (git-fixes). - net: stmmac: remove unused get_addr() callback (git-fixes). - net: stmmac: Use readl_poll_timeout_atomic() in atomic state (git-fixes). - net: systemport: Fix an error handling path in bcm_sysport_probe() (git-fixes). - net: thunderbolt: Enable DMA paths only after rings are enabled (git-fixes). - net: usb: qmi_wwan: add Quectel RM520N (git-fixes). - net: wwan: iosm: Call mutex_init before locking it (git-fixes). - net: wwan: iosm: remove pointless null check (git-fixes). - net/mlx5: CT: Fix header-rewrite re-use for tupels (git-fixes). - net/mlx5: Drain fw_reset when removing device (git-fixes). - net/mlx5e: Block rx-gro-hw feature in switchdev mode (git-fixes). - net/mlx5e: Properly block HW GRO when XDP is enabled (git-fixes). - net/mlx5e: Properly block LRO when XDP is enabled (git-fixes). - net/mlx5e: Remove HW-GRO from reported features (git-fixes). - net/mlx5e: TC NIC mode, fix tc chains miss table (git-fixes). - net/qla3xxx: Fix a test in ql_reset_work() (git-fixes). - net/sunrpc: fix potential memory leaks in rpc_sysfs_xprt_state_change() (git-fixes). - NFS: Do not decrease the value of seq_nr_highest_sent (git-fixes). - NFS: fix problems with __nfs42_ssc_open (git-fixes). - NFS: Fix races in the legacy idmapper upcall (git-fixes). - NFS: Fix WARN_ON due to unionization of nfs_inode.nrequests (git-fixes). - NFS: Handle NFS4ERR_DELAY replies to OP_SEQUENCE correctly (git-fixes). - NFS: LOOKUP_DIRECTORY is also ok with symlinks (git-fixes). - NFS: RECLAIM_COMPLETE must handle EACCES (git-fixes). - NFS: Turn off open-by-filehandle and NFS re-export for NFSv4.0 (git-fixes). - NFS: Update mode bits after ALLOCATE and DEALLOCATE (git-fixes). - NFSD: Clean up the show_nf_flags() macro (git-fixes). - NFSD: eliminate the NFSD_FILE_BREAK_* flags (git-fixes). - NFSD: Fix offset type in I/O trace points (git-fixes). - NFSD: Report RDMA connection errors to the server (git-fixes). - NFSD: restore EINVAL error translation in nfsd_commit() (git-fixes). - of/device: Fix up of_dma_configure_id() stub (git-fixes). - of/fdt: fix off-by-one error in unflatten_dt_nodes() (git-fixes). - parisc/sticon: fix reverse colors (bsc#1152489) - parisc/stifb: Fix fb_is_primary_device() only available with (bsc#1152489) - parisc/stifb: Implement fb_is_primary_device() (bsc#1152489) - parisc/stifb: Keep track of hardware path of graphics card (bsc#1152489) - PCI: Correct misspelled words (git-fixes). - PCI: Disable MSI for Tegra234 Root Ports (git-fixes). - PCI: Prefer 'unsigned int' over bare 'unsigned' (git-fixes). - PCI/ASPM: Make Intel DG2 L1 acceptable latency unlimited (jsc#PED-387). - pinctrl: qcom: sc8180x: Fix gpio_wakeirq_map (git-fixes). - pinctrl: qcom: sc8180x: Fix wrong pin numbers (git-fixes). - pinctrl: sunxi: Fix name for A100 R_PIO (git-fixes). - platform/surface: aggregator_registry: Add support for Surface Laptop Go 2 (git-fixes). - platform/x86: acer-wmi: Acer Aspire One AOD270/Packard Bell Dot keymap fixes (git-fixes). - platform/x86: i2c-multi-instantiate: Rename it for a generic serial driver name (bsc#1203699). - platform/x86: serial-multi-instantiate: Add CLSA0101 Laptop (bsc#1203699). - platform/x86: serial-multi-instantiate: Add SPI support (bsc#1203699). - platform/x86: serial-multi-instantiate: Reorganize I2C functions (bsc#1203699). - powerpc/pseries/vas: Pass hw_cpu_id to node associativity HCALL (bsc#1194869). - ppc64/kdump: Limit kdump base to 512MB (bsc#1203410 ltc#199904). - regulator: core: Clean up on enable failure (git-fixes). - regulator: pfuze100: Fix the global-out-of-bounds access in pfuze100_regulator_probe() (git-fixes). - regulator: qcom_rpm: Fix circular deferral regression (git-fixes). - reset: imx7: Fix the iMX8MP PCIe PHY PERST support (git-fixes). - s390: fix double free of GS and RI CBs on fork() failure (bsc#1203197 LTC#199895). - s390/boot: fix absolute zero lowcore corruption on boot (git-fixes). - scsi: core: Add BLIST_NO_ASK_VPD_SIZE for some VDASD (bsc#1203039). - scsi: lpfc: Add missing destroy_workqueue() in error path (bsc#1203939). - scsi: lpfc: Add missing free iocb and nlp kref put for early return VMID cases (bsc#1203939). - scsi: lpfc: Add reporting capability for Link Degrade Signaling (bsc#1203939). - scsi: lpfc: Fix FLOGI ACC with wrong SID in PT2PT topology (bsc#1203939). - scsi: lpfc: Fix mbuf pool resource detected as busy at driver unload (bsc#1203939). - scsi: lpfc: Fix multiple NVMe remoteport registration calls for the same NPort ID (bsc#1203939). - scsi: lpfc: Fix prli_fc4_req checks in PRLI handling (bsc#1203939). - scsi: lpfc: Fix various issues reported by tools (bsc#1203939). - scsi: lpfc: Move scsi_host_template outside dynamically allocated/freed phba (bsc#1185032 bsc#1203939). - scsi: lpfc: Remove the unneeded result variable (bsc#1203939). - scsi: lpfc: Remove unneeded result variable (bsc#1203939). - scsi: lpfc: Rename mp/bmp dma buffers to rq/rsp in lpfc_fdmi_cmd (bsc#1203939). - scsi: lpfc: Return DID_TRANSPORT_DISRUPTED instead of DID_REQUEUE (bsc#1203939). - scsi: lpfc: Rework FDMI attribute registration for unintential padding (bsc#1203939). - scsi: lpfc: Rework lpfc_fdmi_cmd() routine for cleanup and consistency (bsc#1203939). - scsi: lpfc: Update congestion mode logging for Emulex SAN Manager application (bsc#1203939). - scsi: lpfc: Update lpfc version to 14.2.0.7 (bsc#1203939). - scsi: mpt3sas: Fix use-after-free warning (git-fixes). - scsi: qla2xxx: Add debugfs create/delete helpers (bsc#1203935). - scsi: qla2xxx: Add NVMe parameters support in Auxiliary Image Status (bsc#1203935). - scsi: qla2xxx: Always wait for qlt_sess_work_fn() from qlt_stop_phase1() (bsc#1203935). - scsi: qla2xxx: Avoid flush_scheduled_work() usage (bsc#1203935). - scsi: qla2xxx: Define static symbols (bsc#1203935). - scsi: qla2xxx: Disable ATIO interrupt coalesce for quad port ISP27XX (bsc#1203935). - scsi: qla2xxx: Drop DID_TARGET_FAILURE use (bsc#1203935). - scsi: qla2xxx: Enhance driver tracing with separate tunable and more (bsc#1203935). - scsi: qla2xxx: Fix disk failure to rediscover (git-fixes). - scsi: qla2xxx: Fix memory leak in __qlt_24xx_handle_abts() (bsc#1203935). - scsi: qla2xxx: Fix response queue handler reading stale packets (bsc#1203935). - scsi: qla2xxx: Fix spelling mistake 'definiton' 'definition' (bsc#1203935). - scsi: qla2xxx: Log message 'skipping scsi_scan_host()' as informational (bsc#1203935). - scsi: qla2xxx: Remove unused declarations for qla2xxx (bsc#1203935). - scsi: qla2xxx: Remove unused del_sess_list field (bsc#1203935). - scsi: qla2xxx: Remove unused qlt_tmr_work() (bsc#1203935). - scsi: qla2xxx: Revert 'scsi: qla2xxx: Fix response queue handler reading stale packets' (bsc#1203935). - scsi: qla2xxx: Update version to 10.02.07.900-k (bsc#1203935). - scsi: Revert 'scsi: qla2xxx: Fix disk failure to rediscover' (git-fixes). - scsi: smartpqi: Add module param to disable managed ints (bsc#1203893). - scsi: smartpqi: Shorten drive visibility after removal (bsc#1200622). - selftests: Fix the if conditions of in test_extra_filter() (git-fixes). - selftests: forwarding: add shebang for sch_red.sh (git-fixes). - selftests: forwarding: Fix failing tests with old libnet (git-fixes). - serial: atmel: remove redundant assignment in rs485_config (git-fixes). - serial: Create uart_xmit_advance() (git-fixes). - serial: fsl_lpuart: Reset prior to registration (git-fixes). - serial: tegra-tcu: Use uart_xmit_advance(), fixes icount.tx accounting (git-fixes). - serial: tegra: Use uart_xmit_advance(), fixes icount.tx accounting (git-fixes). - soc: sunxi: sram: Actually claim SRAM regions (git-fixes). - soc: sunxi: sram: Fix debugfs info for A64 SRAM C (git-fixes). - soc: sunxi: sram: Prevent the driver from being unbound (git-fixes). - spi: Add API to count spi acpi resources (bsc#1203699). - spi: Create helper API to lookup ACPI info for spi device (bsc#1203699). - spi: dw: Fix PM disable depth imbalance in dw_spi_bt1_probe (git-fixes). - spi: meson-spicc: do not rely on busy flag in pow2 clk ops (git-fixes). - spi: mt7621: Fix an error message in mt7621_spi_probe() (git-fixes). - spi: propagate error code to the caller of acpi_spi_device_alloc() (bsc#1203699). - spi: qup: add missing clk_disable_unprepare on error in spi_qup_pm_resume_runtime() (git-fixes). - spi: qup: add missing clk_disable_unprepare on error in spi_qup_resume() (git-fixes). - spi: Return deferred probe error when controller isn't yet available (bsc#1203699). - spi: s3c64xx: Fix large transfers with DMA (git-fixes). - spi: Support selection of the index of the ACPI Spi Resource before alloc (bsc#1203699). - spi/omap100k:Fix PM disable depth imbalance in omap1_spi100k_probe (git-fixes). - struct ehci_hcd: hide new element going into a hole (git-fixes). - struct xhci_hcd: restore member now dynamically allocated (git-fixes). - SUNRPC: Do not call connect() more than once on a TCP socket (git-fixes). - SUNRPC: Do not leak sockets in xs_local_connect() (git-fixes). - SUNRPC: fix expiry of auth creds (git-fixes). - SUNRPC: Fix xdr_encode_bool() (git-fixes). - SUNRPC: Reinitialise the backchannel request buffers before reuse (git-fixes). - SUNRPC: RPC level errors should set task->tk_rpc_status (git-fixes). - thunderbolt: Add support for Intel Maple Ridge single port controller (git-fixes). - tracing: hold caller_addr to hardirq_{enable,disable}_ip (git-fixes). - tty: serial: atmel: Preserve previous USART mode if RS485 disabled (git-fixes). - USB: Add ignore-residue quirk for NXP PN7462AU (git-fixes). - USB: add quirks for Lenovo OneLink+ Dock (git-fixes). - USB: cdc-acm: Add Icom PMR F3400 support (0c26:0020) (git-fixes). - USB: core: Fix RST error in hub.c (git-fixes). - USB: core: Prevent nested device-reset calls (git-fixes). - USB: Drop commas after SoC match table sentinels (git-fixes). - USB: dwc3: core: leave default DMA if the controller does not support 64-bit DMA (git-fixes). - USB: dwc3: disable USB core PHY management (git-fixes). - USB: dwc3: gadget: Avoid starting DWC3 gadget during UDC unbind (git-fixes). - USB: dwc3: gadget: Do not modify GEVNTCOUNT in pullup() (git-fixes). - USB: dwc3: gadget: Refactor pullup() (git-fixes). - USB: dwc3: pci: Add support for Intel Raptor Lake (git-fixes). - USB: Fix ehci infinite suspend-resume loop issue in zhaoxin (git-fixes). - USB: Fix memory leak in usbnet_disconnect() (git-fixes). - USB: host: xhci: fix a comment typo in xhci_mem_init() (git-fixes). - USB: host: xhci: use ffs() in xhci_mem_init() (git-fixes). - USB: hub: avoid warm port reset during USB3 disconnect (git-fixes). - USB: serial: cp210x: add Decagon UCA device id (git-fixes). - USB: serial: ftdi_sio: add Omron CS1W-CIF31 device id (git-fixes). - USB: serial: option: add Quectel BG95 0x0203 composition (git-fixes). - USB: serial: option: add Quectel EM060K modem (git-fixes). - USB: serial: option: add Quectel RM520N (git-fixes). - USB: serial: option: add support for Cinterion MV32-WA/WB RmNet mode (git-fixes). - USB: serial: option: add support for OPPO R11 diag port (git-fixes). - USB: storage: Add ASUS 0x0b05:0x1932 to IGNORE_UAS (git-fixes). - USB: struct usb_device: hide new member (git-fixes). - USB: typec: intel_pmc_mux: Add new ACPI ID for Meteor Lake IOM device (git-fixes). - USB: typec: tipd: Add an additional overflow check (git-fixes). - USB: typec: tipd: Do not read/write more bytes than required (git-fixes). - USB: typec: ucsi: Remove incorrect warning (git-fixes). - USB: xhci-mtk: relax TT periodic bandwidth allocation (git-fixes). - vfio/type1: Unpin zero pages (git-fixes). - vhost/vsock: Use kvmalloc/kvfree for larger packets (git-fixes). - video: fbdev: i740fb: Error out if 'pixclock' equals zero (git-fixes). - video: fbdev: pxa3xx-gcu: Fix integer overflow in pxa3xx_gcu_write (git-fixes). - virt: Add SEV-SNP guest driver (jsc#SLE-19924, jsc#SLE-24814). - virt: sevguest: Add documentation for SEV-SNP CPUID Enforcement (jsc#SLE-19924, jsc#SLE-24814). - virt: sevguest: Add support to derive key (jsc#SLE-19924, jsc#SLE-24814). - virt: sevguest: Add support to get extended report (jsc#SLE-19924, jsc#SLE-24814). - virt: sevguest: Fix bool function returning negative value (jsc#SLE-19924, jsc#SLE-24814). - virt: sevguest: Fix return value check in alloc_shared_pages() (jsc#SLE-19924, jsc#SLE-24814). - vrf: fix packet sniffing for traffic originating from ip tunnels (git-fixes). - vt: Clear selection before changing the font (git-fixes). - watchdog: wdat_wdt: Set the min and max timeout values properly (bsc#1194023). - wifi: ath10k: add peer map clean up for peer delete in ath10k_sta_state() (git-fixes). - wifi: ath11k: fix number of VHT beamformee spatial streams (git-fixes). - wifi: iwlegacy: 4965: corrected fix for potential off-by-one overflow in il4965_rs_fill_link_cmd() (git-fixes). - wifi: mac80211_hwsim: check length for virtio packets (git-fixes). - wifi: mac80211: allow bw change during channel switch in mesh (git-fixes). - wifi: mac80211: fix regression with non-QoS drivers (git-fixes). - wifi: mac80211: Fix UAF in ieee80211_scan_rx() (git-fixes). - wifi: mt76: fix reading current per-tid starting sequence number for aggregation (git-fixes). - wifi: mt76: mt7615: add mt7615_mutex_acquire/release in mt7615_sta_set_decap_offload (git-fixes). - wifi: mt76: mt7915: do not check state before configuring implicit beamform (git-fixes). - wifi: mt76: sdio: fix transmitting packet hangs (git-fixes). - wifi: rtl8xxxu: Fix AIFS written to REG_EDCA_*_PARAM (git-fixes). - wifi: rtl8xxxu: Fix skb misuse in TX queue selection (git-fixes). - wifi: rtl8xxxu: gen2: Fix mistake in path B IQ calibration (git-fixes). - wifi: rtl8xxxu: Improve rtl8xxxu_queue_select (git-fixes). - wifi: rtl8xxxu: Remove copy-paste leftover in gen2_update_rate_mask (git-fixes). - wifi: rtl8xxxu: tighten bounds checking in rtl8xxxu_read_efuse() (git-fixes). - wifi: rtlwifi: 8192de: correct checking of IQK reload (git-fixes). - wifi: rtw88: add missing destroy_workqueue() on error path in rtw_core_init() (git-fixes). - workqueue: do not skip lockdep work dependency in cancel_work_sync() (git-fixes). - x86/boot: Add a pointer to Confidential Computing blob in bootparams (jsc#SLE-19924, jsc#SLE-24814). - x86/boot: Add Confidential Computing type to setup_data (jsc#SLE-19924, jsc#SLE-24814). - x86/boot: Introduce helpers for MSR reads/writes (jsc#SLE-19924, jsc#SLE-24814). - x86/boot: Put globals that are accessed early into the .data section (jsc#SLE-19924, jsc#SLE-24814). - x86/boot: Use MSR read/write helpers instead of inline assembly (jsc#SLE-19924, jsc#SLE-24814). - x86/compressed: Add helper for validating pages in the decompression stage (jsc#SLE-19924, jsc#SLE-24814). - x86/compressed: Add SEV-SNP feature detection/setup (jsc#SLE-19924, jsc#SLE-24814). - x86/compressed: Export and rename add_identity_map() (jsc#SLE-19924, jsc#SLE-24814). - x86/compressed: Register GHCB memory when SEV-SNP is active (jsc#SLE-19924, jsc#SLE-24814). - x86/compressed: Use firmware-validated CPUID leaves for SEV-SNP guests (jsc#SLE-19924, jsc#SLE-24814). - x86/compressed/64: Add identity mapping for Confidential Computing blob (jsc#SLE-19924, jsc#SLE-24814). - x86/compressed/64: Add support for SEV-SNP CPUID table in #VC handlers (jsc#SLE-19924, jsc#SLE-24814). - x86/compressed/64: Detect/setup SEV/SME features earlier during boot (jsc#SLE-19924, jsc#SLE-24814). - x86/compressed/acpi: Move EFI config table lookup to helper (jsc#SLE-19924, jsc#SLE-24814). - x86/compressed/acpi: Move EFI detection to helper (jsc#SLE-19924, jsc#SLE-24814). - x86/compressed/acpi: Move EFI kexec handling into common code (jsc#SLE-19924, jsc#SLE-24814). - x86/compressed/acpi: Move EFI system table lookup to helper (jsc#SLE-19924, jsc#SLE-24814). - x86/compressed/acpi: Move EFI vendor table lookup to helper (jsc#SLE-19924, jsc#SLE-24814). - x86/head/64: Re-enable stack protection (jsc#SLE-19924, jsc#SLE-24814). - x86/ibt,ftrace: Make function-graph play nice (bsc#1203969). - x86/kernel: Mark the .bss..decrypted section as shared in the RMP table (jsc#SLE-19924, jsc#SLE-24814). - x86/kernel: Validate ROM memory before accessing when SEV-SNP is active (jsc#SLE-19924, jsc#SLE-24814). - x86/kexec: fix memory leak of elf header buffer (bsc#1196444). - x86/mm: Extend cc_attr to include AMD SEV-SNP (jsc#SLE-19924, jsc#SLE-24814). - x86/mm: Validate memory when changing the C-bit (jsc#SLE-19924, jsc#SLE-24814). - x86/sev: Add a helper for the PVALIDATE instruction (jsc#SLE-19924, jsc#SLE-24814). - x86/sev: Add a sev= cmdline option (jsc#SLE-19924, jsc#SLE-24814). - x86/sev: Add helper for validating pages in early enc attribute changes (jsc#SLE-19924, jsc#SLE-24814). - x86/sev: Add missing __init annotations to SEV init routines (jsc#SLE-19924 jsc#SLE-24814). - x86/sev: Add SEV-SNP feature detection/setup (jsc#SLE-19924, jsc#SLE-24814). - x86/sev: Check SEV-SNP features support (jsc#SLE-19924, jsc#SLE-24814). - x86/sev: Check the VMPL level (jsc#SLE-19924, jsc#SLE-24814). - x86/sev: Detect/setup SEV/SME features earlier in boot (jsc#SLE-19924, jsc#SLE-24814). - x86/sev: Get the AP jump table address from secrets page (jsc#SLE-19924, jsc#SLE-24814). - x86/sev: Move MSR-based VMGEXITs for CPUID to helper (jsc#SLE-19924, jsc#SLE-24814). - x86/sev: Provide support for SNP guest request NAEs (jsc#SLE-19924, jsc#SLE-24814). - x86/sev: Register GHCB memory when SEV-SNP is active (jsc#SLE-19924, jsc#SLE-24814). - x86/sev: Register SEV-SNP guest request platform device (jsc#SLE-19924, jsc#SLE-24814). - x86/sev: Use firmware-validated CPUID for SEV-SNP guests (jsc#SLE-19924, jsc#SLE-24814). - x86/sev: Use SEV-SNP AP creation to start secondary CPUs (jsc#SLE-19924, jsc#SLE-24814). - x86/xen: Remove undefined behavior in setup_features() (git-fixes). - xen-blkback: Advertise feature-persistent as user requested (git-fixes). - xen-blkback: Apply 'feature_persistent' parameter when connect (git-fixes). - xen-blkback: fix persistent grants negotiation (git-fixes). - xen-blkfront: Advertise feature-persistent as user requested (git-fixes). - xen-blkfront: Apply 'feature_persistent' parameter when connect (git-fixes). - xen-blkfront: Cache feature_persistent value before advertisement (git-fixes). - xen-blkfront: Handle NULL gendisk (git-fixes). - xen-netback: only remove 'hotplug-status' when the vif is actually destroyed (git-fixes). - xen/gntdev: Avoid blocking in unmap_grant_pages() (git-fixes). - xen/gntdev: Ignore failure to unmap INVALID_GRANT_HANDLE (git-fixes). - xen/grants: prevent integer overflow in gnttab_dma_alloc_pages() (git-fixes). - xen/usb: do not use arbitrary_virt_to_machine() (git-fixes). - xhci: Allocate separate command structures for each LPM command (git-fixes). ----------------------------------------------------------------- Advisory ID: SUSE-feature-2022:3845-1 Released: Wed Nov 2 07:22:59 2022 Summary: Feature update for grub2 Type: feature Severity: important References: 1196668,1201361 This feature update for grub2 fixes the following issues: - Include loopback into signed grub2 image (jsc#PED-2151, jsc#PED-2150) - Enable 'Automatic TPM Disk Unlock' mechanism (jsc#PED-1423, jsc#PED-1091, bsc#1196668) - Fix installation failure due to unavailable nvram device on ppc64le (bsc#1201361) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3870-1 Released: Fri Nov 4 11:12:08 2022 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1190651,1202148 This update for openssl-1_1 fixes the following issues: - FIPS: Add a missing dependency on jitterentropy-devel for libopenssl-1_1-devel (bsc#1202148) - FIPS: OpenSSL service-level indicator: Allow AES XTS 256 (bsc#1190651) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3884-1 Released: Mon Nov 7 10:59:26 2022 Summary: Security update for expat Type: security Severity: important References: 1204708,CVE-2022-43680 This update for expat fixes the following issues: - CVE-2022-43680: Fixed use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate (bsc#1204708). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3885-1 Released: Mon Nov 7 11:32:04 2022 Summary: Recommended update for gnutls Type: recommended Severity: moderate References: 1203299 This update for gnutls fixes the following issues: - Fix AVX CPU feature detection for OSXSAVE (bsc#1203299) This fixes a SIGILL termination at the verzoupper instruction when trying to run GnuTLS on a Linux kernel with the noxsave command line parameter set. Relevant mostly for virtual systems. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3900-1 Released: Tue Nov 8 10:47:55 2022 Summary: Recommended update for docker Type: recommended Severity: moderate References: 1200022 This update for docker fixes the following issues: - Fix a crash-on-start issue with dockerd (bsc#1200022) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3904-1 Released: Tue Nov 8 10:52:13 2022 Summary: Recommended update for openssh Type: recommended Severity: moderate References: 1192439 This update for openssh fixes the following issue: - Prevent empty messages from being sent. (bsc#1192439) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3910-1 Released: Tue Nov 8 13:05:04 2022 Summary: Recommended update for pam Type: recommended Severity: moderate References: This update for pam fixes the following issue: - Update pam_motd to the most current version. (PED-1712) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3922-1 Released: Wed Nov 9 09:03:33 2022 Summary: Security update for protobuf Type: security Severity: important References: 1194530,1203681,1204256,CVE-2021-22569,CVE-2022-1941,CVE-2022-3171 This update for protobuf fixes the following issues: - CVE-2021-22569: Fixed Denial of Service in protobuf-java in the parsing procedure for binary data (bsc#1194530). - CVE-2022-1941: Fix a potential DoS issue in protobuf-cpp and protobuf-python (bsc#1203681) - CVE-2022-3171: Fix a potential DoS issue when parsing with binary data in protobuf-java (bsc#1204256) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3927-1 Released: Wed Nov 9 14:55:47 2022 Summary: Recommended update for runc Type: recommended Severity: moderate References: 1202021,1202821 This update for runc fixes the following issues: - Update to runc v1.1.4 (bsc#1202021) - Fix failed exec after systemctl daemon-reload (bsc#1202821) - Fix mounting via wrong proc - Fix 'permission denied' error from runc run on noexec filesystem ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3961-1 Released: Mon Nov 14 07:33:50 2022 Summary: Recommended update for zlib Type: recommended Severity: important References: 1203652 This update for zlib fixes the following issues: - Fix updating strm.adler with inflate() if DFLTCC is used (bsc#1203652) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3974-1 Released: Mon Nov 14 15:39:20 2022 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1201959,1204211 This update for util-linux fixes the following issues: - Fix file conflict during upgrade (bsc#1204211) - libuuid improvements (bsc#1201959, PED-1150): libuuid: Fix range when parsing UUIDs. Improve cache handling for short running applications-increment the cache size over runtime. Implement continuous clock handling for time based UUIDs. Check clock value from clock file to provide seamless libuuid. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3999-1 Released: Tue Nov 15 17:08:04 2022 Summary: Security update for systemd Type: security Severity: moderate References: 1204179,1204968,CVE-2022-3821 This update for systemd fixes the following issues: - CVE-2022-3821: Fixed buffer overrun in format_timespan() function (bsc#1204968). - Import commit 0cd50eedcc0692c1f907b24424215f8db7d3b428 * 0469b9f2bc pstore: do not try to load all known pstore modules * ad05f54439 pstore: Run after modules are loaded * ccad817445 core: Add trigger limit for path units * 281d818fe3 core/mount: also add default before dependency for automount mount units * ffe5b4afa8 logind: fix crash in logind on user-specified message string - Document udev naming scheme (bsc#1204179) - Make 'sle15-sp3' net naming scheme still available for backward compatibility reason ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4001-1 Released: Tue Nov 15 17:08:52 2022 Summary: Security update for sudo Type: security Severity: important References: 1204986,CVE-2022-43995 This update for sudo fixes the following issues: - CVE-2022-43995: Fixed a potential heap-based buffer over-read when entering a password of seven characters or fewer and using the crypt() password backend (bsc#1204986). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4007-1 Released: Wed Nov 16 09:12:44 2022 Summary: Security update for xen Type: security Severity: important References: 1027519,1193923,1203806,1203807,1204482,1204483,1204485,1204487,1204488,1204489,1204490,1204494,1204496,CVE-2022-33746,CVE-2022-33747,CVE-2022-33748,CVE-2022-42309,CVE-2022-42310,CVE-2022-42311,CVE-2022-42312,CVE-2022-42313,CVE-2022-42314,CVE-2022-42315,CVE-2022-42316,CVE-2022-42317,CVE-2022-42318,CVE-2022-42319,CVE-2022-42320,CVE-2022-42321,CVE-2022-42322,CVE-2022-42323,CVE-2022-42325,CVE-2022-42326,CVE-2022-42327 This update for xen fixes the following issues: - CVE-2022-33746: Fixed DoS due to excessively long P2M pool freeing (bsc#1203806). - CVE-2022-33748: Fixed DoS due to race in locking (bsc#1203807). - CVE-2022-42311, CVE-2022-42312, CVE-2022-42313, CVE-2022-42314, CVE-2022-42315, CVE-2022-42316, CVE-2022-42317, CVE-2022-42318: xen: Xenstore: Guests can let xenstored run out of memory (bsc#1204482) - CVE-2022-42309: xen: Xenstore: Guests can crash xenstored (bsc#1204485) - CVE-2022-42310: xen: Xenstore: Guests can create orphaned Xenstore nodes (bsc#1204487) - CVE-2022-42319: xen: Xenstore: Guests can cause Xenstore to not free temporary memory (bsc#1204488) - CVE-2022-42320: xen: Xenstore: Guests can get access to Xenstore nodes of deleted domains (bsc#1204489) - CVE-2022-42321: xen: Xenstore: Guests can crash xenstored via exhausting the stack (bsc#1204490) - CVE-2022-42322,CVE-2022-42323: xen: Xenstore: cooperating guests can create arbitrary numbers of nodes (bsc#1204494) - CVE-2022-42325,CVE-2022-42326: xen: Xenstore: Guests can create arbitrary number of nodes via transactions (bsc#1204496) - xen: Frontends vulnerable to backends (bsc#1193923). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4019-1 Released: Wed Nov 16 15:44:20 2022 Summary: Recommended update for apparmor Type: recommended Severity: low References: 1202344 This update for apparmor fixes the following issues: - profiles: permit php-fpm pid files directly under run/ (bsc#1202344) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4020-1 Released: Wed Nov 16 15:45:13 2022 Summary: Recommended update for nfs-utils Type: recommended Severity: moderate References: 1199856,1202627 This update for nfs-utils fixes the following issues: - Fix nfsdcltrack bug that affected non-x86 archs (bsc#1202627) - Ensure sysctl setting work (bsc#1199856) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4041-1 Released: Thu Nov 17 04:55:47 2022 Summary: Recommended update for libuv Type: recommended Severity: moderate References: 1199062 This update for libuv fixes the following issues: - Remove epoll syscall wrappers. (bsc#1199062) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4062-1 Released: Fri Nov 18 09:05:07 2022 Summary: Recommended update for libusb-1_0 Type: recommended Severity: moderate References: 1201590 This update for libusb-1_0 fixes the following issues: - Fix regression where some devices no longer work if they have a configuration value of 0 (bsc#1201590) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4066-1 Released: Fri Nov 18 10:43:00 2022 Summary: Recommended update for timezone Type: recommended Severity: important References: 1177460,1202324,1204649,1205156 This update for timezone fixes the following issues: Update timezone version from 2022a to 2022f (bsc#1177460, bsc#1204649, bsc#1205156): - Mexico will no longer observe DST except near the US border - Chihuahua moves to year-round -06 on 2022-10-30 - Fiji no longer observes DST - In vanguard form, GMT is now a Zone and Etc/GMT a link - zic now supports links to links, and vanguard form uses this - Simplify four Ontario zones - Fix a Y2438 bug when reading TZif data - Enable 64-bit time_t on 32-bit glibc platforms - Omit large-file support when no longer needed - Jordan and Syria switch from +02/+03 with DST to year-round +03 - Palestine transitions are now Saturdays at 02:00 - Simplify three Ukraine zones into one - Improve tzselect on intercontinental Zones - Chile's DST is delayed by a week in September 2022 (bsc#1202324) - Iran no longer observes DST after 2022 - Rename Europe/Kiev to Europe/Kyiv - New `zic -R` command option - Vanguard form now uses %z ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4072-1 Released: Fri Nov 18 13:36:05 2022 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1065729,1071995,1152472,1152489,1188238,1194869,1196018,1196632,1199904,1200567,1200692,1200788,1202187,1202686,1202700,1202914,1203098,1203229,1203290,1203435,1203514,1203699,1203767,1203802,1203922,1204017,1204142,1204166,1204168,1204171,1204241,1204353,1204354,1204355,1204402,1204413,1204415,1204417,1204428,1204431,1204439,1204470,1204479,1204498,1204533,1204569,1204574,1204575,1204619,1204635,1204637,1204646,1204647,1204650,1204653,1204693,1204705,1204719,1204728,1204753,1204868,1204926,1204933,1204934,1204947,1204957,1204963,1204970,CVE-2022-1882,CVE-2022-2153,CVE-2022-28748,CVE-2022-2964,CVE-2022-2978,CVE-2022-3169,CVE-2022-33981,CVE-2022-3424,CVE-2022-3435,CVE-2022-3521,CVE-2022-3524,CVE-2022-3526,CVE-2022-3535,CVE-2022-3542,CVE-2022-3545,CVE-2022-3565,CVE-2022-3577,CVE-2022-3586,CVE-2022-3594,CVE-2022-3619,CVE-2022-3621,CVE-2022-3625,CVE-2022-3628,CVE-2022-3629,CVE-2022-3633,CVE-2022-3640,CVE-2022-3646,CVE-2022-3649,CVE-2022-40476,CVE-2022-40768,CVE-2022-42703,CV E-2022-43750 The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-28748: Fixed a leak of kernel memory over the network by ax88179_178a devices (bsc#1196018). - CVE-2022-1882: Fixed a use-after-free flaw in free_pipe_info() that could allow a local user to crash or potentially escalate their privileges on the system (bsc#1199904). - CVE-2022-2964: Fixed memory corruption issues in ax88179_178a devices (bnc#1202686). - CVE-2022-3169: Fixed an denial of service though request to NVME_IOCTL_RESET and NVME_IOCTL_SUBSYS_RESET (bsc#1203290). - CVE-2022-33981: Fixed a use-after-free in floppy driver (bnc#1200692). - CVE-2022-3424: Fixed use-after-free in gru_set_context_option(), gru_fault() and gru_handle_user_call_os() that could lead to kernel panic (bsc#1204166). - CVE-2022-3435: Fixed an out-of-bounds read in fib_nh_match() of the file net/ipv4/fib_semantics.c (bsc#1204171). - CVE-2022-3521: Fixed race condition in kcm_tx_work() in net/kcm/kcmsock.c (bnc#1204355). - CVE-2022-3524: Fixed memory leak in ipv6_renew_options() in the IPv6 handler (bnc#1204354). - CVE-2022-3526: Fixed a memory leak in macvlan_handle_frame() from drivers/net/macvlan.c (bnc#1204353). - CVE-2022-3545: Fixed use-after-free in area_cache_get() in drivers/net/ethernet/netronome/nfp/nfpcore/nfp_cppcore.c (bnc#1204415). - CVE-2022-3565: Fixed use-after-free in del_timer() in drivers/isdn/mISDN/l1oip_core.c (bnc#1204431). - CVE-2022-3621: Fixed null pointer dereference in nilfs_bmap_lookup_at_level() in fs/nilfs2/inode.c (bnc#1204574). - CVE-2022-3625: Fixed use-after-free in devlink_param_set()/devlink_param_get() in net/core/devlink.c (bnc#1204637). - CVE-2022-3628: Fixed potential buffer overflow in brcmf_fweh_event_worker() in wifi/brcmfmac (bsc#1204868). - CVE-2022-3640: Fixed use-after-free in l2cap_conn_del() in net/bluetooth/l2cap_core.c (bnc#1204619). - CVE-2022-3646: Fixed memory leak in nilfs_attach_log_writer() in fs/nilfs2/segment.c (bnc#1204646). - CVE-2022-40476: Fixed a null pointer dereference in fs/io_uring.c (bnc#1203435). - CVE-2022-40768: Fixed information disclosure in stex_queuecommand_lck (bnc#1203514). - CVE-2022-43750: Fixed vulnerability in usbmon that allowed a user-space client to corrupt the monitor's internal memory (bnc#1204653). The following non-security bugs were fixed: - acpi: APEI: do not add task_work to kernel thread to avoid memory leak (git-fixes). - acpi: HMAT: Release platform device in case of platform_device_add_data() fails (git-fixes). - acpi: extlog: Handle multiple records (git-fixes). - acpi: tables: FPDT: Do not call acpi_os_map_memory() on invalid phys address (git-fixes). - acpi: video: Add Toshiba Satellite/Portege Z830 quirk (git-fixes). - acpi: video: Make backlight class device registration a separate step (v2) (git-fixes). - acpi: x86: Add a quirk for Dell Inspiron 14 2-in-1 for StorageD3Enable (git-fixes). - alsa: Use del_timer_sync() before freeing timer (git-fixes). - alsa: ac97: fix possible memory leak in snd_ac97_dev_register() (git-fixes). - alsa: aoa: Fix I2S device accounting (git-fixes). - alsa: aoa: i2sbus: fix possible memory leak in i2sbus_add_dev() (git-fixes). - alsa: asihpi - Remove useless code in hpi_meter_get_peak() (git-fixes). - alsa: au88x0: use explicitly signed char (git-fixes). - alsa: dmaengine: increment buffer pointer atomically (git-fixes). - alsa: hda/cs_dsp_ctl: Fix mutex inversion when creating controls (bsc#1203699). - alsa: hda/hdmi: Do not skip notification handling during PM operation (git-fixes). - alsa: hda/hdmi: Fix the converter allocation for the silent stream (git-fixes). - alsa: hda/hdmi: Fix the converter reuse for the silent stream (git-fixes). - alsa: hda/hdmi: change type for the 'assigned' variable (git-fixes). - alsa: hda/realtek: Add Intel Reference SSID to support headset keys (git-fixes). - alsa: hda/realtek: Add another HP ZBook G9 model quirks (bsc#1203699). - alsa: hda/realtek: Add quirk for ASUS GV601R laptop (git-fixes). - alsa: hda/realtek: Add quirk for ASUS Zenbook using CS35L41 (bsc#1203922). - alsa: hda/realtek: Correct pin configs for ASUS G533Z (git-fixes). - alsa: hda/realtek: remove ALC289_FIXUP_DUAL_SPK for Dell 5530 (git-fixes). - alsa: hda: Fix position reporting on Poulsbo (git-fixes). - alsa: hda: cs35l41: Remove suspend/resume hda hooks (bsc#1203699). - alsa: hda: cs35l41: Support System Suspend (bsc#1203699). - alsa: hda: hda_cs_dsp_ctl: Ensure pwr_lock is held before reading/writing controls (bsc#1203699). - alsa: hda: hda_cs_dsp_ctl: Minor clean and redundant code removal (bsc#1203699). - alsa: hiface: fix repeated words in comments (git-fixes). - alsa: line6: Replace sprintf() with sysfs_emit() (git-fixes). - alsa: line6: remove line6_set_raw declaration (git-fixes). - alsa: oss: Fix potential deadlock at unregistration (git-fixes). - alsa: rawmidi: Drop register_mutex in snd_rawmidi_free() (git-fixes). - alsa: rme9652: use explicitly signed char (git-fixes). - alsa: scarlett2: Add Focusrite Clarett+ 8Pre support (git-fixes). - alsa: scarlett2: Add support for the internal 'standalone' switch (git-fixes). - alsa: scarlett2: Split scarlett2_config_items[] into 3 sections (git-fixes). - alsa: usb-audio: Add mixer mapping for Gigabyte B450/550 Mobos (git-fixes). - alsa: usb-audio: Add quirk to enable Avid Mbox 3 support (git-fixes). - alsa: usb-audio: Add quirks for M-Audio Fast Track C400/600 (git-fixes). - alsa: usb-audio: Fix NULL dererence at error path (git-fixes). - alsa: usb-audio: Fix last interface check for registration (git-fixes). - alsa: usb-audio: Fix potential memory leaks (git-fixes). - alsa: usb-audio: Fix regression with Dell Dock jack detection (bsc#1204719). - alsa: usb-audio: Register card at the last interface (git-fixes). - alsa: usb-audio: make read-only array marker static const (git-fixes). - alsa: usb-audio: remove redundant assignment to variable c (git-fixes). - alsa: usb-audio: scarlett2: Use struct_size() helper in scarlett2_usb() (git-fixes). - alsa: usb/6fire: fix repeated words in comments (git-fixes). - arm64/bti: Disable in kernel BTI when cross section thunks are broken (git-fixes) - arm64/mm: Consolidate TCR_EL1 fields (git-fixes). - arm64: dts: imx8mp: Add snps,gfladj-refclk-lpm-sel quirk to USB nodes (git-fixes). - arm64: dts: imx8mq-librem5: Add bq25895 as max17055's power supply (git-fixes). - arm64: dts: qcom: sc7280: Cleanup the lpasscc node (git-fixes). - arm64: dts: ti: k3-j7200: fix main pinmux range (git-fixes). - arm64: ftrace: fix module PLTs with mcount (git-fixes). - arm64: mte: Avoid setting PG_mte_tagged if no tags cleared or restored (git-fixes). - arm64: topology: move store_cpu_topology() to shared code (git-fixes). - arm: 9242/1: kasan: Only map modules if CONFIG_KASAN_VMALLOC=n (git-fixes). - arm: 9244/1: dump: Fix wrong pg_level in walk_pmd() (git-fixes). - arm: 9247/1: mm: set readonly for MT_MEMORY_RO with ARM_LPAE (git-fixes). - arm: Drop CMDLINE_* dependency on ATAGS (git-fixes). - arm: decompressor: Include .data.rel.ro.local (git-fixes). - arm: defconfig: clean up multi_v4t and multi_v5 configs (git-fixes). - arm: defconfig: drop CONFIG_PTP_1588_CLOCK=y (git-fixes). - arm: defconfig: drop CONFIG_SERIAL_OMAP references (git-fixes). - arm: defconfig: drop CONFIG_USB_FSL_USB2 (git-fixes). - arm: dts: armada-38x: Add gpio-ranges for pin muxing (git-fixes). - arm: dts: exynos: correct s5k6a3 reset polarity on Midas family (git-fixes). - arm: dts: exynos: fix polarity of VBUS GPIO of Origen (git-fixes). - arm: dts: fix Moxa SDIO 'compatible', remove 'sdhci' misnomer (git-fixes). - arm: dts: imx6dl: add missing properties for sram (git-fixes). - arm: dts: imx6q: add missing properties for sram (git-fixes). - arm: dts: imx6qdl-kontron-samx6i: hook up DDC i2c bus (git-fixes). - arm: dts: imx6qp: add missing properties for sram (git-fixes). - arm: dts: imx6sl: add missing properties for sram (git-fixes). - arm: dts: imx6sll: add missing properties for sram (git-fixes). - arm: dts: imx6sx: add missing properties for sram (git-fixes). - arm: dts: imx7d-sdb: config the max pressure for tsc2046 (git-fixes). - arm: dts: integrator: Tag PCI host with device_type (git-fixes). - arm: dts: kirkwood: lsxl: fix serial line (git-fixes). - arm: dts: kirkwood: lsxl: remove first ethernet port (git-fixes). - arm: dts: turris-omnia: Add label for wan port (git-fixes). - arm: dts: turris-omnia: Fix mpp26 pin name and comment (git-fixes). - asoc: SOF: pci: Change DMI match info to support all Chrome platforms (git-fixes). - asoc: codecs: tx-macro: fix kcontrol put (git-fixes). - asoc: da7219: Fix an error handling path in da7219_register_dai_clks() (git-fixes). - asoc: eureka-tlv320: Hold reference returned from of_find_xxx API (git-fixes). - asoc: fsl_sai: Remove unnecessary FIFO reset in ISR (git-fixes). - asoc: mt6359: fix tests for platform_get_irq() failure (git-fixes). - asoc: mt6660: Fix PM disable depth imbalance in mt6660_i2c_probe (git-fixes). - asoc: qcom: lpass-cpu: Mark HDMI TX parity register as volatile (git-fixes). - asoc: qcom: lpass-cpu: mark HDMI TX registers as volatile (git-fixes). - asoc: rsnd: Add check for rsnd_mod_power_on (git-fixes). - asoc: tas2764: Allow mono streams (git-fixes). - asoc: tas2764: Drop conflicting set_bias_level power setting (git-fixes). - asoc: tas2764: Fix mute/unmute (git-fixes). - asoc: wcd9335: fix order of Slimbus unprepare/disable (git-fixes). - asoc: wcd934x: fix order of Slimbus unprepare/disable (git-fixes). - asoc: wm5102: Fix PM disable depth imbalance in wm5102_probe (git-fixes). - asoc: wm5110: Fix PM disable depth imbalance in wm5110_probe (git-fixes). - asoc: wm8997: Fix PM disable depth imbalance in wm8997_probe (git-fixes). - asoc: wm_adsp: Handle optional legacy support (git-fixes). - ata: ahci-imx: Fix MODULE_ALIAS (git-fixes). - ata: fix ata_id_has_devslp() (git-fixes). - ata: fix ata_id_has_dipm() (git-fixes). - ata: fix ata_id_has_ncq_autosense() (git-fixes). - ata: fix ata_id_sense_reporting_enabled() and ata_id_has_sense_reporting() (git-fixes). - ata: libahci_platform: Sanity check the DT child nodes number (git-fixes). - ata: pata_legacy: fix pdc20230_set_piomode() (git-fixes). - bluetooth: L2CAP: Fix use-after-free caused by l2cap_reassemble_sdu (git-fixes). - bluetooth: L2CAP: Fix user-after-free (git-fixes). - bluetooth: L2CAP: initialize delayed works at l2cap_chan_create() (git-fixes). - bluetooth: RFCOMM: Fix possible deadlock on socket shutdown/release (git-fixes). - bluetooth: btintel: Mark Intel controller to support LE_STATES quirk (git-fixes). - bluetooth: hci_sysfs: Fix attempting to call device_add multiple times (git-fixes). - bluetooth: virtio_bt: Use skb_put to set length (git-fixes). - bnxt_en: Fix bnxt_refclk_read() (git-fixes). - bnxt_en: Fix bnxt_reinit_after_abort() code path (git-fixes). - bnxt_en: fix livepatch query (git-fixes). - bnxt_en: reclaim max resources if sriov enable fails (git-fixes). - bonding: 802.3ad: fix no transmission of LACPDUs (git-fixes). - bonding: ARP monitor spams NETDEV_NOTIFY_PEERS notifiers (git-fixes). - can: bcm: check the result of can_send() in bcm_can_tx() (git-fixes). - can: j1939: transport: j1939_session_skb_drop_old(): spin_unlock_irqrestore() before kfree_skb() (git-fixes). - can: kvaser_usb: Fix possible completions during init_completion (git-fixes). - can: kvaser_usb: Fix use of uninitialized completion (git-fixes). - can: kvaser_usb: kvaser_usb_leaf: fix CAN clock frequency regression (git-fixes). - can: kvaser_usb: replace run-time checks with struct kvaser_usb_driver_info (git-fixes). - can: kvaser_usb_leaf: Fix CAN state after restart (git-fixes). - can: kvaser_usb_leaf: Fix TX queue out of sync after restart (git-fixes). - can: mcp251x: mcp251x_can_probe(): add missing unregister_candev() in error path (git-fixes). - can: mcp251xfd: mcp251xfd_register_get_dev_id(): fix endianness conversion (git-fixes). - can: mcp251xfd: mcp251xfd_register_get_dev_id(): use correct length to read dev_id (git-fixes). - can: mscan: mpc5xxx: mpc5xxx_can_probe(): add missing put_clock() in error path (git-fixes). - cgroup/cpuset: Enable update_tasks_cpumask() on top_cpuset (bsc#1204753). - clk: ast2600: BCLK comes from EPLL (git-fixes). - clk: at91: fix the build with binutils 2.27 (git-fixes). - clk: baikal-t1: Add SATA internal ref clock buffer (git-fixes). - clk: baikal-t1: Add shared xGMAC ref/ptp clocks internal parent (git-fixes). - clk: baikal-t1: Fix invalid xGMAC PTP clock divider (git-fixes). - clk: bcm2835: Make peripheral PLLC critical (git-fixes). - clk: bcm2835: Round UART input clock up (bsc#1188238) - clk: bcm2835: fix bcm2835_clock_rate_from_divisor declaration (git-fixes). - clk: bcm: rpi: Add support for VEC clock (bsc#1196632) - clk: berlin: Add of_node_put() for of_get_parent() (git-fixes). - clk: imx: scu: fix memleak on platform_device_add() fails (git-fixes). - clk: mediatek: mt8183: mfgcfg: Propagate rate changes to parent (git-fixes). - clk: meson: Hold reference returned by of_get_parent() (git-fixes). - clk: oxnas: Hold reference returned by of_get_parent() (git-fixes). - clk: qcom: apss-ipq6018: mark apcs_alias0_core_clk as critical (git-fixes). - clk: qcom: gcc-msm8916: use ARRAY_SIZE instead of specifying num_parents (git-fixes). - clk: qoriq: Hold reference returned by of_get_parent() (git-fixes). - clk: sprd: Hold reference returned by of_get_parent() (git-fixes). - clk: tegra20: Fix refcount leak in tegra20_clock_init (git-fixes). - clk: tegra: Fix refcount leak in tegra114_clock_init (git-fixes). - clk: tegra: Fix refcount leak in tegra210_clock_init (git-fixes). - clk: ti: dra7-atl: Fix reference leak in of_dra7_atl_clk_probe (git-fixes). - clk: vc5: Fix 5P49V6901 outputs disabling when enabling FOD (git-fixes). - clk: zynqmp: Fix stack-out-of-bounds in strncpy` (git-fixes). - clk: zynqmp: pll: rectify rate rounding in zynqmp_pll_round_rate (git-fixes). - cpufreq: qcom: fix memory leak in error path (git-fixes). - cpufreq: qcom: fix writes in read-only memory region (git-fixes). - crypto: akcipher - default implementation for setting a private key (git-fixes). - crypto: cavium - prevent integer overflow loading firmware (git-fixes). - crypto: ccp - Release dma channels before dmaengine unrgister (git-fixes). - crypto: hisilicon/zip - fix mismatch in get/set sgl_sge_nr (git-fixes). - crypto: inside-secure - Change swab to swab32 (git-fixes). - crypto: inside-secure - Replace generic aes with libaes (git-fixes). - crypto: marvell/octeontx - prevent integer overflows (git-fixes). - crypto: qat - fix default value of WDT timer (git-fixes). - crypto: sahara - do not sleep when in softirq (git-fixes). - device property: Fix documentation for *_match_string() APIs (git-fixes). - dmaengine: hisilicon: Add multi-thread support for a DMA channel (git-fixes). - dmaengine: hisilicon: Disable channels when unregister hisi_dma (git-fixes). - dmaengine: hisilicon: Fix CQ head update (git-fixes). - dmaengine: idxd: change bandwidth token to read buffers (jsc#PED-679). - dmaengine: idxd: deprecate token sysfs attributes for read buffers (jsc#PED-679). - dmaengine: idxd: force wq context cleanup on device disable path (git-fixes). - dmaengine: ioat: stop mod_timer from resurrecting deleted timer in __cleanup() (git-fixes). - dmaengine: mxs: use platform_driver_register (git-fixes). - dmaengine: ti: k3-udma: Reset UDMA_CHAN_RT byte counters to prevent overflow (git-fixes). - dmaengine: xilinx_dma: Fix devm_platform_ioremap_resource error handling (git-fixes). - dmaengine: xilinx_dma: Report error in case of dma_set_mask_and_coherent API failure (git-fixes). - dmaengine: xilinx_dma: cleanup for fetching xlnx,num-fstores property (git-fixes). - dpaa2-eth: trace the allocated address instead of page struct (git-fixes). - drivers: hv: vmbus: Fix handling of messages with transaction ID of zero (bsc#1204017). - drivers: hv: vmbus: Introduce vmbus_request_addr_match() (bsc#1204017). - drivers: hv: vmbus: Introduce vmbus_sendpacket_getid() (bsc#1204017). - drivers: hv: vmbus: Introduce {lock,unlock}_requestor() (bsc#1204017). - drivers: serial: jsm: fix some leaks in probe (git-fixes). - drm/amd/display: Assume an LTTPR is always present on fixed_vs links (git-fixes). - drm/amd/display: Changed pipe split policy to allow for multi-display (bsc#1152472) Backporting notes: * remove changes to non-existing 201 and 31 directories - drm/amd/display: Correct MPC split policy for DCN301 (git-fixes). - drm/amd/display: Fix build breakage with CONFIG_DEBUG_FS=n (git-fixes). - drm/amd/display: Fix double cursor on non-video RGB MPO (git-fixes). - drm/amd/display: Fix vblank refcount in vrr transition (git-fixes). - drm/amd/display: Remove interface for periodic interrupt 1 (git-fixes). - drm/amd/display: skip audio setup when audio stream is enabled (git-fixes). - drm/amd/display: update gamut remap if plane has changed (git-fixes). - drm/amd/pm: smu7_hwmgr: fix potential off-by-one overflow in 'performance_levels' (git-fixes). - drm/amdgpu/display: change pipe policy for DCN 2.0 (git-fixes). - drm/amdgpu/display: change pipe policy for DCN 2.1 (git-fixes). - drm/amdgpu/gfx10: add wraparound gpu counter check for APUs as well (bsc#1152472) Backporting notes: * also fix default branch - drm/amdgpu/gfx9: switch to golden tsc registers for renoir+ (bsc#1152472) Backporting notes: * replace IP_VERSION() with CHIP_ constants - drm/amdgpu: add missing pci_disable_device() in amdgpu_pmops_runtime_resume() (git-fixes). - drm/amdgpu: fix initial connector audio value (git-fixes). - drm/amdgpu: fix sdma doorbell init ordering on APUs (git-fixes). - drm/amdkfd: Fix memory leak in kfd_mem_dmamap_userptr() (git-fixes). - drm/bridge: Avoid uninitialized variable warning (git-fixes). - drm/bridge: megachips: Fix a null pointer dereference bug (git-fixes). - drm/bridge: parade-ps8640: Fix regulator supply order (git-fixes). - drm/i915/dp: Reset frl trained flag before restarting FRL training (git-fixes). - drm/i915/ehl: Update MOCS table for EHL (git-fixes). - drm/i915/gvt: fix a memory leak in intel_gvt_init_vgpu_types (git-fixes). - drm/i915/hdmi: convert intel_hdmi_to_dev to intel_hdmi_to_i915 (bsc#1152489) - drm/i915: Reject unsupported TMDS rates on ICL+ (git-fixes). - drm/komeda: Fix handling of atomic commits in the atomic_commit_tail hook (git-fixes). - drm/meson: explicitly remove aggregate driver at module unload time (git-fixes). - drm/mipi-dsi: Detach devices when removing the host (git-fixes). - drm/msm/dp: Silence inconsistent indent warning (git-fixes). - drm/msm/dp: correct 1.62G link rate at dp_catalog_ctrl_config_msa() (git-fixes). - drm/msm/dp: fix IRQ lifetime (git-fixes). - drm/msm/dpu: Fix comment typo (git-fixes). - drm/msm/dpu: index dpu_kms->hw_vbif using vbif_idx (git-fixes). - drm/msm/dsi: fix memory corruption with too many bridges (git-fixes). - drm/msm/hdmi: fix memory corruption with too many bridges (git-fixes). - drm/msm: Fix return type of mdp4_lvds_connector_mode_valid (git-fixes). - drm/msm: Make .remove and .shutdown HW shutdown consistent (git-fixes). - drm/msm: fix use-after-free on probe deferral (git-fixes). - drm/nouveau/kms/nv140-: Disable interlacing (git-fixes). - drm/nouveau/nouveau_bo: fix potential memory leak in nouveau_bo_alloc() (git-fixes). - drm/nouveau: fix a use-after-free in nouveau_gem_prime_import_sg_table() (git-fixes). - drm/nouveau: wait for the exclusive fence after the shared ones v2 (bsc#1152472) Backporting notes: * context changes - drm/omap: dss: Fix refcount leak bugs (git-fixes). - drm/scheduler: quieten kernel-doc warnings (git-fixes). - drm/virtio: Check whether transferred 2D BO is shmem (git-fixes). - drm/virtio: Unlock reservations on virtio_gpu_object_shmem_init() error (git-fixes). - drm: Prevent drm_copy_field() to attempt copying a NULL pointer (git-fixes). - drm: Use size_t type for len variable in drm_copy_field() (git-fixes). - drm: bridge: adv7511: fix CEC power down control register offset (git-fixes). - drm: bridge: dw_hdmi: only trigger hotplug event on link change (git-fixes). - drm: fix drm_mipi_dbi build errors (git-fixes). - drm: panel-orientation-quirks: Add quirk for Anbernic Win600 (git-fixes). - drm:pl111: Add of_node_put() when breaking out of for_each_available_child_of_node() (git-fixes). - drop Dell Dock regression fix patch again (bsc#1204719) - drop verbose nvme logging feature (bsc#1200567) - dt-bindings: crypto: ti,sa2ul: drop dma-coherent property (git-fixes). - dt-bindings: display/msm: dpu-sc7180: add missing DPU opp-table (git-fixes). - dt-bindings: display/msm: dpu-sdm845: add missing DPU opp-table (git-fixes). - dt-bindings: mtd: intel: lgm-nand: Fix compatible string (git-fixes). - dt-bindings: mtd: intel: lgm-nand: Fix maximum chip select value (git-fixes). - dt-bindings: pci: microchip,pcie-host: fix missing clocks properties (git-fixes). - dt-bindings: pci: microchip,pcie-host: fix missing dma-ranges (git-fixes). - dt-bindings: phy: qcom,qmp-usb3-dp: fix bogus clock-cells property (git-fixes). - dt-bindings: phy: qcom,qmp: fix bogus clock-cells property (git-fixes). - dyndbg: fix module.dyndbg handling (git-fixes). - dyndbg: fix static_branch manipulation (git-fixes). - dyndbg: let query-modname override actual module name (git-fixes). - efi: Correct Macmini DMI match in uefi cert quirk (git-fixes). - efi: libstub: drop pointless get_memory_map() call (git-fixes). - fbdev: cyber2000fb: fix missing pci_disable_device() (git-fixes). - fbdev: da8xx-fb: Fix error handling in .remove() (git-fixes). - fec: Fix timer capture timing in `fec_ptp_enable_pps()` (git-fixes). - firmware: arm_scmi: Add SCMI PM driver remove routine (git-fixes). - firmware: arm_scmi: Harden accesses to the sensor domains (git-fixes). - firmware: arm_scmi: Improve checks in the info_get operations (git-fixes). - firmware: google: Test spinlock on panic path to avoid lockups (git-fixes). - fpga: prevent integer overflow in dfl_feature_ioctl_set_irq() (git-fixes). - fs/binfmt_elf: Fix memory leak in load_elf_binary() (git-fixes). - ftrace: Fix char print issue in print_ip_ins() (git-fixes). - ftrace: Properly unset FTRACE_HASH_FL_MOD (git-fixes). - fuse: fix deadlock between atomic O_TRUNC and page invalidation (bsc#1204533). - gcov: support GCC 12.1 and newer compilers (git-fixes). - gpu: lontium-lt9611: Fix NULL pointer dereference in lt9611_connector_init() (git-fixes). - hid: hid-logitech-hidpp: avoid unnecessary assignments in hidpp_connect_event (git-fixes). - hid: hidraw: fix memory leak in hidraw_release() (git-fixes). - hid: magicmouse: Do not set BTN_MOUSE on double report (git-fixes). - hid: multitouch: Add memory barriers (git-fixes). - hid: roccat: Fix use-after-free in roccat_read() (git-fixes). - hinic: Avoid some over memory allocation (git-fixes). - hsi: omap_ssi: Fix refcount leak in ssi_probe (git-fixes). - hsi: omap_ssi_port: Fix dma_map_sg error check (git-fixes). - hwmon/coretemp: Handle large core ID value (git-fixes). - hwmon: (sht4x) do not overflow clamping operation on 32-bit platforms (git-fixes). - i2c: designware: Fix handling of real but unexpected device interrupts (git-fixes). - i2c: i801: Add support for Intel Ice Lake PCH-N (jsc#PED-634). - i2c: i801: Add support for Intel Meteor Lake-P (jsc#PED-732). - i2c: i801: Add support for Intel Raptor Lake PCH-S (jsc#PED-634). - i2c: i801: Improve handling of chip-specific feature definitions (jsc#PED-634). - i2c: qcom-cci: Fix ordering of pm_runtime_xx and i2c_add_adapter (git-fixes). - i40e: Fix call trace in setup_tx_descriptors (git-fixes). - i40e: Fix dropped jumbo frames statistics (git-fixes). - i40e: Fix to stop tx_timeout recovery if GLOBR fails (git-fixes). - iavf: Fix adminq error handling (git-fixes). - iavf: Fix handling of dummy receive descriptors (git-fixes). - iavf: Fix reset error handling (git-fixes). - ib/core: Fix a nested dead lock as part of ODP flow (git-fixes) - ib/rdmavt: Add __init/__exit annotations to module init/exit funcs (git-fixes) - ice: Fix switchdev rules book keeping (git-fixes). - ice: check (DD | EOF) bits on Rx descriptor rather than (EOP | RS) (git-fixes). - ice: do not setup vlan for loopback VSI (git-fixes). - igb: Make DMA faster when CPU is active on the PCIe link (git-fixes). - igb: fix a use-after-free issue in igb_clean_tx_ring (git-fixes). - iio: ABI: Fix wrong format of differential capacitance channel ABI (git-fixes). - iio: adc: ad7923: fix channel readings for some variants (git-fixes). - iio: adc: at91-sama5d2_adc: check return status for pressure and touch (git-fixes). - iio: adc: at91-sama5d2_adc: disable/prepare buffer on suspend/resume (git-fixes). - iio: adc: at91-sama5d2_adc: fix AT91_SAMA5D2_MR_TRACKTIM_MAX (git-fixes). - iio: adc: at91-sama5d2_adc: lock around oversampling and sample freq (git-fixes). - iio: adc: mcp3911: use correct id bits (git-fixes). - iio: adxl372: Fix unsafe buffer attributes (git-fixes). - iio: bmc150-accel-core: Fix unsafe buffer attributes (git-fixes). - iio: dac: ad5593r: Fix i2c read protocol requirements (git-fixes). - iio: inkern: fix return value in devm_of_iio_channel_get_by_name() (git-fixes). - iio: inkern: only release the device node when done with it (git-fixes). - iio: light: tsl2583: Fix module unloading (git-fixes). - iio: ltc2497: Fix reading conversion results (git-fixes). - iio: magnetometer: yas530: Change data type of hard_offsets to signed (git-fixes). - iio: pressure: dps310: Refactor startup procedure (git-fixes). - iio: pressure: dps310: Reset chip after timeout (git-fixes). - iio: temperature: ltc2983: allocate iio channels once (git-fixes). - ima: fix blocking of security.ima xattrs of unsupported algorithms (git-fixes). - input: i8042 - fix refount leak on sparc (git-fixes). - input: synaptics-rmi4 - fix firmware update operations with bootloader v8 (git-fixes). - input: xpad - add supported devices as contributed on github (git-fixes). - input: xpad - fix wireless 360 controller breaking after suspend (git-fixes). - iommu/vt-d: Do not falsely log intel_iommu is unsupported kernel option (bsc#1204947). - ip: Fix data-races around sysctl_ip_fwd_update_priority (git-fixes). - ipv4: Fix data-races around sysctl_fib_multipath_hash_policy (git-fixes). - irqchip/ls-extirq: Fix invalid wait context by avoiding to use regmap (git-fixes). - isdn: mISDN: netjet: fix wrong check of device registration (git-fixes). - ixgbe: Add locking to prevent panic when setting sriov_numvfs to zero (git-fixes). - ixgbe: fix bcast packets Rx on VF after promisc removal (git-fixes). - ixgbe: fix unexpected VLAN Rx in promisc mode on VF (git-fixes). - kABI: Fix after adding trace_iterator.wait_index (git-fixes). - kABI: Fix kABI after backport Add pmc->intr to refactor kvm_perf_overflow{_intr}() (git-fixes). - kABI: Fix kABI after backport Always set kvm_run->if_flag (git-fixes). - kABI: Fix kABI after backport Forcibly leave nested virt when SMM state is toggled (git-fixes). - kABI: Fix kABI after backport Refactoring find_arch_event() to pmc_perf_hw_id() (git-fixes). - kABI: Fix kABI after backport Update vPMCs when retiring branch instructions (git-fixes). - kabi/severities: ignore CS35L41-specific exports (bsc#1203699) - kbuild: Add skip_encoding_btf_enum64 option to pahole (git-fixes). - kbuild: remove the target in signal traps when interrupted (git-fixes). - kbuild: rpm-pkg: fix breakage when V=1 is used (git-fixes). - kernfs: fix use-after-free in __kernfs_remove (git-fixes). - kselftest/arm64: Fix validatation termination record after EXTRA_CONTEXT (git-fixes). - kvm: SVM: Exit to userspace on ENOMEM/EFAULT GHCB errors (git-fixes). - kvm: VMX: Inject #PF on ENCLS as 'emulated' #PF (git-fixes). - kvm: fix avic_set_running for preemptable kernels (git-fixes). - kvm: nVMX: Ignore SIPI that arrives in L2 when vCPU is not in WFS (git-fixes). - kvm: nVMX: Unconditionally purge queued/injected events on nested 'exit' (git-fixes). - kvm: s390: Clarify SIGP orders versus STOP/RESTART (git-fixes). - kvm: s390: pv: do not present the ecall interrupt twice (bsc#1203229 LTC#199905). - kvm: s390x: fix SCK locking (git-fixes). - kvm: x86/emulator: Fix handing of POP SS to correctly set interruptibility (git-fixes). - kvm: x86/mmu: Do not advance iterator after restart due to yielding (git-fixes). - kvm: x86/mmu: Retry page fault if root is invalidated by memslot update (git-fixes). - kvm: x86/pmu: Add pmc->intr to refactor kvm_perf_overflow{_intr}() (git-fixes). - kvm: x86/pmu: Do not truncate the PerfEvtSeln MSR when creating a perf event (git-fixes). - kvm: x86/pmu: Fix available_event_types check for REF_CPU_CYCLES event (git-fixes). - kvm: x86/pmu: Refactoring find_arch_event() to pmc_perf_hw_id() (git-fixes). - kvm: x86: Add KVM_CAP_ENABLE_CAP to x86 (git-fixes). - kvm: x86: Add compat handler for KVM_X86_SET_MSR_FILTER (git-fixes). - kvm: x86: Always set kvm_run->if_flag (git-fixes). - kvm: x86: Forcibly leave nested virt when SMM state is toggled (git-fixes). - kvm: x86: Inject #UD on emulated XSETBV if XSAVES isn't enabled (git-fixes). - kvm: x86: Keep MSR_IA32_XSS unchanged for INIT (git-fixes). - kvm: x86: Register perf callbacks after calling vendor's hardware_setup() (git-fixes). - kvm: x86: Sync the states size with the XCR0/IA32_XSS at, any time (git-fixes). - kvm: x86: Update vPMCs when retiring branch instructions (git-fixes). - kvm: x86: Update vPMCs when retiring instructions (git-fixes). - kvm: x86: do not report preemption if the steal time cache is stale (git-fixes). - kvm: x86: nSVM/nVMX: set nested_run_pending on VM entry which is a result of RSM (git-fixes). - kvm: x86: nSVM: fix potential NULL derefernce on nested migration (git-fixes). - kvm: x86: nSVM: mark vmcb01 as dirty when restoring SMM saved state (git-fixes). - lib/sg_pool: change module_init(sg_pool_init) to subsys_initcall (git-fixes). - livepatch: Add a missing newline character in klp_module_coming() (bsc#1071995). - livepatch: fix race between fork and KLP transition (bsc#1071995). - mISDN: fix possible memory leak in mISDN_register_device() (git-fixes). - mISDN: hfcpci: Fix use-after-free bug in hfcpci_softirq (git-fixes). - mac802154: Fix LQI recording (git-fixes). - macvlan: enforce a consistent minimal mtu (git-fixes). - mailbox: bcm-ferxrm-mailbox: Fix error check for dma_map_sg (git-fixes). - mailbox: mpfs: account for mbox offsets while sending (git-fixes). - mailbox: mpfs: fix handling of the reg property (git-fixes). - media: atomisp: prevent integer overflow in sh_css_set_black_frame() (git-fixes). - media: cedrus: Fix endless loop in cedrus_h265_skip_bits() (git-fixes). - media: cedrus: Set the platform driver data earlier (git-fixes). - media: cx88: Fix a null-ptr-deref bug in buffer_prepare() (git-fixes). - media: ipu3-imgu: Fix NULL pointer dereference in active selection access (git-fixes). - media: mceusb: set timeout to at least timeout provided (git-fixes). - media: meson: vdec: add missing clk_disable_unprepare on error in vdec_hevc_start() (git-fixes). - media: uvcvideo: Fix memory leak in uvc_gpio_parse (git-fixes). - media: uvcvideo: Use entity get_cur in uvc_ctrl_set (git-fixes). - media: v4l2-compat-ioctl32.c: zero buffer passed to v4l2_compat_get_array_args() (git-fixes). - media: v4l2-dv-timings: add sanity checks for blanking values (git-fixes). - media: v4l2: Fix v4l2_i2c_subdev_set_name function documentation (git-fixes). - media: venus: dec: Handle the case where find_format fails (git-fixes). - media: videodev2.h: V4L2_DV_BT_BLANKING_HEIGHT should check 'interlaced' (git-fixes). - media: vivid: dev->bitmap_cap wasn't freed in all cases (git-fixes). - media: vivid: s_fbuf: add more sanity checks (git-fixes). - media: vivid: set num_in/outputs to 0 if not supported (git-fixes). - media: xilinx: vipp: Fix refcount leak in xvip_graph_dma_init (git-fixes). - memory: of: Fix refcount leak bug in of_get_ddr_timings() (git-fixes). - memory: of: Fix refcount leak bug in of_lpddr3_get_ddr_timings() (git-fixes). - memory: pl353-smc: Fix refcount leak bug in pl353_smc_probe() (git-fixes). - mfd: fsl-imx25: Fix an error handling path in mx25_tsadc_setup_irq() (git-fixes). - mfd: fsl-imx25: Fix check for platform_get_irq() errors (git-fixes). - mfd: intel-lpss: Add Intel Raptor Lake PCH-S PCI IDs (jsc#PED-634). - mfd: intel_soc_pmic: Fix an error handling path in intel_soc_pmic_i2c_probe() (git-fixes). - mfd: lp8788: Fix an error handling path in lp8788_irq_init() and lp8788_irq_init() (git-fixes). - mfd: lp8788: Fix an error handling path in lp8788_probe() (git-fixes). - mfd: sm501: Add check for platform_driver_register() (git-fixes). - misc: ocxl: fix possible refcount leak in afu_ioctl() (git-fixes). - misc: pci_endpoint_test: Aggregate params checking for xfer (git-fixes). - misc: pci_endpoint_test: Fix pci_endpoint_test_{copy,write,read}() panic (git-fixes). - mlxsw: spectrum: Clear PTP configuration after unregistering the netdevice (git-fixes). - mlxsw: spectrum_cnt: Reorder counter pools (git-fixes). - mlxsw: spectrum_router: Fix IPv4 nexthop gateway indication (git-fixes). - mm/hugetlb: fix races when looking up a CONT-PTE/PMD size hugetlb page (bsc#1204575). - mmc: au1xmmc: Fix an error handling path in au1xmmc_probe() (git-fixes). - mmc: core: Fix kernel panic when remove non-standard SDIO card (git-fixes). - mmc: core: Replace with already defined values for readability (git-fixes). - mmc: core: Terminate infinite loop in SD-UHS voltage switch (git-fixes). - mmc: sdhci-esdhc-imx: Propagate ESDHC_FLAG_HS400* only on 8bit bus (git-fixes). - mmc: sdhci-msm: add compatible string check for sdm670 (git-fixes). - mmc: sdhci-pci-core: Disable ES for ASUS BIOS on Jasper Lake (git-fixes). - mmc: sdhci-sprd: Fix minimum clock limit (git-fixes). - mmc: sdhci_am654: 'select', not 'depends' REGMAP_MMIO (git-fixes). - mmc: wmt-sdmmc: Fix an error handling path in wmt_mci_probe() (git-fixes). - move upstreamed BT fixes into sorted section - move upstreamed patches into sorted section - move upstreamed sound patches into sorted section - mtd: devices: docg3: check the return value of devm_ioremap() in the probe (git-fixes). - mtd: rawnand: atmel: Unmap streaming DMA mappings (git-fixes). - mtd: rawnand: fsl_elbc: Fix none ECC mode (git-fixes). - mtd: rawnand: intel: Do not re-define NAND_DATA_IFACE_CHECK_ONLY (git-fixes). - mtd: rawnand: intel: Read the chip-select line from the correct OF node (git-fixes). - mtd: rawnand: intel: Remove undocumented compatible string (git-fixes). - mtd: rawnand: marvell: Use correct logic for nand-keep-config (git-fixes). - mtd: rawnand: meson: fix bit map use in meson_nfc_ecc_correct() (git-fixes). - net/dsa/hirschmann: Add missing of_node_get() in hellcreek_led_setup() (git-fixes). - net/ice: fix initializing the bitmap in the switch code (git-fixes). - net/ieee802154: fix uninit value bug in dgram_sendmsg (git-fixes). - net/mlx4_en: Fix wrong return value on ioctl EEPROM query failure (git-fixes). - net/mlx5e: Disable softirq in mlx5e_activate_rq to avoid race condition (git-fixes). - net/mlx5e: Fix enabling sriov while tc nic rules are offloaded (git-fixes). - net/mlx5e: Properly disable vlan strip on non-UL reps (git-fixes). - net/mlx5e: Remove WARN_ON when trying to offload an unsupported TLS cipher/version (git-fixes). - net/mlx5e: Ring the TX doorbell on DMA errors (git-fixes). - net/mlx5e: TC, fix decap fallback to uplink when int port not supported (git-fixes). - net/mlx5e: Update netdev features after changing XDP state (git-fixes). - net/mlx5e: xsk: Account for XSK RQ UMRs when calculating ICOSQ size (git-fixes). - net: altera: Fix refcount leak in altera_tse_mdio_create (git-fixes). - net: atlantic: fix aq_vec index out of range error (git-fixes). - net: bcmgenet: Indicate MAC is in charge of PHY PM (git-fixes). - net: bgmac: Fix a BUG triggered by wrong bytes_compl (git-fixes). - net: bgmac: Fix an erroneous kfree() in bgmac_remove() (git-fixes). - net: bgmac: support MDIO described in DT (git-fixes). - net: bonding: fix possible NULL deref in rlb code (git-fixes). - net: bonding: fix use-after-free after 802.3ad slave unbind (git-fixes). - net: chelsio: cxgb4: Avoid potential negative array offset (git-fixes). - net: dp83822: disable false carrier interrupt (git-fixes). - net: dp83822: disable rx error interrupt (git-fixes). - net: dsa: bcm_sf2: force pause link settings (git-fixes). - net: dsa: ksz9477: port mirror sniffing limited to one port (git-fixes). - net: dsa: lantiq_gswip: Fix refcount leak in gswip_gphy_fw_list (git-fixes). - net: dsa: microchip: ksz9477: fix fdb_dump last invalid entry (git-fixes). - net: dsa: microchip: ksz_common: Fix refcount leak bug (git-fixes). - net: dsa: mv88e6060: prevent crash on an unused port (git-fixes). - net: dsa: mv88e6xxx: use BMSR_ANEGCOMPLETE bit for filling an_complete (git-fixes). - net: dsa: sja1105: fix buffer overflow in sja1105_setup_devlink_regions() (git-fixes). - net: dsa: sja1105: silent spi_device_id warnings (git-fixes). - net: dsa: vitesse-vsc73xx: silent spi_device_id warnings (git-fixes). - net: ethernet: bgmac: Fix refcount leak in bcma_mdio_mii_register (git-fixes). - net: ethernet: ti: am65-cpsw: Fix devlink port register sequence (git-fixes). - net: ethernet: ti: davinci_mdio: Add workaround for errata i2329 (git-fixes). - net: ethernet: ti: davinci_mdio: fix build for mdio bitbang uses (git-fixes). - net: fix IFF_TX_SKB_NO_LINEAR definition (git-fixes). - net: ftgmac100: Hold reference returned by of_get_child_by_name() (git-fixes). - net: hns3: do not push link state to VF if unalive (git-fixes). - net: hns3: set port base vlan tbl_sta to false before removing old vlan (git-fixes). - net: huawei: hinic: Use devm_kcalloc() instead of devm_kzalloc() (git-fixes). - net: ieee802154: return -EINVAL for unknown addr type (git-fixes). - net: ipa: do not assume SMEM is page-aligned (git-fixes). - net: ipvtap - add __init/__exit annotations to module init/exit funcs (git-fixes). - net: moxa: get rid of asymmetry in DMA mapping/unmapping (git-fixes). - net: moxa: pass pdev instead of ndev to DMA functions (git-fixes). - net: mscc: ocelot: fix address of SYS_COUNT_TX_AGING counter (git-fixes). - net: pcs: xpcs: propagate xpcs_read error to xpcs_get_state_c37_sgmii (git-fixes). - net: phy: dp83822: disable MDI crossover status change interrupt (git-fixes). - net: phy: dp83867: Extend RX strap quirk for SGMII mode (git-fixes). - net: stmmac: fix dma queue left shift overflow issue (git-fixes). - net: stmmac: fix leaks in probe (git-fixes). - net: stmmac: fix pm runtime issue in stmmac_dvr_remove() (git-fixes). - net: stmmac: fix unbalanced ptp clock issue in suspend/resume flow (git-fixes). - net: stmmac: remove redunctant disable xPCS EEE call (git-fixes). - net: sungem_phy: Add of_node_put() for reference returned by of_get_parent() (git-fixes). - net: tap: NULL pointer derefence in dev_parse_header_protocol when skb->dev is null (git-fixes). - net: usb: qmi_wwan: Add new usb-id for Dell branded EM7455 (git-fixes). - net: usb: r8152: Add in new Devices that are supported for Mac-Passthru (git-fixes). - netdevsim: fib: Fix reference count leak on route deletion failure (git-fixes). - nfc: fdp: Fix potential memory leak in fdp_nci_send() (git-fixes). - nfc: nfcmrvl: Fix potential memory leak in nfcmrvl_i2c_nci_send() (git-fixes). - nfc: nxp-nci: Fix potential memory leak in nxp_nci_send() (git-fixes). - nfc: s3fwrn5: Fix potential memory leak in s3fwrn5_nci_send() (git-fixes). - nfp: ethtool: fix the display error of `ethtool -m DEVNAME` (git-fixes). - nfs: Fix another fsync() issue after a server reboot (git-fixes). - nfsv4: Fixes for nfs4_inode_return_delegation() (git-fixes). - nvme: do not print verbose errors for internal passthrough requests (bsc#1202187). - nvmem: core: Check input parameter for NULL in nvmem_unregister() (bsc#1204241). - octeontx2-af: Apply tx nibble fixup always (git-fixes). - octeontx2-af: Fix key checking for source mac (git-fixes). - octeontx2-af: Fix mcam entry resource leak (git-fixes). - octeontx2-af: suppress external profile loading warning (git-fixes). - octeontx2-pf: Fix NIX_AF_TL3_TL2X_LINKX_CFG register configuration (git-fixes). - octeontx2-pf: Fix UDP/TCP src and dst port tc filters (git-fixes). - octeontx2-pf: cn10k: Fix egress ratelimit configuration (git-fixes). - openvswitch: Fix double reporting of drops in dropwatch (git-fixes). - openvswitch: Fix overreporting of drops in dropwatch (git-fixes). - openvswitch: add nf_ct_is_confirmed check before assigning the helper (git-fixes). - openvswitch: switch from WARN to pr_warn (git-fixes). - overflow.h: restore __ab_c_size (git-fixes). - overflow: Implement size_t saturating arithmetic helpers (jsc#PED-1211). - pci/aspm: Correct LTR_L1.2_THRESHOLD computation (git-fixes). - pci/aspm: Ignore L1 PM Substates if device lacks capability (git-fixes). - pci: Fix used_buses calculation in pci_scan_child_bus_extend() (git-fixes). - pci: Sanitise firmware BAR assignments behind a PCI-PCI bridge (git-fixes). - pci: hv: Fix synchronization between channel callback and hv_compose_msi_msg() (bsc#1204017). - pci: hv: Fix synchronization between channel callback and hv_pci_bus_exit() (bsc#1204017). - pci: hv: Use vmbus_requestor to generate transaction IDs for VMbus hardening (bsc#1204017). - pci: mediatek-gen3: Change driver name to mtk-pcie-gen3 (git-fixes). - phy: amlogic: phy-meson-axg-mipi-pcie-analog: Hold reference returned by of_get_parent() (git-fixes). - phy: qualcomm: call clk_disable_unprepare in the error handling (git-fixes). - pinctrl: Ingenic: JZ4755 bug fixes (git-fixes). - pinctrl: alderlake: Add Intel Alder Lake-N pin controller support (jsc#PED-676). - pinctrl: alderlake: Add Raptor Lake-S ACPI ID (jsc#PED-634). - pinctrl: alderlake: Fix register offsets for ADL-N variant (jsc#PED-676). - pinctrl: armada-37xx: Add missing GPIO-only pins (git-fixes). - pinctrl: armada-37xx: Checks for errors in gpio_request_enable callback (git-fixes). - pinctrl: armada-37xx: Fix definitions for MPP pins 20-22 (git-fixes). - pinctrl: microchip-sgpio: Correct the fwnode_irq_get() return value check (git-fixes). - platform/chrome: cros_ec: Notify the PM of wake events during resume (git-fixes). - platform/chrome: cros_ec_proto: Update version on GET_NEXT_EVENT failure (git-fixes). - platform/chrome: cros_ec_typec: Correct alt mode index (git-fixes). - platform/chrome: fix double-free in chromeos_laptop_prepare() (git-fixes). - platform/chrome: fix memory corruption in ioctl (git-fixes). - platform/x86: asus-wmi: Document the dgpu_disable sysfs attribute (git-fixes). - platform/x86: asus-wmi: Document the egpu_enable sysfs attribute (git-fixes). - platform/x86: asus-wmi: Document the panel_od sysfs attribute (git-fixes). - platform/x86: msi-laptop: Change DMI match / alias strings to fix module autoloading (git-fixes). - platform/x86: msi-laptop: Fix old-ec check for backlight registering (git-fixes). - platform/x86: msi-laptop: Fix resource cleanup (git-fixes). - plip: avoid rcu debug splat (git-fixes). - pm: domains: Fix handling of unavailable/disabled idle states (git-fixes). - pm: hibernate: Allow hybrid sleep to work with s2idle (git-fixes). - power: supply: adp5061: fix out-of-bounds read in adp5061_get_chg_type() (git-fixes). - powerpc/64: Remove unused SYS_CALL_TABLE symbol (jsc#SLE-9246 git-fixes). - powerpc/64: pcpu setup avoid reading mmu_linear_psize on 64e or radix (bsc#1204413 ltc#200176). - powerpc/64s: Fix build failure when CONFIG_PPC_64S_HASH_MMU is not set (bsc#1204413 ltc#200176). - powerpc/64s: Make flush_and_reload_slb a no-op when radix is enabled (bsc#1204413 ltc#200176). - powerpc/64s: Make hash MMU support configurable (bsc#1204413 ltc#200176). - powerpc/64s: Move and rename do_bad_slb_fault as it is not hash specific (bsc#1204413 ltc#200176). - powerpc/64s: Move hash MMU support code under CONFIG_PPC_64S_HASH_MMU (bsc#1204413 ltc#200176). - powerpc/64s: Rename hash_hugetlbpage.c to hugetlbpage.c (bsc#1204413 ltc#200176). - powerpc/fadump: align destination address to pagesize (bsc#1204728 ltc#200074). - powerpc/kprobes: Fix null pointer reference in arch_prepare_kprobe() (jsc#SLE-13847 git-fixes). - powerpc/mm/64s: Drop pgd_huge() (bsc#1065729). - powerpc/pci_dn: Add missing of_node_put() (bsc#1065729). - powerpc/powernv: add missing of_node_put() in opal_export_attrs() (bsc#1065729). - powerpc/pseries/vas: Add VAS IRQ primary handler (bsc#1204413 ltc#200176). - powerpc/pseries: Stop selecting PPC_HASH_MMU_NATIVE (bsc#1204413 ltc#200176). - powerpc/pseries: lparcfg do not include slb_size line in radix mode (bsc#1204413 ltc#200176). - powerpc: Ignore DSI error caused by the copy/paste instruction (bsc#1204413 ltc#200176). - powerpc: Rename PPC_NATIVE to PPC_HASH_MMU_NATIVE (bsc#1204413 ltc#200176). Update config files. - powerpc: make memremap_compat_align 64s-only (bsc#1204413 ltc#200176). - printk: add missing memory barrier to wake_up_klogd() (bsc#1204934). - printk: use atomic updates for klogd work (bsc#1204934). - printk: wake waiters for safe and NMI contexts (bsc#1204934). - r8152: add PID for the Lenovo OneLink+ Dock (git-fixes). - rdma/cma: Fix arguments order in net device validation (git-fixes) - rdma/hfi1: Fix potential integer multiplication overflow errors (git-fixes) - rdma/hns: Add the detection for CMDQ status in the device initialization process (git-fixes) - rdma/irdma: Add support for address handle re-use (git-fixes) - rdma/irdma: Align AE id codes to correct flush code and event (git-fixes) - rdma/irdma: Do not advertise 1GB page size for x722 (git-fixes) - rdma/irdma: Fix VLAN connection with wildcard address (git-fixes) - rdma/irdma: Fix a window for use-after-free (git-fixes) - rdma/irdma: Fix setting of QP context err_rq_idx_valid field (git-fixes) - rdma/irdma: Fix sleep from invalid context BUG (git-fixes) - rdma/irdma: Move union irdma_sockaddr to header file (git-fixes) - rdma/irdma: Remove the unnecessary variable saddr (git-fixes) - rdma/irdma: Report RNR NAK generation in device caps (git-fixes) - rdma/irdma: Report the correct max cqes from query device (git-fixes) - rdma/irdma: Return correct WC error for bind operation failure (git-fixes) - rdma/irdma: Return error on MR deregister CQP failure (git-fixes) - rdma/irdma: Use net_type to check network type (git-fixes) - rdma/irdma: Validate udata inlen and outlen (git-fixes) - rdma/mlx5: Add missing check for return value in get namespace flow (git-fixes) - rdma/mlx5: Do not compare mkey tags in DEVX indirect mkey (git-fixes) - rdma/qedr: Fix potential memory leak in __qedr_alloc_mr() (git-fixes) - rdma/qedr: Fix reporting QP timeout attribute (git-fixes) - rdma/rxe: Fix 'kernel NULL pointer dereference' error (git-fixes) - rdma/rxe: Fix deadlock in rxe_do_local_ops() (git-fixes) - rdma/rxe: Fix error unwind in rxe_create_qp() (git-fixes) - rdma/rxe: Fix mw bind to allow any consumer key portion (git-fixes) - rdma/rxe: Fix resize_finish() in rxe_queue.c (git-fixes) - rdma/rxe: Fix rnr retry behavior (git-fixes) - rdma/rxe: Fix the error caused by qp->sk (git-fixes) - rdma/rxe: For invalidate compare according to set keys in mr (git-fixes) - rdma/rxe: Generate a completion for unsupported/invalid opcode (git-fixes) - rdma/siw: Always consume all skbuf data in sk_data_ready() upcall. (git-fixes) - rdma/siw: Fix QP destroy to wait for all references dropped. (git-fixes) - rdma/siw: Fix duplicated reported IW_CM_EVENT_CONNECT_REPLY event (git-fixes) - rdma/siw: Pass a pointer to virt_to_page() (git-fixes) - rdma/srp: Fix srp_abort() (git-fixes) - rdma/srp: Handle dev_set_name() failure (git-fixes) - rdma/srp: Rework the srp_add_port() error path (git-fixes) - rdma/srp: Set scmnd->result only when scmnd is not NULL (git-fixes) - rdma/srp: Support more than 255 rdma ports (git-fixes) - rdma/srp: Use the attribute group mechanism for sysfs attributes (git-fixes) - rdma/srpt: Duplicate port name members (git-fixes) - rdma/srpt: Fix a use-after-free (git-fixes) - rdma/srpt: Introduce a reference count in struct srpt_device (git-fixes) - rdma/usnic: fix set-but-not-unused variable 'flags' warning (git-fixes) - rdma: remove useless condition in siw_create_cq() (git-fixes) - regulator: core: Prevent integer underflow (git-fixes). - remoteproc: imx_rproc: Simplify some error message (git-fixes). - revert 'SUNRPC: Remove unreachable error condition' (git-fixes). - revert 'crypto: qat - reduce size of mapped region' (git-fixes). - revert 'drm/amdgpu: use dirty framebuffer helper' (git-fixes). - revert 'usb: storage: Add quirk for Samsung Fit flash' (git-fixes). - revert 'workqueue: remove unused cancel_work()' (bsc#1204933). - ring-buffer: Add ring_buffer_wake_waiters() (git-fixes). - ring-buffer: Allow splice to read previous partially read pages (git-fixes). - ring-buffer: Check for NULL cpu_buffer in ring_buffer_wake_waiters() (bsc#1204705). - ring-buffer: Check pending waiters when doing wake ups as well (git-fixes). - ring-buffer: Fix race between reset page and reading page (git-fixes). - ring-buffer: Have the shortest_full queue be the shortest not longest (git-fixes). - rose: Fix NULL pointer dereference in rose_send_frame() (git-fixes). - rpm/check-for-config-changes: loosen pattern for AS_HAS_* This is needed to handle CONFIG_AS_HAS_NON_CONST_LEB128. - rpmsg: qcom: glink: replace strncpy() with strscpy_pad() (git-fixes). - rtc: stmp3xxx: Add failure handling for stmp3xxx_wdt_register() (git-fixes). - s390/dasd: fix Oops in dasd_alias_get_start_dev due to missing pavgroup (git-fixes). - s390/smp: enforce lowcore protection on CPU restart (git-fixes). - sbitmap: Avoid leaving waitqueue in invalid state in __sbq_wake_up() (git-fixes). - sbitmap: fix possible io hung due to lost wakeup (git-fixes). - scsi: libsas: Fix use-after-free bug in smp_execute_task_sg() (git-fixes). - scsi: lpfc: Create a sysfs entry called lpfc_xcvr_data for transceiver info (bsc#1204957). - scsi: lpfc: Fix hard lockup when reading the rx_monitor from debugfs (bsc#1204957). - scsi: lpfc: Fix memory leak in lpfc_create_port() (bsc#1204957). - scsi: lpfc: Fix spelling mistake 'unsolicted' -> 'unsolicited' (bsc#1204957). - scsi: lpfc: Log when congestion management limits are in effect (bsc#1204957). - scsi: lpfc: Set sli4_param's cmf option to zero when CMF is turned off (bsc#1204957). - scsi: lpfc: Update lpfc version to 14.2.0.8 (bsc#1204957). - scsi: lpfc: Update the obsolete adapter list (bsc#1204142). - scsi: mpi3mr: Schedule IRQ kthreads only on non-RT kernels (bnc#1204498). - scsi: qla2xxx: Fix serialization of DCBX TLV data request (bsc#1204963). - scsi: qla2xxx: Use transport-defined speed mask for supported_speeds (bsc#1204963). - scsi: scsi_transport_fc: Use %u for dev_loss_tmo (bsc#1202914). - scsi: ufs: ufs-pci: Add support for Intel ADL (jsc#PED-707). - scsi: ufs: ufs-pci: Add support for Intel MTL (jsc#PED-732). - selftest: tpm2: Add Client.__del__() to close /dev/tpm* handle (git-fixes). - selftests/livepatch: better synchronize test_klp_callbacks_busy (bsc#1071995). - selftests/pidfd_test: Remove the erroneous ',' (git-fixes). - selftests/powerpc: Skip energy_scale_info test on older firmware (git-fixes). - selftests: netfilter: Fix nft_fib.sh for all.rp_filter=1 (git-fixes). - selinux: allow FIOCLEX and FIONCLEX with policy capability (git-fixes). - selinux: enable use of both GFP_KERNEL and GFP_ATOMIC in convert_context() (git-fixes). - selinux: use 'grep -E' instead of 'egrep' (git-fixes). - serial: 8250: Fix restoring termios speed after suspend (git-fixes). - serial: core: move RS485 configuration tasks from drivers into core (git-fixes). - sfc: disable softirqs for ptp TX (git-fixes). - sfc: fix kernel panic when creating VF (git-fixes). - sfc: fix use after free when disabling sriov (git-fixes). - signal: break out of wait loops on kthread_stop() (bsc#1204926). - slimbus: qcom-ngd: cleanup in probe error path (git-fixes). - slimbus: qcom-ngd: use correct error in message of pdr_add_lookup() failure (git-fixes). - soc/tegra: fuse: Drop Kconfig dependency on TEGRA20_APB_DMA (git-fixes). - soc: qcom: smem_state: Add refcounting for the 'state->of_node' (git-fixes). - soc: qcom: smsm: Fix refcount leak bugs in qcom_smsm_probe() (git-fixes). - soc: sunxi: sram: Fix probe function ordering issues (git-fixes). - soc: sunxi_sram: Make use of the helper function devm_platform_ioremap_resource() (git-fixes). - soundwire: cadence: Do not overwrite msg->buf during write commands (git-fixes). - soundwire: intel: fix error handling on dai registration issues (git-fixes). - spi: Ensure that sg_table won't be used after being freed (git-fixes). - spi: pxa2xx: Add support for Intel Meteor Lake-P (jsc#PED-732). - spi: pxa2xx: Add support for Intel Raptor Lake PCH-S (jsc#PED-634). - spmi: pmic-arb: correct duplicate APID to PPID mapping logic (git-fixes). - spmi: pmic-arb: do not ack and clear peripheral interrupts in cleanup_irq (git-fixes). - staging: rtl8723bs: fix a potential memory leak in rtw_init_cmd_priv() (git-fixes). - staging: rtl8723bs: fix potential memory leak in rtw_init_drv_sw() (git-fixes). - staging: vt6655: fix potential memory leak (git-fixes). - staging: vt6655: fix some erroneous memory clean-up loops (git-fixes). - stmmac: intel: Add a missing clk_disable_unprepare() call in intel_eth_pci_remove() (git-fixes). - stmmac: intel: Fix an error handling path in intel_eth_pci_probe() (git-fixes). - thermal/drivers/qcom/tsens-v0_1: Fix MSM8939 fourth sensor hw_id (git-fixes). - thermal: cpufreq_cooling: Check the policy first in cpufreq_cooling_register() (git-fixes). - thermal: int340x: Mode setting with new OS handshake (jsc#PED-678). - thermal: int340x: Update OS policy capability handshake (jsc#PED-678). - thermal: intel_powerclamp: Use first online CPU as control_cpu (git-fixes). - thermal: intel_powerclamp: Use get_cpu() instead of smp_processor_id() to avoid crash (git-fixes). - thunderbolt: Add back Intel Falcon Ridge end-to-end flow control workaround (git-fixes). - thunderbolt: Add missing device ID to tb_switch_is_alpine_ridge() (git-fixes). - thunderbolt: Add support for Intel Raptor Lake (jsc#PED-634). - thunderbolt: Disable LTTPR on Intel Titan Ridge (git-fixes). - thunderbolt: Explicitly enable lane adapter hotplug events at startup (git-fixes). - thunderbolt: Explicitly reset plug events delay back to USB4 spec value (git-fixes). - thunderbolt: Fix buffer allocation of devices with no DisplayPort adapters (git-fixes). - tracing/osnoise: Fix possible recursive locking in stop_per_cpu_kthreads (git-fixes). - tracing: Add '(fault)' name injection to kernel probes (git-fixes). - tracing: Add ioctl() to force ring buffer waiters to wake up (git-fixes). - tracing: Disable interrupt or preemption before acquiring arch_spinlock_t (git-fixes). - tracing: Do not free snapshot if tracer is on cmdline (git-fixes). - tracing: Fix reading strings from synthetic events (git-fixes). - tracing: Move duplicate code of trace_kprobe/eprobe.c into header (git-fixes). - tracing: Replace deprecated CPU-hotplug functions (git-fixes). - tracing: Simplify conditional compilation code in tracing_set_tracer() (git-fixes). - tracing: Wake up ring buffer waiters on closing of the file (git-fixes). - tracing: Wake up waiters when tracing is disabled (git-fixes). - tracing: kprobe: Fix kprobe event gen test module on exit (git-fixes).++ kernel-source.spec (revision 4)Release: <RELEASE>.g76cfe60Provides: %name-srchash-76cfe60e3ab724313d9fba4cf5ebaf12ad49ea0e - tracing: kprobe: Make gen test module work in arm and riscv (git-fixes). - tty: serial: fsl_lpuart: disable dma rx/tx use flags in lpuart_dma_shutdown (git-fixes). - tty: xilinx_uartps: Fix the ignore_status (git-fixes). - uas: add no-uas quirk for Hiksemi usb_disk (git-fixes). - uas: ignore UAS for Thinkplus chips (git-fixes). - udmabuf: Set ubuf->sg = NULL if the creation of sg table fails (git-fixes). - update kabi files. Refresh from Nov 2022 MU - 5.14.21-150400.24.28.1 - update patches.suse/kbuild-Add-skip_encoding_btf_enum64-option-to-pahole.patch (bsc#1204693). - usb-storage: Add Hiksemi USB3-FW to IGNORE_UAS (git-fixes). - usb/hcd: Fix dma_map_sg error check (git-fixes). - usb: add RESET_RESUME quirk for NVIDIA Jetson devices in RCM (git-fixes). - usb: add quirks for Lenovo OneLink+ Dock (git-fixes). - usb: bdc: change state when port disconnected (git-fixes). - usb: cdc-wdm: Use skb_put_data() instead of skb_put/memcpy pair (git-fixes). - usb: common: debug: Check non-standard control requests (git-fixes). - usb: dwc3: core: Enable GUCTL1 bit 10 for fixing termination error after resume bug (git-fixes). - usb: dwc3: gadget: Do not set IMI for no_interrupt (git-fixes). - usb: dwc3: gadget: Stop processing more requests on IMI (git-fixes). - usb: ehci: Fix a function name in comments (git-fixes). - usb: gadget: bdc: fix typo in comment (git-fixes). - usb: gadget: f_fs: stricter integer overflow checks (git-fixes). - usb: gadget: function: fix dangling pnp_string in f_printer.c (git-fixes). - usb: host: xhci-plat: suspend and resume clocks (git-fixes). - usb: host: xhci-plat: suspend/resume clks for brcm (git-fixes). - usb: host: xhci: Fix potential memory leak in xhci_alloc_stream_info() (git-fixes). - usb: idmouse: fix an uninit-value in idmouse_open (git-fixes). - usb: mon: make mmapped memory read only (git-fixes). - usb: mtu3: fix failed runtime suspend in host only mode (git-fixes). - usb: musb: Fix musb_gadget.c rxstate overflow bug (git-fixes). - usb: serial: console: move mutex_unlock() before usb_serial_put() (git-fixes). - usb: serial: ftdi_sio: fix 300 bps rate for SIO (git-fixes). - usb: serial: qcserial: add new usb-id for Dell branded EM7455 (git-fixes). - usb: typec: tcpm: fix typo in comment (git-fixes). - usb: xhci: add XHCI_SPURIOUS_SUCCESS to ASM1042 despite being a V0.96 controller (git-fixes). - virt: vbox: convert to use dev_groups (git-fixes). - vsock: fix possible infinite sleep in vsock_connectible_wait_data() (git-fixes). - vsock: remove the unused 'wait' in vsock_connectible_recvmsg() (git-fixes). - watchdog/hpwdt: Include nmi.h only if CONFIG_HPWDT_NMI_DECODING (git-fixes). - watchdog: armada_37xx_wdt: Fix .set_timeout callback (git-fixes). - watchdog: ftwdt010_wdt: fix test for platform_get_irq() failure (git-fixes). - wifi: ath9k: avoid uninit memory read in ath9k_htc_rx_msg() (git-fixes). - wifi: brcmfmac: fix invalid address access when enabling SCAN log level (git-fixes). - wifi: brcmfmac: fix use-after-free bug in brcmf_netdev_start_xmit() (git-fixes). - wifi: cfg80211/mac80211: reject bad MBSSID elements (git-fixes). - wifi: cfg80211: fix ieee80211_data_to_8023_exthdr handling of small packets (git-fixes). - wifi: cfg80211: update hidden BSSes to avoid WARN_ON (git-fixes). - wifi: iwlwifi: mvm: fix double list_add at iwl_mvm_mac_wake_tx_queue (other cases) (git-fixes). - wifi: mac80211: do not drop packets smaller than the LLC-SNAP header on fast-rx (git-fixes). - wifi: mac80211: fix decap offload for stations on AP_VLAN interfaces (git-fixes). - wifi: mac80211: fix probe req HE capabilities access (git-fixes). - wifi: mac80211_hwsim: avoid mac80211 warning on bad rate (git-fixes). - wifi: mt76: mt7921: reset msta->airtime_ac while clearing up hw value (git-fixes). - wifi: rt2x00: correctly set BBP register 86 for MT7620 (git-fixes). - wifi: rt2x00: do not run Rt5592 IQ calibration on MT7620 (git-fixes). - wifi: rt2x00: set SoC wmac clock register (git-fixes). - wifi: rt2x00: set VGC gain for both chains of MT7620 (git-fixes). - wifi: rt2x00: set correct TX_SW_CFG1 MAC register for MT7620 (git-fixes). - wwan_hwsim: fix possible memory leak in wwan_hwsim_dev_new() (git-fixes). - x86/boot: Do not propagate uninitialized boot_params->cc_blob_address (bsc#1204970). - x86/boot: Fix the setup data types max limit (bsc#1204970). - x86/compressed/64: Add identity mappings for setup_data entries (bsc#1204970). - x86/sev: Annotate stack change in the #VC handler (bsc#1204970). - x86/sev: Do not use cc_platform_has() for early SEV-SNP calls (bsc#1204970). - x86/sev: Remove duplicated assignment to variable info (bsc#1204970). - xen/gntdev: Prevent leaking grants (git-fixes). - xhci-pci: Set runtime PM as default policy on all xHC 1.2 or later devices (git-fixes). - xhci: Add quirk to reset host back to default state at shutdown (git-fixes). - xhci: Do not show warning for reinit on known broken suspend (git-fixes). - xhci: Remove device endpoints from bandwidth list when freeing the device (git-fixes). - xhci: dbc: Fix memory leak in xhci_alloc_dbc() (git-fixes). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4081-1 Released: Fri Nov 18 15:40:46 2022 Summary: Security update for dpkg Type: security Severity: low References: 1199944,CVE-2022-1664 This update for dpkg fixes the following issues: - CVE-2022-1664: Fixed a directory traversal vulnerability in Dpkg::Source::Archive (bsc#1199944). The following package changes have been done: - apparmor-abstractions-3.0.4-150400.5.3.1 updated - apparmor-parser-3.0.4-150400.5.3.1 updated - bind-utils-9.16.33-150400.5.11.1 updated - curl-7.79.1-150400.5.9.1 updated - dbus-1-1.12.2-150400.18.5.1 updated - docker-20.10.17_ce-150000.169.1 updated - grub2-i386-pc-2.06-150400.11.12.1 updated - grub2-x86_64-efi-2.06-150400.11.12.1 updated - grub2-2.06-150400.11.12.1 updated - kdump-1.0.2+git14.gb49d4a3-150400.3.5.1 updated - kernel-default-5.14.21-150400.24.33.2 updated - libapparmor1-3.0.4-150400.5.3.1 updated - libblkid1-2.37.2-150400.8.8.1 updated - libcurl4-7.79.1-150400.5.9.1 updated - libdbus-1-3-1.12.2-150400.18.5.1 updated - libexpat1-2.4.4-150400.3.12.1 updated - libfdisk1-2.37.2-150400.8.8.1 updated - libgnutls30-3.7.3-150400.4.19.1 updated - libksba8-1.3.5-150000.4.3.1 updated - libmount1-2.37.2-150400.8.8.1 updated - libopenssl1_1-1.1.1l-150400.7.13.1 updated - libprotobuf-lite20-3.9.2-150200.4.19.2 updated - libsmartcols1-2.37.2-150400.8.8.1 updated - libsystemd0-249.12-150400.8.13.1 updated - libtasn1-6-4.13-150000.4.8.1 updated - libtasn1-4.13-150000.4.8.1 updated - libudev1-249.12-150400.8.13.1 updated - libusb-1_0-0-1.0.24-150400.3.3.1 updated - libuuid1-2.37.2-150400.8.8.1 updated - libuv1-1.18.0-150400.11.3.1 updated - libxml2-2-2.9.14-150400.5.10.1 updated - libz1-1.2.11-150000.3.36.1 updated - libzck1-1.1.16-150400.3.2.1 updated - nfs-client-2.1.1-150100.10.27.1 updated - openssh-clients-8.4p1-150300.3.12.2 updated - openssh-common-8.4p1-150300.3.12.2 updated - openssh-server-8.4p1-150300.3.12.2 updated - openssh-8.4p1-150300.3.12.2 updated - openssl-1_1-1.1.1l-150400.7.13.1 updated - pam-1.3.0-150000.6.61.1 updated - permissions-20201225-150400.5.16.1 updated - python3-bind-9.16.33-150400.5.11.1 updated - runc-1.1.4-150000.36.1 updated - sudo-1.9.9-150400.4.6.1 updated - systemd-sysvinit-249.12-150400.8.13.1 updated - systemd-249.12-150400.8.13.1 updated - timezone-2022f-150000.75.15.1 updated - udev-249.12-150400.8.13.1 updated - update-alternatives-1.19.0.4-150000.4.4.1 updated - util-linux-systemd-2.37.2-150400.8.8.1 updated - util-linux-2.37.2-150400.8.8.1 updated - xen-libs-4.16.2_08-150400.4.16.1 updated From sle-updates at lists.suse.com Sun Nov 20 08:22:12 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 20 Nov 2022 09:22:12 +0100 (CET) Subject: SUSE-CU-2022:3055-1: Security update of suse/sle-micro/5.3/toolbox Message-ID: <20221120082212.377C6F3CC@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.3/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3055-1 Container Tags : suse/sle-micro/5.3/toolbox:11.1 , suse/sle-micro/5.3/toolbox:11.1-5.2.37 , suse/sle-micro/5.3/toolbox:latest Container Release : 5.2.37 Severity : low Type : security References : 1199944 CVE-2022-1664 ----------------------------------------------------------------- The container suse/sle-micro/5.3/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4081-1 Released: Fri Nov 18 15:40:46 2022 Summary: Security update for dpkg Type: security Severity: low References: 1199944,CVE-2022-1664 This update for dpkg fixes the following issues: - CVE-2022-1664: Fixed a directory traversal vulnerability in Dpkg::Source::Archive (bsc#1199944). The following package changes have been done: - update-alternatives-1.19.0.4-150000.4.4.1 updated From sle-updates at lists.suse.com Sun Nov 20 08:30:32 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 20 Nov 2022 09:30:32 +0100 (CET) Subject: SUSE-CU-2022:3056-1: Security update of bci/bci-init Message-ID: <20221120083032.9219EF3CC@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-init ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3056-1 Container Tags : bci/bci-init:15.3 , bci/bci-init:15.3.21.55 Container Release : 21.55 Severity : important Type : security References : 1177460 1199944 1202324 1204649 1205156 CVE-2022-1664 ----------------------------------------------------------------- The container bci/bci-init was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4066-1 Released: Fri Nov 18 10:43:00 2022 Summary: Recommended update for timezone Type: recommended Severity: important References: 1177460,1202324,1204649,1205156 This update for timezone fixes the following issues: Update timezone version from 2022a to 2022f (bsc#1177460, bsc#1204649, bsc#1205156): - Mexico will no longer observe DST except near the US border - Chihuahua moves to year-round -06 on 2022-10-30 - Fiji no longer observes DST - In vanguard form, GMT is now a Zone and Etc/GMT a link - zic now supports links to links, and vanguard form uses this - Simplify four Ontario zones - Fix a Y2438 bug when reading TZif data - Enable 64-bit time_t on 32-bit glibc platforms - Omit large-file support when no longer needed - Jordan and Syria switch from +02/+03 with DST to year-round +03 - Palestine transitions are now Saturdays at 02:00 - Simplify three Ukraine zones into one - Improve tzselect on intercontinental Zones - Chile's DST is delayed by a week in September 2022 (bsc#1202324) - Iran no longer observes DST after 2022 - Rename Europe/Kiev to Europe/Kyiv - New `zic -R` command option - Vanguard form now uses %z ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4081-1 Released: Fri Nov 18 15:40:46 2022 Summary: Security update for dpkg Type: security Severity: low References: 1199944,CVE-2022-1664 This update for dpkg fixes the following issues: - CVE-2022-1664: Fixed a directory traversal vulnerability in Dpkg::Source::Archive (bsc#1199944). The following package changes have been done: - timezone-2022f-150000.75.15.1 updated - update-alternatives-1.19.0.4-150000.4.4.1 updated - container:sles15-image-15.0.0-17.20.71 updated From sle-updates at lists.suse.com Sun Nov 20 08:41:39 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 20 Nov 2022 09:41:39 +0100 (CET) Subject: SUSE-CU-2022:3058-1: Security update of bci/nodejs Message-ID: <20221120084139.C64C9F3CC@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3058-1 Container Tags : bci/node:12 , bci/node:12-17.65 , bci/nodejs:12 , bci/nodejs:12-17.65 Container Release : 17.65 Severity : important Type : security References : 1177460 1199944 1202324 1204649 1205156 CVE-2022-1664 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4066-1 Released: Fri Nov 18 10:43:00 2022 Summary: Recommended update for timezone Type: recommended Severity: important References: 1177460,1202324,1204649,1205156 This update for timezone fixes the following issues: Update timezone version from 2022a to 2022f (bsc#1177460, bsc#1204649, bsc#1205156): - Mexico will no longer observe DST except near the US border - Chihuahua moves to year-round -06 on 2022-10-30 - Fiji no longer observes DST - In vanguard form, GMT is now a Zone and Etc/GMT a link - zic now supports links to links, and vanguard form uses this - Simplify four Ontario zones - Fix a Y2438 bug when reading TZif data - Enable 64-bit time_t on 32-bit glibc platforms - Omit large-file support when no longer needed - Jordan and Syria switch from +02/+03 with DST to year-round +03 - Palestine transitions are now Saturdays at 02:00 - Simplify three Ukraine zones into one - Improve tzselect on intercontinental Zones - Chile's DST is delayed by a week in September 2022 (bsc#1202324) - Iran no longer observes DST after 2022 - Rename Europe/Kiev to Europe/Kyiv - New `zic -R` command option - Vanguard form now uses %z ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4081-1 Released: Fri Nov 18 15:40:46 2022 Summary: Security update for dpkg Type: security Severity: low References: 1199944,CVE-2022-1664 This update for dpkg fixes the following issues: - CVE-2022-1664: Fixed a directory traversal vulnerability in Dpkg::Source::Archive (bsc#1199944). The following package changes have been done: - timezone-2022f-150000.75.15.1 updated - update-alternatives-1.19.0.4-150000.4.4.1 updated - container:sles15-image-15.0.0-17.20.71 updated From sle-updates at lists.suse.com Sun Nov 20 08:52:49 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 20 Nov 2022 09:52:49 +0100 (CET) Subject: SUSE-CU-2022:3059-1: Security update of suse/sle15 Message-ID: <20221120085249.B8A00F3CC@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3059-1 Container Tags : bci/bci-base:15.3 , bci/bci-base:15.3.17.20.71 , suse/sle15:15.3 , suse/sle15:15.3.17.20.71 Container Release : 17.20.71 Severity : important Type : security References : 1177460 1202324 1204179 1204649 1204968 1205156 CVE-2022-3821 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4056-1 Released: Thu Nov 17 15:38:08 2022 Summary: Security update for systemd Type: security Severity: moderate References: 1204179,1204968,CVE-2022-3821 This update for systemd fixes the following issues: - CVE-2022-3821: Fixed buffer overrun in format_timespan() function (bsc#1204968). - Import commit 56bee38fd0da18dad5fc5c5d12c02238a22b50e2 * 8a70235d8a core: Add trigger limit for path units * 93e544f3a0 core/mount: also add default before dependency for automount mount units * 5916a7748c logind: fix crash in logind on user-specified message string - Document udev naming scheme (bsc#1204179). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4066-1 Released: Fri Nov 18 10:43:00 2022 Summary: Recommended update for timezone Type: recommended Severity: important References: 1177460,1202324,1204649,1205156 This update for timezone fixes the following issues: Update timezone version from 2022a to 2022f (bsc#1177460, bsc#1204649, bsc#1205156): - Mexico will no longer observe DST except near the US border - Chihuahua moves to year-round -06 on 2022-10-30 - Fiji no longer observes DST - In vanguard form, GMT is now a Zone and Etc/GMT a link - zic now supports links to links, and vanguard form uses this - Simplify four Ontario zones - Fix a Y2438 bug when reading TZif data - Enable 64-bit time_t on 32-bit glibc platforms - Omit large-file support when no longer needed - Jordan and Syria switch from +02/+03 with DST to year-round +03 - Palestine transitions are now Saturdays at 02:00 - Simplify three Ukraine zones into one - Improve tzselect on intercontinental Zones - Chile's DST is delayed by a week in September 2022 (bsc#1202324) - Iran no longer observes DST after 2022 - Rename Europe/Kiev to Europe/Kyiv - New `zic -R` command option - Vanguard form now uses %z The following package changes have been done: - libsystemd0-246.16-150300.7.54.1 updated - libudev1-246.16-150300.7.54.1 updated - timezone-2022f-150000.75.15.1 updated From sle-updates at lists.suse.com Sun Nov 20 08:54:38 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 20 Nov 2022 09:54:38 +0100 (CET) Subject: SUSE-CU-2022:3060-1: Security update of suse/389-ds Message-ID: <20221120085438.E6DA1F3CC@maintenance.suse.de> SUSE Container Update Advisory: suse/389-ds ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3060-1 Container Tags : suse/389-ds:2.0 , suse/389-ds:2.0-17.46 , suse/389-ds:latest Container Release : 17.46 Severity : important Type : security References : 1177460 1199944 1202324 1204649 1205156 CVE-2022-1664 ----------------------------------------------------------------- The container suse/389-ds was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4066-1 Released: Fri Nov 18 10:43:00 2022 Summary: Recommended update for timezone Type: recommended Severity: important References: 1177460,1202324,1204649,1205156 This update for timezone fixes the following issues: Update timezone version from 2022a to 2022f (bsc#1177460, bsc#1204649, bsc#1205156): - Mexico will no longer observe DST except near the US border - Chihuahua moves to year-round -06 on 2022-10-30 - Fiji no longer observes DST - In vanguard form, GMT is now a Zone and Etc/GMT a link - zic now supports links to links, and vanguard form uses this - Simplify four Ontario zones - Fix a Y2438 bug when reading TZif data - Enable 64-bit time_t on 32-bit glibc platforms - Omit large-file support when no longer needed - Jordan and Syria switch from +02/+03 with DST to year-round +03 - Palestine transitions are now Saturdays at 02:00 - Simplify three Ukraine zones into one - Improve tzselect on intercontinental Zones - Chile's DST is delayed by a week in September 2022 (bsc#1202324) - Iran no longer observes DST after 2022 - Rename Europe/Kiev to Europe/Kyiv - New `zic -R` command option - Vanguard form now uses %z ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4081-1 Released: Fri Nov 18 15:40:46 2022 Summary: Security update for dpkg Type: security Severity: low References: 1199944,CVE-2022-1664 This update for dpkg fixes the following issues: - CVE-2022-1664: Fixed a directory traversal vulnerability in Dpkg::Source::Archive (bsc#1199944). The following package changes have been done: - timezone-2022f-150000.75.15.1 updated - update-alternatives-1.19.0.4-150000.4.4.1 updated - container:sles15-image-15.0.0-27.14.16 updated From sle-updates at lists.suse.com Sun Nov 20 08:57:42 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 20 Nov 2022 09:57:42 +0100 (CET) Subject: SUSE-CU-2022:3061-1: Security update of bci/golang Message-ID: <20221120085742.96B49F3CC@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3061-1 Container Tags : bci/golang:1.17 , bci/golang:1.17-29.88 Container Release : 29.88 Severity : important Type : security References : 1177460 1199944 1202324 1204179 1204649 1204968 1205156 CVE-2022-1664 CVE-2022-3821 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3999-1 Released: Tue Nov 15 17:08:04 2022 Summary: Security update for systemd Type: security Severity: moderate References: 1204179,1204968,CVE-2022-3821 This update for systemd fixes the following issues: - CVE-2022-3821: Fixed buffer overrun in format_timespan() function (bsc#1204968). - Import commit 0cd50eedcc0692c1f907b24424215f8db7d3b428 * 0469b9f2bc pstore: do not try to load all known pstore modules * ad05f54439 pstore: Run after modules are loaded * ccad817445 core: Add trigger limit for path units * 281d818fe3 core/mount: also add default before dependency for automount mount units * ffe5b4afa8 logind: fix crash in logind on user-specified message string - Document udev naming scheme (bsc#1204179) - Make 'sle15-sp3' net naming scheme still available for backward compatibility reason ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4066-1 Released: Fri Nov 18 10:43:00 2022 Summary: Recommended update for timezone Type: recommended Severity: important References: 1177460,1202324,1204649,1205156 This update for timezone fixes the following issues: Update timezone version from 2022a to 2022f (bsc#1177460, bsc#1204649, bsc#1205156): - Mexico will no longer observe DST except near the US border - Chihuahua moves to year-round -06 on 2022-10-30 - Fiji no longer observes DST - In vanguard form, GMT is now a Zone and Etc/GMT a link - zic now supports links to links, and vanguard form uses this - Simplify four Ontario zones - Fix a Y2438 bug when reading TZif data - Enable 64-bit time_t on 32-bit glibc platforms - Omit large-file support when no longer needed - Jordan and Syria switch from +02/+03 with DST to year-round +03 - Palestine transitions are now Saturdays at 02:00 - Simplify three Ukraine zones into one - Improve tzselect on intercontinental Zones - Chile's DST is delayed by a week in September 2022 (bsc#1202324) - Iran no longer observes DST after 2022 - Rename Europe/Kiev to Europe/Kyiv - New `zic -R` command option - Vanguard form now uses %z ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4081-1 Released: Fri Nov 18 15:40:46 2022 Summary: Security update for dpkg Type: security Severity: low References: 1199944,CVE-2022-1664 This update for dpkg fixes the following issues: - CVE-2022-1664: Fixed a directory traversal vulnerability in Dpkg::Source::Archive (bsc#1199944). The following package changes have been done: - libudev1-249.12-150400.8.13.1 updated - libsystemd0-249.12-150400.8.13.1 updated - timezone-2022f-150000.75.15.1 updated - update-alternatives-1.19.0.4-150000.4.4.1 updated - container:sles15-image-15.0.0-27.14.16 updated From sle-updates at lists.suse.com Sun Nov 20 08:59:32 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 20 Nov 2022 09:59:32 +0100 (CET) Subject: SUSE-CU-2022:3062-1: Security update of bci/golang Message-ID: <20221120085932.2F3FFF3CC@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3062-1 Container Tags : bci/golang:1.19 , bci/golang:1.19-18.33 , bci/golang:latest Container Release : 18.33 Severity : important Type : security References : 1177460 1199944 1202324 1204649 1205156 CVE-2022-1664 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4066-1 Released: Fri Nov 18 10:43:00 2022 Summary: Recommended update for timezone Type: recommended Severity: important References: 1177460,1202324,1204649,1205156 This update for timezone fixes the following issues: Update timezone version from 2022a to 2022f (bsc#1177460, bsc#1204649, bsc#1205156): - Mexico will no longer observe DST except near the US border - Chihuahua moves to year-round -06 on 2022-10-30 - Fiji no longer observes DST - In vanguard form, GMT is now a Zone and Etc/GMT a link - zic now supports links to links, and vanguard form uses this - Simplify four Ontario zones - Fix a Y2438 bug when reading TZif data - Enable 64-bit time_t on 32-bit glibc platforms - Omit large-file support when no longer needed - Jordan and Syria switch from +02/+03 with DST to year-round +03 - Palestine transitions are now Saturdays at 02:00 - Simplify three Ukraine zones into one - Improve tzselect on intercontinental Zones - Chile's DST is delayed by a week in September 2022 (bsc#1202324) - Iran no longer observes DST after 2022 - Rename Europe/Kiev to Europe/Kyiv - New `zic -R` command option - Vanguard form now uses %z ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4081-1 Released: Fri Nov 18 15:40:46 2022 Summary: Security update for dpkg Type: security Severity: low References: 1199944,CVE-2022-1664 This update for dpkg fixes the following issues: - CVE-2022-1664: Fixed a directory traversal vulnerability in Dpkg::Source::Archive (bsc#1199944). The following package changes have been done: - timezone-2022f-150000.75.15.1 updated - update-alternatives-1.19.0.4-150000.4.4.1 updated - container:sles15-image-15.0.0-27.14.16 updated From sle-updates at lists.suse.com Sun Nov 20 09:01:24 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 20 Nov 2022 10:01:24 +0100 (CET) Subject: SUSE-CU-2022:3063-1: Security update of bci/nodejs Message-ID: <20221120090124.D2160F3E2@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3063-1 Container Tags : bci/node:14 , bci/node:14-35.31 , bci/nodejs:14 , bci/nodejs:14-35.31 Container Release : 35.31 Severity : important Type : security References : 1177460 1199944 1202324 1204649 1205156 CVE-2022-1664 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4066-1 Released: Fri Nov 18 10:43:00 2022 Summary: Recommended update for timezone Type: recommended Severity: important References: 1177460,1202324,1204649,1205156 This update for timezone fixes the following issues: Update timezone version from 2022a to 2022f (bsc#1177460, bsc#1204649, bsc#1205156): - Mexico will no longer observe DST except near the US border - Chihuahua moves to year-round -06 on 2022-10-30 - Fiji no longer observes DST - In vanguard form, GMT is now a Zone and Etc/GMT a link - zic now supports links to links, and vanguard form uses this - Simplify four Ontario zones - Fix a Y2438 bug when reading TZif data - Enable 64-bit time_t on 32-bit glibc platforms - Omit large-file support when no longer needed - Jordan and Syria switch from +02/+03 with DST to year-round +03 - Palestine transitions are now Saturdays at 02:00 - Simplify three Ukraine zones into one - Improve tzselect on intercontinental Zones - Chile's DST is delayed by a week in September 2022 (bsc#1202324) - Iran no longer observes DST after 2022 - Rename Europe/Kiev to Europe/Kyiv - New `zic -R` command option - Vanguard form now uses %z ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4081-1 Released: Fri Nov 18 15:40:46 2022 Summary: Security update for dpkg Type: security Severity: low References: 1199944,CVE-2022-1664 This update for dpkg fixes the following issues: - CVE-2022-1664: Fixed a directory traversal vulnerability in Dpkg::Source::Archive (bsc#1199944). The following package changes have been done: - timezone-2022f-150000.75.15.1 updated - update-alternatives-1.19.0.4-150000.4.4.1 updated - container:sles15-image-15.0.0-27.14.16 updated From sle-updates at lists.suse.com Sun Nov 20 09:03:19 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 20 Nov 2022 10:03:19 +0100 (CET) Subject: SUSE-CU-2022:3064-1: Security update of bci/rust Message-ID: <20221120090319.020A5F3CC@maintenance.suse.de> SUSE Container Update Advisory: bci/rust ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3064-1 Container Tags : bci/rust:1.60 , bci/rust:1.60-6.35 Container Release : 6.35 Severity : important Type : security References : 1177460 1199944 1201959 1202324 1203652 1204179 1204211 1204649 1204968 1205156 CVE-2022-1664 CVE-2022-3821 ----------------------------------------------------------------- The container bci/rust was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3961-1 Released: Mon Nov 14 07:33:50 2022 Summary: Recommended update for zlib Type: recommended Severity: important References: 1203652 This update for zlib fixes the following issues: - Fix updating strm.adler with inflate() if DFLTCC is used (bsc#1203652) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3974-1 Released: Mon Nov 14 15:39:20 2022 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1201959,1204211 This update for util-linux fixes the following issues: - Fix file conflict during upgrade (bsc#1204211) - libuuid improvements (bsc#1201959, PED-1150): libuuid: Fix range when parsing UUIDs. Improve cache handling for short running applications-increment the cache size over runtime. Implement continuous clock handling for time based UUIDs. Check clock value from clock file to provide seamless libuuid. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3999-1 Released: Tue Nov 15 17:08:04 2022 Summary: Security update for systemd Type: security Severity: moderate References: 1204179,1204968,CVE-2022-3821 This update for systemd fixes the following issues: - CVE-2022-3821: Fixed buffer overrun in format_timespan() function (bsc#1204968). - Import commit 0cd50eedcc0692c1f907b24424215f8db7d3b428 * 0469b9f2bc pstore: do not try to load all known pstore modules * ad05f54439 pstore: Run after modules are loaded * ccad817445 core: Add trigger limit for path units * 281d818fe3 core/mount: also add default before dependency for automount mount units * ffe5b4afa8 logind: fix crash in logind on user-specified message string - Document udev naming scheme (bsc#1204179) - Make 'sle15-sp3' net naming scheme still available for backward compatibility reason ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4066-1 Released: Fri Nov 18 10:43:00 2022 Summary: Recommended update for timezone Type: recommended Severity: important References: 1177460,1202324,1204649,1205156 This update for timezone fixes the following issues: Update timezone version from 2022a to 2022f (bsc#1177460, bsc#1204649, bsc#1205156): - Mexico will no longer observe DST except near the US border - Chihuahua moves to year-round -06 on 2022-10-30 - Fiji no longer observes DST - In vanguard form, GMT is now a Zone and Etc/GMT a link - zic now supports links to links, and vanguard form uses this - Simplify four Ontario zones - Fix a Y2438 bug when reading TZif data - Enable 64-bit time_t on 32-bit glibc platforms - Omit large-file support when no longer needed - Jordan and Syria switch from +02/+03 with DST to year-round +03 - Palestine transitions are now Saturdays at 02:00 - Simplify three Ukraine zones into one - Improve tzselect on intercontinental Zones - Chile's DST is delayed by a week in September 2022 (bsc#1202324) - Iran no longer observes DST after 2022 - Rename Europe/Kiev to Europe/Kyiv - New `zic -R` command option - Vanguard form now uses %z ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4081-1 Released: Fri Nov 18 15:40:46 2022 Summary: Security update for dpkg Type: security Severity: low References: 1199944,CVE-2022-1664 This update for dpkg fixes the following issues: - CVE-2022-1664: Fixed a directory traversal vulnerability in Dpkg::Source::Archive (bsc#1199944). The following package changes have been done: - libuuid1-2.37.2-150400.8.8.1 updated - libsmartcols1-2.37.2-150400.8.8.1 updated - libblkid1-2.37.2-150400.8.8.1 updated - libfdisk1-2.37.2-150400.8.8.1 updated - libz1-1.2.11-150000.3.36.1 updated - libsystemd0-249.12-150400.8.13.1 updated - libmount1-2.37.2-150400.8.8.1 updated - util-linux-2.37.2-150400.8.8.1 updated - timezone-2022f-150000.75.15.1 updated - update-alternatives-1.19.0.4-150000.4.4.1 updated - container:sles15-image-15.0.0-27.14.16 updated From sle-updates at lists.suse.com Sun Nov 20 09:04:58 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 20 Nov 2022 10:04:58 +0100 (CET) Subject: SUSE-CU-2022:3065-1: Security update of bci/rust Message-ID: <20221120090458.40E8EF3CC@maintenance.suse.de> SUSE Container Update Advisory: bci/rust ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3065-1 Container Tags : bci/rust:1.61 , bci/rust:1.61-7.35 Container Release : 7.35 Severity : important Type : security References : 1177460 1199944 1201959 1202324 1203652 1204179 1204211 1204649 1204968 1205156 CVE-2022-1664 CVE-2022-3821 ----------------------------------------------------------------- The container bci/rust was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3961-1 Released: Mon Nov 14 07:33:50 2022 Summary: Recommended update for zlib Type: recommended Severity: important References: 1203652 This update for zlib fixes the following issues: - Fix updating strm.adler with inflate() if DFLTCC is used (bsc#1203652) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3974-1 Released: Mon Nov 14 15:39:20 2022 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1201959,1204211 This update for util-linux fixes the following issues: - Fix file conflict during upgrade (bsc#1204211) - libuuid improvements (bsc#1201959, PED-1150): libuuid: Fix range when parsing UUIDs. Improve cache handling for short running applications-increment the cache size over runtime. Implement continuous clock handling for time based UUIDs. Check clock value from clock file to provide seamless libuuid. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3999-1 Released: Tue Nov 15 17:08:04 2022 Summary: Security update for systemd Type: security Severity: moderate References: 1204179,1204968,CVE-2022-3821 This update for systemd fixes the following issues: - CVE-2022-3821: Fixed buffer overrun in format_timespan() function (bsc#1204968). - Import commit 0cd50eedcc0692c1f907b24424215f8db7d3b428 * 0469b9f2bc pstore: do not try to load all known pstore modules * ad05f54439 pstore: Run after modules are loaded * ccad817445 core: Add trigger limit for path units * 281d818fe3 core/mount: also add default before dependency for automount mount units * ffe5b4afa8 logind: fix crash in logind on user-specified message string - Document udev naming scheme (bsc#1204179) - Make 'sle15-sp3' net naming scheme still available for backward compatibility reason ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4066-1 Released: Fri Nov 18 10:43:00 2022 Summary: Recommended update for timezone Type: recommended Severity: important References: 1177460,1202324,1204649,1205156 This update for timezone fixes the following issues: Update timezone version from 2022a to 2022f (bsc#1177460, bsc#1204649, bsc#1205156): - Mexico will no longer observe DST except near the US border - Chihuahua moves to year-round -06 on 2022-10-30 - Fiji no longer observes DST - In vanguard form, GMT is now a Zone and Etc/GMT a link - zic now supports links to links, and vanguard form uses this - Simplify four Ontario zones - Fix a Y2438 bug when reading TZif data - Enable 64-bit time_t on 32-bit glibc platforms - Omit large-file support when no longer needed - Jordan and Syria switch from +02/+03 with DST to year-round +03 - Palestine transitions are now Saturdays at 02:00 - Simplify three Ukraine zones into one - Improve tzselect on intercontinental Zones - Chile's DST is delayed by a week in September 2022 (bsc#1202324) - Iran no longer observes DST after 2022 - Rename Europe/Kiev to Europe/Kyiv - New `zic -R` command option - Vanguard form now uses %z ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4081-1 Released: Fri Nov 18 15:40:46 2022 Summary: Security update for dpkg Type: security Severity: low References: 1199944,CVE-2022-1664 This update for dpkg fixes the following issues: - CVE-2022-1664: Fixed a directory traversal vulnerability in Dpkg::Source::Archive (bsc#1199944). The following package changes have been done: - libuuid1-2.37.2-150400.8.8.1 updated - libsmartcols1-2.37.2-150400.8.8.1 updated - libblkid1-2.37.2-150400.8.8.1 updated - libfdisk1-2.37.2-150400.8.8.1 updated - libz1-1.2.11-150000.3.36.1 updated - libsystemd0-249.12-150400.8.13.1 updated - libmount1-2.37.2-150400.8.8.1 updated - util-linux-2.37.2-150400.8.8.1 updated - timezone-2022f-150000.75.15.1 updated - update-alternatives-1.19.0.4-150000.4.4.1 updated - container:sles15-image-15.0.0-27.14.16 updated From sle-updates at lists.suse.com Sun Nov 20 09:05:11 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 20 Nov 2022 10:05:11 +0100 (CET) Subject: SUSE-CU-2022:3066-1: Security update of bci/rust Message-ID: <20221120090511.7114DF3CC@maintenance.suse.de> SUSE Container Update Advisory: bci/rust ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3066-1 Container Tags : bci/rust:1.64 , bci/rust:1.64-2.11 , bci/rust:latest Container Release : 2.11 Severity : important Type : security References : 1177460 1199944 1202324 1204179 1204649 1204968 1205156 CVE-2022-1664 CVE-2022-3821 ----------------------------------------------------------------- The container bci/rust was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3999-1 Released: Tue Nov 15 17:08:04 2022 Summary: Security update for systemd Type: security Severity: moderate References: 1204179,1204968,CVE-2022-3821 This update for systemd fixes the following issues: - CVE-2022-3821: Fixed buffer overrun in format_timespan() function (bsc#1204968). - Import commit 0cd50eedcc0692c1f907b24424215f8db7d3b428 * 0469b9f2bc pstore: do not try to load all known pstore modules * ad05f54439 pstore: Run after modules are loaded * ccad817445 core: Add trigger limit for path units * 281d818fe3 core/mount: also add default before dependency for automount mount units * ffe5b4afa8 logind: fix crash in logind on user-specified message string - Document udev naming scheme (bsc#1204179) - Make 'sle15-sp3' net naming scheme still available for backward compatibility reason ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4066-1 Released: Fri Nov 18 10:43:00 2022 Summary: Recommended update for timezone Type: recommended Severity: important References: 1177460,1202324,1204649,1205156 This update for timezone fixes the following issues: Update timezone version from 2022a to 2022f (bsc#1177460, bsc#1204649, bsc#1205156): - Mexico will no longer observe DST except near the US border - Chihuahua moves to year-round -06 on 2022-10-30 - Fiji no longer observes DST - In vanguard form, GMT is now a Zone and Etc/GMT a link - zic now supports links to links, and vanguard form uses this - Simplify four Ontario zones - Fix a Y2438 bug when reading TZif data - Enable 64-bit time_t on 32-bit glibc platforms - Omit large-file support when no longer needed - Jordan and Syria switch from +02/+03 with DST to year-round +03 - Palestine transitions are now Saturdays at 02:00 - Simplify three Ukraine zones into one - Improve tzselect on intercontinental Zones - Chile's DST is delayed by a week in September 2022 (bsc#1202324) - Iran no longer observes DST after 2022 - Rename Europe/Kiev to Europe/Kyiv - New `zic -R` command option - Vanguard form now uses %z ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4081-1 Released: Fri Nov 18 15:40:46 2022 Summary: Security update for dpkg Type: security Severity: low References: 1199944,CVE-2022-1664 This update for dpkg fixes the following issues: - CVE-2022-1664: Fixed a directory traversal vulnerability in Dpkg::Source::Archive (bsc#1199944). The following package changes have been done: - libsystemd0-249.12-150400.8.13.1 updated - timezone-2022f-150000.75.15.1 updated - update-alternatives-1.19.0.4-150000.4.4.1 updated - container:sles15-image-15.0.0-27.14.16 updated From sle-updates at lists.suse.com Sun Nov 20 09:07:11 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 20 Nov 2022 10:07:11 +0100 (CET) Subject: SUSE-CU-2022:3067-1: Security update of suse/sle-micro/5.1/toolbox Message-ID: <20221120090711.ABD03F3CC@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.1/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3067-1 Container Tags : suse/sle-micro/5.1/toolbox:11.1 , suse/sle-micro/5.1/toolbox:11.1-2.2.318 , suse/sle-micro/5.1/toolbox:latest Container Release : 2.2.318 Severity : important Type : security References : 1190818 1199944 1203201 1204986 CVE-2022-1664 CVE-2022-43995 ----------------------------------------------------------------- The container suse/sle-micro/5.1/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4077-1 Released: Fri Nov 18 15:05:28 2022 Summary: Security update for sudo Type: security Severity: important References: 1190818,1203201,1204986,CVE-2022-43995 This update for sudo fixes the following issues: - CVE-2022-43995: Fixed a potential heap-based buffer over-read when entering a passwor dof seven characters or fewer and using the crypt() password backend (bsc#1204986). - Fix wrong information output in the error message (bsc#1190818). - Make sure SIGCHLD is not ignored when sudo is executed; fixes race condition (bsc#1203201). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4081-1 Released: Fri Nov 18 15:40:46 2022 Summary: Security update for dpkg Type: security Severity: low References: 1199944,CVE-2022-1664 This update for dpkg fixes the following issues: - CVE-2022-1664: Fixed a directory traversal vulnerability in Dpkg::Source::Archive (bsc#1199944). The following package changes have been done: - sudo-1.9.5p2-150300.3.13.1 updated - update-alternatives-1.19.0.4-150000.4.4.1 updated From sle-updates at lists.suse.com Sun Nov 20 09:09:17 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 20 Nov 2022 10:09:17 +0100 (CET) Subject: SUSE-CU-2022:3068-1: Security update of suse/sle-micro/5.2/toolbox Message-ID: <20221120090917.2F321F3CC@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.2/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3068-1 Container Tags : suse/sle-micro/5.2/toolbox:11.1 , suse/sle-micro/5.2/toolbox:11.1-6.2.139 , suse/sle-micro/5.2/toolbox:latest Container Release : 6.2.139 Severity : important Type : security References : 1190818 1199944 1203201 1204986 CVE-2022-1664 CVE-2022-43995 ----------------------------------------------------------------- The container suse/sle-micro/5.2/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4077-1 Released: Fri Nov 18 15:05:28 2022 Summary: Security update for sudo Type: security Severity: important References: 1190818,1203201,1204986,CVE-2022-43995 This update for sudo fixes the following issues: - CVE-2022-43995: Fixed a potential heap-based buffer over-read when entering a passwor dof seven characters or fewer and using the crypt() password backend (bsc#1204986). - Fix wrong information output in the error message (bsc#1190818). - Make sure SIGCHLD is not ignored when sudo is executed; fixes race condition (bsc#1203201). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4081-1 Released: Fri Nov 18 15:40:46 2022 Summary: Security update for dpkg Type: security Severity: low References: 1199944,CVE-2022-1664 This update for dpkg fixes the following issues: - CVE-2022-1664: Fixed a directory traversal vulnerability in Dpkg::Source::Archive (bsc#1199944). The following package changes have been done: - sudo-1.9.5p2-150300.3.13.1 updated - update-alternatives-1.19.0.4-150000.4.4.1 updated From sle-updates at lists.suse.com Mon Nov 21 02:20:26 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 21 Nov 2022 03:20:26 +0100 (CET) Subject: SUSE-RU-2022:4135-1: moderate: Recommended update for libeconf Message-ID: <20221121022026.31559F3CC@maintenance.suse.de> SUSE Recommended Update: Recommended update for libeconf ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:4135-1 Rating: moderate References: #1198165 Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Micro 5.3 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for libeconf fixes the following issues: - Update to version 0.4.6+git - econftool: Parsing error: Reporting file and line nr. --delimeters=spaces accepting all kind of spaces for delimiter. - libeconf: Parse files correctly on space characters (1198165) - Update to version 0.4.5+git - econftool: New call "syntax" for checking the configuration files only. Returns an error string with line number if error. New options "--comment" and "--delimeters" Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-4135=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-4135=1 - SUSE Linux Enterprise Micro 5.3: zypper in -t patch SUSE-SLE-Micro-5.3-2022-4135=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): libeconf-debugsource-0.4.6+git20220427.3016f4e-150400.3.3.1 libeconf-devel-0.4.6+git20220427.3016f4e-150400.3.3.1 libeconf-utils-0.4.6+git20220427.3016f4e-150400.3.3.1 libeconf-utils-debuginfo-0.4.6+git20220427.3016f4e-150400.3.3.1 libeconf0-0.4.6+git20220427.3016f4e-150400.3.3.1 libeconf0-debuginfo-0.4.6+git20220427.3016f4e-150400.3.3.1 - openSUSE Leap 15.4 (x86_64): libeconf0-32bit-0.4.6+git20220427.3016f4e-150400.3.3.1 libeconf0-32bit-debuginfo-0.4.6+git20220427.3016f4e-150400.3.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): libeconf-debugsource-0.4.6+git20220427.3016f4e-150400.3.3.1 libeconf0-0.4.6+git20220427.3016f4e-150400.3.3.1 libeconf0-debuginfo-0.4.6+git20220427.3016f4e-150400.3.3.1 - SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64): libeconf-debugsource-0.4.6+git20220427.3016f4e-150400.3.3.1 libeconf0-0.4.6+git20220427.3016f4e-150400.3.3.1 libeconf0-debuginfo-0.4.6+git20220427.3016f4e-150400.3.3.1 References: https://bugzilla.suse.com/1198165 From sle-updates at lists.suse.com Mon Nov 21 02:21:14 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 21 Nov 2022 03:21:14 +0100 (CET) Subject: SUSE-RU-2022:4134-1: Recommended update for python-crcmod Message-ID: <20221121022114.5C45CF3CC@maintenance.suse.de> SUSE Recommended Update: Recommended update for python-crcmod ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:4134-1 Rating: low References: #1203453 Affected Products: SUSE Enterprise Storage 7 SUSE Enterprise Storage 7.1 SUSE Linux Enterprise High Performance Computing 15-SP2 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Public Cloud 15-SP2 SUSE Linux Enterprise Module for Public Cloud 15-SP3 SUSE Linux Enterprise Module for Public Cloud 15-SP4 SUSE Linux Enterprise Server 15-SP2 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.1 SUSE Manager Retail Branch Server 4.2 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.1 SUSE Manager Server 4.2 SUSE Manager Server 4.3 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for python-crcmod fixes the following issues: - Replace python-base with python-devel in BuildRequires (bsc#1203453) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-4134=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-4134=1 - SUSE Linux Enterprise Module for Public Cloud 15-SP4: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP4-2022-4134=1 - SUSE Linux Enterprise Module for Public Cloud 15-SP3: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP3-2022-4134=1 - SUSE Linux Enterprise Module for Public Cloud 15-SP2: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP2-2022-4134=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): python3-crcmod-1.7-150200.5.6.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): python2-crcmod-1.7-150200.5.6.1 python3-crcmod-1.7-150200.5.6.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP4 (aarch64 ppc64le s390x x86_64): python3-crcmod-1.7-150200.5.6.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP3 (aarch64 ppc64le s390x x86_64): python3-crcmod-1.7-150200.5.6.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP2 (aarch64 ppc64le s390x x86_64): python3-crcmod-1.7-150200.5.6.1 References: https://bugzilla.suse.com/1203453 From sle-updates at lists.suse.com Mon Nov 21 02:22:00 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 21 Nov 2022 03:22:00 +0100 (CET) Subject: SUSE-RU-2022:4137-1: moderate: Recommended update for yast2-http-server Message-ID: <20221121022200.754FCF3CC@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2-http-server ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:4137-1 Rating: moderate References: #1200016 Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for yast2-http-server fixes the following issue: - Find out php version dynamically to avoid hardcoded version (bsc#1200016) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-4137=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-4137=1 Package List: - openSUSE Leap 15.4 (noarch): yast2-http-server-4.4.2-150400.3.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (noarch): yast2-http-server-4.4.2-150400.3.3.1 References: https://bugzilla.suse.com/1200016 From sle-updates at lists.suse.com Mon Nov 21 02:22:39 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 21 Nov 2022 03:22:39 +0100 (CET) Subject: SUSE-RU-2022:4136-1: moderate: Recommended update for liblogging Message-ID: <20221121022239.D1A67F3CC@maintenance.suse.de> SUSE Recommended Update: Recommended update for liblogging ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:4136-1 Rating: moderate References: #1082318 Affected Products: SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for liblogging fixes the following issues: - Identify better license files (bsc#1082318) - Use python3 version of rst2man when available - Fix memory leaks in libstdlog - Package build improvements - Remove redundant ldconfig requires Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-4136=1 Package List: - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): liblogging-debugsource-1.0.6-0.6.1 liblogging0-1.0.6-0.6.1 liblogging0-debuginfo-1.0.6-0.6.1 References: https://bugzilla.suse.com/1082318 From sle-updates at lists.suse.com Mon Nov 21 02:23:30 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 21 Nov 2022 03:23:30 +0100 (CET) Subject: SUSE-RU-2022:4133-1: Recommended update for python-webencodings Message-ID: <20221121022330.5A38CF3CC@maintenance.suse.de> SUSE Recommended Update: Recommended update for python-webencodings ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:4133-1 Rating: low References: #1203743 Affected Products: SUSE Enterprise Storage 7.1 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.2 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.2 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.2 SUSE Manager Server 4.3 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for python-webencodings fixes the following issue: - Loose the filelist for the package info to avoid build failure (bsc#1203743) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-4133=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-4133=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2022-4133=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP3-2022-4133=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-4133=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-4133=1 Package List: - openSUSE Leap 15.4 (noarch): python3-webencodings-0.5.1-150000.3.3.1 - openSUSE Leap 15.3 (noarch): python2-webencodings-0.5.1-150000.3.3.1 python3-webencodings-0.5.1-150000.3.3.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 (noarch): python2-webencodings-0.5.1-150000.3.3.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (noarch): python2-webencodings-0.5.1-150000.3.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (noarch): python3-webencodings-0.5.1-150000.3.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch): python3-webencodings-0.5.1-150000.3.3.1 References: https://bugzilla.suse.com/1203743 From sle-updates at lists.suse.com Mon Nov 21 05:19:42 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 21 Nov 2022 06:19:42 +0100 (CET) Subject: SUSE-RU-2022:4138-1: important: Recommended update for python-msgpack Message-ID: <20221121051942.3FCAAF3CC@maintenance.suse.de> SUSE Recommended Update: Recommended update for python-msgpack ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:4138-1 Rating: important References: #1203743 Affected Products: SUSE Enterprise Storage 7.1 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Micro 5.3 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Module for Python2 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.2 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.2 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.2 SUSE Manager Server 4.3 openSUSE Leap 15.3 openSUSE Leap 15.4 openSUSE Leap Micro 5.2 openSUSE Leap Micro 5.3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for python-msgpack fixes the following issues: - Fix build failures on SUSE Linux Enterprise 15 Service Pack 5 (bsc#1203743) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap Micro 5.3: zypper in -t patch openSUSE-Leap-Micro-5.3-2022-4138=1 - openSUSE Leap Micro 5.2: zypper in -t patch openSUSE-Leap-Micro-5.2-2022-4138=1 - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-4138=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-4138=1 - SUSE Linux Enterprise Module for Python2 15-SP3: zypper in -t patch SUSE-SLE-Module-Python2-15-SP3-2022-4138=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-4138=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-4138=1 - SUSE Linux Enterprise Micro 5.3: zypper in -t patch SUSE-SLE-Micro-5.3-2022-4138=1 - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-4138=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-4138=1 Package List: - openSUSE Leap Micro 5.3 (aarch64 x86_64): python-msgpack-debuginfo-0.5.6-150100.3.3.1 python-msgpack-debugsource-0.5.6-150100.3.3.1 python3-msgpack-0.5.6-150100.3.3.1 python3-msgpack-debuginfo-0.5.6-150100.3.3.1 - openSUSE Leap Micro 5.2 (aarch64 x86_64): python-msgpack-debuginfo-0.5.6-150100.3.3.1 python-msgpack-debugsource-0.5.6-150100.3.3.1 python3-msgpack-0.5.6-150100.3.3.1 python3-msgpack-debuginfo-0.5.6-150100.3.3.1 - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): python-msgpack-debuginfo-0.5.6-150100.3.3.1 python-msgpack-debugsource-0.5.6-150100.3.3.1 python3-msgpack-0.5.6-150100.3.3.1 python3-msgpack-debuginfo-0.5.6-150100.3.3.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): python-msgpack-debuginfo-0.5.6-150100.3.3.1 python-msgpack-debugsource-0.5.6-150100.3.3.1 python2-msgpack-0.5.6-150100.3.3.1 python2-msgpack-debuginfo-0.5.6-150100.3.3.1 python3-msgpack-0.5.6-150100.3.3.1 python3-msgpack-debuginfo-0.5.6-150100.3.3.1 - SUSE Linux Enterprise Module for Python2 15-SP3 (aarch64 ppc64le s390x x86_64): python-msgpack-debuginfo-0.5.6-150100.3.3.1 python-msgpack-debugsource-0.5.6-150100.3.3.1 python2-msgpack-0.5.6-150100.3.3.1 python2-msgpack-debuginfo-0.5.6-150100.3.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): python-msgpack-debuginfo-0.5.6-150100.3.3.1 python-msgpack-debugsource-0.5.6-150100.3.3.1 python3-msgpack-0.5.6-150100.3.3.1 python3-msgpack-debuginfo-0.5.6-150100.3.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): python-msgpack-debuginfo-0.5.6-150100.3.3.1 python-msgpack-debugsource-0.5.6-150100.3.3.1 python3-msgpack-0.5.6-150100.3.3.1 python3-msgpack-debuginfo-0.5.6-150100.3.3.1 - SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64): python-msgpack-debuginfo-0.5.6-150100.3.3.1 python-msgpack-debugsource-0.5.6-150100.3.3.1 python3-msgpack-0.5.6-150100.3.3.1 python3-msgpack-debuginfo-0.5.6-150100.3.3.1 - SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64): python-msgpack-debuginfo-0.5.6-150100.3.3.1 python-msgpack-debugsource-0.5.6-150100.3.3.1 python3-msgpack-0.5.6-150100.3.3.1 python3-msgpack-debuginfo-0.5.6-150100.3.3.1 - SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64): python-msgpack-debuginfo-0.5.6-150100.3.3.1 python-msgpack-debugsource-0.5.6-150100.3.3.1 python3-msgpack-0.5.6-150100.3.3.1 python3-msgpack-debuginfo-0.5.6-150100.3.3.1 References: https://bugzilla.suse.com/1203743 From sle-updates at lists.suse.com Mon Nov 21 05:20:41 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 21 Nov 2022 06:20:41 +0100 (CET) Subject: SUSE-RU-2022:4139-1: moderate: Recommended update for libpfm Message-ID: <20221121052041.728BAF3CC@maintenance.suse.de> SUSE Recommended Update: Recommended update for libpfm ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:4139-1 Rating: moderate References: #1196709 #1197770 Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Module for Development Tools 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for libpfm fixes the following issues: - Remove python2 support. (bsc#1196709, bsc#1197770) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-4139=1 - SUSE Linux Enterprise Module for Development Tools 15-SP4: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2022-4139=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-4139=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): libpfm-debugsource-4.11.0-150400.5.3.1 libpfm-devel-4.11.0-150400.5.3.1 libpfm-devel-debuginfo-4.11.0-150400.5.3.1 libpfm-devel-static-4.11.0-150400.5.3.1 libpfm4-4.11.0-150400.5.3.1 libpfm4-debuginfo-4.11.0-150400.5.3.1 python3-libpfm-4.11.0-150400.5.3.1 python3-libpfm-debuginfo-4.11.0-150400.5.3.1 - openSUSE Leap 15.4 (x86_64): libpfm4-32bit-4.11.0-150400.5.3.1 libpfm4-32bit-debuginfo-4.11.0-150400.5.3.1 - SUSE Linux Enterprise Module for Development Tools 15-SP4 (aarch64 ppc64le s390x x86_64): libpfm-debugsource-4.11.0-150400.5.3.1 libpfm-devel-static-4.11.0-150400.5.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): libpfm-debugsource-4.11.0-150400.5.3.1 libpfm-devel-4.11.0-150400.5.3.1 libpfm-devel-debuginfo-4.11.0-150400.5.3.1 libpfm4-4.11.0-150400.5.3.1 libpfm4-debuginfo-4.11.0-150400.5.3.1 References: https://bugzilla.suse.com/1196709 https://bugzilla.suse.com/1197770 From sle-updates at lists.suse.com Mon Nov 21 08:04:21 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 21 Nov 2022 09:04:21 +0100 (CET) Subject: SUSE-IU-2022:1130-1: Security update of sles-15-sp3-chost-byos-v20221118-x86-64 Message-ID: <20221121080421.DF89AF3CC@maintenance.suse.de> SUSE Image Update Advisory: sles-15-sp3-chost-byos-v20221118-x86-64 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2022:1130-1 Image Tags : sles-15-sp3-chost-byos-v20221118-x86-64:20221118 Image Release : Severity : critical Type : security References : 1027519 1032323 1065729 1087072 1152489 1167864 1177460 1177471 1180995 1181961 1185032 1190818 1192439 1193923 1194023 1194530 1196444 1196840 1197659 1198702 1199492 1199564 1199856 1199918 1199926 1199927 1199944 1200022 1200102 1200313 1200465 1200622 1200788 1201247 1201309 1201310 1201489 1201645 1201725 1201865 1201959 1201978 1201990 1202021 1202095 1202324 1202341 1202385 1202627 1202638 1202677 1202686 1202700 1202803 1202812 1202821 1202960 1202976 1202984 1203046 1203066 1203098 1203159 1203201 1203290 1203313 1203387 1203389 1203391 1203410 1203424 1203496 1203514 1203552 1203614 1203619 1203620 1203622 1203652 1203681 1203737 1203769 1203770 1203802 1203806 1203807 1203906 1203909 1203911 1203935 1203939 1203987 1203992 1204051 1204053 1204059 1204060 1204111 1204112 1204113 1204125 1204137 1204166 1204168 1204179 1204211 1204256 1204289 1204290 1204291 1204292 1204354 1204355 1204357 1204366 1204367 1204382 1204383 1204402 1204415 1204417 1204431 1204439 1204470 1204479 1204482 1204485 1204487 1204488 1204489 1204490 1204494 1204496 1204574 1204575 1204619 1204635 1204637 1204646 1204647 1204649 1204653 1204690 1204708 1204728 1204753 1204754 1204968 1204986 1205156 CVE-2016-3709 CVE-2020-10696 CVE-2020-16119 CVE-2021-20206 CVE-2021-22569 CVE-2021-4037 CVE-2021-46848 CVE-2022-1615 CVE-2022-1664 CVE-2022-1941 CVE-2022-20008 CVE-2022-2153 CVE-2022-2503 CVE-2022-2586 CVE-2022-2795 CVE-2022-2964 CVE-2022-2978 CVE-2022-2990 CVE-2022-3169 CVE-2022-3171 CVE-2022-3176 CVE-2022-32221 CVE-2022-3239 CVE-2022-32743 CVE-2022-3303 CVE-2022-33746 CVE-2022-33747 CVE-2022-33748 CVE-2022-3424 CVE-2022-3515 CVE-2022-3521 CVE-2022-3524 CVE-2022-3535 CVE-2022-3542 CVE-2022-3545 CVE-2022-3565 CVE-2022-3577 CVE-2022-3586 CVE-2022-3594 CVE-2022-3621 CVE-2022-3625 CVE-2022-3629 CVE-2022-3640 CVE-2022-3646 CVE-2022-3649 CVE-2022-38177 CVE-2022-38178 CVE-2022-3821 CVE-2022-39189 CVE-2022-40303 CVE-2022-40304 CVE-2022-40768 CVE-2022-41218 CVE-2022-41222 CVE-2022-41674 CVE-2022-41848 CVE-2022-41849 CVE-2022-42010 CVE-2022-42011 CVE-2022-42012 CVE-2022-42309 CVE-2022-42310 CVE-2022-42311 CVE-2022-42312 CVE-2022-42313 CVE-2022-42314 CVE-2022-42315 CVE-2022-42316 CVE-2022-42317 CVE-2022-42318 CVE-2022-42319 CVE-2022-42320 CVE-2022-42321 CVE-2022-42322 CVE-2022-42323 CVE-2022-42325 CVE-2022-42326 CVE-2022-42703 CVE-2022-42719 CVE-2022-42720 CVE-2022-42721 CVE-2022-42722 CVE-2022-43680 CVE-2022-43750 CVE-2022-43995 ----------------------------------------------------------------- The container sles-15-sp3-chost-byos-v20221118-x86-64 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3682-1 Released: Fri Oct 21 11:42:40 2022 Summary: Security update for bind Type: security Severity: important References: 1201247,1203614,1203619,1203620,CVE-2022-2795,CVE-2022-38177,CVE-2022-38178 This update for bind fixes the following issues: - CVE-2022-2795: Fixed potential performance degredation due to missing database lookup limits when processing large delegations (bsc#1203614). - CVE-2022-38177: Fixed a memory leak that could be externally triggered in the DNSSEC verification code for the ECDSA algorithm (bsc#1203619). - CVE-2022-38178: Fixed memory leaks that could be externally triggered in the DNSSEC verification code for the EdDSA algorithm (bsc#1203620). Bugfixes: - Changed ownership of /var/lib/named/master from named:named to root:root (bsc#1201247) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3683-1 Released: Fri Oct 21 11:48:39 2022 Summary: Security update for libksba Type: security Severity: critical References: 1204357,CVE-2022-3515 This update for libksba fixes the following issues: - CVE-2022-3515: Fixed a possible overflow in the TLV parser (bsc#1204357). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3766-1 Released: Wed Oct 26 11:38:01 2022 Summary: Security update for buildah Type: security Severity: important References: 1167864,1181961,1202812,CVE-2020-10696,CVE-2021-20206,CVE-2022-2990 This update for buildah fixes the following issues: - CVE-2021-20206: Fixed an issue in libcni that could allow an attacker to execute arbitrary binaries on the host (bsc#1181961). - CVE-2020-10696: Fixed an issue that could lead to files being overwritten during the image building process (bsc#1167864). - CVE-2022-2990: Fixed possible information disclosure and modification / bsc#1202812 Buildah was updated to version 1.27.1: * run: add container gid to additional groups - Add fix for CVE-2022-2990 / bsc#1202812 Update to version 1.27.0: * Don't try to call runLabelStdioPipes if spec.Linux is not set * build: support filtering cache by duration using --cache-ttl * build: support building from commit when using git repo as build context * build: clean up git repos correctly when using subdirs * integration tests: quote '?' in shell scripts * test: manifest inspect should have OCIv1 annotation * vendor: bump to c/common at 87fab4b7019a * Failure to determine a file or directory should print an error * refactor: remove unused CommitOptions from generateBuildOutput * stage_executor: generate output for cases with no commit * stage_executor, commit: output only if last stage in build * Use errors.Is() instead of os.Is{Not,}Exist * Minor test tweak for podman-remote compatibility * Cirrus: Use the latest imgts container * imagebuildah: complain about the right Dockerfile * tests: don't try to wrap `nil` errors * cmd/buildah.commitCmd: don't shadow 'err' * cmd/buildah.pullCmd: complain about DecryptConfig/EncryptConfig * Fix a copy/paste error message * Fix a typo in an error message * build,cache: support pulling/pushing cache layers to/from remote sources * Update vendor of containers/(common, storage, image) * Rename chroot/run.go to chroot/run_linux.go * Don't bother telling codespell to skip files that don't exist * Set user namespace defaults correctly for the library * imagebuildah: optimize cache hits for COPY and ADD instructions * Cirrus: Update VM images w/ updated bats * docs, run: show SELinux label flag for cache and bind mounts * imagebuildah, build: remove undefined concurrent writes * bump github.com/opencontainers/runtime-tools * Add FreeBSD support for 'buildah info' * Vendor in latest containers/(storage, common, image) * Add freebsd cross build targets * Make the jail package build on 32bit platforms * Cirrus: Ensure the build-push VM image is labeled * GHA: Fix dynamic script filename * Vendor in containers/(common, storage, image) * Run codespell * Remove import of github.com/pkg/errors * Avoid using cgo in pkg/jail * Rename footypes to fooTypes for naming consistency * Move cleanupTempVolumes and cleanupRunMounts to run_common.go * Make the various run mounts work for FreeBSD * Move get{Bind,Tmpfs,Secret,SSH}Mount to run_common.go * Move runSetupRunMounts to run_common.go * Move cleanableDestinationListFromMounts to run_common.go * Make setupMounts and runSetupBuiltinVolumes work on FreeBSD * Move setupMounts and runSetupBuiltinVolumes to run_common.go * Tidy up - runMakeStdioPipe can't be shared with linux * Move runAcceptTerminal to run_common.go * Move stdio copying utilities to run_common.go * Move runUsingRuntime and runCollectOutput to run_common.go * Move fileCloser, waitForSync and contains to run_common.go * Move checkAndOverrideIsolationOptions to run_common.go * Move DefaultNamespaceOptions to run_common.go * Move getNetworkInterface to run_common.go * Move configureEnvironment to run_common.go * Don't crash in configureUIDGID if Process.Capabilities is nil * Move configureUIDGID to run_common.go * Move runLookupPath to run_common.go * Move setupTerminal to run_common.go * Move etc file generation utilities to run_common.go * Add run support for FreeBSD * Add a simple FreeBSD jail library * Add FreeBSD support to pkg/chrootuser * Sync call signature for RunUsingChroot with chroot/run.go * test: verify feature to resolve basename with args * vendor: bump openshift/imagebuilder to master at 4151e43 * GHA: Remove required reserved-name use * buildah: set XDG_RUNTIME_DIR before setting default runroot * imagebuildah: honor build output even if build container is not commited * chroot: honor DefaultErrnoRet * [CI:DOCS] improve pull-policy documentation * tests: retrofit test since --file does not supports dir * Switch to golang native error wrapping * BuildDockerfiles: error out if path to containerfile is a directory * define.downloadToDirectory: fail early if bad HTTP response * GHA: Allow re-use of Cirrus-Cron fail-mail workflow * add: fail on bad http response instead of writing to container * [CI:DOCS] Update buildahimage comment * lint: inspectable is never nil * vendor: c/common to common at 7e1563b * build: support OCI hooks for ephemeral build containers * [CI:BUILD] Install latest buildah instead of compiling * Add subid support with BuildRequires and BUILDTAG [NO NEW TESTS NEEDED] * Make sure cpp is installed in buildah images * demo: use unshare for rootless invocations * buildah.spec.rpkg: initial addition * build: fix test for subid 4 * build, userns: add support for --userns=auto * Fix building upstream buildah image * Remove redundant buildahimages-are-sane validation * Docs: Update multi-arch buildah images readme * Cirrus: Migrate multiarch build off github actions * retrofit-tests: we skip unused stages so use stages * stage_executor: dont rely on stage while looking for additional-context * buildkit, multistage: skip computing unwanted stages * More test cleanup * copier: work around freebsd bug for 'mkdir /' * Replace $BUILDAH_BINARY with buildah() function * Fix up buildah images * Make util and copier build on FreeBSD * Vendor in latest github.com/sirupsen/logrus * Makefile: allow building without .git * run_unix: don't return an error from getNetworkInterface * run_unix: return a valid DefaultNamespaceOptions * Update vendor of containers/storage * chroot: use ActKillThread instead of ActKill * use resolvconf package from c/common/libnetwork * update c/common to latest main * copier: add `NoOverwriteNonDirDir` option * Sort buildoptions and move cli/build functions to internal * Fix TODO: de-spaghettify run mounts * Move options parsing out of build.go and into pkg/cli * [CI:DOCS] Tutorial 04 - Include Debian/Ubuntu deps * build, multiarch: support splitting build logs for --platform * [CI:BUILD] WIP Cleanup Image Dockerfiles * cli remove stutter * docker-parity: ignore sanity check if baseImage history is null * build, commit: allow disabling image history with --omit-history * Fix use generic/ambiguous DEBUG name * Cirrus: use Ubuntu 22.04 LTS * Fix codespell errors * Remove util.StringInSlice because it is defined in containers/common * buildah: add support for renaming a device in rootless setups * squash: never use build cache when computing last step of last stage * Update vendor of containers/(common, storage, image) * buildkit: supports additionalBuildContext in builds via --build-context * buildah source pull/push: show progress bar * run: allow resuing secret twice in different RUN steps * test helpers: default to being rootless-aware * Add --cpp-flag flag to buildah build * build: accept branch and subdirectory when context is git repo * Vendor in latest containers/common * vendor: update c/storage and c/image * Fix gentoo install docs * copier: move NSS load to new process * Add test for prevention of reusing encrypted layers * Make `buildah build --label foo` create an empty 'foo' label again Update to version 1.26.4: * build, multiarch: support splitting build logs for --platform * copier: add `NoOverwriteNonDirDir` option * docker-parity: ignore sanity check if baseImage history is null * build, commit: allow disabling image history with --omit-history * buildkit: supports additionalBuildContext in builds via --build-context * Add --cpp-flag flag to buildah build Update to version 1.26.3: * define.downloadToDirectory: fail early if bad HTTP response * add: fail on bad http response instead of writing to container * squash: never use build cache when computing last step of last stage * run: allow resuing secret twice in different RUN steps * integration tests: update expected error messages * integration tests: quote '?' in shell scripts * Use errors.Is() to check for storage errors * lint: inspectable is never nil * chroot: use ActKillThread instead of ActKill * chroot: honor DefaultErrnoRet * Set user namespace defaults correctly for the library * contrib/rpm/buildah.spec: fix `rpm` parser warnings Drop requires on apparmor pattern, should be moved elsewhere for systems which want AppArmor instead of SELinux. - Update BuildRequires to libassuan-devel >= 2.5.2, pkgconfig file is required to build. Update to version 1.26.2: * buildah: add support for renaming a device in rootless setups Update to version 1.26.1: * Make `buildah build --label foo` create an empty 'foo' label again * imagebuildah,build: move deepcopy of args before we spawn goroutine * Vendor in containers/storage v1.40.2 * buildah.BuilderOptions.DefaultEnv is ignored, so mark it as deprecated * help output: get more consistent about option usage text * Handle OS version and features flags * buildah build: --annotation and --label should remove values * buildah build: add a --env * buildah: deep copy options.Args before performing concurrent build/stage * test: inline platform and builtinargs behaviour * vendor: bump imagebuilder to master/009dbc6 * build: automatically set correct TARGETPLATFORM where expected * Vendor in containers/(common, storage, image) * imagebuildah, executor: process arg variables while populating baseMap * buildkit: add support for custom build output with --output * Cirrus: Update CI VMs to F36 * fix staticcheck linter warning for deprecated function * Fix docs build on FreeBSD * copier.unwrapError(): update for Go 1.16 * copier.PutOptions: add StripSetuidBit/StripSetgidBit/StripStickyBit * copier.Put(): write to read-only directories * Ed's periodic test cleanup * using consistent lowercase 'invalid' word in returned err msg * use etchosts package from c/common * run: set actual hostname in /etc/hostname to match docker parity * Update vendor of containers/(common,storage,image) * manifest-create: allow creating manifest list from local image * Update vendor of storage,common,image * Initialize network backend before first pull * oci spec: change special mount points for namespaces * tests/helpers.bash: assert handle corner cases correctly * buildah: actually use containers.conf settings * integration tests: learn to start a dummy registry * Fix error check to work on Podman * buildah build should accept at most one arg * tests: reduce concurrency for flaky bud-multiple-platform-no-run * vendor in latest containers/common,image,storage * manifest-add: allow override arch,variant while adding image * Remove a stray `\` from .containerenv * Vendor in latest opencontainers/selinux v1.10.1 * build, commit: allow removing default identity labels * Create shorter names for containers based on image IDs * test: skip rootless on cgroupv2 in root env * fix hang when oci runtime fails * Set permissions for GitHub actions * copier test: use correct UID/GID in test archives * run: set parent-death signals and forward SIGHUP/SIGINT/SIGTERM ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3773-1 Released: Wed Oct 26 12:19:29 2022 Summary: Security update for curl Type: security Severity: important References: 1204383,CVE-2022-32221 This update for curl fixes the following issues: - CVE-2022-32221: Fixed POST following PUT confusion (bsc#1204383). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3775-1 Released: Wed Oct 26 13:06:35 2022 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1177471,1185032,1194023,1196444,1197659,1199564,1200313,1200622,1201309,1201310,1201489,1201645,1201865,1201990,1202095,1202341,1202385,1202677,1202960,1202984,1203159,1203290,1203313,1203389,1203410,1203424,1203514,1203552,1203622,1203737,1203769,1203770,1203906,1203909,1203935,1203939,1203987,1203992,1204051,1204059,1204060,1204125,1204289,1204290,1204291,1204292,CVE-2020-16119,CVE-2022-20008,CVE-2022-2503,CVE-2022-2586,CVE-2022-3169,CVE-2022-3239,CVE-2022-3303,CVE-2022-40768,CVE-2022-41218,CVE-2022-41222,CVE-2022-41674,CVE-2022-41848,CVE-2022-41849,CVE-2022-42719,CVE-2022-42720,CVE-2022-42721,CVE-2022-42722 The SUSE Linux Enterprise 15 SP3 kernel was updated. The following security bugs were fixed: - CVE-2022-40768: Fixed information leak in the scsi driver which allowed local users to obtain sensitive information from kernel memory. (bnc#1203514) - CVE-2022-3169: Fixed a denial of service flaw which occurs when consecutive requests to NVME_IOCTL_RESET and the NVME_IOCTL_SUBSYS_RESET are sent. (bnc#1203290) - CVE-2022-42722: Fixed crash in beacon protection for P2P-device. (bsc#1204125) - CVE-2022-42719: Fixed MBSSID parsing use-after-free. (bsc#1204051) - CVE-2022-42721: Avoid nontransmitted BSS list corruption. (bsc#1204060) - CVE-2022-42720: Fixed BSS refcounting bugs. (bsc#1204059) - CVE-2022-3303: Fixed a race condition in the sound subsystem due to improper locking (bnc#1203769). - CVE-2022-41218: Fixed an use-after-free caused by refcount races in drivers/media/dvb-core/dmxdev.c (bnc#1202960). - CVE-2022-3239: Fixed an use-after-free in the video4linux driver that could lead a local user to able to crash the system or escalate their privileges (bnc#1203552). - CVE-2022-41848: Fixed a race condition and resultant use-after-free if a physically proximate attacker removes a PCMCIA device while calling ioctl (bnc#1203987). - CVE-2022-41849: Fixed a race condition and resultant use-after-free if a physically proximate attacker removes a USB device while calling open (bnc#1203992). - CVE-2022-41674: Fixed a DoS issue where kernel can crash on the reception of specific WiFi Frames (bsc#1203770). - CVE-2022-2586: Fixed a use-after-free which can be triggered when a nft table is deleted (bnc#1202095). - CVE-2022-41222: Fixed a use-after-free via a stale TLB because an rmap lock is not held during a PUD move (bnc#1203622). - CVE-2022-2503: Fixed a bug in dm-verity, device-mapper table reloads allowed users with root privileges to switch out the target with an equivalent dm-linear target and bypass verification till reboot. This allowed root to bypass LoadPin and can be used to load untrusted and unverified kernel modules and firmware, which implies arbitrary kernel execution and persistence for peripherals that do not verify firmware updates (bnc#1202677). - CVE-2022-20008: Fixed a bug which allowed to read kernel heap memory due to uninitialized data. This could lead to local information disclosure if reading from an SD card that triggers errors, with no additional execution privileges needed. (bnc#1199564) - CVE-2020-16119: Fixed a use-after-free vulnerability exploitable by a local attacker due to reuse of a DCCP socket. (bnc#1177471) The following non-security bugs were fixed: - ALSA: aloop: Fix random zeros in capture data when using jiffies timer (git-fixes). - ALSA: emu10k1: Fix out of bounds access in snd_emu10k1_pcm_channel_alloc() (git-fixes). - ALSA: hda/realtek: Re-arrange quirk table entries (git-fixes). - ALSA: seq: Fix data-race at module auto-loading (git-fixes). - ALSA: seq: oss: Fix data-race for max_midi_devs access (git-fixes). - ALSA: usb-audio: Fix an out-of-bounds bug in __snd_usb_parse_audio_interface() (git-fixes). - ALSA: usb-audio: fix spelling mistakes (git-fixes). - ALSA: usb-audio: Inform the delayed registration more properly (git-fixes). - ALSA: usb-audio: Register card again for iface over delayed_register option (git-fixes). - ALSA: usb-audio: Split endpoint setups for hw_params and prepare (git-fixes). - arm64: cpufeature: Allow different PMU versions in ID_DFR0_EL1 (git-fixes) - arm64: dts: allwinner: A64 Sopine: phy-mode rgmii-id (git-fixes) - arm64: dts: allwinner: a64-sopine-baseboard: change RGMII mode to (bsc#1202341) - arm64: dts: allwinner: H5: NanoPi Neo Plus2: phy-mode rgmii-id (git-fixes) - arm64: dts: rockchip: Pull up wlan wake# on Gru-Bob (git-fixes) - arm64: dts: rockchip: Remove 'enable-active-low' from rk3399-puma (git-fixes) - arm64: dts: rockchip: Set RK3399-Gru PCLK_EDP to 24 MHz (git-fixes) - arm64: dts: uniphier: Fix USB interrupts for PXs3 SoC (git-fixes) - arm64: kexec_file: use more system keyrings to verify kernel image signature (bsc#1196444). - arm64: mm: Always update TCR_EL1 from __cpu_set_tcr_t0sz() (git-fixes) - arm64: mm: fix p?d_leaf() (git-fixes) - arm64: mm: use a 48-bit ID map when possible on 52-bit VA builds (git-fixes) - arm64: tegra: Fix SDMMC1 CD on P2888 (git-fixes) - arm64: tegra: Remove non existent Tegra194 reset (git-fixes) - arm64: tlb: fix the TTL value of tlb_get_level (git-fixes) - arm64/mm: Validate hotplug range before creating linear mapping (git-fixes) - bpf: Compile out btf_parse_module() if module BTF is not enabled (git-fixes). - cgroup: cgroup_get_from_id() must check the looked-up kn is a directory (bsc#1203906). - crypto: arm64/gcm - Select AEAD for GHASH_ARM64_CE (git-fixes) - crypto: arm64/poly1305 - fix a read out-of-bound (git-fixes) - drm/amdgpu: Check num_gfx_rings for gfx v9_0 rb setup (git-fixes). - drm/amdgpu: mmVM_L2_CNTL3 register not initialized correctly (git-fixes). - drm/gem: Fix GEM handle release errors (git-fixes). - drm/i915/glk: ECS Liva Q2 needs GLK HDMI port timing quirk (git-fixes). - drm/meson: Correct OSD1 global alpha value (git-fixes). - drm/meson: Fix OSD1 RGB to YCbCr coefficient (git-fixes). - drm/msm/rd: Fix FIFO-full deadlock (git-fixes). - drm/radeon: add a force flush to delay work when radeon (git-fixes). - dtb: Do not include sources in src.rpm - refer to kernel-source Same as other kernel binary packages there is no need to carry duplicate sources in dtb packages. - efi: capsule-loader: Fix use-after-free in efi_capsule_write (git-fixes). - fbdev: chipsfb: Add missing pci_disable_device() in chipsfb_pci_init() (git-fixes). - fbdev: fb_pm2fb: Avoid potential divide by zero error (git-fixes). - ftrace: Fix NULL pointer dereference in is_ftrace_trampoline when ftrace is dead (git-fixes). - gpio: mpc8xxx: Fix support for IRQ_TYPE_LEVEL_LOW flow_type in mpc85xx (git-fixes). - HID: intel-ish-hid: ishtp: Fix ishtp client sending disordered message (git-fixes). - HID: ishtp-hid-clientHID: ishtp-hid-client: Fix comment typo (git-fixes). - ieee802154: cc2520: add rc code in cc2520_tx() (git-fixes). - ima: force signature verification when CONFIG_KEXEC_SIG is configured (bsc#1203737). - Input: iforce - add support for Boeder Force Feedback Wheel (git-fixes). - Input: melfas_mip4 - fix return value check in mip4_probe() (git-fixes). - Input: snvs_pwrkey - fix SNVS_HPVIDR1 register address (git-fixes). - JFS: fix GPF in diFree (bsc#1203389). - JFS: fix memleak in jfs_mount (git-fixes). - JFS: more checks for invalid superblock (git-fixes). - JFS: prevent NULL deref in diFree (bsc#1203389). - kABI: x86: kexec: hide new include from genksyms (bsc#1196444). - kexec: clean up arch_kexec_kernel_verify_sig (bsc#1196444). - kexec: do not verify the signature without the lockdown or mandatory signature (bsc#1203737). - kexec: drop weak attribute from arch_kexec_apply_relocations[_add] (bsc#1196444). - kexec: drop weak attribute from functions (bsc#1196444). - kexec: drop weak attribute from functions (bsc#1196444). - kexec: KEYS: make the code in bzImage64_verify_sig generic (bsc#1196444). - kexec: KEYS: s390: Make use of built-in and secondary keyring for signature verification (bsc#1196444). - KVM: nVMX: Let userspace set nVMX MSR to any _host_ supported value (git-fixes). - KVM: x86: Mark TSS busy during LTR emulation _after_ all fault checks (git-fixes). - KVM: x86: Set error code to segment selector on LLDT/LTR non-canonical #GP (git-fixes). - md-raid10: fix KASAN warning (git-fixes). - md: call __md_stop_writes in md_stop (git-fixes). - md: unlock mddev before reap sync_thread in action_store (bsc#1197659). - mm: pagewalk: Fix race between unmap and page walker (git-fixes, bsc#1203159). - mm: proc: smaps_rollup: do not stall write attempts on mmap_lock (bsc#1201990). - mm: smaps*: extend smap_gather_stats to support specified beginning (bsc#1201990). - net: mana: Add rmb after checking owner bits (git-fixes). - net: mana: Add support of XDP_REDIRECT action (bug#1201310, jsc#PED-529). - net: mana: Add the Linux MANA PF driver (bug#1201309, jsc#PED-529). - NFS: Do not decrease the value of seq_nr_highest_sent (git-fixes). - NFS: Fix races in the legacy idmapper upcall (git-fixes). - NFS: Handle NFS4ERR_DELAY replies to OP_SEQUENCE correctly (git-fixes). - NFS: RECLAIM_COMPLETE must handle EACCES (git-fixes). - NFSD: Fix offset type in I/O trace points (git-fixes). - nvme-fabrics: parse nvme connect Linux error codes (bsc#1201865). - nvme-rdma: Handle number of queue changes (bsc#1201865). - nvme-tcp: fix UAF when detecting digest errors (bsc#1200313 bsc#1201489). - nvme-tcp: Handle number of queue changes (bsc#1201865). - nvmet: Expose max queues to configfs (bsc#1201865). - of: device: Fix up of_dma_configure_id() stub (git-fixes). - of: fdt: fix off-by-one error in unflatten_dt_nodes() (git-fixes). - pinctrl: rockchip: Enhance support for IRQ_TYPE_EDGE_BOTH (git-fixes). - platform/x86: acer-wmi: Acer Aspire One AOD270/Packard Bell Dot keymap fixes (git-fixes). - powerpc/drmem: Make lmb_size 64 bit (bsc#1203424 ltc#199544). - powerpc/memhotplug: Make lmb size 64bit (bsc#1203424 ltc#199544). - ppc64/kdump: Limit kdump base to 512MB (bsc#1203410 ltc#199904). - psi: Fix uaf issue when psi trigger is destroyed while being polled (bsc#1203909). - regulator: core: Clean up on enable failure (git-fixes). - s390/qeth: cache link_info for ethtool (bsc#1202984 LTC#199607). - s390/qeth: clean up default cases for ethtool link mode (bsc#1202984 LTC#199607). - s390/qeth: improve QUERY CARD INFO processing (bsc#1202984 LTC#199607). - s390/qeth: improve selection of ethtool link modes (bsc#1202984 LTC#199607). - s390/qeth: set static link info during initialization (bsc#1202984 LTC#199607). - s390/qeth: tolerate error when querying card info (bsc#1202984 LTC#199607). - s390/qeth: use QUERY OAT for initial link info (bsc#1202984 LTC#199607). - scsi: core: Fix bad pointer dereference when ehandler kthread is invalid (git-fixes). - scsi: lpfc: Add missing destroy_workqueue() in error path (bsc#1203939). - scsi: lpfc: Add missing free iocb and nlp kref put for early return VMID cases (bsc#1203939). - scsi: lpfc: Add reporting capability for Link Degrade Signaling (bsc#1203939). - scsi: lpfc: Fix FLOGI ACC with wrong SID in PT2PT topology (bsc#1203939). - scsi: lpfc: Fix mbuf pool resource detected as busy at driver unload (bsc#1203939). - scsi: lpfc: Fix multiple NVMe remoteport registration calls for the same NPort ID (bsc#1203939). - scsi: lpfc: Fix prli_fc4_req checks in PRLI handling (bsc#1203939). - scsi: lpfc: Fix various issues reported by tools (bsc#1203939). - scsi: lpfc: Move scsi_host_template outside dynamically allocated/freed phba (bsc#1185032 bsc#1203939). - scsi: lpfc: Remove the unneeded result variable (bsc#1203939). - scsi: lpfc: Remove unneeded result variable (bsc#1203939). - scsi: lpfc: Rename mp/bmp dma buffers to rq/rsp in lpfc_fdmi_cmd (bsc#1203939). - scsi: lpfc: Return DID_TRANSPORT_DISRUPTED instead of DID_REQUEUE (bsc#1203939). - scsi: lpfc: Rework FDMI attribute registration for unintential padding (bsc#1203939). - scsi: lpfc: Rework lpfc_fdmi_cmd() routine for cleanup and consistency (bsc#1203939). - scsi: lpfc: Update congestion mode logging for Emulex SAN Manager application (bsc#1203939). - scsi: lpfc: Update lpfc version to 14.2.0.7 (bsc#1203939). - scsi: mpt3sas: Fix use-after-free warning (git-fixes). - scsi: qla2xxx: Add debugfs create/delete helpers (bsc#1203935). - scsi: qla2xxx: Add NVMe parameters support in Auxiliary Image Status (bsc#1203935). - scsi: qla2xxx: Always wait for qlt_sess_work_fn() from qlt_stop_phase1() (bsc#1203935). - scsi: qla2xxx: Avoid flush_scheduled_work() usage (bsc#1203935). - scsi: qla2xxx: Disable ATIO interrupt coalesce for quad port ISP27XX (bsc#1203935). - scsi: qla2xxx: Drop DID_TARGET_FAILURE use (bsc#1203935). - scsi: qla2xxx: Fix memory leak in __qlt_24xx_handle_abts() (bsc#1203935). - scsi: qla2xxx: Fix response queue handler reading stale packets (bsc#1203935). - scsi: qla2xxx: Log message 'skipping scsi_scan_host()' as informational (bsc#1203935). - scsi: qla2xxx: Remove unused declarations for qla2xxx (bsc#1203935). - scsi: qla2xxx: Remove unused del_sess_list field (bsc#1203935). - scsi: qla2xxx: Remove unused qlt_tmr_work() (bsc#1203935). - scsi: qla2xxx: Revert 'scsi: qla2xxx: Fix response queue handler reading stale packets' (bsc#1203935). - scsi: qla2xxx: Update version to 10.02.07.900-k (bsc#1203935). - scsi: sg: Allow waiting for commands to complete on removed device (git-fixes). - scsi: smartpqi: Fix DMA direction for RAID requests (git-fixes). - scsi: smartpqi: Shorten drive visibility after removal (bsc#1200622). - scsi: smartpqi: Update LUN reset handler (bsc#1200622). - soc: brcmstb: pm-arm: Fix refcount leak and __iomem leak bugs (git-fixes). - squashfs: fix divide error in calculate_skip() (git-fixes). - struct ehci_hcd: hide new member (git-fixes). - struct otg_fsm: hide new boolean member in gap (git-fixes). - SUNRPC: Do not call connect() more than once on a TCP socket (git-fixes). - SUNRPC: Do not leak sockets in xs_local_connect() (git-fixes). - SUNRPC: fix expiry of auth creds (git-fixes). - SUNRPC: Fix misplaced barrier in call_decode (git-fixes). - SUNRPC: Partial revert of commit 6f9f17287e78 (git-fixes). - SUNRPC: Reinitialise the backchannel request buffers before reuse (git-fixes). - SUNRPC: RPC level errors should set task->tk_rpc_status (git-fixes). - svcrdma: Hold private mutex while invoking rdma_accept() (git-fixes). - tracing: hold caller_addr to hardirq_{enable,disable}_ip (git-fixes). - USB: Add ignore-residue quirk for NXP PN7462AU (git-fixes). - USB: cdc-acm: Add Icom PMR F3400 support (0c26:0020) (git-fixes). - USB: core: Fix RST error in hub.c (git-fixes). - USB: core: Prevent nested device-reset calls (git-fixes). - USB: dwc3: disable USB core PHY management (git-fixes). - USB: ehci: handshake CMD_RUN instead of STS_HALT (git-fixes). - USB: otg-fsm: Fix hrtimer list corruption (git-fixes). - USB: serial: ch341: fix disabled rx timer on older devices (git-fixes). - USB: serial: ch341: fix lost character on LCR updates (git-fixes). - USB: serial: ch341: name prescaler, divisor registers (git-fixes). - USB: serial: cp210x: add Decagon UCA device id (git-fixes). - USB: serial: ftdi_sio: add Omron CS1W-CIF31 device id (git-fixes). - USB: serial: option: add Quectel EM060K modem (git-fixes). - USB: serial: option: add support for Cinterion MV32-WA/WB RmNet mode (git-fixes). - USB: serial: option: add support for OPPO R11 diag port (git-fixes). - USB: storage: Add ASUS <0x0b05:0x1932> to IGNORE_UAS (git-fixes). - USB: struct usb_device: hide new member (git-fixes). - usbnet: Fix memory leak in usbnet_disconnect() (git-fixes). - vt: Clear selection before changing the font (git-fixes). - vt: selection, introduce vc_is_sel (git-fixes). - watchdog: wdat_wdt: Set the min and max timeout values properly (bsc#1194023). - wifi: iwlegacy: 4965: corrected fix for potential off-by-one overflow in il4965_rs_fill_link_cmd() (git-fixes). - x86/bugs: Reenable retbleed=off While for older kernels the return thunks are statically built in and cannot be dynamically patched out, retbleed=off should still work so that it can be disabled. - x86/kexec: fix memory leak of elf header buffer (bsc#1196444). - x86/xen: Remove undefined behavior in setup_features() (git-fixes). - xen/xenbus: fix return type in xenbus_file_read() (git-fixes). - xprtrdma: Fix cwnd update ordering (git-fixes). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3776-1 Released: Wed Oct 26 14:06:43 2022 Summary: Recommended update for permissions Type: recommended Severity: important References: 1203911,1204137 This update for permissions fixes the following issues: - Revert changes that replaced ping capabilities with ICMP_PROTO sockets. Older SUSE Linux Enterprise versions don't properly support ICMP_PROTO sockets feature yet (bsc#1204137) - Fix regression introduced by backport of security fix (bsc#1203911) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3784-1 Released: Wed Oct 26 18:03:28 2022 Summary: Security update for libtasn1 Type: security Severity: critical References: 1204690,CVE-2021-46848 This update for libtasn1 fixes the following issues: - CVE-2021-46848: Fixed off-by-one array size check that affects asn1_encode_simple_der (bsc#1204690) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3805-1 Released: Thu Oct 27 17:19:46 2022 Summary: Security update for dbus-1 Type: security Severity: important References: 1087072,1204111,1204112,1204113,CVE-2022-42010,CVE-2022-42011,CVE-2022-42012 This update for dbus-1 fixes the following issues: - CVE-2022-42010: Fixed potential crash that could be triggered by an invalid signature (bsc#1204111). - CVE-2022-42011: Fixed an out of bounds read caused by a fixed length array (bsc#1204112). - CVE-2022-42012: Fixed a use-after-free that could be trigged by a message in non-native endianness with out-of-band Unix file descriptor (bsc#1204113). Bugfixes: - Disable asserts (bsc#1087072). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3871-1 Released: Fri Nov 4 13:26:29 2022 Summary: Security update for libxml2 Type: security Severity: important References: 1201978,1204366,1204367,CVE-2016-3709,CVE-2022-40303,CVE-2022-40304 This update for libxml2 fixes the following issues: - CVE-2016-3709: Fixed possible XSS vulnerability (bsc#1201978). - CVE-2022-40303: Fixed integer overflows with XML_PARSE_HUGE (bsc#1204366). - CVE-2022-40304: Fixed dict corruption caused by entity reference cycles (bsc#1204367). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3900-1 Released: Tue Nov 8 10:47:55 2022 Summary: Recommended update for docker Type: recommended Severity: moderate References: 1200022 This update for docker fixes the following issues: - Fix a crash-on-start issue with dockerd (bsc#1200022) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3901-1 Released: Tue Nov 8 10:50:06 2022 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1180995,1203046 This update for openssl-1_1 fixes the following issues: - Default to RFC7919 groups when generating ECDH parameters using 'genpkey' or 'dhparam' in FIPS mode (bsc#1180995) - Fix memory leaks (bsc#1203046) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3904-1 Released: Tue Nov 8 10:52:13 2022 Summary: Recommended update for openssh Type: recommended Severity: moderate References: 1192439 This update for openssh fixes the following issue: - Prevent empty messages from being sent. (bsc#1192439) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3905-1 Released: Tue Nov 8 12:23:17 2022 Summary: Recommended update for aaa_base Type: recommended Severity: important References: 1196840,1199492,1199918,1199926,1199927 This update for aaa_base and iputils fixes the following issues: aaa_base: - Failures in ping for SUSE Linux Enterprise 15 and 15 SP1 due to sysctl setting for ping_group_range (bsc#1199926, bsc#1199927) - The wrapper rootsh is not a restricted shell (bsc#1199492) iputils: - Fix device binding on ping6 for ICMP datagram socket. (bsc#1196840, bsc#1199918, bsc#1199926, bsc#1199927) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3910-1 Released: Tue Nov 8 13:05:04 2022 Summary: Recommended update for pam Type: recommended Severity: moderate References: This update for pam fixes the following issue: - Update pam_motd to the most current version. (PED-1712) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3912-1 Released: Tue Nov 8 13:38:11 2022 Summary: Security update for expat Type: security Severity: important References: 1204708,CVE-2022-43680 This update for expat fixes the following issues: - CVE-2022-43680: Fixed use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate (bsc#1204708). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3922-1 Released: Wed Nov 9 09:03:33 2022 Summary: Security update for protobuf Type: security Severity: important References: 1194530,1203681,1204256,CVE-2021-22569,CVE-2022-1941,CVE-2022-3171 This update for protobuf fixes the following issues: - CVE-2021-22569: Fixed Denial of Service in protobuf-java in the parsing procedure for binary data (bsc#1194530). - CVE-2022-1941: Fix a potential DoS issue in protobuf-cpp and protobuf-python (bsc#1203681) - CVE-2022-3171: Fix a potential DoS issue when parsing with binary data in protobuf-java (bsc#1204256) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3927-1 Released: Wed Nov 9 14:55:47 2022 Summary: Recommended update for runc Type: recommended Severity: moderate References: 1202021,1202821 This update for runc fixes the following issues: - Update to runc v1.1.4 (bsc#1202021) - Fix failed exec after systemctl daemon-reload (bsc#1202821) - Fix mounting via wrong proc - Fix 'permission denied' error from runc run on noexec filesystem ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3947-1 Released: Fri Nov 11 09:04:30 2022 Summary: Security update for xen Type: security Severity: important References: 1027519,1193923,1203806,1203807,1204482,1204485,1204487,1204488,1204489,1204490,1204494,1204496,CVE-2022-33746,CVE-2022-33747,CVE-2022-33748,CVE-2022-42309,CVE-2022-42310,CVE-2022-42311,CVE-2022-42312,CVE-2022-42313,CVE-2022-42314,CVE-2022-42315,CVE-2022-42316,CVE-2022-42317,CVE-2022-42318,CVE-2022-42319,CVE-2022-42320,CVE-2022-42321,CVE-2022-42322,CVE-2022-42323,CVE-2022-42325,CVE-2022-42326 This update for xen fixes the following issues: - CVE-2022-33746: Fixed DoS due to excessively long P2M pool freeing (bsc#1203806) - CVE-2022-33748: Fixed DoS due to race in locking (bsc#1203807) - CVE-2022-42311, CVE-2022-42312, CVE-2022-42313, CVE-2022-42314, CVE-2022-42315, CVE-2022-42316, CVE-2022-42317, CVE-2022-42318: xen: Xenstore: Guests can let xenstored run out of memory (bsc#1204482) - CVE-2022-42309: xen: Xenstore: Guests can crash xenstored (bsc#1204485) - CVE-2022-42310: xen: Xenstore: Guests can create orphaned Xenstore nodes (bsc#1204487) - CVE-2022-42319: xen: Xenstore: Guests can cause Xenstore to not free temporary memory (bsc#1204488) - CVE-2022-42320: xen: Xenstore: Guests can get access to Xenstore nodes of deleted domains (bsc#1204489) - CVE-2022-42321: xen: Xenstore: Guests can crash xenstored via exhausting the stack (bsc#1204490) - CVE-2022-42322,CVE-2022-42323: xen: Xenstore: cooperating guests can create arbitrary numbers of nodes (bsc#1204494) - CVE-2022-42325,CVE-2022-42326: xen: Xenstore: Guests can create arbitrary number of nodes via transactions (bsc#1204496) - xen: Frontends vulnerable to backends (bsc#1193923) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3955-1 Released: Fri Nov 11 12:24:27 2022 Summary: Security update for samba Type: security Severity: important References: 1200102,1202803,1202976,CVE-2022-1615,CVE-2022-32743 This update for samba fixes the following issues: - CVE-2022-1615: Fixed error handling in random number generation (bso#15103)(bsc#1202976). - CVE-2022-32743: Implement validated dnsHostName write rights (bso#14833)(bsc#1202803). Bugfixes: - Fixed use after free when iterating smbd_server_connection->connections after tree disconnect failure (bso#15128)(bsc#1200102). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3961-1 Released: Mon Nov 14 07:33:50 2022 Summary: Recommended update for zlib Type: recommended Severity: important References: 1203652 This update for zlib fixes the following issues: - Fix updating strm.adler with inflate() if DFLTCC is used (bsc#1203652) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3973-1 Released: Mon Nov 14 15:38:25 2022 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1201959,1204211 This update for util-linux fixes the following issues: - Fix file conflict during upgrade (bsc#1204211) - libuuid improvements (bsc#1201959, PED-1150): libuuid: Fix range when parsing UUIDs. Improve cache handling for short running applications-increment the cache size over runtime. Implement continuous clock handling for time based UUIDs. Check clock value from clock file to provide seamless libuuid. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4020-1 Released: Wed Nov 16 15:45:13 2022 Summary: Recommended update for nfs-utils Type: recommended Severity: moderate References: 1199856,1202627 This update for nfs-utils fixes the following issues: - Fix nfsdcltrack bug that affected non-x86 archs (bsc#1202627) - Ensure sysctl setting work (bsc#1199856) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4053-1 Released: Thu Nov 17 15:35:55 2022 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1032323,1065729,1152489,1198702,1200465,1200788,1201725,1202638,1202686,1202700,1203066,1203098,1203387,1203391,1203496,1203802,1204053,1204166,1204168,1204354,1204355,1204382,1204402,1204415,1204417,1204431,1204439,1204470,1204479,1204574,1204575,1204619,1204635,1204637,1204646,1204647,1204653,1204728,1204753,1204754,CVE-2021-4037,CVE-2022-2153,CVE-2022-2964,CVE-2022-2978,CVE-2022-3176,CVE-2022-3424,CVE-2022-3521,CVE-2022-3524,CVE-2022-3535,CVE-2022-3542,CVE-2022-3545,CVE-2022-3565,CVE-2022-3577,CVE-2022-3586,CVE-2022-3594,CVE-2022-3621,CVE-2022-3625,CVE-2022-3629,CVE-2022-3640,CVE-2022-3646,CVE-2022-3649,CVE-2022-39189,CVE-2022-42703,CVE-2022-43750 The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2021-4037: Fixed function logic vulnerability that allowed local users to create files for the XFS file-system with an unintended group ownership and with group execution and SGID permission bits set (bnc#1198702). - CVE-2022-2153: Fixed vulnerability in KVM that could allow an unprivileged local attacker on the host to cause DoS (bnc#1200788). - CVE-2022-2964: Fixed memory corruption issues in ax88179_178a devices (bnc#1202686). - CVE-2022-2978: Fixed use-after-free in the NILFS file system that could lead to local privilege escalation or DoS (bnc#1202700). - CVE-2022-3176: Fixed use-after-free in io_uring when using POLLFREE (bnc#1203391). - CVE-2022-3424: Fixed use-after-free in gru_set_context_option(), gru_fault() and gru_handle_user_call_os() that could lead to kernel panic (bsc#1204166). - CVE-2022-3521: Fixed race condition in kcm_tx_work() in net/kcm/kcmsock.c (bnc#1204355). - CVE-2022-3524: Fixed memory leak in ipv6_renew_options() in the IPv6 handler (bnc#1204354). - CVE-2022-3535: Fixed memory leak in mvpp2_dbgfs_port_init() in drivers/net/ethernet/marvell/mvpp2/mvpp2_debugfs.c (bnc#1204417). - CVE-2022-3542: Fixed memory leak in bnx2x_tpa_stop() in drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.c (bnc#1204402). - CVE-2022-3545: Fixed use-after-free in area_cache_get() in drivers/net/ethernet/netronome/nfp/nfpcore/nfp_cppcore.c (bnc#1204415). - CVE-2022-3565: Fixed use-after-free in del_timer() in drivers/isdn/mISDN/l1oip_core.c (bnc#1204431). - CVE-2022-3577: Fixed out-of-bounds memory write flaw in bigben device driver that could lead to local privilege escalation or DoS (bnc#1204470). - CVE-2022-3586: Fixed use-after-free in socket buffer (SKB) that could allow a local unprivileged user to cause a denial of service (bnc#1204439). - CVE-2022-3594: Fixed excessive data logging in intr_callback() in drivers/net/usb/r8152.c (bnc#1204479). - CVE-2022-3621: Fixed null pointer dereference in nilfs_bmap_lookup_at_level() in fs/nilfs2/inode.c (bnc#1204574). - CVE-2022-3625: Fixed use-after-free in devlink_param_set()/devlink_param_get() in net/core/devlink.c (bnc#1204637). - CVE-2022-3629: Fixed memory leak in vsock_connect() in net/vmw_vsock/af_vsock.c (bnc#1204635). - CVE-2022-3640: Fixed use-after-free in l2cap_conn_del() in net/bluetooth/l2cap_core.c (bnc#1204619). - CVE-2022-3646: Fixed memory leak in nilfs_attach_log_writer() in fs/nilfs2/segment.c (bnc#1204646). - CVE-2022-3649: Fixed use-after-free in nilfs_new_inode() in fs/nilfs2/inode.c (bnc#1204647). - CVE-2022-39189: Fixed a flaw in the x86 KVM subsystem that could allow unprivileged guest users to compromise the guest kernel via TLB flush operations on preempted vCPU (bnc#1203066). - CVE-2022-42703: Fixed use-after-free in mm/rmap.c related to leaf anon_vma double reuse (bnc#1204168). - CVE-2022-43750: Fixed vulnerability in usbmon that allowed a user-space client to corrupt the monitor's internal memory (bnc#1204653). The following non-security bugs were fixed: - ACPI: APEI: do not add task_work to kernel thread to avoid memory leak (git-fixes). - ACPI: HMAT: Release platform device in case of platform_device_add_data() fails (git-fixes). - ACPI: extlog: Handle multiple records (git-fixes). - ACPI: processor idle: Practically limit 'Dummy wait' workaround to old Intel systems (bnc#1203802). - ACPI: video: Add Toshiba Satellite/Portege Z830 quirk (git-fixes). - ALSA: Use del_timer_sync() before freeing timer (git-fixes). - ALSA: ac97: fix possible memory leak in snd_ac97_dev_register() (git-fixes). - ALSA: aoa: Fix I2S device accounting (git-fixes). - ALSA: aoa: i2sbus: fix possible memory leak in i2sbus_add_dev() (git-fixes). - ALSA: asihpi - Remove useless code in hpi_meter_get_peak() (git-fixes). - ALSA: au88x0: use explicitly signed char (git-fixes). - ALSA: dmaengine: increment buffer pointer atomically (git-fixes). - ALSA: hda/hdmi: Do not skip notification handling during PM operation (git-fixes). - ALSA: hda/realtek: Add Intel Reference SSID to support headset keys (git-fixes). - ALSA: hda/realtek: Add pincfg for ASUS G513 HP jack (git-fixes). - ALSA: hda/realtek: Add pincfg for ASUS G533Z HP jack (git-fixes). - ALSA: hda/realtek: Add quirk for ASUS GA503R laptop (git-fixes). - ALSA: hda/realtek: Add quirk for ASUS GV601R laptop (git-fixes). - ALSA: hda/realtek: Add quirk for Huawei WRT-WX9 (git-fixes). - ALSA: hda/realtek: Correct pin configs for ASUS G533Z (git-fixes). - ALSA: hda/realtek: Enable 4-speaker output Dell Precision 5530 laptop (git-fixes). - ALSA: hda/realtek: remove ALC289_FIXUP_DUAL_SPK for Dell 5530 (git-fixes). - ALSA: hda/sigmatel: Fix unused variable warning for beep power change (git-fixes). - ALSA: hda/sigmatel: Keep power up while beep is enabled (git-fixes). - ALSA: hda/tegra: Align BDL entry to 4KB boundary (git-fixes). - ALSA: hda: Fix position reporting on Poulsbo (git-fixes). - ALSA: hda: add Intel 5 Series / 3400 PCI DID (git-fixes). - ALSA: oss: Fix potential deadlock at unregistration (git-fixes). - ALSA: rawmidi: Drop register_mutex in snd_rawmidi_free() (git-fixes). - ALSA: rme9652: use explicitly signed char (git-fixes). - ALSA: usb-audio: Fix NULL dererence at error path (git-fixes). - ALSA: usb-audio: Fix potential memory leaks (git-fixes). - ASoC: eureka-tlv320: Hold reference returned from of_find_xxx API (git-fixes). - ASoC: fsl_sai: Remove unnecessary FIFO reset in ISR (git-fixes). - ASoC: mt6660: Fix PM disable depth imbalance in mt6660_i2c_probe (git-fixes). - ASoC: nau8824: Fix semaphore unbalance at error paths (git-fixes). - ASoC: rsnd: Add check for rsnd_mod_power_on (git-fixes). - ASoC: tas2770: Reinit regcache on reset (git-fixes). - ASoC: wcd9335: fix order of Slimbus unprepare/disable (git-fixes). - ASoC: wcd934x: fix order of Slimbus unprepare/disable (git-fixes). - ASoC: wm5102: Fix PM disable depth imbalance in wm5102_probe (git-fixes). - ASoC: wm5110: Fix PM disable depth imbalance in wm5110_probe (git-fixes). - ASoC: wm8997: Fix PM disable depth imbalance in wm8997_probe (git-fixes). - Bluetooth: L2CAP: Fix user-after-free (git-fixes). - Bluetooth: L2CAP: initialize delayed works at l2cap_chan_create() (git-fixes). - Bluetooth: hci_core: Fix not handling link timeouts propertly (git-fixes). - Bluetooth: hci_sysfs: Fix attempting to call device_add multiple times (git-fixes). - HID: hidraw: fix memory leak in hidraw_release() (git-fixes). - HID: magicmouse: Do not set BTN_MOUSE on double report (git-fixes). - HID: multitouch: Add memory barriers (git-fixes). - HID: roccat: Fix use-after-free in roccat_read() (git-fixes). - HSI: omap_ssi: Fix refcount leak in ssi_probe (git-fixes). - HSI: omap_ssi_port: Fix dma_map_sg error check (git-fixes). - IB/cm: Cancel mad on the DREQ event when the state is MRA_REP_RCVD (git-fixes) - IB/cma: Allow XRC INI QPs to set their local ACK timeout (git-fixes) - IB/core: Only update PKEY and GID caches on respective events (git-fixes) - IB/hfi1: Adjust pkey entry in index 0 (git-fixes) - IB/hfi1: Fix abba locking issue with sc_disable() (git-fixes) - IB/hfi1: Fix possible null-pointer dereference in _extend_sdma_tx_descs() (git-fixes) - IB/mlx4: Add support for REJ due to timeout (git-fixes) - IB/mlx4: Use port iterator and validation APIs (git-fixes) - IB/qib: Protect from buffer overflow in struct qib_user_sdma_pkt fields (git-fixes) - IB/rdmavt: Add __init/__exit annotations to module init/exit funcs (git-fixes) - IB/srpt: Remove redundant assignment to ret (git-fixes) - Input: i8042 - fix refount leak on sparc (git-fixes). - Input: xpad - add supported devices as contributed on github (git-fixes). - Input: xpad - fix wireless 360 controller breaking after suspend (git-fixes). - KVM: nVMX: Unconditionally purge queued/injected events on nested 'exit' (git-fixes). - KVM: s390: Clarify SIGP orders versus STOP/RESTART (git-fixes). - KVM: s390: VSIE: fix MVPG handling for prefixing and MSO (git-fixes). - KVM: s390: clear kicked_mask before sleeping again (git-fixes). - KVM: s390: preserve deliverable_mask in __airqs_kick_single_vcpu (git-fixes). - KVM: s390: pv: do not present the ecall interrupt twice (git-fixes). - KVM: s390: split kvm_s390_real_to_abs (git-fixes). - KVM: s390x: fix SCK locking (git-fixes). - KVM: x86/emulator: Fix handing of POP SS to correctly set interruptibility (git-fixes). - PCI: Dynamically map ECAM regions (bsc#1204382). - PCI: Fix used_buses calculation in pci_scan_child_bus_extend() (git-fixes). - PCI: Sanitise firmware BAR assignments behind a PCI-PCI bridge (git-fixes). - PM: domains: Fix handling of unavailable/disabled idle states (git-fixes). - PM: hibernate: Allow hybrid sleep to work with s2idle (git-fixes). - RDMA/bnxt_re: Add missing spin lock initialization (git-fixes) - RDMA/bnxt_re: Fix query SRQ failure (git-fixes) - RDMA/cm: Fix memory leak in ib_cm_insert_listen (git-fixes) - RDMA/cma: Ensure rdma_addr_cancel() happens before issuing more requests (git-fixes) - RDMA/cma: Fix arguments order in net device validation (git-fixes) - RDMA/core: Sanitize WQ state received from the userspace (git-fixes) - RDMA/cxgb4: Remove MW support (git-fixes) - RDMA/efa: Free IRQ vectors on error flow (git-fixes) - RDMA/efa: Remove double QP type assignment (git-fixes) - RDMA/efa: Use ib_umem_num_dma_pages() (git-fixes) - RDMA/hfi1: Fix potential integer multiplication overflow errors (git-fixes) - RDMA/hns: Remove unnecessary check for the sgid_attr when modifying QP (git-fixes) - RDMA/i40iw: Use ib_umem_num_dma_pages() (git-fixes) - RDMA/iwcm: Release resources if iw_cm module initialization fails (git-fixes) - RDMA/mlx4: Return missed an error if device does not support steering (git-fixes) - RDMA/mlx5: Add missing check for return value in get namespace flow (git-fixes) - RDMA/mlx5: Block FDB rules when not in switchdev mode (git-fixes) - RDMA/mlx5: Fix memory leak in error flow for subscribe event routine (git-fixes) - RDMA/mlx5: Make mkeys always owned by the kernel's PD when not enabled (git-fixes) - RDMA/mlx5: Set user priority for DCT (git-fixes) - RDMA/mlx5: Use set_mkc_access_pd_addr_fields() in reg_create() (git-fixes) - RDMA/qedr: Fix NULL deref for query_qp on the GSI QP (git-fixes) - RDMA/qedr: Fix potential memory leak in __qedr_alloc_mr() (git-fixes) - RDMA/qedr: Fix reporting QP timeout attribute (git-fixes) - RDMA/qib: Remove superfluous fallthrough statements (git-fixes) - RDMA/rtrs-srv: Pass the correct number of entries for dma mapped SGL (git-fixes) - RDMA/rxe: Do not overwrite errno from ib_umem_get() (git-fixes) - RDMA/rxe: Fix 'kernel NULL pointer dereference' error (git-fixes) - RDMA/rxe: Fix error unwind in rxe_create_qp() (git-fixes) - RDMA/rxe: Fix extra copies in build_rdma_network_hdr (git-fixes) - RDMA/rxe: Fix extra copy in prepare_ack_packet (git-fixes) - RDMA/rxe: Fix failure during driver load (git-fixes) - RDMA/rxe: Fix over copying in get_srq_wqe (git-fixes) - RDMA/rxe: Fix redundant call to ip_send_check (git-fixes) - RDMA/rxe: Fix redundant skb_put_zero (git-fixes) - RDMA/rxe: Fix rnr retry behavior (git-fixes) - RDMA/rxe: Fix the error caused by qp->sk (git-fixes) - RDMA/rxe: Fix wrong port_cap_flags (git-fixes) - RDMA/rxe: Generate a completion for unsupported/invalid opcode (git-fixes) - RDMA/rxe: Remove unused pkt->offset (git-fixes) - RDMA/rxe: Return CQE error if invalid lkey was supplied (git-fixes) - RDMA/sa_query: Use strscpy_pad instead of memcpy to copy a string (git-fixes) - RDMA/siw: Always consume all skbuf data in sk_data_ready() upcall. (git-fixes) - RDMA/siw: Fix a condition race issue in MPA request processing (git-fixes) - RDMA/siw: Fix duplicated reported IW_CM_EVENT_CONNECT_REPLY event (git-fixes) - RDMA/siw: Pass a pointer to virt_to_page() (git-fixes) - RDMA/usnic: fix set-but-not-unused variable 'flags' warning (git-fixes) - RDMA: Verify port when creating flow rule (git-fixes) - RDMA: remove useless condition in siw_create_cq() (git-fixes) - RDMa/mthca: Work around -Wenum-conversion warning (git-fixes) - Revert 'drivers/video/backlight/platform_lcd.c: add support for (bsc#1152489) - Revert 'drm: bridge: analogix/dp: add panel prepare/unprepare in suspend/resume time' (git-fixes). - Revert 'usb: add quirks for Lenovo OneLink+ Dock' (git-fixes). - Revert 'usb: storage: Add quirk for Samsung Fit flash' (git-fixes). - Revert 'usb: storage: Add quirk for Samsung Fit flash' (git-fixes). - USB: serial: console: move mutex_unlock() before usb_serial_put() (git-fixes). - USB: serial: ftdi_sio: fix 300 bps rate for SIO (git-fixes). - USB: serial: option: add Quectel BG95 0x0203 composition (git-fixes). - USB: serial: option: add Quectel BG95 0x0203 composition (git-fixes). - USB: serial: option: add Quectel RM520N (git-fixes). - USB: serial: option: add Quectel RM520N (git-fixes). - USB: serial: qcserial: add new usb-id for Dell branded EM7455 (git-fixes). - USB: serial: qcserial: add new usb-id for Dell branded EM7455 (git-fixes). - arm64: assembler: add cond_yield macro (git-fixes) - ata: fix ata_id_has_devslp() (git-fixes). - ata: fix ata_id_has_dipm() (git-fixes). - ata: fix ata_id_has_ncq_autosense() (git-fixes). - ata: fix ata_id_sense_reporting_enabled() and ata_id_has_sense_reporting() (git-fixes). - ata: libahci_platform: Sanity check the DT child nodes number (git-fixes). - can: bcm: check the result of can_send() in bcm_can_tx() (git-fixes). - can: gs_usb: gs_can_open(): fix race dev->can.state condition (git-fixes). - can: kvaser_usb: Fix possible completions during init_completion (git-fixes). - can: kvaser_usb: Fix use of uninitialized completion (git-fixes). - can: kvaser_usb_leaf: Fix CAN state after restart (git-fixes). - can: kvaser_usb_leaf: Fix TX queue out of sync after restart (git-fixes). - can: mscan: mpc5xxx: mpc5xxx_can_probe(): add missing put_clock() in error path (git-fixes). - cgroup/cpuset: Enable update_tasks_cpumask() on top_cpuset (bsc#1204753). - clk: bcm2835: Make peripheral PLLC critical (git-fixes). - clk: bcm2835: fix bcm2835_clock_rate_from_divisor declaration (git-fixes). - clk: berlin: Add of_node_put() for of_get_parent() (git-fixes). - clk: imx: imx6sx: remove the SET_RATE_PARENT flag for QSPI clocks (git-fixes). - clk: iproc: Do not rely on node name for correct PLL setup (git-fixes). - clk: mediatek: mt8183: mfgcfg: Propagate rate changes to parent (git-fixes). - clk: oxnas: Hold reference returned by of_get_parent() (git-fixes). - clk: qcom: gcc-msm8916: use ARRAY_SIZE instead of specifying num_parents (git-fixes). - clk: qoriq: Hold reference returned by of_get_parent() (git-fixes). - clk: tegra20: Fix refcount leak in tegra20_clock_init (git-fixes). - clk: tegra: Fix refcount leak in tegra114_clock_init (git-fixes). - clk: tegra: Fix refcount leak in tegra210_clock_init (git-fixes). - clk: ti: dra7-atl: Fix reference leak in of_dra7_atl_clk_probe (git-fixes). - clk: zynqmp: Fix stack-out-of-bounds in strncpy` (git-fixes). - clk: zynqmp: pll: rectify rate rounding in zynqmp_pll_round_rate (git-fixes). - crypto: akcipher - default implementation for setting a private key (git-fixes). - crypto: arm64/sha - fix function types (git-fixes) - crypto: arm64/sha1-ce - simplify NEON yield (git-fixes) - crypto: arm64/sha2-ce - simplify NEON yield (git-fixes) - crypto: arm64/sha3-ce - simplify NEON yield (git-fixes) - crypto: arm64/sha512-ce - simplify NEON yield (git-fixes) - crypto: cavium - prevent integer overflow loading firmware (git-fixes). - crypto: ccp - Release dma channels before dmaengine unrgister (git-fixes). - crypto: hisilicon/zip - fix mismatch in get/set sgl_sge_nr (git-fixes). - device property: Fix documentation for *_match_string() APIs (git-fixes). - dmaengine: ioat: stop mod_timer from resurrecting deleted timer in __cleanup() (git-fixes). - dmaengine: xilinx_dma: Report error in case of dma_set_mask_and_coherent API failure (git-fixes). - dmaengine: xilinx_dma: cleanup for fetching xlnx,num-fstores property (git-fixes). - docs: update mediator information in CoC docs (git-fixes). - drivers: serial: jsm: fix some leaks in probe (git-fixes). - drm/amd/display: Limit user regamma to a valid value (git-fixes). - drm/amdgpu: do not register a dirty callback for non-atomic (git-fixes). - drm/amdgpu: fix initial connector audio value (git-fixes). - drm/amdgpu: use dirty framebuffer helper (git-fixes). - drm/bridge: Avoid uninitialized variable warning (git-fixes). - drm/bridge: megachips: Fix a null pointer dereference bug (git-fixes). - drm/bridge: parade-ps8640: Fix regulator supply order (git-fixes). - drm/i915/gvt: fix a memory leak in intel_gvt_init_vgpu_types (git-fixes). - drm/mipi-dsi: Detach devices when removing the host (git-fixes). - drm/msm/dpu: Fix comment typo (git-fixes). - drm/msm/dpu: index dpu_kms->hw_vbif using vbif_idx (git-fixes). - drm/msm/dsi: fix memory corruption with too many bridges (git-fixes). - drm/msm/hdmi: fix memory corruption with too many bridges (git-fixes). - drm/msm: Fix return type of mdp4_lvds_connector_mode_valid (git-fixes). - drm/msm: Make .remove and .shutdown HW shutdown consistent (git-fixes). - drm/nouveau/nouveau_bo: fix potential memory leak in nouveau_bo_alloc() (git-fixes). - drm/nouveau: fix a use-after-free in nouveau_gem_prime_import_sg_table() (git-fixes). - drm/omap: dss: Fix refcount leak bugs (git-fixes). - drm/rockchip: Fix return type of cdn_dp_connector_mode_valid (git-fixes). - drm/scheduler: quieten kernel-doc warnings (git-fixes). - drm/udl: Restore display mode on resume (git-fixes). - drm: Prevent drm_copy_field() to attempt copying a NULL pointer (git-fixes). - drm: Use size_t type for len variable in drm_copy_field() (git-fixes). - drm: bridge: adv7511: fix CEC power down control register offset (git-fixes). - drm: fix drm_mipi_dbi build errors (git-fixes). - drm: panel-orientation-quirks: Add quirk for Anbernic Win600 (git-fixes). - drm:pl111: Add of_node_put() when breaking out of for_each_available_child_of_node() (git-fixes). - dyndbg: fix module.dyndbg handling (git-fixes). - dyndbg: let query-modname override actual module name (git-fixes). - efi: Correct Macmini DMI match in uefi cert quirk (git-fixes). - efi: libstub: drop pointless get_memory_map() call (git-fixes). - exfat: Return ENAMETOOLONG consistently for oversized paths (bsc#1204053 bsc#1201725). - fbdev: cyber2000fb: fix missing pci_disable_device() (git-fixes). - fbdev: da8xx-fb: Fix error handling in .remove() (git-fixes). - firmware: arm_scmi: Add SCMI PM driver remove routine (git-fixes). - firmware: google: Test spinlock on panic path to avoid lockups (git-fixes). - fpga: prevent integer overflow in dfl_feature_ioctl_set_irq() (git-fixes). - gpio: rockchip: request GPIO mux to pinctrl when setting direction (git-fixes). - hid: hid-logitech-hidpp: avoid unnecessary assignments in hidpp_connect_event (git-fixes). - hwmon/coretemp: Handle large core ID value (git-fixes). - iio: ABI: Fix wrong format of differential capacitance channel ABI (git-fixes). - iio: adc: ad7923: fix channel readings for some variants (git-fixes). - iio: adc: at91-sama5d2_adc: check return status for pressure and touch (git-fixes). - iio: adc: at91-sama5d2_adc: fix AT91_SAMA5D2_MR_TRACKTIM_MAX (git-fixes). - iio: adc: at91-sama5d2_adc: lock around oversampling and sample freq (git-fixes). - iio: adc: mcp3911: use correct id bits (git-fixes). - iio: dac: ad5593r: Fix i2c read protocol requirements (git-fixes). - iio: inkern: only release the device node when done with it (git-fixes). - iio: light: tsl2583: Fix module unloading (git-fixes). - iio: pressure: dps310: Refactor startup procedure (git-fixes). - iio: pressure: dps310: Reset chip after timeout (git-fixes). - irqchip/ls-extirq: Fix invalid wait context by avoiding to use regmap (git-fixes). - kABI: arm64/crypto/sha512 Preserve function signature (git-fixes). - kbuild: Add skip_encoding_btf_enum64 option to pahole (git-fixes). - kbuild: remove the target in signal traps when interrupted (git-fixes). - kbuild: sink stdout from cmd for silent build (git-fixes). - kbuild: skip per-CPU BTF generation for pahole v1.18-v1.21 (jsc#SLE-24559). - kthread: Extract KTHREAD_IS_PER_CPU (bsc#1204753). - lib/sg_pool: change module_init(sg_pool_init) to subsys_initcall (git-fixes). - libata: add ATA_HORKAGE_NOLPM for Pioneer BDR-207M and BDR-205 (git-fixes). - locking/csd_lock: Change csdlock_debug from early_param to __setup (git-fixes). - mISDN: fix use-after-free bugs in l1oip timer handlers (git-fixes). - mISDN: hfcpci: Fix use-after-free bug in hfcpci_softirq (git-fixes). - mac802154: Fix LQI recording (git-fixes). - mailbox: bcm-ferxrm-mailbox: Fix error check for dma_map_sg (git-fixes). - media: aspeed-video: ignore interrupts that are not enabled (git-fixes). - media: cedrus: Set the platform driver data earlier (git-fixes). - media: coda: Add more H264 levels for CODA960 (git-fixes). - media: coda: Fix reported H264 profile (git-fixes). - media: cx88: Fix a null-ptr-deref bug in buffer_prepare() (git-fixes). - media: dvb_vb2: fix possible out of bound access (git-fixes). - media: v4l2-dv-timings: add sanity checks for blanking values (git-fixes). - media: videodev2.h: V4L2_DV_BT_BLANKING_HEIGHT should check 'interlaced' (git-fixes). - media: xilinx: vipp: Fix refcount leak in xvip_graph_dma_init (git-fixes). - memory: of: Fix refcount leak bug in of_get_ddr_timings() (git-fixes). - memory: pl353-smc: Fix refcount leak bug in pl353_smc_probe() (git-fixes). - mfd: fsl-imx25: Fix an error handling path in mx25_tsadc_setup_irq() (git-fixes). - mfd: intel_soc_pmic: Fix an error handling path in intel_soc_pmic_i2c_probe() (git-fixes). - mfd: lp8788: Fix an error handling path in lp8788_irq_init() and lp8788_irq_init() (git-fixes). - mfd: lp8788: Fix an error handling path in lp8788_probe() (git-fixes). - mfd: sm501: Add check for platform_driver_register() (git-fixes). - misc: ocxl: fix possible refcount leak in afu_ioctl() (git-fixes). - mm, memcg: avoid stale protection values when cgroup is above protection (bsc#1204754). - mm/hugetlb: fix races when looking up a CONT-PTE/PMD size hugetlb page (bsc#1204575). - mm: memcontrol: fix occasional OOMs due to proportional memory.low reclaim (bsc#1204754). - mmc: au1xmmc: Fix an error handling path in au1xmmc_probe() (git-fixes). - mmc: core: Fix kernel panic when remove non-standard SDIO card (git-fixes). - mmc: core: Replace with already defined values for readability (git-fixes). - mmc: core: Terminate infinite loop in SD-UHS voltage switch (git-fixes). - mmc: moxart: fix 4-bit bus width and remove 8-bit bus width (git-fixes). - mmc: sdhci-msm: add compatible string check for sdm670 (git-fixes). - mmc: sdhci-sprd: Fix minimum clock limit (git-fixes). - mmc: wmt-sdmmc: Fix an error handling path in wmt_mci_probe() (git-fixes). - mtd: devices: docg3: check the return value of devm_ioremap() in the probe (git-fixes). - mtd: rawnand: atmel: Unmap streaming DMA mappings (git-fixes). - mtd: rawnand: marvell: Use correct logic for nand-keep-config (git-fixes). - mtd: rawnand: meson: fix bit map use in meson_nfc_ecc_correct() (git-fixes). - net/ieee802154: fix uninit value bug in dgram_sendmsg (git-fixes). - net: ieee802154: return -EINVAL for unknown addr type (git-fixes). - net: usb: qmi_wwan: Add new usb-id for Dell branded EM7455 (git-fixes). - net: usb: qmi_wwan: Add new usb-id for Dell branded EM7455 (git-fixes). - net: usb: qmi_wwan: add Quectel RM520N (git-fixes). - openvswitch: Fix double reporting of drops in dropwatch (git-fixes). - openvswitch: Fix overreporting of drops in dropwatch (git-fixes). - openvswitch: switch from WARN to pr_warn (git-fixes). - padata: introduce internal padata_get/put_pd() helpers (bsc#1202638). - padata: make padata_free_shell() to respect pd's ->refcnt (bsc#1202638). - parisc/sticon: fix reverse colors (bsc#1152489) Backporting notes: * context changes - parisc: parisc-agp requires SBA IOMMU driver (bsc#1152489) - phy: qualcomm: call clk_disable_unprepare in the error handling (git-fixes). - pinctrl: armada-37xx: Add missing GPIO-only pins (git-fixes). - pinctrl: armada-37xx: Checks for errors in gpio_request_enable callback (git-fixes). - pinctrl: armada-37xx: Fix definitions for MPP pins 20-22 (git-fixes). - pinctrl: rockchip: add pinmux_ops.gpio_set_direction callback (git-fixes). - platform/x86: msi-laptop: Change DMI match / alias strings to fix module autoloading (git-fixes). - platform/x86: msi-laptop: Fix old-ec check for backlight registering (git-fixes). - platform/x86: msi-laptop: Fix resource cleanup (git-fixes). - power: supply: adp5061: fix out-of-bounds read in adp5061_get_chg_type() (git-fixes). - powerpc/64: Remove unused SYS_CALL_TABLE symbol (jsc#SLE-9246 git-fixes). - powerpc/fadump: align destination address to pagesize (bsc#1204728 ltc#200074). - powerpc/kprobes: Fix null pointer reference in arch_prepare_kprobe() (jsc#SLE-13847 git-fixes). - powerpc/mm/64s: Drop pgd_huge() (bsc#1065729). - powerpc/mm: remove pmd_huge/pud_huge stubs and include hugetlb.h (bsc#1065729). - powerpc/pci_dn: Add missing of_node_put() (bsc#1065729). - powerpc/powernv: add missing of_node_put() in opal_export_attrs() (bsc#1065729). - powerpc/pseries: Interface to represent PAPR firmware attributes (bsc#1200465 ltc#197256 jsc#PED-1931). - quota: widen timestamps for the fs_disk_quota structure (bsc#1203387). - regulator: pfuze100: Fix the global-out-of-bounds access in pfuze100_regulator_probe() (git-fixes). - regulator: qcom_rpm: Fix circular deferral regression (git-fixes). - reset: imx7: Fix the iMX8MP PCIe PHY PERST support (git-fixes). - rpmsg: qcom: glink: replace strncpy() with strscpy_pad() (git-fixes). - rtc: stmp3xxx: Add failure handling for stmp3xxx_wdt_register() (git-fixes). - s390/hypfs: avoid error message under KVM (bsc#1032323). - sbitmap: Avoid leaving waitqueue in invalid state in __sbq_wake_up() (git-fixes). - sbitmap: fix possible io hung due to lost wakeup (git-fixes). - scsi: libsas: Fix use-after-free bug in smp_execute_task_sg() (git-fixes). - scsi: mpt3sas: Fix return value check of dma_get_required_mask() (git-fixes). - scsi: qla2xxx: Fix disk failure to rediscover (git-fixes). - selftest/powerpc: Add PAPR sysfs attributes sniff test (bsc#1200465 ltc#197256 jsc#PED-1931). - selftests/powerpc: Skip energy_scale_info test on older firmware (git-fixes). - serial: Create uart_xmit_advance() (git-fixes). - serial: tegra-tcu: Use uart_xmit_advance(), fixes icount.tx accounting (git-fixes). - serial: tegra: Use uart_xmit_advance(), fixes icount.tx accounting (git-fixes). - soc: qcom: smem_state: Add refcounting for the 'state->of_node' (git-fixes). - soc: qcom: smsm: Fix refcount leak bugs in qcom_smsm_probe() (git-fixes). - soc: sunxi: sram: Actually claim SRAM regions (git-fixes). - soc: sunxi: sram: Fix debugfs info for A64 SRAM C (git-fixes). - soc: sunxi: sram: Prevent the driver from being unbound (git-fixes). - soc: sunxi_sram: Make use of the helper function devm_platform_ioremap_resource() (git-fixes). - spi/omap100k:Fix PM disable depth imbalance in omap1_spi100k_probe (git-fixes). - spi: mt7621: Fix an error message in mt7621_spi_probe() (git-fixes). - spi: qup: add missing clk_disable_unprepare on error in spi_qup_pm_resume_runtime() (git-fixes). - spi: qup: add missing clk_disable_unprepare on error in spi_qup_resume() (git-fixes). - spi: s3c64xx: Fix large transfers with DMA (git-fixes). - staging: rtl8723bs: fix a potential memory leak in rtw_init_cmd_priv() (git-fixes). - staging: vt6655: fix potential memory leak (git-fixes). - staging: vt6655: fix some erroneous memory clean-up loops (git-fixes). - struct pci_config_window kABI workaround (bsc#1204382). - thermal: intel_powerclamp: Use first online CPU as control_cpu (git-fixes). - thermal: intel_powerclamp: Use get_cpu() instead of smp_processor_id() to avoid crash (git-fixes). - tty/serial: atmel: RS485 & ISO7816: wait for TXRDY before sending data (git-fixes). - tty: serial: fsl_lpuart: disable dma rx/tx use flags in lpuart_dma_shutdown (git-fixes). - tty: xilinx_uartps: Fix the ignore_status (git-fixes). - uas: add no-uas quirk for Hiksemi usb_disk (git-fixes). - uas: ignore UAS for Thinkplus chips (git-fixes). - usb-storage: Add Hiksemi USB3-FW to IGNORE_UAS (git-fixes). - usb: add quirks for Lenovo OneLink+ Dock (git-fixes). - usb: add quirks for Lenovo OneLink+ Dock (git-fixes). - usb: bdc: change state when port disconnected (git-fixes). - usb: dwc3: gadget: Avoid starting DWC3 gadget during UDC unbind (git-fixes). - usb: dwc3: gadget: Do not set IMI for no_interrupt (git-fixes). - usb: dwc3: gadget: Prevent repeat pullup() (git-fixes). - usb: dwc3: gadget: Stop processing more requests on IMI (git-fixes). - usb: gadget: function: fix dangling pnp_string in f_printer.c (git-fixes). - usb: host: xhci: Fix potential memory leak in xhci_alloc_stream_info() (git-fixes). - usb: idmouse: fix an uninit-value in idmouse_open (git-fixes). - usb: mon: make mmapped memory read only (git-fixes). - usb: musb: Fix musb_gadget.c rxstate overflow bug (git-fixes). - usb: typec: ucsi: Remove incorrect warning (git-fixes). - usb: xhci-mtk: add a function to (un)load bandwidth info (git-fixes). - usb: xhci-mtk: add only one extra CS for FS/LS INTR (git-fixes). - usb: xhci-mtk: add some schedule error number (git-fixes). - usb: xhci-mtk: fix issue of out-of-bounds array access (git-fixes). - usb: xhci-mtk: get the microframe boundary for ESIT (git-fixes). - usb: xhci-mtk: use @sch_tt to check whether need do TT schedule (git-fixes). - vhost/vsock: Use kvmalloc/kvfree for larger packets (git-fixes). - video: fbdev: pxa3xx-gcu: Fix integer overflow in pxa3xx_gcu_write (git-fixes). - watchdog: armada_37xx_wdt: Fix .set_timeout callback (git-fixes). - watchdog: ftwdt010_wdt: fix test for platform_get_irq() failure (git-fixes). - wifi: ath10k: add peer map clean up for peer delete in ath10k_sta_state() (git-fixes). - wifi: ath9k: avoid uninit memory read in ath9k_htc_rx_msg() (git-fixes). - wifi: brcmfmac: fix invalid address access when enabling SCAN log level (git-fixes). - wifi: brcmfmac: fix use-after-free bug in brcmf_netdev_start_xmit() (git-fixes). - wifi: cfg80211: update hidden BSSes to avoid WARN_ON (git-fixes). - wifi: iwlwifi: mvm: fix double list_add at iwl_mvm_mac_wake_tx_queue (other cases) (git-fixes). - wifi: mac80211: Fix UAF in ieee80211_scan_rx() (git-fixes). - wifi: mac80211: allow bw change during channel switch in mesh (git-fixes). - wifi: mac80211: do not drop packets smaller than the LLC-SNAP header on fast-rx (git-fixes). - wifi: mac80211_hwsim: avoid mac80211 warning on bad rate (git-fixes). - wifi: rt2x00: correctly set BBP register 86 for MT7620 (git-fixes). - wifi: rt2x00: do not run Rt5592 IQ calibration on MT7620 (git-fixes). - wifi: rt2x00: set SoC wmac clock register (git-fixes). - wifi: rt2x00: set VGC gain for both chains of MT7620 (git-fixes). - wifi: rt2x00: set correct TX_SW_CFG1 MAC register for MT7620 (git-fixes). - wifi: rtl8xxxu: Fix AIFS written to REG_EDCA_*_PARAM (git-fixes). - wifi: rtl8xxxu: Fix skb misuse in TX queue selection (git-fixes). - wifi: rtl8xxxu: Improve rtl8xxxu_queue_select (git-fixes). - wifi: rtl8xxxu: Remove copy-paste leftover in gen2_update_rate_mask (git-fixes). - wifi: rtl8xxxu: gen2: Fix mistake in path B IQ calibration (git-fixes). - wifi: rtl8xxxu: tighten bounds checking in rtl8xxxu_read_efuse() (git-fixes). - xfs: add missing assert in xfs_fsmap_owner_from_rmap (git-fixes). - xfs: enable big timestamps (bsc#1203387). - xfs: enable new inode btree counters feature (bsc#1203387). - xfs: explicitly define inode timestamp range (bsc#1203387). - xfs: fix memory corruption during remote attr value buffer invalidation (git-fixes). - xfs: fix s_maxbytes computation on 32-bit kernels (git-fixes). - xfs: hoist out xfs_resizefs_init_new_ags() (git-fixes). - xfs: move incore structures out of xfs_da_format.h (git-fixes). - xfs: quota: move to time64_t interfaces (bsc#1203387). - xfs: redefine xfs_ictimestamp_t (bsc#1203387). - xfs: redefine xfs_timestamp_t (bsc#1203387). - xfs: refactor remote attr value buffer invalidation (git-fixes). - xfs: remove obsolete AGF counter debugging (git-fixes). - xfs: rename `new' to `delta' in xfs_growfs_data_private() (git-fixes). - xfs: reserve data and rt quota at the same time (bsc#1203496). - xfs: slightly tweak an assert in xfs_fs_map_blocks (git-fixes). - xfs: store inode btree block counts in AGI header (bsc#1203387). - xfs: streamline xfs_attr3_leaf_inactive (git-fixes). - xfs: use a struct timespec64 for the in-core crtime (bsc#1203387). - xfs: use the finobt block counts to speed up mount times (bsc#1203387). - xfs: widen ondisk inode timestamps to deal with y2038+ (bsc#1203387). - xfs: widen ondisk quota expiration timestamps to handle y2038+ (bsc#1203387). - xhci: Do not show warning for reinit on known broken suspend (git-fixes). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4056-1 Released: Thu Nov 17 15:38:08 2022 Summary: Security update for systemd Type: security Severity: moderate References: 1204179,1204968,CVE-2022-3821 This update for systemd fixes the following issues: - CVE-2022-3821: Fixed buffer overrun in format_timespan() function (bsc#1204968). - Import commit 56bee38fd0da18dad5fc5c5d12c02238a22b50e2 * 8a70235d8a core: Add trigger limit for path units * 93e544f3a0 core/mount: also add default before dependency for automount mount units * 5916a7748c logind: fix crash in logind on user-specified message string - Document udev naming scheme (bsc#1204179). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4066-1 Released: Fri Nov 18 10:43:00 2022 Summary: Recommended update for timezone Type: recommended Severity: important References: 1177460,1202324,1204649,1205156 This update for timezone fixes the following issues: Update timezone version from 2022a to 2022f (bsc#1177460, bsc#1204649, bsc#1205156): - Mexico will no longer observe DST except near the US border - Chihuahua moves to year-round -06 on 2022-10-30 - Fiji no longer observes DST - In vanguard form, GMT is now a Zone and Etc/GMT a link - zic now supports links to links, and vanguard form uses this - Simplify four Ontario zones - Fix a Y2438 bug when reading TZif data - Enable 64-bit time_t on 32-bit glibc platforms - Omit large-file support when no longer needed - Jordan and Syria switch from +02/+03 with DST to year-round +03 - Palestine transitions are now Saturdays at 02:00 - Simplify three Ukraine zones into one - Improve tzselect on intercontinental Zones - Chile's DST is delayed by a week in September 2022 (bsc#1202324) - Iran no longer observes DST after 2022 - Rename Europe/Kiev to Europe/Kyiv - New `zic -R` command option - Vanguard form now uses %z ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4077-1 Released: Fri Nov 18 15:05:28 2022 Summary: Security update for sudo Type: security Severity: important References: 1190818,1203201,1204986,CVE-2022-43995 This update for sudo fixes the following issues: - CVE-2022-43995: Fixed a potential heap-based buffer over-read when entering a passwor dof seven characters or fewer and using the crypt() password backend (bsc#1204986). - Fix wrong information output in the error message (bsc#1190818). - Make sure SIGCHLD is not ignored when sudo is executed; fixes race condition (bsc#1203201). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4081-1 Released: Fri Nov 18 15:40:46 2022 Summary: Security update for dpkg Type: security Severity: low References: 1199944,CVE-2022-1664 This update for dpkg fixes the following issues: - CVE-2022-1664: Fixed a directory traversal vulnerability in Dpkg::Source::Archive (bsc#1199944). The following package changes have been done: - bind-utils-9.16.6-150300.22.21.2 updated - curl-7.66.0-150200.4.42.1 updated - dbus-1-1.12.2-150100.8.14.1 updated - docker-20.10.17_ce-150000.169.1 updated - iputils-s20161105-150000.8.6.1 updated - kernel-default-5.3.18-150300.59.101.1 updated - libbind9-1600-9.16.6-150300.22.21.2 updated - libblkid1-2.36.2-150300.4.28.1 updated - libcurl4-7.66.0-150200.4.42.1 updated - libdbus-1-3-1.12.2-150100.8.14.1 updated - libdns1605-9.16.6-150300.22.21.2 updated - libexpat1-2.2.5-150000.3.25.1 updated - libfdisk1-2.36.2-150300.4.28.1 updated - libgpg-error0-1.42-150300.9.3.1 updated - libirs1601-9.16.6-150300.22.21.2 updated - libisc1606-9.16.6-150300.22.21.2 updated - libisccc1600-9.16.6-150300.22.21.2 updated - libisccfg1600-9.16.6-150300.22.21.2 updated - libksba8-1.3.5-150000.4.3.1 updated - libmount1-2.36.2-150300.4.28.1 updated - libns1604-9.16.6-150300.22.21.2 updated - libopenssl1_1-1.1.1d-150200.11.54.1 updated - libprotobuf-lite20-3.9.2-150200.4.19.2 updated - libsmartcols1-2.36.2-150300.4.28.1 updated - libsystemd0-246.16-150300.7.54.1 updated - libtasn1-6-4.13-150000.4.8.1 updated - libtasn1-4.13-150000.4.8.1 updated - libudev1-246.16-150300.7.54.1 updated - libuuid1-2.36.2-150300.4.28.1 updated - libxml2-2-2.9.7-150000.3.51.1 updated - libz1-1.2.11-150000.3.36.1 updated - nfs-client-2.1.1-150100.10.27.1 updated - openssh-clients-8.4p1-150300.3.12.2 updated - openssh-common-8.4p1-150300.3.12.2 updated - openssh-server-8.4p1-150300.3.12.2 updated - openssh-8.4p1-150300.3.12.2 updated - openssl-1_1-1.1.1d-150200.11.54.1 updated - pam-1.3.0-150000.6.61.1 updated - permissions-20181225-150200.23.20.1 updated - python3-bind-9.16.6-150300.22.21.2 updated - runc-1.1.4-150000.36.1 updated - samba-client-libs-4.15.8+git.527.8d0c05d313e-150300.3.40.2 updated - sudo-1.9.5p2-150300.3.13.1 updated - systemd-sysvinit-246.16-150300.7.54.1 updated - systemd-246.16-150300.7.54.1 updated - timezone-2022f-150000.75.15.1 updated - udev-246.16-150300.7.54.1 updated - update-alternatives-1.19.0.4-150000.4.4.1 updated - util-linux-systemd-2.36.2-150300.4.28.1 updated - util-linux-2.36.2-150300.4.28.1 updated - xen-libs-4.14.5_08-150300.3.40.1 updated From sle-updates at lists.suse.com Mon Nov 21 08:05:19 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 21 Nov 2022 09:05:19 +0100 (CET) Subject: SUSE-IU-2022:1131-1: Security update of suse-sles-15-sp4-chost-byos-v20221118-x86_64-gen2 Message-ID: <20221121080519.CDFB3F3CC@maintenance.suse.de> SUSE Image Update Advisory: suse-sles-15-sp4-chost-byos-v20221118-x86_64-gen2 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2022:1131-1 Image Tags : suse-sles-15-sp4-chost-byos-v20221118-x86_64-gen2:20221118 Image Release : Severity : critical Type : security References : 1027519 1027519 1065729 1071995 1087072 1121365 1152472 1152489 1167608 1177460 1177578 1180995 1185032 1187312 1188238 1190497 1190651 1190651 1190653 1190888 1192439 1193859 1193923 1194023 1194047 1194530 1194869 1194869 1195917 1196018 1196444 1196632 1196668 1196869 1197659 1198189 1198471 1198472 1199062 1199856 1199904 1199944 1200022 1200288 1200567 1200622 1200692 1200788 1201051 1201293 1201309 1201310 1201361 1201590 1201631 1201689 1201959 1201987 1201994 1202021 1202095 1202146 1202148 1202148 1202187 1202324 1202344 1202627 1202686 1202700 1202821 1202914 1202960 1202981 1203039 1203046 1203066 1203069 1203098 1203101 1203164 1203181 1203197 1203229 1203250 1203263 1203290 1203299 1203338 1203360 1203361 1203389 1203410 1203435 1203505 1203514 1203552 1203614 1203618 1203619 1203620 1203652 1203664 1203681 1203693 1203699 1203699 1203767 1203767 1203769 1203770 1203779 1203794 1203798 1203802 1203806 1203806 1203807 1203807 1203893 1203902 1203906 1203908 1203911 1203922 1203935 1203939 1203987 1203988 1203989 1203992 1204017 1204051 1204059 1204060 1204111 1204112 1204113 1204125 1204142 1204145 1204166 1204168 1204171 1204179 1204211 1204241 1204244 1204256 1204353 1204354 1204355 1204357 1204366 1204367 1204383 1204386 1204402 1204413 1204415 1204417 1204428 1204431 1204439 1204470 1204479 1204482 1204483 1204485 1204487 1204488 1204489 1204490 1204494 1204496 1204498 1204533 1204569 1204574 1204575 1204619 1204635 1204637 1204646 1204647 1204649 1204650 1204653 1204690 1204693 1204705 1204708 1204719 1204728 1204753 1204868 1204926 1204933 1204934 1204947 1204957 1204963 1204968 1204970 1204986 1205156 CVE-2021-22569 CVE-2021-46848 CVE-2022-1263 CVE-2022-1664 CVE-2022-1882 CVE-2022-1941 CVE-2022-2153 CVE-2022-2586 CVE-2022-2795 CVE-2022-28748 CVE-2022-2928 CVE-2022-2929 CVE-2022-2964 CVE-2022-2978 CVE-2022-3080 CVE-2022-3169 CVE-2022-3171 CVE-2022-3202 CVE-2022-32221 CVE-2022-32296 CVE-2022-3239 CVE-2022-3303 CVE-2022-33746 CVE-2022-33746 CVE-2022-33747 CVE-2022-33748 CVE-2022-33748 CVE-2022-33981 CVE-2022-3424 CVE-2022-3435 CVE-2022-3515 CVE-2022-3521 CVE-2022-3524 CVE-2022-3526 CVE-2022-3535 CVE-2022-3542 CVE-2022-3545 CVE-2022-3565 CVE-2022-3577 CVE-2022-3586 CVE-2022-3594 CVE-2022-3619 CVE-2022-3621 CVE-2022-3625 CVE-2022-3628 CVE-2022-3629 CVE-2022-3633 CVE-2022-3640 CVE-2022-3646 CVE-2022-3649 CVE-2022-38177 CVE-2022-38178 CVE-2022-3821 CVE-2022-39189 CVE-2022-40303 CVE-2022-40304 CVE-2022-40476 CVE-2022-40768 CVE-2022-41218 CVE-2022-41674 CVE-2022-41848 CVE-2022-41849 CVE-2022-42010 CVE-2022-42011 CVE-2022-42012 CVE-2022-42309 CVE-2022-42310 CVE-2022-42311 CVE-2022-42312 CVE-2022-42313 CVE-2022-42314 CVE-2022-42315 CVE-2022-42316 CVE-2022-42317 CVE-2022-42318 CVE-2022-42319 CVE-2022-42320 CVE-2022-42321 CVE-2022-42322 CVE-2022-42323 CVE-2022-42325 CVE-2022-42326 CVE-2022-42327 CVE-2022-42703 CVE-2022-42719 CVE-2022-42720 CVE-2022-42721 CVE-2022-42722 CVE-2022-42916 CVE-2022-43680 CVE-2022-43750 CVE-2022-43995 ----------------------------------------------------------------- The container suse-sles-15-sp4-chost-byos-v20221118-x86_64-gen2 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3663-1 Released: Wed Oct 19 19:05:21 2022 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1121365,1180995,1190651,1190653,1190888,1193859,1198471,1198472,1201293,1202148,1203046,1203069 This update for openssl-1_1 fixes the following issues: - FIPS: Default to RFC-7919 groups for genparam and dhparam - FIPS: list only FIPS approved digest and public key algorithms [bsc#1121365, bsc#1190888, bsc#1193859, bsc#1198471, bsc#1198472] - FIPS: Add KAT for the RAND_DRBG implementation [bsc#1203069] - FIPS: openssl: RAND api should call into FIPS DRBG [bsc#1201293] * The FIPS_drbg implementation is not FIPS validated anymore. To provide backwards compatibility for applications that need FIPS compliant RNG number generation and use FIPS_drbg_generate, this function was re-wired to call the FIPS validated DRBG instance instead through the RAND_bytes() call. - FIPS: Fix minor memory leaks by FIPS patch [bsc#1203046] - FIPS: OpenSSL: Port openssl to use jitterentropy [bsc#1202148, jsc#SLE-24941] libcrypto.so now requires libjitterentropy3 library. - FIPS: OpenSSL Provide a service-level indicator [bsc#1190651] - FIPS: Add zeroization of temporary variables to the hmac integrity function FIPSCHECK_verify(). [bsc#1190653] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3670-1 Released: Thu Oct 20 10:44:13 2022 Summary: Recommended update for zchunk Type: recommended Severity: moderate References: 1204244 This update for zchunk fixes the following issues: - Make sure to ship libzck1 to Micro 5.3 (bsc#1204244) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3678-1 Released: Thu Oct 20 14:38:19 2022 Summary: Recommended update for kdump Type: recommended Severity: moderate References: 1187312,1201051,1202981 This update for kdump fixes the following issues: - Fix broken URL in manpage (bsc#1187312) - Fix network-related dracut options handling for fadump case (bsc#1201051) - use inst_binary to install kdump-save (bsc#1202981) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3683-1 Released: Fri Oct 21 11:48:39 2022 Summary: Security update for libksba Type: security Severity: critical References: 1204357,CVE-2022-3515 This update for libksba fixes the following issues: - CVE-2022-3515: Fixed a possible overflow in the TLV parser (bsc#1204357). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3692-1 Released: Fri Oct 21 16:15:07 2022 Summary: Security update for libxml2 Type: security Severity: important References: 1204366,1204367,CVE-2022-40303,CVE-2022-40304 This update for libxml2 fixes the following issues: - CVE-2022-40303: Fixed integer overflows with XML_PARSE_HUGE (bsc#1204366). - CVE-2022-40304: Fixed dict corruption caused by entity reference cycles (bsc#1204367). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3727-1 Released: Tue Oct 25 15:38:34 2022 Summary: Security update for xen Type: security Severity: moderate References: 1027519,1167608,1201631,1201994,1203806,1203807,CVE-2022-33746,CVE-2022-33748 This update for xen fixes the following issues: Updated to version 4.16.2 (bsc#1027519): - CVE-2022-33746: Fixed DoS due to excessively long P2M pool freeing (bsc#1203806). - CVE-2022-33748: Fixed DoS due to race in locking (bsc#1203807). Bugfixes: - Fixed Xen DomU unable to emulate audio device (bsc#1201994). - Fixed logic error in built-in default of max_event_channels (bsc#1167608, bsc#1201631). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3767-1 Released: Wed Oct 26 11:49:43 2022 Summary: Recommended update for bind Type: security Severity: important References: 1201689,1203250,1203614,1203618,1203619,1203620,CVE-2022-2795,CVE-2022-3080,CVE-2022-38177,CVE-2022-38178 This update for bind fixes the following issues: Update to release 9.16.33: - CVE-2022-2795: Fixed potential performance degredation due to missing database lookup limits when processing large delegations (bsc#1203614). - CVE-2022-3080: Fixed assertion failure when there was a stale CNAME in the cache for the incoming query and the stale-answer-client-timeout option is set to 0 (bsc#1203618). - CVE-2022-38177: Fixed a memory leak that could be externally triggered in the DNSSEC verification code for the ECDSA algorithm (bsc#1203619). - CVE-2022-38178: Fixed memory leaks that could be externally triggered in the DNSSEC verification code for the EdDSA algorithm (bsc#1203620). - Add systemd drop-in directory for named service (bsc#1201689). - Add modified createNamedConfInclude script and README-bind.chrootenv (bsc#1203250). - Feature Changes: - Response Rate Limiting (RRL) code now treats all QNAMEs that are subject to wildcard processing within a given zone as the same name, to prevent circumventing the limits enforced by RRL. - Zones using dnssec-policy now require dynamic DNS or inline-signing to be configured explicitly. - A backward-compatible approach was implemented for encoding internationalized domain names (IDN) in dig and converting the domain to IDNA2008 form; if that fails, BIND tries an IDNA2003 conversion. - The DNSSEC algorithms RSASHA1 and NSEC3RSASHA1 are now automatically disabled on systems where they are disallowed by the security policy. Primary zones using those algorithms need to be migrated to new algorithms prior to running on these systems, as graceful migration to different DNSSEC algorithms is not possible when RSASHA1 is disallowed by the operating system. - Log messages related to fetch limiting have been improved to provide more complete information. Specifically, the final counts of allowed and spilled fetches are now logged before the counter object is destroyed. - Non-dynamic zones that inherit dnssec-policy from the view or options blocks were not marked as inline-signed and therefore never scheduled to be re-signed. This has been fixed. - The old max-zone-ttl zone option was meant to be superseded by the max-zone-ttl option in dnssec-policy; however, the latter option was not fully effective. This has been corrected: zones no longer load if they contain TTLs greater than the limit configured in dnssec-policy. For zones with both the old max-zone-ttl option and dnssec-policy configured, the old option is ignored, and a warning is generated. - rndc dumpdb -expired was fixed to include expired RRsets, even if stale-cache-enable is set to no and the cache-cleaning time window has passed. (jsc#SLE-24600) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3784-1 Released: Wed Oct 26 18:03:28 2022 Summary: Security update for libtasn1 Type: security Severity: critical References: 1204690,CVE-2021-46848 This update for libtasn1 fixes the following issues: - CVE-2021-46848: Fixed off-by-one array size check that affects asn1_encode_simple_der (bsc#1204690) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3785-1 Released: Wed Oct 26 20:20:19 2022 Summary: Security update for curl Type: security Severity: important References: 1204383,1204386,CVE-2022-32221,CVE-2022-42916 This update for curl fixes the following issues: - CVE-2022-32221: Fixed POST following PUT confusion (bsc#1204383). - CVE-2022-42916: Fixed HSTS bypass via IDN (bsc#1204386). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3787-1 Released: Thu Oct 27 04:41:09 2022 Summary: Recommended update for permissions Type: recommended Severity: important References: 1194047,1203911 This update for permissions fixes the following issues: - Fix regression introduced by backport of security fix (bsc#1203911) - Add permissions for enlightenment helper on 32bit arches (bsc#1194047) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3799-1 Released: Thu Oct 27 14:59:06 2022 Summary: Recommended update for gnutls Type: recommended Severity: important References: 1202146,1203779 This update for gnutls fixes the following issues: - FIPS: Set error state when jent init failed in FIPS mode (bsc#1202146) - FIPS: Make XTS key check failure not fatal (bsc#1203779) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3806-1 Released: Thu Oct 27 17:21:11 2022 Summary: Security update for dbus-1 Type: security Severity: important References: 1087072,1204111,1204112,1204113,CVE-2022-42010,CVE-2022-42011,CVE-2022-42012 This update for dbus-1 fixes the following issues: - CVE-2022-42010: Fixed potential crash that could be triggered by an invalid signature (bsc#1204111). - CVE-2022-42011: Fixed an out of bounds read caused by a fixed length array (bsc#1204112). - CVE-2022-42012: Fixed a use-after-free that could be trigged by a message in non-native endianness with out-of-band Unix file descriptor (bsc#1204113). Bugfixes: - Disable asserts (bsc#1087072). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3812-1 Released: Mon Oct 31 09:44:26 2022 Summary: Recommended update for sudo Type: recommended Severity: moderate References: 1177578 This update for sudo fixes the following issues: - Removed redundant and confusing 'secure_path' settings in sudo-sudoers file (bsc#1177578). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3844-1 Released: Tue Nov 1 18:20:11 2022 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1185032,1190497,1194023,1194869,1195917,1196444,1196869,1197659,1198189,1200288,1200622,1201309,1201310,1201987,1202095,1202960,1203039,1203066,1203101,1203197,1203263,1203338,1203360,1203361,1203389,1203410,1203505,1203552,1203664,1203693,1203699,1203767,1203769,1203770,1203794,1203798,1203893,1203902,1203906,1203908,1203935,1203939,1203987,1203992,1204051,1204059,1204060,1204125,CVE-2022-1263,CVE-2022-2586,CVE-2022-3202,CVE-2022-32296,CVE-2022-3239,CVE-2022-3303,CVE-2022-39189,CVE-2022-41218,CVE-2022-41674,CVE-2022-41848,CVE-2022-41849,CVE-2022-42719,CVE-2022-42720,CVE-2022-42721,CVE-2022-42722 The SUSE Linux Enterprise 15 SP4 kernel was updated. The following security bugs were fixed: - CVE-2022-3303: Fixed a race condition in the sound subsystem due to improper locking (bnc#1203769). - CVE-2022-41218: Fixed an use-after-free caused by refcount races in drivers/media/dvb-core/dmxdev.c (bnc#1202960). - CVE-2022-3239: Fixed an use-after-free in the video4linux driver that could lead a local user to able to crash the system or escalate their privileges (bnc#1203552). - CVE-2022-41848: Fixed a race condition and resultant use-after-free if a physically proximate attacker removes a PCMCIA device while calling ioctl (bnc#1203987). - CVE-2022-41849: Fixed a race condition and resultant use-after-free if a physically proximate attacker removes a USB device while calling open (bnc#1203992). - CVE-2022-41674: Fixed a DoS issue where kernel can crash on the reception of specific WiFi Frames (bsc#1203770). - CVE-2022-1263: Fixed a NULL pointer dereference issue was found in KVM when releasing a vCPU with dirty ring support enabled. This flaw allowed an unprivileged local attacker on the host to issue specific ioctl calls, causing a kernel oops condition that results in a denial of service (bnc#1198189). - CVE-2022-32296: Fixed a bug which allowed TCP servers to identify clients by observing what source ports are used (bnc#1200288). - CVE-2022-3202: Fixed a NULL pointer dereference flaw in Journaled File System. This could allow a local attacker to crash the system or leak kernel internal information (bnc#1203389). - CVE-2022-39189: Fixed a bug in the x86 KVM subsystem which allows unprivileged guest users to compromise the guest kernel because TLB flush operations are mishandled (bnc#1203066). - CVE-2022-2586: Fixed a use-after-free which can be triggered when a nft table is deleted (bnc#1202095). - CVE-2022-42722: Fixed crash in beacon protection for P2P-device. (bsc#1204125) - CVE-2022-42719: Fixed MBSSID parsing use-after-free. (bsc#1204051) - CVE-2022-42721: Avoid nontransmitted BSS list corruption. (bsc#1204060) - CVE-2022-42720: Fixed BSS refcounting bugs. (bsc#1204059) The following non-security bugs were fixed: - ACPI / scan: Create platform device for CS35L41 (bsc#1203699). - ACPI: processor idle: Practically limit 'Dummy wait' workaround to old Intel systems (bsc#1203767). - ACPI: resource: skip IRQ override on AMD Zen platforms (git-fixes). - ACPI: scan: Add CLSA0101 Laptop Support (bsc#1203699). - ACPI: utils: Add api to read _SUB from ACPI (bsc#1203699). - ALSA: aloop: Fix random zeros in capture data when using jiffies timer (git-fixes). - ALSA: core: Fix double-free at snd_card_new() (git-fixes). - ALSA: cs35l41: Check hw_config before using it (bsc#1203699). - ALSA: cs35l41: Enable Internal Boost in shared lib (bsc#1203699). - ALSA: cs35l41: Move cs35l41_gpio_config to shared lib (bsc#1203699). - ALSA: cs35l41: Unify hardware configuration (bsc#1203699). - ALSA: emu10k1: Fix out of bounds access in snd_emu10k1_pcm_channel_alloc() (git-fixes). - ALSA: hda: add Intel 5 Series / 3400 PCI DID (git-fixes). - ALSA: hda: cs35l41: Add Amp Name based on channel and index (bsc#1203699). - ALSA: hda: cs35l41: Add Boost type flag (bsc#1203699). - ALSA: hda: cs35l41: Add calls to newly added test key function (bsc#1203699). - ALSA: hda: cs35l41: Add defaulted values into dsp bypass config sequence (bsc#1203699). - ALSA: hda: cs35l41: Add initial DSP support and firmware loading (bsc#1203699). - ALSA: hda: cs35l41: Add missing default cases (bsc#1203699). - ALSA: hda: cs35l41: Add module parameter to control firmware load (bsc#1203699). - ALSA: hda: cs35l41: Add support for CS35L41 in HDA systems (bsc#1203699). - ALSA: hda: cs35l41: Add Support for Interrupts (bsc#1203699). - ALSA: hda: cs35l41: Allow compilation test on non-ACPI configurations (bsc#1203699). - ALSA: hda: cs35l41: Always configure the DAI (bsc#1203699). - ALSA: hda: cs35l41: Avoid overwriting register patch (bsc#1203699). - ALSA: hda: cs35l41: Clarify support for CSC3551 without _DSD Properties (bsc#1203699). - ALSA: hda: cs35l41: Consolidate selections under SND_HDA_SCODEC_CS35L41 (bsc#1203699). - ALSA: hda: cs35l41: Do not dereference fwnode handle (bsc#1203699). - ALSA: hda: cs35l41: Drop wrong use of ACPI_PTR() (bsc#1203699). - ALSA: hda: cs35l41: Enable GPIO2 Interrupt for CLSA0100 laptops (bsc#1203699). - ALSA: hda: cs35l41: Fix comments wrt serial-multi-instantiate reference (bsc#1203699). - ALSA: hda: cs35l41: fix double free on error in probe() (bsc#1203699). - ALSA: hda: cs35l41: Fix error in spi cs35l41 hda driver name (bsc#1203699). - ALSA: hda: cs35l41: Fix I2S params comments (bsc#1203699). - ALSA: hda: cs35l41: Handle all external boost setups the same way (bsc#1203699). - ALSA: hda: cs35l41: Improve dev_err_probe() messaging (bsc#1203699). - ALSA: hda: cs35l41: Make cs35l41_hda_remove() return void (bsc#1203699). - ALSA: hda: cs35l41: Make use of the helper function dev_err_probe() (bsc#1203699). - ALSA: hda: cs35l41: Move boost config to initialization code (bsc#1203699). - ALSA: hda: cs35l41: Move cs35l41* calls to its own symbol namespace (bsc#1203699). - ALSA: hda: cs35l41: Move external boost handling to lib for ASoC use (bsc#1203699). - ALSA: hda: cs35l41: Mute the device before shutdown (bsc#1203699). - ALSA: hda: cs35l41: Put the device into safe mode for external boost (bsc#1203699). - ALSA: hda: cs35l41: Read Speaker Calibration data from UEFI variables (bsc#1203699). - ALSA: hda: cs35l41: Remove cs35l41_hda_reg_sequence struct (bsc#1203699). - ALSA: hda: cs35l41: Remove Set Channel Map api from binding (bsc#1203699). - ALSA: hda: cs35l41: Reorganize log for playback actions (bsc#1203699). - ALSA: hda: cs35l41: Save codec object inside component struct (bsc#1203699). - ALSA: hda: cs35l41: Save Subsystem ID inside CS35L41 Driver (bsc#1203699). - ALSA: hda: cs35l41: Set Speaker Position for CLSA0100 Laptop (bsc#1203699). - ALSA: hda: cs35l41: Support CLSA0101 (bsc#1203699). - ALSA: hda: cs35l41: Support Firmware switching and reloading (bsc#1203699). - ALSA: hda: cs35l41: Support Hibernation during Suspend (bsc#1203699). - ALSA: hda: cs35l41: Support multiple load paths for firmware (bsc#1203699). - ALSA: hda: cs35l41: Support reading subsystem id from ACPI (bsc#1203699). - ALSA: hda: cs35l41: Support Speaker ID for laptops (bsc#1203699). - ALSA: hda: cs35l41: Tidyup code (bsc#1203699). - ALSA: hda: cs35l41: Use the CS35L41 HDA internal define (bsc#1203699). - ALSA: hda: Fix dependencies of CS35L41 on SPI/I2C buses (bsc#1203699). - ALSA: hda: Fix dependency on ASoC cs35l41 codec (bsc#1203699). - ALSA: hda: Fix hang at HD-audio codec unbinding due to refcount saturation (git-fixes). - ALSA: hda: Fix Nvidia dp infoframe (git-fixes). - ALSA: hda: hda_cs_dsp_ctl: Add apis to write the controls directly (bsc#1203699). - ALSA: hda: hda_cs_dsp_ctl: Add fw id strings (bsc#1203699). - ALSA: hda: hda_cs_dsp_ctl: Add Library to support CS_DSP ALSA controls (bsc#1203699). - ALSA: hda: intel-dsp-config: Add RaptorLake PCI IDs (jsc#PED-720). - ALSA: hda/cs8409: Add new Dolphin HW variants (bsc#1203699). - ALSA: hda/cs8409: Add Speaker Playback Switch for Cyborg (bsc#1203699). - ALSA: hda/cs8409: Add Speaker Playback Switch for Warlock (bsc#1203699). - ALSA: hda/cs8409: change cs8409_fixups v.pins initializers to static (bsc#1203699). - ALSA: hda/cs8409: Disable HSBIAS_SENSE_EN for Cyborg (bsc#1203699). - ALSA: hda/cs8409: Fix Full Scale Volume setting for all variants (bsc#1203699). - ALSA: hda/cs8409: Fix Warlock to use mono mic configuration (bsc#1203699). - ALSA: hda/cs8409: Re-order quirk table into ascending order (bsc#1203699). - ALSA: hda/cs8409: Support manual mode detection for CS42L42 (bsc#1203699). - ALSA: hda/cs8409: Support new Dolphin Variants (bsc#1203699). - ALSA: hda/cs8409: Support new Odin Variants (bsc#1203699). - ALSA: hda/cs8409: Support new Warlock MLK Variants (bsc#1203699). - ALSA: hda/cs8409: Use general cs42l42 include in cs8409 hda driver (bsc#1203699). - ALSA: hda/realtek: Add a quirk for HP OMEN 16 (8902) mute LED (git-fixes). - ALSA: hda/realtek: Add CS35L41 support for Thinkpad laptops (bsc#1203699). - ALSA: hda/realtek: Add mute and micmut LED support for Zbook Fury 17 G9 (bsc#1203699). - ALSA: hda/realtek: Add pincfg for ASUS G513 HP jack (git-fixes). - ALSA: hda/realtek: Add pincfg for ASUS G533Z HP jack (git-fixes). - ALSA: hda/realtek: Add quirk for ASUS GA503R laptop (git-fixes). - ALSA: hda/realtek: Add quirk for HP Zbook Firefly 14 G9 model (bsc#1203699). - ALSA: hda/realtek: Add quirk for Huawei WRT-WX9 (git-fixes). - ALSA: hda/realtek: Add quirk for Lenovo Yoga7 14IAL7 (bsc#1203699). - ALSA: hda/realtek: Add quirks for ASUS Zenbooks using CS35L41 (bsc#1203699). - ALSA: hda/realtek: Add support for HP Laptops (bsc#1203699). - ALSA: hda/realtek: Add support for Legion 7 16ACHg6 laptop (bsc#1203699). - ALSA: hda/realtek: Enable 4-speaker output Dell Precision 5530 laptop (git-fixes). - ALSA: hda/realtek: Enable 4-speaker output Dell Precision 5570 laptop (git-fixes). - ALSA: hda/realtek: Enable mute/micmute LEDs and limit mic boost on EliteBook 845/865 G9 (bsc#1203699). - ALSA: hda/realtek: Enable mute/micmute LEDs support for HP Laptops (bsc#1203699). - ALSA: hda/realtek: Enable speaker and mute LEDs for HP laptops (bsc#1203699). - ALSA: hda/realtek: Fix LED on Zbook Studio G9 (bsc#1203699). - ALSA: hda/realtek: Fix mute led issue on thinkpad with cs35l41 s-codec (bsc#1203699). - ALSA: hda/realtek: More robust component matching for CS35L41 (bsc#1203699). - ALSA: hda/realtek: Re-arrange quirk table entries (git-fixes). - ALSA: hda/sigmatel: Fix unused variable warning for beep power change (git-fixes). - ALSA: hda/tegra: Add Tegra234 hda driver support (git-fixes). - ALSA: hda/tegra: Align BDL entry to 4KB boundary (git-fixes). - ALSA: hda/tegra: set depop delay for tegra (git-fixes). - ALSA: hda/tegra: Update scratch reg. communication (git-fixes). - ALSA: pcm: oss: Fix race at SNDCTL_DSP_SYNC (git-fixes). - ALSA: usb-audio: Fix an out-of-bounds bug in __snd_usb_parse_audio_interface() (git-fixes). - ALSA: usb-audio: Inform the delayed registration more properly (git-fixes). - ALSA: usb-audio: Register card again for iface over delayed_register option (git-fixes). - ALSA: usb-audio: Split endpoint setups for hw_params and prepare (git-fixes). - ARM: dts: am33xx: Fix MMCHS0 dma properties (git-fixes). - ARM: dts: imx: align SPI NOR node name with dtschema (git-fixes). - ARM: dts: imx6qdl-kontron-samx6i: fix spi-flash compatible (git-fixes). - arm64: dts: qcom: sm8350: fix UFS PHY serdes size (git-fixes). - arm64: dts: rockchip: Fix typo in lisense text for PX30.Core (git-fixes). - arm64: dts: rockchip: Pull up wlan wake# on Gru-Bob (git-fixes). - arm64: dts: rockchip: Remove 'enable-active-low' from rk3399-puma (git-fixes). - arm64: dts: rockchip: Set RK3399-Gru PCLK_EDP to 24 MHz (git-fixes). - arm64: errata: Add Cortex-A510 to the repeat tlbi list (git-fixes) Enable this errata fix configuration option to arm64/default. - arm64: kexec_file: use more system keyrings to verify kernel image signature (bsc#1196444). - arm64: lib: Import latest version of Arm Optimized Routines' strcmp (git-fixes) - arm64: select TRACE_IRQFLAGS_NMI_SUPPORT (git-fixes) - arm64: topology: fix possible overflow in amu_fie_setup() (git-fixes). - ASoC: cs35l41: Add ASP TX3/4 source to register patch (bsc#1203699). - ASoC: cs35l41: Add bindings for CS35L41 (bsc#1203699). - ASoC: cs35l41: Add common cs35l41 enter hibernate function (bsc#1203699). - ASoC: cs35l41: Add cs35l51/53 IDs (bsc#1203699). - ASoC: cs35l41: Add endianness flag in snd_soc_component_driver (bsc#1203699). - ASoC: cs35l41: Add one more variable in the debug log (bsc#1203699). - ASoC: cs35l41: Add one more variable in the debug log (bsc#1203699). - ASoC: cs35l41: Add support for CLSA3541 ACPI device ID (bsc#1203699). - ASoC: cs35l41: Add support for hibernate memory retention mode (bsc#1203699). - ASoC: cs35l41: Binding fixes (bsc#1203699). - ASoC: cs35l41: Change monitor widgets to siggens (bsc#1203699). - ASoC: cs35l41: Combine adjacent register writes (bsc#1203699). - ASoC: cs35l41: Convert tables to shared source code (bsc#1203699). - ASoC: cs35l41: Correct DSP power down (bsc#1203699). - ASoC: cs35l41: Correct handling of some registers in the cache (bsc#1203699). - ASoC: cs35l41: Correct some control names (bsc#1203699). - ASoC: cs35l41: Create shared function for boost configuration (bsc#1203699). - ASoC: cs35l41: Create shared function for errata patches (bsc#1203699). - ASoC: cs35l41: Create shared function for setting channels (bsc#1203699). - ASoC: cs35l41: CS35L41 Boosted Smart Amplifier (bsc#1203699). - ASoC: cs35l41: Do not overwrite returned error code (bsc#1203699). - ASoC: cs35l41: Do not print error when waking from hibernation (bsc#1203699). - ASoC: cs35l41: Document CS35l41 External Boost (bsc#1203699). - ASoC: cs35l41: DSP Support (bsc#1203699). - ASoC: cs35l41: Fix a bunch of trivial code formating/style issues (bsc#1203699). - ASoC: cs35l41: Fix a shift-out-of-bounds warning found by UBSAN (bsc#1203699). - ASoC: cs35l41: Fix an out-of-bounds access in otp_packed_element_t (bsc#1203699). - ASoC: cs35l41: Fix DSP mbox start command and global enable order (bsc#1203699). - ASoC: cs35l41: Fix GPIO2 configuration (bsc#1203699). - ASoC: cs35l41: Fix link problem (bsc#1203699). - ASoC: cs35l41: Fix max number of TX channels (bsc#1203699). - ASoC: cs35l41: Fix undefined reference to core functions (bsc#1203699). - ASoC: cs35l41: Fix use of an uninitialised variable (bsc#1203699). - ASoC: cs35l41: Fixup the error messages (bsc#1203699). - ASoC: cs35l41: Make cs35l41_remove() return void (bsc#1203699). - ASoC: cs35l41: Move cs_dsp config struct into shared code (bsc#1203699). - ASoC: cs35l41: Move cs35l41 exit hibernate function into shared code (bsc#1203699). - ASoC: cs35l41: Move cs35l41 fs errata into shared code (bsc#1203699). - ASoC: cs35l41: Move cs35l41_otp_unpack to shared code (bsc#1203699). - ASoC: cs35l41: Move cs35l41_set_cspl_mbox_cmd to shared code (bsc#1203699). - ASoC: cs35l41: Move power initializations to reg_sequence (bsc#1203699). - ASoC: cs35l41: Read System Name from ACPI _SUB to identify firmware (bsc#1203699). - ASoC: cs35l41: Remove incorrect comment (bsc#1203699). - ASoC: cs35l41: Remove unnecessary param (bsc#1203699). - ASoC: cs35l41: Set the max SPI speed for the whole device (bsc#1203699). - ASoC: cs35l41: Support external boost (bsc#1203699). - ASoC: cs35l41: Update handling of test key registers (bsc#1203699). - ASoC: cs35l41: Use regmap_read_poll_timeout to wait for OTP boot (bsc#1203699). - ASoC: cs42l42: Add control for audio slow-start switch (bsc#1203699). - ASoC: cs42l42: Add warnings about DETECT_MODE and PLL_START (bsc#1203699). - ASoC: cs42l42: Allow time for HP/ADC to power-up after enable (bsc#1203699). - ASoC: cs42l42: Always enable TS_PLUG and TS_UNPLUG interrupts (bsc#1203699). - ASoC: cs42l42: Change jack_detect_mutex to a lock of all IRQ handling (bsc#1203699). - ASoC: cs42l42: Do not claim to support 192k (bsc#1203699). - ASoC: cs42l42: Do not reconfigure the PLL while it is running (bsc#1203699). - ASoC: cs42l42: Fix WARN in remove() if running without an interrupt (bsc#1203699). - ASoC: cs42l42: free_irq() before powering-down on probe() fail (bsc#1203699). - ASoC: cs42l42: Handle system suspend (bsc#1203699). - ASoC: cs42l42: Implement Manual Type detection as fallback (bsc#1203699). - ASoC: cs42l42: Mark OSC_SWITCH_STATUS register volatile (bsc#1203699). - ASoC: cs42l42: Minor fix all errors reported by checkpatch.pl script (bsc#1203699). - ASoC: cs42l42: Move CS42L42 register descriptions to general include (bsc#1203699). - ASoC: cs42l42: Only report button state if there was a button interrupt (git-fixes). - ASoC: cs42l42: Prevent NULL pointer deref in interrupt handler (bsc#1203699). - ASoC: cs42l42: Remove redundant pll_divout member (bsc#1203699). - ASoC: cs42l42: Remove redundant writes to DETECT_MODE (bsc#1203699). - ASoC: cs42l42: Remove redundant writes to RS_PLUG/RS_UNPLUG masks (bsc#1203699). - ASoC: cs42l42: Remove unused runtime_suspend/runtime_resume callbacks (bsc#1203699). - ASoC: cs42l42: Report full jack status when plug is detected (bsc#1203699). - ASoC: cs42l42: Report initial jack state (bsc#1203699). - ASoC: cs42l42: Reset and power-down on remove() and failed probe() (bsc#1203699). - ASoC: cs42l42: Set correct SRC MCLK (bsc#1203699). - ASoC: cs42l42: Simplify reporting of jack unplug (bsc#1203699). - ASoC: cs42l42: Use PLL for SCLK > 12.288MHz (bsc#1203699). - ASoC: cs42l42: Use two thresholds and increased wait time for manual type detection (bsc#1203699). - ASoC: dt-bindings: cs42l42: Convert binding to yaml (bsc#1203699). - ASoC: imx-card: Fix refcount issue with of_node_put (git-fixes). - ASoC: mchp-spdiftx: Fix clang -Wbitfield-constant-conversion (git-fixes). - ASoC: mchp-spdiftx: remove references to mchp_i2s_caps (git-fixes). - ASoC: nau8824: Fix semaphore unbalance at error paths (git-fixes). - ASoC: qcom: sm8250: add missing module owner (git-fixes). - ASoC: SOF: Intel: pci-tgl: add ADL-PS support (jsc#PED-720). - ASoC: SOF: Intel: pci-tgl: add RPL-P support (jsc#PED-720). - ASoC: SOF: Intel: pci-tgl: add RPL-S support (jsc#PED-652). - ASoC: tas2770: Reinit regcache on reset (git-fixes). - ASoC: wm_adsp: Add support for 'toggle' preloaders (bsc#1203699). - ASoC: wm_adsp: Add trace caps to speaker protection FW (bsc#1203699). - ASoC: wm_adsp: Cancel ongoing work when removing controls (bsc#1203699). - ASoC: wm_adsp: Compressed stream DSP memory structs should be __packed (bsc#1203699). - ASoC: wm_adsp: Correct control read size when parsing compressed buffer (bsc#1203699). - ASoC: wm_adsp: Expand firmware loading search options (bsc#1203699). - ASoC: wm_adsp: Fix event for preloader (bsc#1203699). - ASoC: wm_adsp: Introduce cs_dsp logging macros (bsc#1203699). - ASoC: wm_adsp: Make compressed buffers optional (bsc#1203699). - ASoC: wm_adsp: Minor clean and redundant code removal (bsc#1203699). - ASoC: wm_adsp: Move check for control existence (bsc#1203699). - ASoC: wm_adsp: Move check of dsp->running to better place (bsc#1203699). - ASoC: wm_adsp: move firmware loading to client (bsc#1203699). - ASoC: wm_adsp: Move sys_config_size to wm_adsp (bsc#1203699). - ASoC: wm_adsp: Pass firmware names as parameters when starting DSP core (bsc#1203699). - ASoC: wm_adsp: remove a repeated including (bsc#1203699). - ASoC: wm_adsp: Remove pointless string comparison (bsc#1203699). - ASoC: wm_adsp: Remove the wmfw_add_ctl helper function (bsc#1203699). - ASoC: wm_adsp: Remove use of snd_ctl_elem_type_t (bsc#1203699). - ASoC: wm_adsp: Rename generic DSP support (bsc#1203699). - ASoC: wm_adsp: Separate generic cs_dsp_coeff_ctl handling (bsc#1203699). - ASoC: wm_adsp: Separate some ASoC and generic functions (bsc#1203699). - ASoC: wm_adsp: Separate wm_adsp specifics in cs_dsp_client_ops (bsc#1203699). - ASoC: wm_adsp: Split DSP power operations into helper functions (bsc#1203699). - ASoC: wm_adsp: Split out struct cs_dsp from struct wm_adsp (bsc#1203699). - ASoC: wm_adsp: Switch to using wm_coeff_read_ctrl for compressed buffers (bsc#1203699). - ASoC: wm_adsp: wm_adsp_control_add() error: uninitialized symbol 'ret' (bsc#1203699). - batman-adv: Fix hang up with small MTU hard-interface (git-fixes). - Bluetooth: btusb: mediatek: fix WMT failure during runtime suspend (git-fixes). - Bluetooth: hci_{ldisc,serdev}: check percpu_init_rwsem() failure (git-fixes). - Bluetooth: hci_core: Fix not handling link timeouts propertly (git-fixes). - bnx2x: fix built-in kernel driver load failure (git-fixes). - bnx2x: fix driver load from initrd (git-fixes). - btrfs: fix relocation crash due to premature return from btrfs_commit_transaction() (bsc#1203360). - btrfs: fix space cache corruption and potential double allocations (bsc#1203361). - can: gs_usb: gs_can_open(): fix race dev->can.state condition (git-fixes). - can: rx-offload: can_rx_offload_init_queue(): fix typo (git-fixes). - cgroup: Add missing cpus_read_lock() to cgroup_attach_task_all() (bsc#1196869). - cgroup: cgroup_get_from_id() must check the looked-up kn is a directory (bsc#1203906). - cgroup: Fix race condition at rebind_subsystems() (bsc#1203902). - cgroup: Fix threadgroup_rwsem cpus_read_lock() deadlock (bsc#1196869). - clk: bcm: rpi: Prevent out-of-bounds access (git-fixes). - clk: bcm: rpi: Use correct order for the parameters of devm_kcalloc() (git-fixes). - clk: imx: imx6sx: remove the SET_RATE_PARENT flag for QSPI clocks (git-fixes). - clk: ingenic-tcu: Properly enable registers before accessing timers (git-fixes). - clk: iproc: Do not rely on node name for correct PLL setup (git-fixes). - constraints: increase disk space for all architectures References: bsc#1203693 aarch64 is already suffering. SLE15-SP5 x86_64 stats show that it is very close to the limit. - crypto: arm64/gcm - Select AEAD for GHASH_ARM64_CE (git-fixes) - cs-dsp and serial-multi-instantiate enablement (bsc#1203699) - dmaengine: idxd: add helper for per interrupt handle drain (jsc#PED-682). - dmaengine: idxd: add knob for enqcmds retries (jsc#PED-755). - dmaengine: idxd: change MSIX allocation based on per wq activation (jsc#PED-664). - dmaengine: idxd: create locked version of idxd_quiesce() call (jsc#PED-682). - dmaengine: idxd: embed irq_entry in idxd_wq struct (jsc#PED-664). - dmaengine: idxd: fix descriptor flushing locking (jsc#PED-664). - dmaengine: idxd: fix retry value to be constant for duration of function call (git-fixes). - dmaengine: idxd: handle interrupt handle revoked event (jsc#PED-682). - dmaengine: idxd: handle invalid interrupt handle descriptors (jsc#PED-682). - dmaengine: idxd: int handle management refactoring (jsc#PED-682). - dmaengine: idxd: match type for retries var in idxd_enqcmds() (git-fixes). - dmaengine: idxd: move interrupt handle assignment (jsc#PED-682). - dmaengine: idxd: rework descriptor free path on failure (jsc#PED-682). - dmaengine: idxd: set defaults for wq configs (jsc#PED-688). - dmaengine: idxd: update IAA definitions for user header (jsc#PED-763). - dmaengine: ti: k3-udma-private: Fix refcount leak bug in of_xudma_dev_get() (git-fixes). - docs: i2c: i2c-topology: fix incorrect heading (git-fixes). - dpaa2-ptp: Fix refcount leak in dpaa2_ptp_probe (git-fixes). - drm/amd/amdgpu: fixing read wrong pf2vf data in SRIOV (git-fixes). - drm/amd/amdgpu: skip ucode loading if ucode_size == 0 (git-fixes). - drm/amd/display: Limit user regamma to a valid value (git-fixes). - drm/amd/display: Mark dml30's UseMinimumDCFCLK() as noinline for stack usage (git-fixes). - drm/amd/display: Reduce number of arguments of dml31's CalculateFlipSchedule() (git-fixes). - drm/amd/display: Reduce number of arguments of dml31's CalculateWatermarksAndDRAMSpeedChangeSupport() (git-fixes). - drm/amd/pm: disable BACO entry/exit completely on several sienna cichlid cards (git-fixes). - drm/amdgpu: Check num_gfx_rings for gfx v9_0 rb setup (git-fixes). - drm/amdgpu: do not register a dirty callback for non-atomic (git-fixes). - drm/amdgpu: make sure to init common IP before gmc (git-fixes). - drm/amdgpu: mmVM_L2_CNTL3 register not initialized correctly (git-fixes). - drm/amdgpu: move nbio ih_doorbell_range() into ih code for vega (git-fixes). - drm/amdgpu: move nbio sdma_doorbell_range() into sdma code for vega (git-fixes). - drm/amdgpu: Move psp_xgmi_terminate call from amdgpu_xgmi_remove_device to psp_hw_fini (git-fixes). - drm/amdgpu: Separate vf2pf work item init from virt data exchange (git-fixes). - drm/amdgpu: use dirty framebuffer helper (git-fixes). - drm/bridge: display-connector: implement bus fmts callbacks (git-fixes). - drm/bridge: lt8912b: add vsync hsync (git-fixes). - drm/bridge: lt8912b: fix corrupted image output (git-fixes). - drm/bridge: lt8912b: set hdmi or dvi mode (git-fixes). - drm/gem: Fix GEM handle release errors (git-fixes). - drm/gma500: Fix BUG: sleeping function called from invalid context errors (git-fixes). - drm/i915: Implement WaEdpLinkRateDataReload (git-fixes). - drm/i915: Skip wm/ddb readout for disabled pipes (git-fixes). - drm/i915/glk: ECS Liva Q2 needs GLK HDMI port timing quirk (git-fixes). - drm/i915/gt: Restrict forced preemption to the active context (git-fixes). - drm/mediatek: dsi: Add atomic {destroy,duplicate}_state, reset callbacks (git-fixes). - drm/mediatek: dsi: Move mtk_dsi_stop() call back to mtk_dsi_poweroff() (git-fixes). - drm/meson: Correct OSD1 global alpha value (git-fixes). - drm/meson: Fix OSD1 RGB to YCbCr coefficient (git-fixes). - drm/msm/rd: Fix FIFO-full deadlock (git-fixes). - drm/panel: simple: Fix innolux_g121i1_l01 bus_format (git-fixes). - drm/panfrost: devfreq: set opp to the recommended one to configure regulator (git-fixes). - drm/radeon: add a force flush to delay work when radeon (git-fixes). - drm/rockchip: Fix return type of cdn_dp_connector_mode_valid (git-fixes). - drm/tegra: vic: Fix build warning when CONFIG_PM=n (git-fixes). - dt-bindings: hwmon: (mr75203) fix 'intel,vm-map' property to be optional (git-fixes). - EDAC/dmc520: Do not print an error for each unconfigured interrupt line (bsc#1190497). - efi: capsule-loader: Fix use-after-free in efi_capsule_write (git-fixes). - efi: libstub: Disable struct randomization (git-fixes). - eth: alx: take rtnl_lock on resume (git-fixes). - eth: sun: cassini: remove dead code (git-fixes). - fbcon: Add option to enable legacy hardware acceleration (bsc#1152472) Backporting changes: * context fixes in other patch * update config - fbcon: Fix accelerated fbdev scrolling while logo is still shown (bsc#1152472) - fbdev: chipsfb: Add missing pci_disable_device() in chipsfb_pci_init() (git-fixes). - firmware: arm_scmi: Fix the asynchronous reset requests (git-fixes). - firmware: arm_scmi: Harden accesses to the reset domains (git-fixes). - firmware: cs_dsp: add driver to support firmware loading on Cirrus Logic DSPs (bsc#1203699). - firmware: cs_dsp: Add lockdep asserts to interface functions (bsc#1203699). - firmware: cs_dsp: Add memory chunk helpers (bsc#1203699). - firmware: cs_dsp: Add offset to cs_dsp read/write (bsc#1203699). - firmware: cs_dsp: Add pre_run callback (bsc#1203699). - firmware: cs_dsp: Add pre_stop callback (bsc#1203699). - firmware: cs_dsp: Add support for rev 2 coefficient files (bsc#1203699). - firmware: cs_dsp: Add version checks on coefficient loading (bsc#1203699). - firmware: cs_dsp: Allow creation of event controls (bsc#1203699). - firmware: cs_dsp: Clarify some kernel doc comments (bsc#1203699). - firmware: cs_dsp: Clear core reset for cache (bsc#1203699). - firmware: cs_dsp: Fix overrun of unterminated control name string (bsc#1203699). - firmware: cs_dsp: Move lockdep asserts to avoid potential null pointer (bsc#1203699). - firmware: cs_dsp: Perform NULL check in cs_dsp_coeff_write/read_ctrl (bsc#1203699). - firmware: cs_dsp: Print messages from bin files (bsc#1203699). - firmware: cs_dsp: tidy includes in cs_dsp.c and cs_dsp.h (bsc#1203699). - ftrace: Fix NULL pointer dereference in is_ftrace_trampoline when ftrace is dead (git-fixes). - fuse: Remove the control interface for virtio-fs (bsc#1203798). - gpio: mockup: fix NULL pointer dereference when removing debugfs (git-fixes). - gpio: mockup: remove gpio debugfs when remove device (git-fixes). - gpio: mpc8xxx: Fix support for IRQ_TYPE_LEVEL_LOW flow_type in mpc85xx (git-fixes). - gpio: mvebu: Fix check for pwm support on non-A8K platforms (git-fixes). - gpiolib: cdev: Set lineevent_state::irq after IRQ register successfully (git-fixes). - gve: Fix GFP flags when allocing pages (git-fixes). - hid: intel-ish-hid: ishtp: Fix ishtp client sending disordered message (git-fixes). - HID: ishtp-hid-clientHID: ishtp-hid-client: Fix comment typo (git-fixes). - hwmon: (gsc-hwmon) Call of_node_get() before of_find_xxx API (git-fixes). - hwmon: (mr75203) enable polling for all VM channels (git-fixes). - hwmon: (mr75203) fix multi-channel voltage reading (git-fixes). - hwmon: (mr75203) fix VM sensor allocation when 'intel,vm-map' not defined (git-fixes). - hwmon: (mr75203) fix voltage equation for negative source input (git-fixes). - hwmon: (mr75203) update pvt->v_num and vm_num to the actual number of used sensors (git-fixes). - hwmon: (pmbus/mp2888) Fix sensors readouts for MPS Multi-phase mp2888 controller (git-fixes). - hwmon: (tps23861) fix byte order in resistance register (git-fixes). - i2c: acpi: Add an i2c_acpi_client_count() helper function (bsc#1203699). - i2c: imx: If pm_runtime_get_sync() returned 1 device access is possible (git-fixes). - i2c: mlxbf: Fix frequency calculation (git-fixes). - i2c: mlxbf: incorrect base address passed during io write (git-fixes). - i2c: mlxbf: prevent stack overflow in mlxbf_i2c_smbus_start_transaction() (git-fixes). - i2c: mlxbf: support lock mechanism (git-fixes). - ice: Allow operation with reduced device MSI-X (bsc#1201987). - ice: arfs: fix use-after-free when freeing @rx_cpu_rmap (git-fixes). - ice: Do not skip not enabled queues in ice_vc_dis_qs_msg (git-fixes). - ice: fix crash when writing timestamp on RX rings (git-fixes). - ice: Fix KASAN error in LAG NETDEV_UNREGISTER handler (git-fixes). - ice: fix possible under reporting of ethtool Tx and Rx statistics (git-fixes). - ice: Fix race during aux device (un)plugging (git-fixes). - ice: Match on all profiles in slow-path (git-fixes). - ieee802154: cc2520: add rc code in cc2520_tx() (git-fixes). - igb: skip phy status check where unavailable (git-fixes). - Input: goodix - add compatible string for GT1158 (git-fixes). - Input: goodix - add support for GT1158 (git-fixes). - Input: iforce - add support for Boeder Force Feedback Wheel (git-fixes). - Input: iqs62x-keys - drop unused device node references (git-fixes). - Input: melfas_mip4 - fix return value check in mip4_probe() (git-fixes). - Input: snvs_pwrkey - fix SNVS_HPVIDR1 register address (git-fixes). - kABI workaround for spi changes (bsc#1203699). - kABI: Add back removed struct paca member (bsc#1203664 ltc#199236). - kABI: fix adding another field to scsi_device (bsc#1203039). - kABI: Fix kABI after SNP-Guest backport (jsc#SLE-19924, jsc#SLE-24814). - kbuild: disable header exports for UML in a straightforward way (git-fixes). - kexec, KEYS, s390: Make use of built-in and secondary keyring for signature verification (bsc#1196444). - kexec, KEYS: make the code in bzImage64_verify_sig generic (bsc#1196444). - kexec: clean up arch_kexec_kernel_verify_sig (bsc#1196444). - kexec: drop weak attribute from functions (bsc#1196444). - KVM: SVM: Create a separate mapping for the GHCB save area (jsc#SLE-19924, jsc#SLE-24814). - KVM: SVM: Create a separate mapping for the SEV-ES save area (jsc#SLE-19924, jsc#SLE-24814). - KVM: SVM: Define sev_features and VMPL field in the VMSA (jsc#SLE-19924, jsc#SLE-24814). - KVM: SVM: fix tsc scaling cache logic (bsc#1203263). - KVM: SVM: Update the SEV-ES save area mapping (jsc#SLE-19924, jsc#SLE-24814). - KVM: VMX: Heed the 'msr' argument in msr_write_intercepted() (git-fixes). - KVM: X86: Fix when shadow_root_level=5 and guest root_level 4 (git-fixes). - KVM: x86: hyper-v: Drop redundant 'ex' parameter from kvm_hv_send_ipi() (git-fixes). - KVM: x86: hyper-v: HVCALL_SEND_IPI_EX is an XMM fast hypercall (git-fixes). - KVM: x86: Move lookup of indexed CPUID leafs to helper (jsc#SLE-19924, jsc#SLE-24814). - libata: add ATA_HORKAGE_NOLPM for Pioneer BDR-207M and BDR-205 (git-fixes). - lockd: detect and reject lock arguments that overflow (git-fixes). - md-raid10: fix KASAN warning (git-fixes). - md: call __md_stop_writes in md_stop (git-fixes). - md: unlock mddev before reap sync_thread in action_store (bsc#1197659). - media: aspeed: Fix an error handling path in aspeed_video_probe() (git-fixes). - media: coda: Add more H264 levels for CODA960 (git-fixes). - media: coda: Fix reported H264 profile (git-fixes). - media: dvb_vb2: fix possible out of bound access (git-fixes). - media: exynos4-is: Change clk_disable to clk_disable_unprepare (git-fixes). - media: exynos4-is: Fix PM disable depth imbalance in fimc_is_probe (git-fixes). - media: flexcop-usb: fix endpoint type check (git-fixes). - media: imx-jpeg: Add pm-sleep support for imx-jpeg (git-fixes). - media: imx-jpeg: Correct some definition according specification (git-fixes). - media: imx-jpeg: Disable slot interrupt when frame done (git-fixes). - media: imx-jpeg: Fix potential array out of bounds in queue_setup (git-fixes). - media: imx-jpeg: Leave a blank space before the configuration data (git-fixes). - media: imx-jpeg: Refactor function mxc_jpeg_parse (git-fixes). - media: mceusb: Use new usb_control_msg_*() routines (git-fixes). - media: platform: mtk-mdp: Fix mdp_ipi_comm structure alignment. - media: rkvdec: Disable H.264 error detection (git-fixes). - media: st-delta: Fix PM disable depth imbalance in delta_probe (git-fixes). - media: vsp1: Fix offset calculation for plane cropping. - misc: cs35l41: Remove unused pdn variable (bsc#1203699). - mISDN: fix use-after-free bugs in l1oip timer handlers (git-fixes). - mlxsw: i2c: Fix initialization error flow (git-fixes). - mm: Fix PASID use-after-free issue (bsc#1203908). - mmc: core: Fix inconsistent sd3_bus_mode at UHS-I SD voltage switch failure (git-fixes). - mmc: hsq: Fix data stomping during mmc recovery (git-fixes). - mmc: moxart: fix 4-bit bus width and remove 8-bit bus width (git-fixes). - mwifiex: fix sleep in atomic context bugs caused by dev_coredumpv (git-fixes). - net: axienet: fix RX ring refill allocation failure handling (git-fixes). - net: axienet: reset core on initialization prior to MDIO access (git-fixes). - net: bcmgenet: hide status block before TX timestamping (git-fixes). - net: bcmgenet: Revert 'Use stronger register read/writes to assure ordering' (git-fixes). - net: cpsw: add missing of_node_put() in cpsw_probe_dt() (git-fixes). - net: dsa: bcm_sf2_cfp: fix an incorrect NULL check on list iterator (git-fixes). - net: dsa: bcm_sf2: Fix Wake-on-LAN with mac_link_down() (git-fixes). - net: dsa: felix: fix tagging protocol changes with multiple CPU ports (git-fixes). - net: dsa: felix: suppress -EPROBE_DEFER errors (git-fixes). - net: dsa: introduce helpers for iterating through ports using dp (git-fixes). - net: dsa: lantiq_gswip: Do not set GSWIP_MII_CFG_RMII_CLK (git-fixes). - net: dsa: lantiq_gswip: fix use after free in gswip_remove() (git-fixes). - net: dsa: microchip: fix bridging with more than two member ports (git-fixes). - net: dsa: mt7530: 1G can also support 1000BASE-X link mode (git-fixes). - net: dsa: mt7530: add missing of_node_put() in mt7530_setup() (git-fixes). - net: dsa: mv88e6xxx: Fix port_hidden_wait to account for port_base_addr (git-fixes). - net: dsa: mv88e6xxx: Fix refcount leak in mv88e6xxx_mdios_register (git-fixes). - net: dsa: restrict SMSC_LAN9303_I2C kconfig (git-fixes). - net: emaclite: Add error handling for of_address_to_resource() (git-fixes). - net: enetc: Use pci_release_region() to release some resources (git-fixes). - net: ethernet: mediatek: ppe: fix wrong size passed to memset() (git-fixes). - net: ethernet: mv643xx: Fix over zealous checking of_get_mac_address() (git-fixes). - net: ethernet: stmmac: fix altr_tse_pcs function when using a fixed-link (git-fixes). - net: ethernet: stmmac: fix write to sgmii_adapter_base (git-fixes). - net: fec: add missing of_node_put() in fec_enet_init_stop_mode() (git-fixes). - net: ftgmac100: access hardware register after clock ready (git-fixes). - net: hns3: add netdev reset check for hns3_set_tunable() (git-fixes). - net: hns3: fix the concurrency between functions reading debugfs (git-fixes). - net: ipa: get rid of a duplicate initialization (git-fixes). - net: ipa: kill ipa_cmd_pipeline_clear() (git-fixes). - net: ipa: record proper RX transaction count (git-fixes). - net: macb: Fix PTP one step sync support (git-fixes). - net: macb: Increment rx bd head after allocating skb and buffer (git-fixes). - net: mana: Add rmb after checking owner bits (git-fixes). - net: mana: Add support of XDP_REDIRECT action (bug#1201310, jsc#PED-529). - net: mana: Add the Linux MANA PF driver (bug#1201309, jsc#PED-529). - net: mdio: Fix ENOMEM return value in BCM6368 mux bus controller (git-fixes). - net: mscc: ocelot: avoid corrupting hardware counters when moving VCAP filters (git-fixes). - net: mscc: ocelot: fix all IP traffic getting trapped to CPU with PTP over IP (git-fixes). - net: mscc: ocelot: fix broken IP multicast flooding (git-fixes). - net: mscc: ocelot: fix last VCAP IS1/IS2 filter persisting in hardware when deleted (git-fixes). - net: mscc: ocelot: fix missing unlock on error in ocelot_hwstamp_set() (git-fixes). - net: mscc: ocelot: fix VCAP IS2 filters matching on both lookups (git-fixes). - net: mscc: ocelot: restrict tc-trap actions to VCAP IS2 lookup 0 (git-fixes). - net: phy: aquantia: wait for the suspend/resume operations to finish (git-fixes). - net: phy: at803x: move page selection fix to config_init (git-fixes). - net: phy: Do not WARN for PHY_UP state in mdio_bus_phy_resume() (git-fixes). - net: sparx5: depends on PTP_1588_CLOCK_OPTIONAL (git-fixes). - net: sparx5: uses, depends on BRIDGE or !BRIDGE (git-fixes). - net: stmmac: dwmac-qcom-ethqos: add platform level clocks management (git-fixes). - net: stmmac: dwmac-qcom-ethqos: Enable RGMII functional clock on resume (git-fixes). - net: stmmac: dwmac-sun8i: add missing of_node_put() in sun8i_dwmac_register_mdio_mux() (git-fixes). - net: stmmac: enhance XDP ZC driver level switching performance (git-fixes). - net: stmmac: fix out-of-bounds access in a selftest (git-fixes). - net: stmmac: Fix unset max_speed difference between DT and non-DT platforms (git-fixes). - net: stmmac: only enable DMA interrupts when ready (git-fixes). - net: stmmac: perserve TX and RX coalesce value during XDP setup (git-fixes). - net: stmmac: remove unused get_addr() callback (git-fixes). - net: stmmac: Use readl_poll_timeout_atomic() in atomic state (git-fixes). - net: systemport: Fix an error handling path in bcm_sysport_probe() (git-fixes). - net: thunderbolt: Enable DMA paths only after rings are enabled (git-fixes). - net: usb: qmi_wwan: add Quectel RM520N (git-fixes). - net: wwan: iosm: Call mutex_init before locking it (git-fixes). - net: wwan: iosm: remove pointless null check (git-fixes). - net/mlx5: CT: Fix header-rewrite re-use for tupels (git-fixes). - net/mlx5: Drain fw_reset when removing device (git-fixes). - net/mlx5e: Block rx-gro-hw feature in switchdev mode (git-fixes). - net/mlx5e: Properly block HW GRO when XDP is enabled (git-fixes). - net/mlx5e: Properly block LRO when XDP is enabled (git-fixes). - net/mlx5e: Remove HW-GRO from reported features (git-fixes). - net/mlx5e: TC NIC mode, fix tc chains miss table (git-fixes). - net/qla3xxx: Fix a test in ql_reset_work() (git-fixes). - net/sunrpc: fix potential memory leaks in rpc_sysfs_xprt_state_change() (git-fixes). - NFS: Do not decrease the value of seq_nr_highest_sent (git-fixes). - NFS: fix problems with __nfs42_ssc_open (git-fixes). - NFS: Fix races in the legacy idmapper upcall (git-fixes). - NFS: Fix WARN_ON due to unionization of nfs_inode.nrequests (git-fixes). - NFS: Handle NFS4ERR_DELAY replies to OP_SEQUENCE correctly (git-fixes). - NFS: LOOKUP_DIRECTORY is also ok with symlinks (git-fixes). - NFS: RECLAIM_COMPLETE must handle EACCES (git-fixes). - NFS: Turn off open-by-filehandle and NFS re-export for NFSv4.0 (git-fixes). - NFS: Update mode bits after ALLOCATE and DEALLOCATE (git-fixes). - NFSD: Clean up the show_nf_flags() macro (git-fixes). - NFSD: eliminate the NFSD_FILE_BREAK_* flags (git-fixes). - NFSD: Fix offset type in I/O trace points (git-fixes). - NFSD: Report RDMA connection errors to the server (git-fixes). - NFSD: restore EINVAL error translation in nfsd_commit() (git-fixes). - of/device: Fix up of_dma_configure_id() stub (git-fixes). - of/fdt: fix off-by-one error in unflatten_dt_nodes() (git-fixes). - parisc/sticon: fix reverse colors (bsc#1152489) - parisc/stifb: Fix fb_is_primary_device() only available with (bsc#1152489) - parisc/stifb: Implement fb_is_primary_device() (bsc#1152489) - parisc/stifb: Keep track of hardware path of graphics card (bsc#1152489) - PCI: Correct misspelled words (git-fixes). - PCI: Disable MSI for Tegra234 Root Ports (git-fixes). - PCI: Prefer 'unsigned int' over bare 'unsigned' (git-fixes). - PCI/ASPM: Make Intel DG2 L1 acceptable latency unlimited (jsc#PED-387). - pinctrl: qcom: sc8180x: Fix gpio_wakeirq_map (git-fixes). - pinctrl: qcom: sc8180x: Fix wrong pin numbers (git-fixes). - pinctrl: sunxi: Fix name for A100 R_PIO (git-fixes). - platform/surface: aggregator_registry: Add support for Surface Laptop Go 2 (git-fixes). - platform/x86: acer-wmi: Acer Aspire One AOD270/Packard Bell Dot keymap fixes (git-fixes). - platform/x86: i2c-multi-instantiate: Rename it for a generic serial driver name (bsc#1203699). - platform/x86: serial-multi-instantiate: Add CLSA0101 Laptop (bsc#1203699). - platform/x86: serial-multi-instantiate: Add SPI support (bsc#1203699). - platform/x86: serial-multi-instantiate: Reorganize I2C functions (bsc#1203699). - powerpc/pseries/vas: Pass hw_cpu_id to node associativity HCALL (bsc#1194869). - ppc64/kdump: Limit kdump base to 512MB (bsc#1203410 ltc#199904). - regulator: core: Clean up on enable failure (git-fixes). - regulator: pfuze100: Fix the global-out-of-bounds access in pfuze100_regulator_probe() (git-fixes). - regulator: qcom_rpm: Fix circular deferral regression (git-fixes). - reset: imx7: Fix the iMX8MP PCIe PHY PERST support (git-fixes). - s390: fix double free of GS and RI CBs on fork() failure (bsc#1203197 LTC#199895). - s390/boot: fix absolute zero lowcore corruption on boot (git-fixes). - scsi: core: Add BLIST_NO_ASK_VPD_SIZE for some VDASD (bsc#1203039). - scsi: lpfc: Add missing destroy_workqueue() in error path (bsc#1203939). - scsi: lpfc: Add missing free iocb and nlp kref put for early return VMID cases (bsc#1203939). - scsi: lpfc: Add reporting capability for Link Degrade Signaling (bsc#1203939). - scsi: lpfc: Fix FLOGI ACC with wrong SID in PT2PT topology (bsc#1203939). - scsi: lpfc: Fix mbuf pool resource detected as busy at driver unload (bsc#1203939). - scsi: lpfc: Fix multiple NVMe remoteport registration calls for the same NPort ID (bsc#1203939). - scsi: lpfc: Fix prli_fc4_req checks in PRLI handling (bsc#1203939). - scsi: lpfc: Fix various issues reported by tools (bsc#1203939). - scsi: lpfc: Move scsi_host_template outside dynamically allocated/freed phba (bsc#1185032 bsc#1203939). - scsi: lpfc: Remove the unneeded result variable (bsc#1203939). - scsi: lpfc: Remove unneeded result variable (bsc#1203939). - scsi: lpfc: Rename mp/bmp dma buffers to rq/rsp in lpfc_fdmi_cmd (bsc#1203939). - scsi: lpfc: Return DID_TRANSPORT_DISRUPTED instead of DID_REQUEUE (bsc#1203939). - scsi: lpfc: Rework FDMI attribute registration for unintential padding (bsc#1203939). - scsi: lpfc: Rework lpfc_fdmi_cmd() routine for cleanup and consistency (bsc#1203939). - scsi: lpfc: Update congestion mode logging for Emulex SAN Manager application (bsc#1203939). - scsi: lpfc: Update lpfc version to 14.2.0.7 (bsc#1203939). - scsi: mpt3sas: Fix use-after-free warning (git-fixes). - scsi: qla2xxx: Add debugfs create/delete helpers (bsc#1203935). - scsi: qla2xxx: Add NVMe parameters support in Auxiliary Image Status (bsc#1203935). - scsi: qla2xxx: Always wait for qlt_sess_work_fn() from qlt_stop_phase1() (bsc#1203935). - scsi: qla2xxx: Avoid flush_scheduled_work() usage (bsc#1203935). - scsi: qla2xxx: Define static symbols (bsc#1203935). - scsi: qla2xxx: Disable ATIO interrupt coalesce for quad port ISP27XX (bsc#1203935). - scsi: qla2xxx: Drop DID_TARGET_FAILURE use (bsc#1203935). - scsi: qla2xxx: Enhance driver tracing with separate tunable and more (bsc#1203935). - scsi: qla2xxx: Fix disk failure to rediscover (git-fixes). - scsi: qla2xxx: Fix memory leak in __qlt_24xx_handle_abts() (bsc#1203935). - scsi: qla2xxx: Fix response queue handler reading stale packets (bsc#1203935). - scsi: qla2xxx: Fix spelling mistake 'definiton' 'definition' (bsc#1203935). - scsi: qla2xxx: Log message 'skipping scsi_scan_host()' as informational (bsc#1203935). - scsi: qla2xxx: Remove unused declarations for qla2xxx (bsc#1203935). - scsi: qla2xxx: Remove unused del_sess_list field (bsc#1203935). - scsi: qla2xxx: Remove unused qlt_tmr_work() (bsc#1203935). - scsi: qla2xxx: Revert 'scsi: qla2xxx: Fix response queue handler reading stale packets' (bsc#1203935). - scsi: qla2xxx: Update version to 10.02.07.900-k (bsc#1203935). - scsi: Revert 'scsi: qla2xxx: Fix disk failure to rediscover' (git-fixes). - scsi: smartpqi: Add module param to disable managed ints (bsc#1203893). - scsi: smartpqi: Shorten drive visibility after removal (bsc#1200622). - selftests: Fix the if conditions of in test_extra_filter() (git-fixes). - selftests: forwarding: add shebang for sch_red.sh (git-fixes). - selftests: forwarding: Fix failing tests with old libnet (git-fixes). - serial: atmel: remove redundant assignment in rs485_config (git-fixes). - serial: Create uart_xmit_advance() (git-fixes). - serial: fsl_lpuart: Reset prior to registration (git-fixes). - serial: tegra-tcu: Use uart_xmit_advance(), fixes icount.tx accounting (git-fixes). - serial: tegra: Use uart_xmit_advance(), fixes icount.tx accounting (git-fixes). - soc: sunxi: sram: Actually claim SRAM regions (git-fixes). - soc: sunxi: sram: Fix debugfs info for A64 SRAM C (git-fixes). - soc: sunxi: sram: Prevent the driver from being unbound (git-fixes). - spi: Add API to count spi acpi resources (bsc#1203699). - spi: Create helper API to lookup ACPI info for spi device (bsc#1203699). - spi: dw: Fix PM disable depth imbalance in dw_spi_bt1_probe (git-fixes). - spi: meson-spicc: do not rely on busy flag in pow2 clk ops (git-fixes). - spi: mt7621: Fix an error message in mt7621_spi_probe() (git-fixes). - spi: propagate error code to the caller of acpi_spi_device_alloc() (bsc#1203699). - spi: qup: add missing clk_disable_unprepare on error in spi_qup_pm_resume_runtime() (git-fixes). - spi: qup: add missing clk_disable_unprepare on error in spi_qup_resume() (git-fixes). - spi: Return deferred probe error when controller isn't yet available (bsc#1203699). - spi: s3c64xx: Fix large transfers with DMA (git-fixes). - spi: Support selection of the index of the ACPI Spi Resource before alloc (bsc#1203699). - spi/omap100k:Fix PM disable depth imbalance in omap1_spi100k_probe (git-fixes). - struct ehci_hcd: hide new element going into a hole (git-fixes). - struct xhci_hcd: restore member now dynamically allocated (git-fixes). - SUNRPC: Do not call connect() more than once on a TCP socket (git-fixes). - SUNRPC: Do not leak sockets in xs_local_connect() (git-fixes). - SUNRPC: fix expiry of auth creds (git-fixes). - SUNRPC: Fix xdr_encode_bool() (git-fixes). - SUNRPC: Reinitialise the backchannel request buffers before reuse (git-fixes). - SUNRPC: RPC level errors should set task->tk_rpc_status (git-fixes). - thunderbolt: Add support for Intel Maple Ridge single port controller (git-fixes). - tracing: hold caller_addr to hardirq_{enable,disable}_ip (git-fixes). - tty: serial: atmel: Preserve previous USART mode if RS485 disabled (git-fixes). - USB: Add ignore-residue quirk for NXP PN7462AU (git-fixes). - USB: add quirks for Lenovo OneLink+ Dock (git-fixes). - USB: cdc-acm: Add Icom PMR F3400 support (0c26:0020) (git-fixes). - USB: core: Fix RST error in hub.c (git-fixes). - USB: core: Prevent nested device-reset calls (git-fixes). - USB: Drop commas after SoC match table sentinels (git-fixes). - USB: dwc3: core: leave default DMA if the controller does not support 64-bit DMA (git-fixes). - USB: dwc3: disable USB core PHY management (git-fixes). - USB: dwc3: gadget: Avoid starting DWC3 gadget during UDC unbind (git-fixes). - USB: dwc3: gadget: Do not modify GEVNTCOUNT in pullup() (git-fixes). - USB: dwc3: gadget: Refactor pullup() (git-fixes). - USB: dwc3: pci: Add support for Intel Raptor Lake (git-fixes). - USB: Fix ehci infinite suspend-resume loop issue in zhaoxin (git-fixes). - USB: Fix memory leak in usbnet_disconnect() (git-fixes). - USB: host: xhci: fix a comment typo in xhci_mem_init() (git-fixes). - USB: host: xhci: use ffs() in xhci_mem_init() (git-fixes). - USB: hub: avoid warm port reset during USB3 disconnect (git-fixes). - USB: serial: cp210x: add Decagon UCA device id (git-fixes). - USB: serial: ftdi_sio: add Omron CS1W-CIF31 device id (git-fixes). - USB: serial: option: add Quectel BG95 0x0203 composition (git-fixes). - USB: serial: option: add Quectel EM060K modem (git-fixes). - USB: serial: option: add Quectel RM520N (git-fixes). - USB: serial: option: add support for Cinterion MV32-WA/WB RmNet mode (git-fixes). - USB: serial: option: add support for OPPO R11 diag port (git-fixes). - USB: storage: Add ASUS 0x0b05:0x1932 to IGNORE_UAS (git-fixes). - USB: struct usb_device: hide new member (git-fixes). - USB: typec: intel_pmc_mux: Add new ACPI ID for Meteor Lake IOM device (git-fixes). - USB: typec: tipd: Add an additional overflow check (git-fixes). - USB: typec: tipd: Do not read/write more bytes than required (git-fixes). - USB: typec: ucsi: Remove incorrect warning (git-fixes). - USB: xhci-mtk: relax TT periodic bandwidth allocation (git-fixes). - vfio/type1: Unpin zero pages (git-fixes). - vhost/vsock: Use kvmalloc/kvfree for larger packets (git-fixes). - video: fbdev: i740fb: Error out if 'pixclock' equals zero (git-fixes). - video: fbdev: pxa3xx-gcu: Fix integer overflow in pxa3xx_gcu_write (git-fixes). - virt: Add SEV-SNP guest driver (jsc#SLE-19924, jsc#SLE-24814). - virt: sevguest: Add documentation for SEV-SNP CPUID Enforcement (jsc#SLE-19924, jsc#SLE-24814). - virt: sevguest: Add support to derive key (jsc#SLE-19924, jsc#SLE-24814). - virt: sevguest: Add support to get extended report (jsc#SLE-19924, jsc#SLE-24814). - virt: sevguest: Fix bool function returning negative value (jsc#SLE-19924, jsc#SLE-24814). - virt: sevguest: Fix return value check in alloc_shared_pages() (jsc#SLE-19924, jsc#SLE-24814). - vrf: fix packet sniffing for traffic originating from ip tunnels (git-fixes). - vt: Clear selection before changing the font (git-fixes). - watchdog: wdat_wdt: Set the min and max timeout values properly (bsc#1194023). - wifi: ath10k: add peer map clean up for peer delete in ath10k_sta_state() (git-fixes). - wifi: ath11k: fix number of VHT beamformee spatial streams (git-fixes). - wifi: iwlegacy: 4965: corrected fix for potential off-by-one overflow in il4965_rs_fill_link_cmd() (git-fixes). - wifi: mac80211_hwsim: check length for virtio packets (git-fixes). - wifi: mac80211: allow bw change during channel switch in mesh (git-fixes). - wifi: mac80211: fix regression with non-QoS drivers (git-fixes). - wifi: mac80211: Fix UAF in ieee80211_scan_rx() (git-fixes). - wifi: mt76: fix reading current per-tid starting sequence number for aggregation (git-fixes). - wifi: mt76: mt7615: add mt7615_mutex_acquire/release in mt7615_sta_set_decap_offload (git-fixes). - wifi: mt76: mt7915: do not check state before configuring implicit beamform (git-fixes). - wifi: mt76: sdio: fix transmitting packet hangs (git-fixes). - wifi: rtl8xxxu: Fix AIFS written to REG_EDCA_*_PARAM (git-fixes). - wifi: rtl8xxxu: Fix skb misuse in TX queue selection (git-fixes). - wifi: rtl8xxxu: gen2: Fix mistake in path B IQ calibration (git-fixes). - wifi: rtl8xxxu: Improve rtl8xxxu_queue_select (git-fixes). - wifi: rtl8xxxu: Remove copy-paste leftover in gen2_update_rate_mask (git-fixes). - wifi: rtl8xxxu: tighten bounds checking in rtl8xxxu_read_efuse() (git-fixes). - wifi: rtlwifi: 8192de: correct checking of IQK reload (git-fixes). - wifi: rtw88: add missing destroy_workqueue() on error path in rtw_core_init() (git-fixes). - workqueue: do not skip lockdep work dependency in cancel_work_sync() (git-fixes). - x86/boot: Add a pointer to Confidential Computing blob in bootparams (jsc#SLE-19924, jsc#SLE-24814). - x86/boot: Add Confidential Computing type to setup_data (jsc#SLE-19924, jsc#SLE-24814). - x86/boot: Introduce helpers for MSR reads/writes (jsc#SLE-19924, jsc#SLE-24814). - x86/boot: Put globals that are accessed early into the .data section (jsc#SLE-19924, jsc#SLE-24814). - x86/boot: Use MSR read/write helpers instead of inline assembly (jsc#SLE-19924, jsc#SLE-24814). - x86/compressed: Add helper for validating pages in the decompression stage (jsc#SLE-19924, jsc#SLE-24814). - x86/compressed: Add SEV-SNP feature detection/setup (jsc#SLE-19924, jsc#SLE-24814). - x86/compressed: Export and rename add_identity_map() (jsc#SLE-19924, jsc#SLE-24814). - x86/compressed: Register GHCB memory when SEV-SNP is active (jsc#SLE-19924, jsc#SLE-24814). - x86/compressed: Use firmware-validated CPUID leaves for SEV-SNP guests (jsc#SLE-19924, jsc#SLE-24814). - x86/compressed/64: Add identity mapping for Confidential Computing blob (jsc#SLE-19924, jsc#SLE-24814). - x86/compressed/64: Add support for SEV-SNP CPUID table in #VC handlers (jsc#SLE-19924, jsc#SLE-24814). - x86/compressed/64: Detect/setup SEV/SME features earlier during boot (jsc#SLE-19924, jsc#SLE-24814). - x86/compressed/acpi: Move EFI config table lookup to helper (jsc#SLE-19924, jsc#SLE-24814). - x86/compressed/acpi: Move EFI detection to helper (jsc#SLE-19924, jsc#SLE-24814). - x86/compressed/acpi: Move EFI kexec handling into common code (jsc#SLE-19924, jsc#SLE-24814). - x86/compressed/acpi: Move EFI system table lookup to helper (jsc#SLE-19924, jsc#SLE-24814). - x86/compressed/acpi: Move EFI vendor table lookup to helper (jsc#SLE-19924, jsc#SLE-24814). - x86/head/64: Re-enable stack protection (jsc#SLE-19924, jsc#SLE-24814). - x86/ibt,ftrace: Make function-graph play nice (bsc#1203969). - x86/kernel: Mark the .bss..decrypted section as shared in the RMP table (jsc#SLE-19924, jsc#SLE-24814). - x86/kernel: Validate ROM memory before accessing when SEV-SNP is active (jsc#SLE-19924, jsc#SLE-24814). - x86/kexec: fix memory leak of elf header buffer (bsc#1196444). - x86/mm: Extend cc_attr to include AMD SEV-SNP (jsc#SLE-19924, jsc#SLE-24814). - x86/mm: Validate memory when changing the C-bit (jsc#SLE-19924, jsc#SLE-24814). - x86/sev: Add a helper for the PVALIDATE instruction (jsc#SLE-19924, jsc#SLE-24814). - x86/sev: Add a sev= cmdline option (jsc#SLE-19924, jsc#SLE-24814). - x86/sev: Add helper for validating pages in early enc attribute changes (jsc#SLE-19924, jsc#SLE-24814). - x86/sev: Add missing __init annotations to SEV init routines (jsc#SLE-19924 jsc#SLE-24814). - x86/sev: Add SEV-SNP feature detection/setup (jsc#SLE-19924, jsc#SLE-24814). - x86/sev: Check SEV-SNP features support (jsc#SLE-19924, jsc#SLE-24814). - x86/sev: Check the VMPL level (jsc#SLE-19924, jsc#SLE-24814). - x86/sev: Detect/setup SEV/SME features earlier in boot (jsc#SLE-19924, jsc#SLE-24814). - x86/sev: Get the AP jump table address from secrets page (jsc#SLE-19924, jsc#SLE-24814). - x86/sev: Move MSR-based VMGEXITs for CPUID to helper (jsc#SLE-19924, jsc#SLE-24814). - x86/sev: Provide support for SNP guest request NAEs (jsc#SLE-19924, jsc#SLE-24814). - x86/sev: Register GHCB memory when SEV-SNP is active (jsc#SLE-19924, jsc#SLE-24814). - x86/sev: Register SEV-SNP guest request platform device (jsc#SLE-19924, jsc#SLE-24814). - x86/sev: Use firmware-validated CPUID for SEV-SNP guests (jsc#SLE-19924, jsc#SLE-24814). - x86/sev: Use SEV-SNP AP creation to start secondary CPUs (jsc#SLE-19924, jsc#SLE-24814). - x86/xen: Remove undefined behavior in setup_features() (git-fixes). - xen-blkback: Advertise feature-persistent as user requested (git-fixes). - xen-blkback: Apply 'feature_persistent' parameter when connect (git-fixes). - xen-blkback: fix persistent grants negotiation (git-fixes). - xen-blkfront: Advertise feature-persistent as user requested (git-fixes). - xen-blkfront: Apply 'feature_persistent' parameter when connect (git-fixes). - xen-blkfront: Cache feature_persistent value before advertisement (git-fixes). - xen-blkfront: Handle NULL gendisk (git-fixes). - xen-netback: only remove 'hotplug-status' when the vif is actually destroyed (git-fixes). - xen/gntdev: Avoid blocking in unmap_grant_pages() (git-fixes). - xen/gntdev: Ignore failure to unmap INVALID_GRANT_HANDLE (git-fixes). - xen/grants: prevent integer overflow in gnttab_dma_alloc_pages() (git-fixes). - xen/usb: do not use arbitrary_virt_to_machine() (git-fixes). - xhci: Allocate separate command structures for each LPM command (git-fixes). ----------------------------------------------------------------- Advisory ID: SUSE-feature-2022:3845-1 Released: Wed Nov 2 07:22:59 2022 Summary: Feature update for grub2 Type: feature Severity: important References: 1196668,1201361 This feature update for grub2 fixes the following issues: - Include loopback into signed grub2 image (jsc#PED-2151, jsc#PED-2150) - Enable 'Automatic TPM Disk Unlock' mechanism (jsc#PED-1423, jsc#PED-1091, bsc#1196668) - Fix installation failure due to unavailable nvram device on ppc64le (bsc#1201361) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3870-1 Released: Fri Nov 4 11:12:08 2022 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1190651,1202148 This update for openssl-1_1 fixes the following issues: - FIPS: Add a missing dependency on jitterentropy-devel for libopenssl-1_1-devel (bsc#1202148) - FIPS: OpenSSL service-level indicator: Allow AES XTS 256 (bsc#1190651) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3884-1 Released: Mon Nov 7 10:59:26 2022 Summary: Security update for expat Type: security Severity: important References: 1204708,CVE-2022-43680 This update for expat fixes the following issues: - CVE-2022-43680: Fixed use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate (bsc#1204708). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3885-1 Released: Mon Nov 7 11:32:04 2022 Summary: Recommended update for gnutls Type: recommended Severity: moderate References: 1203299 This update for gnutls fixes the following issues: - Fix AVX CPU feature detection for OSXSAVE (bsc#1203299) This fixes a SIGILL termination at the verzoupper instruction when trying to run GnuTLS on a Linux kernel with the noxsave command line parameter set. Relevant mostly for virtual systems. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3900-1 Released: Tue Nov 8 10:47:55 2022 Summary: Recommended update for docker Type: recommended Severity: moderate References: 1200022 This update for docker fixes the following issues: - Fix a crash-on-start issue with dockerd (bsc#1200022) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3904-1 Released: Tue Nov 8 10:52:13 2022 Summary: Recommended update for openssh Type: recommended Severity: moderate References: 1192439 This update for openssh fixes the following issue: - Prevent empty messages from being sent. (bsc#1192439) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3910-1 Released: Tue Nov 8 13:05:04 2022 Summary: Recommended update for pam Type: recommended Severity: moderate References: This update for pam fixes the following issue: - Update pam_motd to the most current version. (PED-1712) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3917-1 Released: Tue Nov 8 16:41:28 2022 Summary: Recommended update for python-azure-agent Type: recommended Severity: moderate References: 1203164,1203181 This update for python-azure-agent fixes the following issues: - Properly set OS.EnableRDMA flag (bsc#1203181) - Update to version 2.8.0.11 (bsc#1203164) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3922-1 Released: Wed Nov 9 09:03:33 2022 Summary: Security update for protobuf Type: security Severity: important References: 1194530,1203681,1204256,CVE-2021-22569,CVE-2022-1941,CVE-2022-3171 This update for protobuf fixes the following issues: - CVE-2021-22569: Fixed Denial of Service in protobuf-java in the parsing procedure for binary data (bsc#1194530). - CVE-2022-1941: Fix a potential DoS issue in protobuf-cpp and protobuf-python (bsc#1203681) - CVE-2022-3171: Fix a potential DoS issue when parsing with binary data in protobuf-java (bsc#1204256) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3927-1 Released: Wed Nov 9 14:55:47 2022 Summary: Recommended update for runc Type: recommended Severity: moderate References: 1202021,1202821 This update for runc fixes the following issues: - Update to runc v1.1.4 (bsc#1202021) - Fix failed exec after systemctl daemon-reload (bsc#1202821) - Fix mounting via wrong proc - Fix 'permission denied' error from runc run on noexec filesystem ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3961-1 Released: Mon Nov 14 07:33:50 2022 Summary: Recommended update for zlib Type: recommended Severity: important References: 1203652 This update for zlib fixes the following issues: - Fix updating strm.adler with inflate() if DFLTCC is used (bsc#1203652) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3974-1 Released: Mon Nov 14 15:39:20 2022 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1201959,1204211 This update for util-linux fixes the following issues: - Fix file conflict during upgrade (bsc#1204211) - libuuid improvements (bsc#1201959, PED-1150): libuuid: Fix range when parsing UUIDs. Improve cache handling for short running applications-increment the cache size over runtime. Implement continuous clock handling for time based UUIDs. Check clock value from clock file to provide seamless libuuid. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3985-1 Released: Tue Nov 15 12:54:11 2022 Summary: Recommended update for python-apipkg Type: recommended Severity: moderate References: 1204145 This update fixes for python3-apipkg the following issues: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3991-1 Released: Tue Nov 15 13:54:13 2022 Summary: Security update for dhcp Type: security Severity: moderate References: 1203988,1203989,CVE-2022-2928,CVE-2022-2929 This update for dhcp fixes the following issues: - CVE-2022-2928: Fixed an option refcount overflow (bsc#1203988). - CVE-2022-2929: Fixed a DHCP memory leak (bsc#1203989). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3999-1 Released: Tue Nov 15 17:08:04 2022 Summary: Security update for systemd Type: security Severity: moderate References: 1204179,1204968,CVE-2022-3821 This update for systemd fixes the following issues: - CVE-2022-3821: Fixed buffer overrun in format_timespan() function (bsc#1204968). - Import commit 0cd50eedcc0692c1f907b24424215f8db7d3b428 * 0469b9f2bc pstore: do not try to load all known pstore modules * ad05f54439 pstore: Run after modules are loaded * ccad817445 core: Add trigger limit for path units * 281d818fe3 core/mount: also add default before dependency for automount mount units * ffe5b4afa8 logind: fix crash in logind on user-specified message string - Document udev naming scheme (bsc#1204179) - Make 'sle15-sp3' net naming scheme still available for backward compatibility reason ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4001-1 Released: Tue Nov 15 17:08:52 2022 Summary: Security update for sudo Type: security Severity: important References: 1204986,CVE-2022-43995 This update for sudo fixes the following issues: - CVE-2022-43995: Fixed a potential heap-based buffer over-read when entering a password of seven characters or fewer and using the crypt() password backend (bsc#1204986). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4007-1 Released: Wed Nov 16 09:12:44 2022 Summary: Security update for xen Type: security Severity: important References: 1027519,1193923,1203806,1203807,1204482,1204483,1204485,1204487,1204488,1204489,1204490,1204494,1204496,CVE-2022-33746,CVE-2022-33747,CVE-2022-33748,CVE-2022-42309,CVE-2022-42310,CVE-2022-42311,CVE-2022-42312,CVE-2022-42313,CVE-2022-42314,CVE-2022-42315,CVE-2022-42316,CVE-2022-42317,CVE-2022-42318,CVE-2022-42319,CVE-2022-42320,CVE-2022-42321,CVE-2022-42322,CVE-2022-42323,CVE-2022-42325,CVE-2022-42326,CVE-2022-42327 This update for xen fixes the following issues: - CVE-2022-33746: Fixed DoS due to excessively long P2M pool freeing (bsc#1203806). - CVE-2022-33748: Fixed DoS due to race in locking (bsc#1203807). - CVE-2022-42311, CVE-2022-42312, CVE-2022-42313, CVE-2022-42314, CVE-2022-42315, CVE-2022-42316, CVE-2022-42317, CVE-2022-42318: xen: Xenstore: Guests can let xenstored run out of memory (bsc#1204482) - CVE-2022-42309: xen: Xenstore: Guests can crash xenstored (bsc#1204485) - CVE-2022-42310: xen: Xenstore: Guests can create orphaned Xenstore nodes (bsc#1204487) - CVE-2022-42319: xen: Xenstore: Guests can cause Xenstore to not free temporary memory (bsc#1204488) - CVE-2022-42320: xen: Xenstore: Guests can get access to Xenstore nodes of deleted domains (bsc#1204489) - CVE-2022-42321: xen: Xenstore: Guests can crash xenstored via exhausting the stack (bsc#1204490) - CVE-2022-42322,CVE-2022-42323: xen: Xenstore: cooperating guests can create arbitrary numbers of nodes (bsc#1204494) - CVE-2022-42325,CVE-2022-42326: xen: Xenstore: Guests can create arbitrary number of nodes via transactions (bsc#1204496) - xen: Frontends vulnerable to backends (bsc#1193923). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4019-1 Released: Wed Nov 16 15:44:20 2022 Summary: Recommended update for apparmor Type: recommended Severity: low References: 1202344 This update for apparmor fixes the following issues: - profiles: permit php-fpm pid files directly under run/ (bsc#1202344) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4020-1 Released: Wed Nov 16 15:45:13 2022 Summary: Recommended update for nfs-utils Type: recommended Severity: moderate References: 1199856,1202627 This update for nfs-utils fixes the following issues: - Fix nfsdcltrack bug that affected non-x86 archs (bsc#1202627) - Ensure sysctl setting work (bsc#1199856) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4041-1 Released: Thu Nov 17 04:55:47 2022 Summary: Recommended update for libuv Type: recommended Severity: moderate References: 1199062 This update for libuv fixes the following issues: - Remove epoll syscall wrappers. (bsc#1199062) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4062-1 Released: Fri Nov 18 09:05:07 2022 Summary: Recommended update for libusb-1_0 Type: recommended Severity: moderate References: 1201590 This update for libusb-1_0 fixes the following issues: - Fix regression where some devices no longer work if they have a configuration value of 0 (bsc#1201590) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4066-1 Released: Fri Nov 18 10:43:00 2022 Summary: Recommended update for timezone Type: recommended Severity: important References: 1177460,1202324,1204649,1205156 This update for timezone fixes the following issues: Update timezone version from 2022a to 2022f (bsc#1177460, bsc#1204649, bsc#1205156): - Mexico will no longer observe DST except near the US border - Chihuahua moves to year-round -06 on 2022-10-30 - Fiji no longer observes DST - In vanguard form, GMT is now a Zone and Etc/GMT a link - zic now supports links to links, and vanguard form uses this - Simplify four Ontario zones - Fix a Y2438 bug when reading TZif data - Enable 64-bit time_t on 32-bit glibc platforms - Omit large-file support when no longer needed - Jordan and Syria switch from +02/+03 with DST to year-round +03 - Palestine transitions are now Saturdays at 02:00 - Simplify three Ukraine zones into one - Improve tzselect on intercontinental Zones - Chile's DST is delayed by a week in September 2022 (bsc#1202324) - Iran no longer observes DST after 2022 - Rename Europe/Kiev to Europe/Kyiv - New `zic -R` command option - Vanguard form now uses %z ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4072-1 Released: Fri Nov 18 13:36:05 2022 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1065729,1071995,1152472,1152489,1188238,1194869,1196018,1196632,1199904,1200567,1200692,1200788,1202187,1202686,1202700,1202914,1203098,1203229,1203290,1203435,1203514,1203699,1203767,1203802,1203922,1204017,1204142,1204166,1204168,1204171,1204241,1204353,1204354,1204355,1204402,1204413,1204415,1204417,1204428,1204431,1204439,1204470,1204479,1204498,1204533,1204569,1204574,1204575,1204619,1204635,1204637,1204646,1204647,1204650,1204653,1204693,1204705,1204719,1204728,1204753,1204868,1204926,1204933,1204934,1204947,1204957,1204963,1204970,CVE-2022-1882,CVE-2022-2153,CVE-2022-28748,CVE-2022-2964,CVE-2022-2978,CVE-2022-3169,CVE-2022-33981,CVE-2022-3424,CVE-2022-3435,CVE-2022-3521,CVE-2022-3524,CVE-2022-3526,CVE-2022-3535,CVE-2022-3542,CVE-2022-3545,CVE-2022-3565,CVE-2022-3577,CVE-2022-3586,CVE-2022-3594,CVE-2022-3619,CVE-2022-3621,CVE-2022-3625,CVE-2022-3628,CVE-2022-3629,CVE-2022-3633,CVE-2022-3640,CVE-2022-3646,CVE-2022-3649,CVE-2022-40476,CVE-2022-40768,CVE-2022-42703,CV E-2022-43750 The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-28748: Fixed a leak of kernel memory over the network by ax88179_178a devices (bsc#1196018). - CVE-2022-1882: Fixed a use-after-free flaw in free_pipe_info() that could allow a local user to crash or potentially escalate their privileges on the system (bsc#1199904). - CVE-2022-2964: Fixed memory corruption issues in ax88179_178a devices (bnc#1202686). - CVE-2022-3169: Fixed an denial of service though request to NVME_IOCTL_RESET and NVME_IOCTL_SUBSYS_RESET (bsc#1203290). - CVE-2022-33981: Fixed a use-after-free in floppy driver (bnc#1200692). - CVE-2022-3424: Fixed use-after-free in gru_set_context_option(), gru_fault() and gru_handle_user_call_os() that could lead to kernel panic (bsc#1204166). - CVE-2022-3435: Fixed an out-of-bounds read in fib_nh_match() of the file net/ipv4/fib_semantics.c (bsc#1204171). - CVE-2022-3521: Fixed race condition in kcm_tx_work() in net/kcm/kcmsock.c (bnc#1204355). - CVE-2022-3524: Fixed memory leak in ipv6_renew_options() in the IPv6 handler (bnc#1204354). - CVE-2022-3526: Fixed a memory leak in macvlan_handle_frame() from drivers/net/macvlan.c (bnc#1204353). - CVE-2022-3545: Fixed use-after-free in area_cache_get() in drivers/net/ethernet/netronome/nfp/nfpcore/nfp_cppcore.c (bnc#1204415). - CVE-2022-3565: Fixed use-after-free in del_timer() in drivers/isdn/mISDN/l1oip_core.c (bnc#1204431). - CVE-2022-3621: Fixed null pointer dereference in nilfs_bmap_lookup_at_level() in fs/nilfs2/inode.c (bnc#1204574). - CVE-2022-3625: Fixed use-after-free in devlink_param_set()/devlink_param_get() in net/core/devlink.c (bnc#1204637). - CVE-2022-3628: Fixed potential buffer overflow in brcmf_fweh_event_worker() in wifi/brcmfmac (bsc#1204868). - CVE-2022-3640: Fixed use-after-free in l2cap_conn_del() in net/bluetooth/l2cap_core.c (bnc#1204619). - CVE-2022-3646: Fixed memory leak in nilfs_attach_log_writer() in fs/nilfs2/segment.c (bnc#1204646). - CVE-2022-40476: Fixed a null pointer dereference in fs/io_uring.c (bnc#1203435). - CVE-2022-40768: Fixed information disclosure in stex_queuecommand_lck (bnc#1203514). - CVE-2022-43750: Fixed vulnerability in usbmon that allowed a user-space client to corrupt the monitor's internal memory (bnc#1204653). The following non-security bugs were fixed: - acpi: APEI: do not add task_work to kernel thread to avoid memory leak (git-fixes). - acpi: HMAT: Release platform device in case of platform_device_add_data() fails (git-fixes). - acpi: extlog: Handle multiple records (git-fixes). - acpi: tables: FPDT: Do not call acpi_os_map_memory() on invalid phys address (git-fixes). - acpi: video: Add Toshiba Satellite/Portege Z830 quirk (git-fixes). - acpi: video: Make backlight class device registration a separate step (v2) (git-fixes). - acpi: x86: Add a quirk for Dell Inspiron 14 2-in-1 for StorageD3Enable (git-fixes). - alsa: Use del_timer_sync() before freeing timer (git-fixes). - alsa: ac97: fix possible memory leak in snd_ac97_dev_register() (git-fixes). - alsa: aoa: Fix I2S device accounting (git-fixes). - alsa: aoa: i2sbus: fix possible memory leak in i2sbus_add_dev() (git-fixes). - alsa: asihpi - Remove useless code in hpi_meter_get_peak() (git-fixes). - alsa: au88x0: use explicitly signed char (git-fixes). - alsa: dmaengine: increment buffer pointer atomically (git-fixes). - alsa: hda/cs_dsp_ctl: Fix mutex inversion when creating controls (bsc#1203699). - alsa: hda/hdmi: Do not skip notification handling during PM operation (git-fixes). - alsa: hda/hdmi: Fix the converter allocation for the silent stream (git-fixes). - alsa: hda/hdmi: Fix the converter reuse for the silent stream (git-fixes). - alsa: hda/hdmi: change type for the 'assigned' variable (git-fixes). - alsa: hda/realtek: Add Intel Reference SSID to support headset keys (git-fixes). - alsa: hda/realtek: Add another HP ZBook G9 model quirks (bsc#1203699). - alsa: hda/realtek: Add quirk for ASUS GV601R laptop (git-fixes). - alsa: hda/realtek: Add quirk for ASUS Zenbook using CS35L41 (bsc#1203922). - alsa: hda/realtek: Correct pin configs for ASUS G533Z (git-fixes). - alsa: hda/realtek: remove ALC289_FIXUP_DUAL_SPK for Dell 5530 (git-fixes). - alsa: hda: Fix position reporting on Poulsbo (git-fixes). - alsa: hda: cs35l41: Remove suspend/resume hda hooks (bsc#1203699). - alsa: hda: cs35l41: Support System Suspend (bsc#1203699). - alsa: hda: hda_cs_dsp_ctl: Ensure pwr_lock is held before reading/writing controls (bsc#1203699). - alsa: hda: hda_cs_dsp_ctl: Minor clean and redundant code removal (bsc#1203699). - alsa: hiface: fix repeated words in comments (git-fixes). - alsa: line6: Replace sprintf() with sysfs_emit() (git-fixes). - alsa: line6: remove line6_set_raw declaration (git-fixes). - alsa: oss: Fix potential deadlock at unregistration (git-fixes). - alsa: rawmidi: Drop register_mutex in snd_rawmidi_free() (git-fixes). - alsa: rme9652: use explicitly signed char (git-fixes). - alsa: scarlett2: Add Focusrite Clarett+ 8Pre support (git-fixes). - alsa: scarlett2: Add support for the internal 'standalone' switch (git-fixes). - alsa: scarlett2: Split scarlett2_config_items[] into 3 sections (git-fixes). - alsa: usb-audio: Add mixer mapping for Gigabyte B450/550 Mobos (git-fixes). - alsa: usb-audio: Add quirk to enable Avid Mbox 3 support (git-fixes). - alsa: usb-audio: Add quirks for M-Audio Fast Track C400/600 (git-fixes). - alsa: usb-audio: Fix NULL dererence at error path (git-fixes). - alsa: usb-audio: Fix last interface check for registration (git-fixes). - alsa: usb-audio: Fix potential memory leaks (git-fixes). - alsa: usb-audio: Fix regression with Dell Dock jack detection (bsc#1204719). - alsa: usb-audio: Register card at the last interface (git-fixes). - alsa: usb-audio: make read-only array marker static const (git-fixes). - alsa: usb-audio: remove redundant assignment to variable c (git-fixes). - alsa: usb-audio: scarlett2: Use struct_size() helper in scarlett2_usb() (git-fixes). - alsa: usb/6fire: fix repeated words in comments (git-fixes). - arm64/bti: Disable in kernel BTI when cross section thunks are broken (git-fixes) - arm64/mm: Consolidate TCR_EL1 fields (git-fixes). - arm64: dts: imx8mp: Add snps,gfladj-refclk-lpm-sel quirk to USB nodes (git-fixes). - arm64: dts: imx8mq-librem5: Add bq25895 as max17055's power supply (git-fixes). - arm64: dts: qcom: sc7280: Cleanup the lpasscc node (git-fixes). - arm64: dts: ti: k3-j7200: fix main pinmux range (git-fixes). - arm64: ftrace: fix module PLTs with mcount (git-fixes). - arm64: mte: Avoid setting PG_mte_tagged if no tags cleared or restored (git-fixes). - arm64: topology: move store_cpu_topology() to shared code (git-fixes). - arm: 9242/1: kasan: Only map modules if CONFIG_KASAN_VMALLOC=n (git-fixes). - arm: 9244/1: dump: Fix wrong pg_level in walk_pmd() (git-fixes). - arm: 9247/1: mm: set readonly for MT_MEMORY_RO with ARM_LPAE (git-fixes). - arm: Drop CMDLINE_* dependency on ATAGS (git-fixes). - arm: decompressor: Include .data.rel.ro.local (git-fixes). - arm: defconfig: clean up multi_v4t and multi_v5 configs (git-fixes). - arm: defconfig: drop CONFIG_PTP_1588_CLOCK=y (git-fixes). - arm: defconfig: drop CONFIG_SERIAL_OMAP references (git-fixes). - arm: defconfig: drop CONFIG_USB_FSL_USB2 (git-fixes). - arm: dts: armada-38x: Add gpio-ranges for pin muxing (git-fixes). - arm: dts: exynos: correct s5k6a3 reset polarity on Midas family (git-fixes). - arm: dts: exynos: fix polarity of VBUS GPIO of Origen (git-fixes). - arm: dts: fix Moxa SDIO 'compatible', remove 'sdhci' misnomer (git-fixes). - arm: dts: imx6dl: add missing properties for sram (git-fixes). - arm: dts: imx6q: add missing properties for sram (git-fixes). - arm: dts: imx6qdl-kontron-samx6i: hook up DDC i2c bus (git-fixes). - arm: dts: imx6qp: add missing properties for sram (git-fixes). - arm: dts: imx6sl: add missing properties for sram (git-fixes). - arm: dts: imx6sll: add missing properties for sram (git-fixes). - arm: dts: imx6sx: add missing properties for sram (git-fixes). - arm: dts: imx7d-sdb: config the max pressure for tsc2046 (git-fixes). - arm: dts: integrator: Tag PCI host with device_type (git-fixes). - arm: dts: kirkwood: lsxl: fix serial line (git-fixes). - arm: dts: kirkwood: lsxl: remove first ethernet port (git-fixes). - arm: dts: turris-omnia: Add label for wan port (git-fixes). - arm: dts: turris-omnia: Fix mpp26 pin name and comment (git-fixes). - asoc: SOF: pci: Change DMI match info to support all Chrome platforms (git-fixes). - asoc: codecs: tx-macro: fix kcontrol put (git-fixes). - asoc: da7219: Fix an error handling path in da7219_register_dai_clks() (git-fixes). - asoc: eureka-tlv320: Hold reference returned from of_find_xxx API (git-fixes). - asoc: fsl_sai: Remove unnecessary FIFO reset in ISR (git-fixes). - asoc: mt6359: fix tests for platform_get_irq() failure (git-fixes). - asoc: mt6660: Fix PM disable depth imbalance in mt6660_i2c_probe (git-fixes). - asoc: qcom: lpass-cpu: Mark HDMI TX parity register as volatile (git-fixes). - asoc: qcom: lpass-cpu: mark HDMI TX registers as volatile (git-fixes). - asoc: rsnd: Add check for rsnd_mod_power_on (git-fixes). - asoc: tas2764: Allow mono streams (git-fixes). - asoc: tas2764: Drop conflicting set_bias_level power setting (git-fixes). - asoc: tas2764: Fix mute/unmute (git-fixes). - asoc: wcd9335: fix order of Slimbus unprepare/disable (git-fixes). - asoc: wcd934x: fix order of Slimbus unprepare/disable (git-fixes). - asoc: wm5102: Fix PM disable depth imbalance in wm5102_probe (git-fixes). - asoc: wm5110: Fix PM disable depth imbalance in wm5110_probe (git-fixes). - asoc: wm8997: Fix PM disable depth imbalance in wm8997_probe (git-fixes). - asoc: wm_adsp: Handle optional legacy support (git-fixes). - ata: ahci-imx: Fix MODULE_ALIAS (git-fixes). - ata: fix ata_id_has_devslp() (git-fixes). - ata: fix ata_id_has_dipm() (git-fixes). - ata: fix ata_id_has_ncq_autosense() (git-fixes). - ata: fix ata_id_sense_reporting_enabled() and ata_id_has_sense_reporting() (git-fixes). - ata: libahci_platform: Sanity check the DT child nodes number (git-fixes). - ata: pata_legacy: fix pdc20230_set_piomode() (git-fixes). - bluetooth: L2CAP: Fix use-after-free caused by l2cap_reassemble_sdu (git-fixes). - bluetooth: L2CAP: Fix user-after-free (git-fixes). - bluetooth: L2CAP: initialize delayed works at l2cap_chan_create() (git-fixes). - bluetooth: RFCOMM: Fix possible deadlock on socket shutdown/release (git-fixes). - bluetooth: btintel: Mark Intel controller to support LE_STATES quirk (git-fixes). - bluetooth: hci_sysfs: Fix attempting to call device_add multiple times (git-fixes). - bluetooth: virtio_bt: Use skb_put to set length (git-fixes). - bnxt_en: Fix bnxt_refclk_read() (git-fixes). - bnxt_en: Fix bnxt_reinit_after_abort() code path (git-fixes). - bnxt_en: fix livepatch query (git-fixes). - bnxt_en: reclaim max resources if sriov enable fails (git-fixes). - bonding: 802.3ad: fix no transmission of LACPDUs (git-fixes). - bonding: ARP monitor spams NETDEV_NOTIFY_PEERS notifiers (git-fixes). - can: bcm: check the result of can_send() in bcm_can_tx() (git-fixes). - can: j1939: transport: j1939_session_skb_drop_old(): spin_unlock_irqrestore() before kfree_skb() (git-fixes). - can: kvaser_usb: Fix possible completions during init_completion (git-fixes). - can: kvaser_usb: Fix use of uninitialized completion (git-fixes). - can: kvaser_usb: kvaser_usb_leaf: fix CAN clock frequency regression (git-fixes). - can: kvaser_usb: replace run-time checks with struct kvaser_usb_driver_info (git-fixes). - can: kvaser_usb_leaf: Fix CAN state after restart (git-fixes). - can: kvaser_usb_leaf: Fix TX queue out of sync after restart (git-fixes). - can: mcp251x: mcp251x_can_probe(): add missing unregister_candev() in error path (git-fixes). - can: mcp251xfd: mcp251xfd_register_get_dev_id(): fix endianness conversion (git-fixes). - can: mcp251xfd: mcp251xfd_register_get_dev_id(): use correct length to read dev_id (git-fixes). - can: mscan: mpc5xxx: mpc5xxx_can_probe(): add missing put_clock() in error path (git-fixes). - cgroup/cpuset: Enable update_tasks_cpumask() on top_cpuset (bsc#1204753). - clk: ast2600: BCLK comes from EPLL (git-fixes). - clk: at91: fix the build with binutils 2.27 (git-fixes). - clk: baikal-t1: Add SATA internal ref clock buffer (git-fixes). - clk: baikal-t1: Add shared xGMAC ref/ptp clocks internal parent (git-fixes). - clk: baikal-t1: Fix invalid xGMAC PTP clock divider (git-fixes). - clk: bcm2835: Make peripheral PLLC critical (git-fixes). - clk: bcm2835: Round UART input clock up (bsc#1188238) - clk: bcm2835: fix bcm2835_clock_rate_from_divisor declaration (git-fixes). - clk: bcm: rpi: Add support for VEC clock (bsc#1196632) - clk: berlin: Add of_node_put() for of_get_parent() (git-fixes). - clk: imx: scu: fix memleak on platform_device_add() fails (git-fixes). - clk: mediatek: mt8183: mfgcfg: Propagate rate changes to parent (git-fixes). - clk: meson: Hold reference returned by of_get_parent() (git-fixes). - clk: oxnas: Hold reference returned by of_get_parent() (git-fixes). - clk: qcom: apss-ipq6018: mark apcs_alias0_core_clk as critical (git-fixes). - clk: qcom: gcc-msm8916: use ARRAY_SIZE instead of specifying num_parents (git-fixes). - clk: qoriq: Hold reference returned by of_get_parent() (git-fixes). - clk: sprd: Hold reference returned by of_get_parent() (git-fixes). - clk: tegra20: Fix refcount leak in tegra20_clock_init (git-fixes). - clk: tegra: Fix refcount leak in tegra114_clock_init (git-fixes). - clk: tegra: Fix refcount leak in tegra210_clock_init (git-fixes). - clk: ti: dra7-atl: Fix reference leak in of_dra7_atl_clk_probe (git-fixes). - clk: vc5: Fix 5P49V6901 outputs disabling when enabling FOD (git-fixes). - clk: zynqmp: Fix stack-out-of-bounds in strncpy` (git-fixes). - clk: zynqmp: pll: rectify rate rounding in zynqmp_pll_round_rate (git-fixes). - cpufreq: qcom: fix memory leak in error path (git-fixes). - cpufreq: qcom: fix writes in read-only memory region (git-fixes). - crypto: akcipher - default implementation for setting a private key (git-fixes). - crypto: cavium - prevent integer overflow loading firmware (git-fixes). - crypto: ccp - Release dma channels before dmaengine unrgister (git-fixes). - crypto: hisilicon/zip - fix mismatch in get/set sgl_sge_nr (git-fixes). - crypto: inside-secure - Change swab to swab32 (git-fixes). - crypto: inside-secure - Replace generic aes with libaes (git-fixes). - crypto: marvell/octeontx - prevent integer overflows (git-fixes). - crypto: qat - fix default value of WDT timer (git-fixes). - crypto: sahara - do not sleep when in softirq (git-fixes). - device property: Fix documentation for *_match_string() APIs (git-fixes). - dmaengine: hisilicon: Add multi-thread support for a DMA channel (git-fixes). - dmaengine: hisilicon: Disable channels when unregister hisi_dma (git-fixes). - dmaengine: hisilicon: Fix CQ head update (git-fixes). - dmaengine: idxd: change bandwidth token to read buffers (jsc#PED-679). - dmaengine: idxd: deprecate token sysfs attributes for read buffers (jsc#PED-679). - dmaengine: idxd: force wq context cleanup on device disable path (git-fixes). - dmaengine: ioat: stop mod_timer from resurrecting deleted timer in __cleanup() (git-fixes). - dmaengine: mxs: use platform_driver_register (git-fixes). - dmaengine: ti: k3-udma: Reset UDMA_CHAN_RT byte counters to prevent overflow (git-fixes). - dmaengine: xilinx_dma: Fix devm_platform_ioremap_resource error handling (git-fixes). - dmaengine: xilinx_dma: Report error in case of dma_set_mask_and_coherent API failure (git-fixes). - dmaengine: xilinx_dma: cleanup for fetching xlnx,num-fstores property (git-fixes). - dpaa2-eth: trace the allocated address instead of page struct (git-fixes). - drivers: hv: vmbus: Fix handling of messages with transaction ID of zero (bsc#1204017). - drivers: hv: vmbus: Introduce vmbus_request_addr_match() (bsc#1204017). - drivers: hv: vmbus: Introduce vmbus_sendpacket_getid() (bsc#1204017). - drivers: hv: vmbus: Introduce {lock,unlock}_requestor() (bsc#1204017). - drivers: serial: jsm: fix some leaks in probe (git-fixes). - drm/amd/display: Assume an LTTPR is always present on fixed_vs links (git-fixes). - drm/amd/display: Changed pipe split policy to allow for multi-display (bsc#1152472) Backporting notes: * remove changes to non-existing 201 and 31 directories - drm/amd/display: Correct MPC split policy for DCN301 (git-fixes). - drm/amd/display: Fix build breakage with CONFIG_DEBUG_FS=n (git-fixes). - drm/amd/display: Fix double cursor on non-video RGB MPO (git-fixes). - drm/amd/display: Fix vblank refcount in vrr transition (git-fixes). - drm/amd/display: Remove interface for periodic interrupt 1 (git-fixes). - drm/amd/display: skip audio setup when audio stream is enabled (git-fixes). - drm/amd/display: update gamut remap if plane has changed (git-fixes). - drm/amd/pm: smu7_hwmgr: fix potential off-by-one overflow in 'performance_levels' (git-fixes). - drm/amdgpu/display: change pipe policy for DCN 2.0 (git-fixes). - drm/amdgpu/display: change pipe policy for DCN 2.1 (git-fixes). - drm/amdgpu/gfx10: add wraparound gpu counter check for APUs as well (bsc#1152472) Backporting notes: * also fix default branch - drm/amdgpu/gfx9: switch to golden tsc registers for renoir+ (bsc#1152472) Backporting notes: * replace IP_VERSION() with CHIP_ constants - drm/amdgpu: add missing pci_disable_device() in amdgpu_pmops_runtime_resume() (git-fixes). - drm/amdgpu: fix initial connector audio value (git-fixes). - drm/amdgpu: fix sdma doorbell init ordering on APUs (git-fixes). - drm/amdkfd: Fix memory leak in kfd_mem_dmamap_userptr() (git-fixes). - drm/bridge: Avoid uninitialized variable warning (git-fixes). - drm/bridge: megachips: Fix a null pointer dereference bug (git-fixes). - drm/bridge: parade-ps8640: Fix regulator supply order (git-fixes). - drm/i915/dp: Reset frl trained flag before restarting FRL training (git-fixes). - drm/i915/ehl: Update MOCS table for EHL (git-fixes). - drm/i915/gvt: fix a memory leak in intel_gvt_init_vgpu_types (git-fixes). - drm/i915/hdmi: convert intel_hdmi_to_dev to intel_hdmi_to_i915 (bsc#1152489) - drm/i915: Reject unsupported TMDS rates on ICL+ (git-fixes). - drm/komeda: Fix handling of atomic commits in the atomic_commit_tail hook (git-fixes). - drm/meson: explicitly remove aggregate driver at module unload time (git-fixes). - drm/mipi-dsi: Detach devices when removing the host (git-fixes). - drm/msm/dp: Silence inconsistent indent warning (git-fixes). - drm/msm/dp: correct 1.62G link rate at dp_catalog_ctrl_config_msa() (git-fixes). - drm/msm/dp: fix IRQ lifetime (git-fixes). - drm/msm/dpu: Fix comment typo (git-fixes). - drm/msm/dpu: index dpu_kms->hw_vbif using vbif_idx (git-fixes). - drm/msm/dsi: fix memory corruption with too many bridges (git-fixes). - drm/msm/hdmi: fix memory corruption with too many bridges (git-fixes). - drm/msm: Fix return type of mdp4_lvds_connector_mode_valid (git-fixes). - drm/msm: Make .remove and .shutdown HW shutdown consistent (git-fixes). - drm/msm: fix use-after-free on probe deferral (git-fixes). - drm/nouveau/kms/nv140-: Disable interlacing (git-fixes). - drm/nouveau/nouveau_bo: fix potential memory leak in nouveau_bo_alloc() (git-fixes). - drm/nouveau: fix a use-after-free in nouveau_gem_prime_import_sg_table() (git-fixes). - drm/nouveau: wait for the exclusive fence after the shared ones v2 (bsc#1152472) Backporting notes: * context changes - drm/omap: dss: Fix refcount leak bugs (git-fixes). - drm/scheduler: quieten kernel-doc warnings (git-fixes). - drm/virtio: Check whether transferred 2D BO is shmem (git-fixes). - drm/virtio: Unlock reservations on virtio_gpu_object_shmem_init() error (git-fixes). - drm: Prevent drm_copy_field() to attempt copying a NULL pointer (git-fixes). - drm: Use size_t type for len variable in drm_copy_field() (git-fixes). - drm: bridge: adv7511: fix CEC power down control register offset (git-fixes). - drm: bridge: dw_hdmi: only trigger hotplug event on link change (git-fixes). - drm: fix drm_mipi_dbi build errors (git-fixes). - drm: panel-orientation-quirks: Add quirk for Anbernic Win600 (git-fixes). - drm:pl111: Add of_node_put() when breaking out of for_each_available_child_of_node() (git-fixes). - drop Dell Dock regression fix patch again (bsc#1204719) - drop verbose nvme logging feature (bsc#1200567) - dt-bindings: crypto: ti,sa2ul: drop dma-coherent property (git-fixes). - dt-bindings: display/msm: dpu-sc7180: add missing DPU opp-table (git-fixes). - dt-bindings: display/msm: dpu-sdm845: add missing DPU opp-table (git-fixes). - dt-bindings: mtd: intel: lgm-nand: Fix compatible string (git-fixes). - dt-bindings: mtd: intel: lgm-nand: Fix maximum chip select value (git-fixes). - dt-bindings: pci: microchip,pcie-host: fix missing clocks properties (git-fixes). - dt-bindings: pci: microchip,pcie-host: fix missing dma-ranges (git-fixes). - dt-bindings: phy: qcom,qmp-usb3-dp: fix bogus clock-cells property (git-fixes). - dt-bindings: phy: qcom,qmp: fix bogus clock-cells property (git-fixes). - dyndbg: fix module.dyndbg handling (git-fixes). - dyndbg: fix static_branch manipulation (git-fixes). - dyndbg: let query-modname override actual module name (git-fixes). - efi: Correct Macmini DMI match in uefi cert quirk (git-fixes). - efi: libstub: drop pointless get_memory_map() call (git-fixes). - fbdev: cyber2000fb: fix missing pci_disable_device() (git-fixes). - fbdev: da8xx-fb: Fix error handling in .remove() (git-fixes). - fec: Fix timer capture timing in `fec_ptp_enable_pps()` (git-fixes). - firmware: arm_scmi: Add SCMI PM driver remove routine (git-fixes). - firmware: arm_scmi: Harden accesses to the sensor domains (git-fixes). - firmware: arm_scmi: Improve checks in the info_get operations (git-fixes). - firmware: google: Test spinlock on panic path to avoid lockups (git-fixes). - fpga: prevent integer overflow in dfl_feature_ioctl_set_irq() (git-fixes). - fs/binfmt_elf: Fix memory leak in load_elf_binary() (git-fixes). - ftrace: Fix char print issue in print_ip_ins() (git-fixes). - ftrace: Properly unset FTRACE_HASH_FL_MOD (git-fixes). - fuse: fix deadlock between atomic O_TRUNC and page invalidation (bsc#1204533). - gcov: support GCC 12.1 and newer compilers (git-fixes). - gpu: lontium-lt9611: Fix NULL pointer dereference in lt9611_connector_init() (git-fixes). - hid: hid-logitech-hidpp: avoid unnecessary assignments in hidpp_connect_event (git-fixes). - hid: hidraw: fix memory leak in hidraw_release() (git-fixes). - hid: magicmouse: Do not set BTN_MOUSE on double report (git-fixes). - hid: multitouch: Add memory barriers (git-fixes). - hid: roccat: Fix use-after-free in roccat_read() (git-fixes). - hinic: Avoid some over memory allocation (git-fixes). - hsi: omap_ssi: Fix refcount leak in ssi_probe (git-fixes). - hsi: omap_ssi_port: Fix dma_map_sg error check (git-fixes). - hwmon/coretemp: Handle large core ID value (git-fixes). - hwmon: (sht4x) do not overflow clamping operation on 32-bit platforms (git-fixes). - i2c: designware: Fix handling of real but unexpected device interrupts (git-fixes). - i2c: i801: Add support for Intel Ice Lake PCH-N (jsc#PED-634). - i2c: i801: Add support for Intel Meteor Lake-P (jsc#PED-732). - i2c: i801: Add support for Intel Raptor Lake PCH-S (jsc#PED-634). - i2c: i801: Improve handling of chip-specific feature definitions (jsc#PED-634). - i2c: qcom-cci: Fix ordering of pm_runtime_xx and i2c_add_adapter (git-fixes). - i40e: Fix call trace in setup_tx_descriptors (git-fixes). - i40e: Fix dropped jumbo frames statistics (git-fixes). - i40e: Fix to stop tx_timeout recovery if GLOBR fails (git-fixes). - iavf: Fix adminq error handling (git-fixes). - iavf: Fix handling of dummy receive descriptors (git-fixes). - iavf: Fix reset error handling (git-fixes). - ib/core: Fix a nested dead lock as part of ODP flow (git-fixes) - ib/rdmavt: Add __init/__exit annotations to module init/exit funcs (git-fixes) - ice: Fix switchdev rules book keeping (git-fixes). - ice: check (DD | EOF) bits on Rx descriptor rather than (EOP | RS) (git-fixes). - ice: do not setup vlan for loopback VSI (git-fixes). - igb: Make DMA faster when CPU is active on the PCIe link (git-fixes). - igb: fix a use-after-free issue in igb_clean_tx_ring (git-fixes). - iio: ABI: Fix wrong format of differential capacitance channel ABI (git-fixes). - iio: adc: ad7923: fix channel readings for some variants (git-fixes). - iio: adc: at91-sama5d2_adc: check return status for pressure and touch (git-fixes). - iio: adc: at91-sama5d2_adc: disable/prepare buffer on suspend/resume (git-fixes). - iio: adc: at91-sama5d2_adc: fix AT91_SAMA5D2_MR_TRACKTIM_MAX (git-fixes). - iio: adc: at91-sama5d2_adc: lock around oversampling and sample freq (git-fixes). - iio: adc: mcp3911: use correct id bits (git-fixes). - iio: adxl372: Fix unsafe buffer attributes (git-fixes). - iio: bmc150-accel-core: Fix unsafe buffer attributes (git-fixes). - iio: dac: ad5593r: Fix i2c read protocol requirements (git-fixes). - iio: inkern: fix return value in devm_of_iio_channel_get_by_name() (git-fixes). - iio: inkern: only release the device node when done with it (git-fixes). - iio: light: tsl2583: Fix module unloading (git-fixes). - iio: ltc2497: Fix reading conversion results (git-fixes). - iio: magnetometer: yas530: Change data type of hard_offsets to signed (git-fixes). - iio: pressure: dps310: Refactor startup procedure (git-fixes). - iio: pressure: dps310: Reset chip after timeout (git-fixes). - iio: temperature: ltc2983: allocate iio channels once (git-fixes). - ima: fix blocking of security.ima xattrs of unsupported algorithms (git-fixes). - input: i8042 - fix refount leak on sparc (git-fixes). - input: synaptics-rmi4 - fix firmware update operations with bootloader v8 (git-fixes). - input: xpad - add supported devices as contributed on github (git-fixes). - input: xpad - fix wireless 360 controller breaking after suspend (git-fixes). - iommu/vt-d: Do not falsely log intel_iommu is unsupported kernel option (bsc#1204947). - ip: Fix data-races around sysctl_ip_fwd_update_priority (git-fixes). - ipv4: Fix data-races around sysctl_fib_multipath_hash_policy (git-fixes). - irqchip/ls-extirq: Fix invalid wait context by avoiding to use regmap (git-fixes). - isdn: mISDN: netjet: fix wrong check of device registration (git-fixes). - ixgbe: Add locking to prevent panic when setting sriov_numvfs to zero (git-fixes). - ixgbe: fix bcast packets Rx on VF after promisc removal (git-fixes). - ixgbe: fix unexpected VLAN Rx in promisc mode on VF (git-fixes). - kABI: Fix after adding trace_iterator.wait_index (git-fixes). - kABI: Fix kABI after backport Add pmc->intr to refactor kvm_perf_overflow{_intr}() (git-fixes). - kABI: Fix kABI after backport Always set kvm_run->if_flag (git-fixes). - kABI: Fix kABI after backport Forcibly leave nested virt when SMM state is toggled (git-fixes). - kABI: Fix kABI after backport Refactoring find_arch_event() to pmc_perf_hw_id() (git-fixes). - kABI: Fix kABI after backport Update vPMCs when retiring branch instructions (git-fixes). - kabi/severities: ignore CS35L41-specific exports (bsc#1203699) - kbuild: Add skip_encoding_btf_enum64 option to pahole (git-fixes). - kbuild: remove the target in signal traps when interrupted (git-fixes). - kbuild: rpm-pkg: fix breakage when V=1 is used (git-fixes). - kernfs: fix use-after-free in __kernfs_remove (git-fixes). - kselftest/arm64: Fix validatation termination record after EXTRA_CONTEXT (git-fixes). - kvm: SVM: Exit to userspace on ENOMEM/EFAULT GHCB errors (git-fixes). - kvm: VMX: Inject #PF on ENCLS as 'emulated' #PF (git-fixes). - kvm: fix avic_set_running for preemptable kernels (git-fixes). - kvm: nVMX: Ignore SIPI that arrives in L2 when vCPU is not in WFS (git-fixes). - kvm: nVMX: Unconditionally purge queued/injected events on nested 'exit' (git-fixes). - kvm: s390: Clarify SIGP orders versus STOP/RESTART (git-fixes). - kvm: s390: pv: do not present the ecall interrupt twice (bsc#1203229 LTC#199905). - kvm: s390x: fix SCK locking (git-fixes). - kvm: x86/emulator: Fix handing of POP SS to correctly set interruptibility (git-fixes). - kvm: x86/mmu: Do not advance iterator after restart due to yielding (git-fixes). - kvm: x86/mmu: Retry page fault if root is invalidated by memslot update (git-fixes). - kvm: x86/pmu: Add pmc->intr to refactor kvm_perf_overflow{_intr}() (git-fixes). - kvm: x86/pmu: Do not truncate the PerfEvtSeln MSR when creating a perf event (git-fixes). - kvm: x86/pmu: Fix available_event_types check for REF_CPU_CYCLES event (git-fixes). - kvm: x86/pmu: Refactoring find_arch_event() to pmc_perf_hw_id() (git-fixes). - kvm: x86: Add KVM_CAP_ENABLE_CAP to x86 (git-fixes). - kvm: x86: Add compat handler for KVM_X86_SET_MSR_FILTER (git-fixes). - kvm: x86: Always set kvm_run->if_flag (git-fixes). - kvm: x86: Forcibly leave nested virt when SMM state is toggled (git-fixes). - kvm: x86: Inject #UD on emulated XSETBV if XSAVES isn't enabled (git-fixes). - kvm: x86: Keep MSR_IA32_XSS unchanged for INIT (git-fixes). - kvm: x86: Register perf callbacks after calling vendor's hardware_setup() (git-fixes). - kvm: x86: Sync the states size with the XCR0/IA32_XSS at, any time (git-fixes). - kvm: x86: Update vPMCs when retiring branch instructions (git-fixes). - kvm: x86: Update vPMCs when retiring instructions (git-fixes). - kvm: x86: do not report preemption if the steal time cache is stale (git-fixes). - kvm: x86: nSVM/nVMX: set nested_run_pending on VM entry which is a result of RSM (git-fixes). - kvm: x86: nSVM: fix potential NULL derefernce on nested migration (git-fixes). - kvm: x86: nSVM: mark vmcb01 as dirty when restoring SMM saved state (git-fixes). - lib/sg_pool: change module_init(sg_pool_init) to subsys_initcall (git-fixes). - livepatch: Add a missing newline character in klp_module_coming() (bsc#1071995). - livepatch: fix race between fork and KLP transition (bsc#1071995). - mISDN: fix possible memory leak in mISDN_register_device() (git-fixes). - mISDN: hfcpci: Fix use-after-free bug in hfcpci_softirq (git-fixes). - mac802154: Fix LQI recording (git-fixes). - macvlan: enforce a consistent minimal mtu (git-fixes). - mailbox: bcm-ferxrm-mailbox: Fix error check for dma_map_sg (git-fixes). - mailbox: mpfs: account for mbox offsets while sending (git-fixes). - mailbox: mpfs: fix handling of the reg property (git-fixes). - media: atomisp: prevent integer overflow in sh_css_set_black_frame() (git-fixes). - media: cedrus: Fix endless loop in cedrus_h265_skip_bits() (git-fixes). - media: cedrus: Set the platform driver data earlier (git-fixes). - media: cx88: Fix a null-ptr-deref bug in buffer_prepare() (git-fixes). - media: ipu3-imgu: Fix NULL pointer dereference in active selection access (git-fixes). - media: mceusb: set timeout to at least timeout provided (git-fixes). - media: meson: vdec: add missing clk_disable_unprepare on error in vdec_hevc_start() (git-fixes). - media: uvcvideo: Fix memory leak in uvc_gpio_parse (git-fixes). - media: uvcvideo: Use entity get_cur in uvc_ctrl_set (git-fixes). - media: v4l2-compat-ioctl32.c: zero buffer passed to v4l2_compat_get_array_args() (git-fixes). - media: v4l2-dv-timings: add sanity checks for blanking values (git-fixes). - media: v4l2: Fix v4l2_i2c_subdev_set_name function documentation (git-fixes). - media: venus: dec: Handle the case where find_format fails (git-fixes). - media: videodev2.h: V4L2_DV_BT_BLANKING_HEIGHT should check 'interlaced' (git-fixes). - media: vivid: dev->bitmap_cap wasn't freed in all cases (git-fixes). - media: vivid: s_fbuf: add more sanity checks (git-fixes). - media: vivid: set num_in/outputs to 0 if not supported (git-fixes). - media: xilinx: vipp: Fix refcount leak in xvip_graph_dma_init (git-fixes). - memory: of: Fix refcount leak bug in of_get_ddr_timings() (git-fixes). - memory: of: Fix refcount leak bug in of_lpddr3_get_ddr_timings() (git-fixes). - memory: pl353-smc: Fix refcount leak bug in pl353_smc_probe() (git-fixes). - mfd: fsl-imx25: Fix an error handling path in mx25_tsadc_setup_irq() (git-fixes). - mfd: fsl-imx25: Fix check for platform_get_irq() errors (git-fixes). - mfd: intel-lpss: Add Intel Raptor Lake PCH-S PCI IDs (jsc#PED-634). - mfd: intel_soc_pmic: Fix an error handling path in intel_soc_pmic_i2c_probe() (git-fixes). - mfd: lp8788: Fix an error handling path in lp8788_irq_init() and lp8788_irq_init() (git-fixes). - mfd: lp8788: Fix an error handling path in lp8788_probe() (git-fixes). - mfd: sm501: Add check for platform_driver_register() (git-fixes). - misc: ocxl: fix possible refcount leak in afu_ioctl() (git-fixes). - misc: pci_endpoint_test: Aggregate params checking for xfer (git-fixes). - misc: pci_endpoint_test: Fix pci_endpoint_test_{copy,write,read}() panic (git-fixes). - mlxsw: spectrum: Clear PTP configuration after unregistering the netdevice (git-fixes). - mlxsw: spectrum_cnt: Reorder counter pools (git-fixes). - mlxsw: spectrum_router: Fix IPv4 nexthop gateway indication (git-fixes). - mm/hugetlb: fix races when looking up a CONT-PTE/PMD size hugetlb page (bsc#1204575). - mmc: au1xmmc: Fix an error handling path in au1xmmc_probe() (git-fixes). - mmc: core: Fix kernel panic when remove non-standard SDIO card (git-fixes). - mmc: core: Replace with already defined values for readability (git-fixes). - mmc: core: Terminate infinite loop in SD-UHS voltage switch (git-fixes). - mmc: sdhci-esdhc-imx: Propagate ESDHC_FLAG_HS400* only on 8bit bus (git-fixes). - mmc: sdhci-msm: add compatible string check for sdm670 (git-fixes). - mmc: sdhci-pci-core: Disable ES for ASUS BIOS on Jasper Lake (git-fixes). - mmc: sdhci-sprd: Fix minimum clock limit (git-fixes). - mmc: sdhci_am654: 'select', not 'depends' REGMAP_MMIO (git-fixes). - mmc: wmt-sdmmc: Fix an error handling path in wmt_mci_probe() (git-fixes). - move upstreamed BT fixes into sorted section - move upstreamed patches into sorted section - move upstreamed sound patches into sorted section - mtd: devices: docg3: check the return value of devm_ioremap() in the probe (git-fixes). - mtd: rawnand: atmel: Unmap streaming DMA mappings (git-fixes). - mtd: rawnand: fsl_elbc: Fix none ECC mode (git-fixes). - mtd: rawnand: intel: Do not re-define NAND_DATA_IFACE_CHECK_ONLY (git-fixes). - mtd: rawnand: intel: Read the chip-select line from the correct OF node (git-fixes). - mtd: rawnand: intel: Remove undocumented compatible string (git-fixes). - mtd: rawnand: marvell: Use correct logic for nand-keep-config (git-fixes). - mtd: rawnand: meson: fix bit map use in meson_nfc_ecc_correct() (git-fixes). - net/dsa/hirschmann: Add missing of_node_get() in hellcreek_led_setup() (git-fixes). - net/ice: fix initializing the bitmap in the switch code (git-fixes). - net/ieee802154: fix uninit value bug in dgram_sendmsg (git-fixes). - net/mlx4_en: Fix wrong return value on ioctl EEPROM query failure (git-fixes). - net/mlx5e: Disable softirq in mlx5e_activate_rq to avoid race condition (git-fixes). - net/mlx5e: Fix enabling sriov while tc nic rules are offloaded (git-fixes). - net/mlx5e: Properly disable vlan strip on non-UL reps (git-fixes). - net/mlx5e: Remove WARN_ON when trying to offload an unsupported TLS cipher/version (git-fixes). - net/mlx5e: Ring the TX doorbell on DMA errors (git-fixes). - net/mlx5e: TC, fix decap fallback to uplink when int port not supported (git-fixes). - net/mlx5e: Update netdev features after changing XDP state (git-fixes). - net/mlx5e: xsk: Account for XSK RQ UMRs when calculating ICOSQ size (git-fixes). - net: altera: Fix refcount leak in altera_tse_mdio_create (git-fixes). - net: atlantic: fix aq_vec index out of range error (git-fixes). - net: bcmgenet: Indicate MAC is in charge of PHY PM (git-fixes). - net: bgmac: Fix a BUG triggered by wrong bytes_compl (git-fixes). - net: bgmac: Fix an erroneous kfree() in bgmac_remove() (git-fixes). - net: bgmac: support MDIO described in DT (git-fixes). - net: bonding: fix possible NULL deref in rlb code (git-fixes). - net: bonding: fix use-after-free after 802.3ad slave unbind (git-fixes). - net: chelsio: cxgb4: Avoid potential negative array offset (git-fixes). - net: dp83822: disable false carrier interrupt (git-fixes). - net: dp83822: disable rx error interrupt (git-fixes). - net: dsa: bcm_sf2: force pause link settings (git-fixes). - net: dsa: ksz9477: port mirror sniffing limited to one port (git-fixes). - net: dsa: lantiq_gswip: Fix refcount leak in gswip_gphy_fw_list (git-fixes). - net: dsa: microchip: ksz9477: fix fdb_dump last invalid entry (git-fixes). - net: dsa: microchip: ksz_common: Fix refcount leak bug (git-fixes). - net: dsa: mv88e6060: prevent crash on an unused port (git-fixes). - net: dsa: mv88e6xxx: use BMSR_ANEGCOMPLETE bit for filling an_complete (git-fixes). - net: dsa: sja1105: fix buffer overflow in sja1105_setup_devlink_regions() (git-fixes). - net: dsa: sja1105: silent spi_device_id warnings (git-fixes). - net: dsa: vitesse-vsc73xx: silent spi_device_id warnings (git-fixes). - net: ethernet: bgmac: Fix refcount leak in bcma_mdio_mii_register (git-fixes). - net: ethernet: ti: am65-cpsw: Fix devlink port register sequence (git-fixes). - net: ethernet: ti: davinci_mdio: Add workaround for errata i2329 (git-fixes). - net: ethernet: ti: davinci_mdio: fix build for mdio bitbang uses (git-fixes). - net: fix IFF_TX_SKB_NO_LINEAR definition (git-fixes). - net: ftgmac100: Hold reference returned by of_get_child_by_name() (git-fixes). - net: hns3: do not push link state to VF if unalive (git-fixes). - net: hns3: set port base vlan tbl_sta to false before removing old vlan (git-fixes). - net: huawei: hinic: Use devm_kcalloc() instead of devm_kzalloc() (git-fixes). - net: ieee802154: return -EINVAL for unknown addr type (git-fixes). - net: ipa: do not assume SMEM is page-aligned (git-fixes). - net: ipvtap - add __init/__exit annotations to module init/exit funcs (git-fixes). - net: moxa: get rid of asymmetry in DMA mapping/unmapping (git-fixes). - net: moxa: pass pdev instead of ndev to DMA functions (git-fixes). - net: mscc: ocelot: fix address of SYS_COUNT_TX_AGING counter (git-fixes). - net: pcs: xpcs: propagate xpcs_read error to xpcs_get_state_c37_sgmii (git-fixes). - net: phy: dp83822: disable MDI crossover status change interrupt (git-fixes). - net: phy: dp83867: Extend RX strap quirk for SGMII mode (git-fixes). - net: stmmac: fix dma queue left shift overflow issue (git-fixes). - net: stmmac: fix leaks in probe (git-fixes). - net: stmmac: fix pm runtime issue in stmmac_dvr_remove() (git-fixes). - net: stmmac: fix unbalanced ptp clock issue in suspend/resume flow (git-fixes). - net: stmmac: remove redunctant disable xPCS EEE call (git-fixes). - net: sungem_phy: Add of_node_put() for reference returned by of_get_parent() (git-fixes). - net: tap: NULL pointer derefence in dev_parse_header_protocol when skb->dev is null (git-fixes). - net: usb: qmi_wwan: Add new usb-id for Dell branded EM7455 (git-fixes). - net: usb: r8152: Add in new Devices that are supported for Mac-Passthru (git-fixes). - netdevsim: fib: Fix reference count leak on route deletion failure (git-fixes). - nfc: fdp: Fix potential memory leak in fdp_nci_send() (git-fixes). - nfc: nfcmrvl: Fix potential memory leak in nfcmrvl_i2c_nci_send() (git-fixes). - nfc: nxp-nci: Fix potential memory leak in nxp_nci_send() (git-fixes). - nfc: s3fwrn5: Fix potential memory leak in s3fwrn5_nci_send() (git-fixes). - nfp: ethtool: fix the display error of `ethtool -m DEVNAME` (git-fixes). - nfs: Fix another fsync() issue after a server reboot (git-fixes). - nfsv4: Fixes for nfs4_inode_return_delegation() (git-fixes). - nvme: do not print verbose errors for internal passthrough requests (bsc#1202187). - nvmem: core: Check input parameter for NULL in nvmem_unregister() (bsc#1204241). - octeontx2-af: Apply tx nibble fixup always (git-fixes). - octeontx2-af: Fix key checking for source mac (git-fixes). - octeontx2-af: Fix mcam entry resource leak (git-fixes). - octeontx2-af: suppress external profile loading warning (git-fixes). - octeontx2-pf: Fix NIX_AF_TL3_TL2X_LINKX_CFG register configuration (git-fixes). - octeontx2-pf: Fix UDP/TCP src and dst port tc filters (git-fixes). - octeontx2-pf: cn10k: Fix egress ratelimit configuration (git-fixes). - openvswitch: Fix double reporting of drops in dropwatch (git-fixes). - openvswitch: Fix overreporting of drops in dropwatch (git-fixes). - openvswitch: add nf_ct_is_confirmed check before assigning the helper (git-fixes). - openvswitch: switch from WARN to pr_warn (git-fixes). - overflow.h: restore __ab_c_size (git-fixes). - overflow: Implement size_t saturating arithmetic helpers (jsc#PED-1211). - pci/aspm: Correct LTR_L1.2_THRESHOLD computation (git-fixes). - pci/aspm: Ignore L1 PM Substates if device lacks capability (git-fixes). - pci: Fix used_buses calculation in pci_scan_child_bus_extend() (git-fixes). - pci: Sanitise firmware BAR assignments behind a PCI-PCI bridge (git-fixes). - pci: hv: Fix synchronization between channel callback and hv_compose_msi_msg() (bsc#1204017). - pci: hv: Fix synchronization between channel callback and hv_pci_bus_exit() (bsc#1204017). - pci: hv: Use vmbus_requestor to generate transaction IDs for VMbus hardening (bsc#1204017). - pci: mediatek-gen3: Change driver name to mtk-pcie-gen3 (git-fixes). - phy: amlogic: phy-meson-axg-mipi-pcie-analog: Hold reference returned by of_get_parent() (git-fixes). - phy: qualcomm: call clk_disable_unprepare in the error handling (git-fixes). - pinctrl: Ingenic: JZ4755 bug fixes (git-fixes). - pinctrl: alderlake: Add Intel Alder Lake-N pin controller support (jsc#PED-676). - pinctrl: alderlake: Add Raptor Lake-S ACPI ID (jsc#PED-634). - pinctrl: alderlake: Fix register offsets for ADL-N variant (jsc#PED-676). - pinctrl: armada-37xx: Add missing GPIO-only pins (git-fixes). - pinctrl: armada-37xx: Checks for errors in gpio_request_enable callback (git-fixes). - pinctrl: armada-37xx: Fix definitions for MPP pins 20-22 (git-fixes). - pinctrl: microchip-sgpio: Correct the fwnode_irq_get() return value check (git-fixes). - platform/chrome: cros_ec: Notify the PM of wake events during resume (git-fixes). - platform/chrome: cros_ec_proto: Update version on GET_NEXT_EVENT failure (git-fixes). - platform/chrome: cros_ec_typec: Correct alt mode index (git-fixes). - platform/chrome: fix double-free in chromeos_laptop_prepare() (git-fixes). - platform/chrome: fix memory corruption in ioctl (git-fixes). - platform/x86: asus-wmi: Document the dgpu_disable sysfs attribute (git-fixes). - platform/x86: asus-wmi: Document the egpu_enable sysfs attribute (git-fixes). - platform/x86: asus-wmi: Document the panel_od sysfs attribute (git-fixes). - platform/x86: msi-laptop: Change DMI match / alias strings to fix module autoloading (git-fixes). - platform/x86: msi-laptop: Fix old-ec check for backlight registering (git-fixes). - platform/x86: msi-laptop: Fix resource cleanup (git-fixes). - plip: avoid rcu debug splat (git-fixes). - pm: domains: Fix handling of unavailable/disabled idle states (git-fixes). - pm: hibernate: Allow hybrid sleep to work with s2idle (git-fixes). - power: supply: adp5061: fix out-of-bounds read in adp5061_get_chg_type() (git-fixes). - powerpc/64: Remove unused SYS_CALL_TABLE symbol (jsc#SLE-9246 git-fixes). - powerpc/64: pcpu setup avoid reading mmu_linear_psize on 64e or radix (bsc#1204413 ltc#200176). - powerpc/64s: Fix build failure when CONFIG_PPC_64S_HASH_MMU is not set (bsc#1204413 ltc#200176). - powerpc/64s: Make flush_and_reload_slb a no-op when radix is enabled (bsc#1204413 ltc#200176). - powerpc/64s: Make hash MMU support configurable (bsc#1204413 ltc#200176). - powerpc/64s: Move and rename do_bad_slb_fault as it is not hash specific (bsc#1204413 ltc#200176). - powerpc/64s: Move hash MMU support code under CONFIG_PPC_64S_HASH_MMU (bsc#1204413 ltc#200176). - powerpc/64s: Rename hash_hugetlbpage.c to hugetlbpage.c (bsc#1204413 ltc#200176). - powerpc/fadump: align destination address to pagesize (bsc#1204728 ltc#200074). - powerpc/kprobes: Fix null pointer reference in arch_prepare_kprobe() (jsc#SLE-13847 git-fixes). - powerpc/mm/64s: Drop pgd_huge() (bsc#1065729). - powerpc/pci_dn: Add missing of_node_put() (bsc#1065729). - powerpc/powernv: add missing of_node_put() in opal_export_attrs() (bsc#1065729). - powerpc/pseries/vas: Add VAS IRQ primary handler (bsc#1204413 ltc#200176). - powerpc/pseries: Stop selecting PPC_HASH_MMU_NATIVE (bsc#1204413 ltc#200176). - powerpc/pseries: lparcfg do not include slb_size line in radix mode (bsc#1204413 ltc#200176). - powerpc: Ignore DSI error caused by the copy/paste instruction (bsc#1204413 ltc#200176). - powerpc: Rename PPC_NATIVE to PPC_HASH_MMU_NATIVE (bsc#1204413 ltc#200176). Update config files. - powerpc: make memremap_compat_align 64s-only (bsc#1204413 ltc#200176). - printk: add missing memory barrier to wake_up_klogd() (bsc#1204934). - printk: use atomic updates for klogd work (bsc#1204934). - printk: wake waiters for safe and NMI contexts (bsc#1204934). - r8152: add PID for the Lenovo OneLink+ Dock (git-fixes). - rdma/cma: Fix arguments order in net device validation (git-fixes) - rdma/hfi1: Fix potential integer multiplication overflow errors (git-fixes) - rdma/hns: Add the detection for CMDQ status in the device initialization process (git-fixes) - rdma/irdma: Add support for address handle re-use (git-fixes) - rdma/irdma: Align AE id codes to correct flush code and event (git-fixes) - rdma/irdma: Do not advertise 1GB page size for x722 (git-fixes) - rdma/irdma: Fix VLAN connection with wildcard address (git-fixes) - rdma/irdma: Fix a window for use-after-free (git-fixes) - rdma/irdma: Fix setting of QP context err_rq_idx_valid field (git-fixes) - rdma/irdma: Fix sleep from invalid context BUG (git-fixes) - rdma/irdma: Move union irdma_sockaddr to header file (git-fixes) - rdma/irdma: Remove the unnecessary variable saddr (git-fixes) - rdma/irdma: Report RNR NAK generation in device caps (git-fixes) - rdma/irdma: Report the correct max cqes from query device (git-fixes) - rdma/irdma: Return correct WC error for bind operation failure (git-fixes) - rdma/irdma: Return error on MR deregister CQP failure (git-fixes) - rdma/irdma: Use net_type to check network type (git-fixes) - rdma/irdma: Validate udata inlen and outlen (git-fixes) - rdma/mlx5: Add missing check for return value in get namespace flow (git-fixes) - rdma/mlx5: Do not compare mkey tags in DEVX indirect mkey (git-fixes) - rdma/qedr: Fix potential memory leak in __qedr_alloc_mr() (git-fixes) - rdma/qedr: Fix reporting QP timeout attribute (git-fixes) - rdma/rxe: Fix 'kernel NULL pointer dereference' error (git-fixes) - rdma/rxe: Fix deadlock in rxe_do_local_ops() (git-fixes) - rdma/rxe: Fix error unwind in rxe_create_qp() (git-fixes) - rdma/rxe: Fix mw bind to allow any consumer key portion (git-fixes) - rdma/rxe: Fix resize_finish() in rxe_queue.c (git-fixes) - rdma/rxe: Fix rnr retry behavior (git-fixes) - rdma/rxe: Fix the error caused by qp->sk (git-fixes) - rdma/rxe: For invalidate compare according to set keys in mr (git-fixes) - rdma/rxe: Generate a completion for unsupported/invalid opcode (git-fixes) - rdma/siw: Always consume all skbuf data in sk_data_ready() upcall. (git-fixes) - rdma/siw: Fix QP destroy to wait for all references dropped. (git-fixes) - rdma/siw: Fix duplicated reported IW_CM_EVENT_CONNECT_REPLY event (git-fixes) - rdma/siw: Pass a pointer to virt_to_page() (git-fixes) - rdma/srp: Fix srp_abort() (git-fixes) - rdma/srp: Handle dev_set_name() failure (git-fixes) - rdma/srp: Rework the srp_add_port() error path (git-fixes) - rdma/srp: Set scmnd->result only when scmnd is not NULL (git-fixes) - rdma/srp: Support more than 255 rdma ports (git-fixes) - rdma/srp: Use the attribute group mechanism for sysfs attributes (git-fixes) - rdma/srpt: Duplicate port name members (git-fixes) - rdma/srpt: Fix a use-after-free (git-fixes) - rdma/srpt: Introduce a reference count in struct srpt_device (git-fixes) - rdma/usnic: fix set-but-not-unused variable 'flags' warning (git-fixes) - rdma: remove useless condition in siw_create_cq() (git-fixes) - regulator: core: Prevent integer underflow (git-fixes). - remoteproc: imx_rproc: Simplify some error message (git-fixes). - revert 'SUNRPC: Remove unreachable error condition' (git-fixes). - revert 'crypto: qat - reduce size of mapped region' (git-fixes). - revert 'drm/amdgpu: use dirty framebuffer helper' (git-fixes). - revert 'usb: storage: Add quirk for Samsung Fit flash' (git-fixes). - revert 'workqueue: remove unused cancel_work()' (bsc#1204933). - ring-buffer: Add ring_buffer_wake_waiters() (git-fixes). - ring-buffer: Allow splice to read previous partially read pages (git-fixes). - ring-buffer: Check for NULL cpu_buffer in ring_buffer_wake_waiters() (bsc#1204705). - ring-buffer: Check pending waiters when doing wake ups as well (git-fixes). - ring-buffer: Fix race between reset page and reading page (git-fixes). - ring-buffer: Have the shortest_full queue be the shortest not longest (git-fixes). - rose: Fix NULL pointer dereference in rose_send_frame() (git-fixes). - rpm/check-for-config-changes: loosen pattern for AS_HAS_* This is needed to handle CONFIG_AS_HAS_NON_CONST_LEB128. - rpmsg: qcom: glink: replace strncpy() with strscpy_pad() (git-fixes). - rtc: stmp3xxx: Add failure handling for stmp3xxx_wdt_register() (git-fixes). - s390/dasd: fix Oops in dasd_alias_get_start_dev due to missing pavgroup (git-fixes). - s390/smp: enforce lowcore protection on CPU restart (git-fixes). - sbitmap: Avoid leaving waitqueue in invalid state in __sbq_wake_up() (git-fixes). - sbitmap: fix possible io hung due to lost wakeup (git-fixes). - scsi: libsas: Fix use-after-free bug in smp_execute_task_sg() (git-fixes). - scsi: lpfc: Create a sysfs entry called lpfc_xcvr_data for transceiver info (bsc#1204957). - scsi: lpfc: Fix hard lockup when reading the rx_monitor from debugfs (bsc#1204957). - scsi: lpfc: Fix memory leak in lpfc_create_port() (bsc#1204957). - scsi: lpfc: Fix spelling mistake 'unsolicted' -> 'unsolicited' (bsc#1204957). - scsi: lpfc: Log when congestion management limits are in effect (bsc#1204957). - scsi: lpfc: Set sli4_param's cmf option to zero when CMF is turned off (bsc#1204957). - scsi: lpfc: Update lpfc version to 14.2.0.8 (bsc#1204957). - scsi: lpfc: Update the obsolete adapter list (bsc#1204142). - scsi: mpi3mr: Schedule IRQ kthreads only on non-RT kernels (bnc#1204498). - scsi: qla2xxx: Fix serialization of DCBX TLV data request (bsc#1204963). - scsi: qla2xxx: Use transport-defined speed mask for supported_speeds (bsc#1204963). - scsi: scsi_transport_fc: Use %u for dev_loss_tmo (bsc#1202914). - scsi: ufs: ufs-pci: Add support for Intel ADL (jsc#PED-707). - scsi: ufs: ufs-pci: Add support for Intel MTL (jsc#PED-732). - selftest: tpm2: Add Client.__del__() to close /dev/tpm* handle (git-fixes). - selftests/livepatch: better synchronize test_klp_callbacks_busy (bsc#1071995). - selftests/pidfd_test: Remove the erroneous ',' (git-fixes). - selftests/powerpc: Skip energy_scale_info test on older firmware (git-fixes). - selftests: netfilter: Fix nft_fib.sh for all.rp_filter=1 (git-fixes). - selinux: allow FIOCLEX and FIONCLEX with policy capability (git-fixes). - selinux: enable use of both GFP_KERNEL and GFP_ATOMIC in convert_context() (git-fixes). - selinux: use 'grep -E' instead of 'egrep' (git-fixes). - serial: 8250: Fix restoring termios speed after suspend (git-fixes). - serial: core: move RS485 configuration tasks from drivers into core (git-fixes). - sfc: disable softirqs for ptp TX (git-fixes). - sfc: fix kernel panic when creating VF (git-fixes). - sfc: fix use after free when disabling sriov (git-fixes). - signal: break out of wait loops on kthread_stop() (bsc#1204926). - slimbus: qcom-ngd: cleanup in probe error path (git-fixes). - slimbus: qcom-ngd: use correct error in message of pdr_add_lookup() failure (git-fixes). - soc/tegra: fuse: Drop Kconfig dependency on TEGRA20_APB_DMA (git-fixes). - soc: qcom: smem_state: Add refcounting for the 'state->of_node' (git-fixes). - soc: qcom: smsm: Fix refcount leak bugs in qcom_smsm_probe() (git-fixes). - soc: sunxi: sram: Fix probe function ordering issues (git-fixes). - soc: sunxi_sram: Make use of the helper function devm_platform_ioremap_resource() (git-fixes). - soundwire: cadence: Do not overwrite msg->buf during write commands (git-fixes). - soundwire: intel: fix error handling on dai registration issues (git-fixes). - spi: Ensure that sg_table won't be used after being freed (git-fixes). - spi: pxa2xx: Add support for Intel Meteor Lake-P (jsc#PED-732). - spi: pxa2xx: Add support for Intel Raptor Lake PCH-S (jsc#PED-634). - spmi: pmic-arb: correct duplicate APID to PPID mapping logic (git-fixes). - spmi: pmic-arb: do not ack and clear peripheral interrupts in cleanup_irq (git-fixes). - staging: rtl8723bs: fix a potential memory leak in rtw_init_cmd_priv() (git-fixes). - staging: rtl8723bs: fix potential memory leak in rtw_init_drv_sw() (git-fixes). - staging: vt6655: fix potential memory leak (git-fixes). - staging: vt6655: fix some erroneous memory clean-up loops (git-fixes). - stmmac: intel: Add a missing clk_disable_unprepare() call in intel_eth_pci_remove() (git-fixes). - stmmac: intel: Fix an error handling path in intel_eth_pci_probe() (git-fixes). - thermal/drivers/qcom/tsens-v0_1: Fix MSM8939 fourth sensor hw_id (git-fixes). - thermal: cpufreq_cooling: Check the policy first in cpufreq_cooling_register() (git-fixes). - thermal: int340x: Mode setting with new OS handshake (jsc#PED-678). - thermal: int340x: Update OS policy capability handshake (jsc#PED-678). - thermal: intel_powerclamp: Use first online CPU as control_cpu (git-fixes). - thermal: intel_powerclamp: Use get_cpu() instead of smp_processor_id() to avoid crash (git-fixes). - thunderbolt: Add back Intel Falcon Ridge end-to-end flow control workaround (git-fixes). - thunderbolt: Add missing device ID to tb_switch_is_alpine_ridge() (git-fixes). - thunderbolt: Add support for Intel Raptor Lake (jsc#PED-634). - thunderbolt: Disable LTTPR on Intel Titan Ridge (git-fixes). - thunderbolt: Explicitly enable lane adapter hotplug events at startup (git-fixes). - thunderbolt: Explicitly reset plug events delay back to USB4 spec value (git-fixes). - thunderbolt: Fix buffer allocation of devices with no DisplayPort adapters (git-fixes). - tracing/osnoise: Fix possible recursive locking in stop_per_cpu_kthreads (git-fixes). - tracing: Add '(fault)' name injection to kernel probes (git-fixes). - tracing: Add ioctl() to force ring buffer waiters to wake up (git-fixes). - tracing: Disable interrupt or preemption before acquiring arch_spinlock_t (git-fixes). - tracing: Do not free snapshot if tracer is on cmdline (git-fixes). - tracing: Fix reading strings from synthetic events (git-fixes). - tracing: Move duplicate code of trace_kprobe/eprobe.c into header (git-fixes). - tracing: Replace deprecated CPU-hotplug functions (git-fixes). - tracing: Simplify conditional compilation code in tracing_set_tracer() (git-fixes). - tracing: Wake up ring buffer waiters on closing of the file (git-fixes). - tracing: Wake up waiters when tracing is disabled (git-fixes). - tracing: kprobe: Fix kprobe event gen test module on exit (git-fixes).++ kernel-source.spec (revision 4)Release: <RELEASE>.g76cfe60Provides: %name-srchash-76cfe60e3ab724313d9fba4cf5ebaf12ad49ea0e - tracing: kprobe: Make gen test module work in arm and riscv (git-fixes). - tty: serial: fsl_lpuart: disable dma rx/tx use flags in lpuart_dma_shutdown (git-fixes). - tty: xilinx_uartps: Fix the ignore_status (git-fixes). - uas: add no-uas quirk for Hiksemi usb_disk (git-fixes). - uas: ignore UAS for Thinkplus chips (git-fixes). - udmabuf: Set ubuf->sg = NULL if the creation of sg table fails (git-fixes). - update kabi files. Refresh from Nov 2022 MU - 5.14.21-150400.24.28.1 - update patches.suse/kbuild-Add-skip_encoding_btf_enum64-option-to-pahole.patch (bsc#1204693). - usb-storage: Add Hiksemi USB3-FW to IGNORE_UAS (git-fixes). - usb/hcd: Fix dma_map_sg error check (git-fixes). - usb: add RESET_RESUME quirk for NVIDIA Jetson devices in RCM (git-fixes). - usb: add quirks for Lenovo OneLink+ Dock (git-fixes). - usb: bdc: change state when port disconnected (git-fixes). - usb: cdc-wdm: Use skb_put_data() instead of skb_put/memcpy pair (git-fixes). - usb: common: debug: Check non-standard control requests (git-fixes). - usb: dwc3: core: Enable GUCTL1 bit 10 for fixing termination error after resume bug (git-fixes). - usb: dwc3: gadget: Do not set IMI for no_interrupt (git-fixes). - usb: dwc3: gadget: Stop processing more requests on IMI (git-fixes). - usb: ehci: Fix a function name in comments (git-fixes). - usb: gadget: bdc: fix typo in comment (git-fixes). - usb: gadget: f_fs: stricter integer overflow checks (git-fixes). - usb: gadget: function: fix dangling pnp_string in f_printer.c (git-fixes). - usb: host: xhci-plat: suspend and resume clocks (git-fixes). - usb: host: xhci-plat: suspend/resume clks for brcm (git-fixes). - usb: host: xhci: Fix potential memory leak in xhci_alloc_stream_info() (git-fixes). - usb: idmouse: fix an uninit-value in idmouse_open (git-fixes). - usb: mon: make mmapped memory read only (git-fixes). - usb: mtu3: fix failed runtime suspend in host only mode (git-fixes). - usb: musb: Fix musb_gadget.c rxstate overflow bug (git-fixes). - usb: serial: console: move mutex_unlock() before usb_serial_put() (git-fixes). - usb: serial: ftdi_sio: fix 300 bps rate for SIO (git-fixes). - usb: serial: qcserial: add new usb-id for Dell branded EM7455 (git-fixes). - usb: typec: tcpm: fix typo in comment (git-fixes). - usb: xhci: add XHCI_SPURIOUS_SUCCESS to ASM1042 despite being a V0.96 controller (git-fixes). - virt: vbox: convert to use dev_groups (git-fixes). - vsock: fix possible infinite sleep in vsock_connectible_wait_data() (git-fixes). - vsock: remove the unused 'wait' in vsock_connectible_recvmsg() (git-fixes). - watchdog/hpwdt: Include nmi.h only if CONFIG_HPWDT_NMI_DECODING (git-fixes). - watchdog: armada_37xx_wdt: Fix .set_timeout callback (git-fixes). - watchdog: ftwdt010_wdt: fix test for platform_get_irq() failure (git-fixes). - wifi: ath9k: avoid uninit memory read in ath9k_htc_rx_msg() (git-fixes). - wifi: brcmfmac: fix invalid address access when enabling SCAN log level (git-fixes). - wifi: brcmfmac: fix use-after-free bug in brcmf_netdev_start_xmit() (git-fixes). - wifi: cfg80211/mac80211: reject bad MBSSID elements (git-fixes). - wifi: cfg80211: fix ieee80211_data_to_8023_exthdr handling of small packets (git-fixes). - wifi: cfg80211: update hidden BSSes to avoid WARN_ON (git-fixes). - wifi: iwlwifi: mvm: fix double list_add at iwl_mvm_mac_wake_tx_queue (other cases) (git-fixes). - wifi: mac80211: do not drop packets smaller than the LLC-SNAP header on fast-rx (git-fixes). - wifi: mac80211: fix decap offload for stations on AP_VLAN interfaces (git-fixes). - wifi: mac80211: fix probe req HE capabilities access (git-fixes). - wifi: mac80211_hwsim: avoid mac80211 warning on bad rate (git-fixes). - wifi: mt76: mt7921: reset msta->airtime_ac while clearing up hw value (git-fixes). - wifi: rt2x00: correctly set BBP register 86 for MT7620 (git-fixes). - wifi: rt2x00: do not run Rt5592 IQ calibration on MT7620 (git-fixes). - wifi: rt2x00: set SoC wmac clock register (git-fixes). - wifi: rt2x00: set VGC gain for both chains of MT7620 (git-fixes). - wifi: rt2x00: set correct TX_SW_CFG1 MAC register for MT7620 (git-fixes). - wwan_hwsim: fix possible memory leak in wwan_hwsim_dev_new() (git-fixes). - x86/boot: Do not propagate uninitialized boot_params->cc_blob_address (bsc#1204970). - x86/boot: Fix the setup data types max limit (bsc#1204970). - x86/compressed/64: Add identity mappings for setup_data entries (bsc#1204970). - x86/sev: Annotate stack change in the #VC handler (bsc#1204970). - x86/sev: Do not use cc_platform_has() for early SEV-SNP calls (bsc#1204970). - x86/sev: Remove duplicated assignment to variable info (bsc#1204970). - xen/gntdev: Prevent leaking grants (git-fixes). - xhci-pci: Set runtime PM as default policy on all xHC 1.2 or later devices (git-fixes). - xhci: Add quirk to reset host back to default state at shutdown (git-fixes). - xhci: Do not show warning for reinit on known broken suspend (git-fixes). - xhci: Remove device endpoints from bandwidth list when freeing the device (git-fixes). - xhci: dbc: Fix memory leak in xhci_alloc_dbc() (git-fixes). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4081-1 Released: Fri Nov 18 15:40:46 2022 Summary: Security update for dpkg Type: security Severity: low References: 1199944,CVE-2022-1664 This update for dpkg fixes the following issues: - CVE-2022-1664: Fixed a directory traversal vulnerability in Dpkg::Source::Archive (bsc#1199944). The following package changes have been done: - apparmor-abstractions-3.0.4-150400.5.3.1 updated - apparmor-parser-3.0.4-150400.5.3.1 updated - bind-utils-9.16.33-150400.5.11.1 updated - curl-7.79.1-150400.5.9.1 updated - dbus-1-1.12.2-150400.18.5.1 updated - dhcp-client-4.3.6.P1-150000.6.17.1 updated - dhcp-4.3.6.P1-150000.6.17.1 updated - docker-20.10.17_ce-150000.169.1 updated - grub2-i386-pc-2.06-150400.11.12.1 updated - grub2-x86_64-efi-2.06-150400.11.12.1 updated - grub2-2.06-150400.11.12.1 updated - kdump-1.0.2+git14.gb49d4a3-150400.3.5.1 updated - kernel-default-5.14.21-150400.24.33.2 updated - libapparmor1-3.0.4-150400.5.3.1 updated - libblkid1-2.37.2-150400.8.8.1 updated - libcurl4-7.79.1-150400.5.9.1 updated - libdbus-1-3-1.12.2-150400.18.5.1 updated - libexpat1-2.4.4-150400.3.12.1 updated - libfdisk1-2.37.2-150400.8.8.1 updated - libgnutls30-3.7.3-150400.4.19.1 updated - libksba8-1.3.5-150000.4.3.1 updated - libmount1-2.37.2-150400.8.8.1 updated - libopenssl1_1-1.1.1l-150400.7.13.1 updated - libprotobuf-lite20-3.9.2-150200.4.19.2 updated - libsmartcols1-2.37.2-150400.8.8.1 updated - libsystemd0-249.12-150400.8.13.1 updated - libtasn1-6-4.13-150000.4.8.1 updated - libtasn1-4.13-150000.4.8.1 updated - libudev1-249.12-150400.8.13.1 updated - libusb-1_0-0-1.0.24-150400.3.3.1 updated - libuuid1-2.37.2-150400.8.8.1 updated - libuv1-1.18.0-150400.11.3.1 updated - libxml2-2-2.9.14-150400.5.10.1 updated - libz1-1.2.11-150000.3.36.1 updated - libzck1-1.1.16-150400.3.2.1 updated - nfs-client-2.1.1-150100.10.27.1 updated - openssh-clients-8.4p1-150300.3.12.2 updated - openssh-common-8.4p1-150300.3.12.2 updated - openssh-server-8.4p1-150300.3.12.2 updated - openssh-8.4p1-150300.3.12.2 updated - openssl-1_1-1.1.1l-150400.7.13.1 updated - pam-1.3.0-150000.6.61.1 updated - permissions-20201225-150400.5.16.1 updated - python-azure-agent-2.8.0.11-150100.3.26.1 updated - python3-apipkg-1.4-150000.3.4.1 updated - python3-bind-9.16.33-150400.5.11.1 updated - python3-iniconfig-1.1.1-150000.1.9.1 updated - runc-1.1.4-150000.36.1 updated - sudo-1.9.9-150400.4.6.1 updated - systemd-sysvinit-249.12-150400.8.13.1 updated - systemd-249.12-150400.8.13.1 updated - timezone-2022f-150000.75.15.1 updated - udev-249.12-150400.8.13.1 updated - update-alternatives-1.19.0.4-150000.4.4.1 updated - util-linux-systemd-2.37.2-150400.8.8.1 updated - util-linux-2.37.2-150400.8.8.1 updated - xen-libs-4.16.2_08-150400.4.16.1 updated From sle-updates at lists.suse.com Mon Nov 21 08:06:14 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 21 Nov 2022 09:06:14 +0100 (CET) Subject: SUSE-IU-2022:1132-1: Security update of suse-sles-15-sp4-chost-byos-v20221118-hvm-ssd-x86_64 Message-ID: <20221121080614.74EF9F3CC@maintenance.suse.de> SUSE Image Update Advisory: suse-sles-15-sp4-chost-byos-v20221118-hvm-ssd-x86_64 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2022:1132-1 Image Tags : suse-sles-15-sp4-chost-byos-v20221118-hvm-ssd-x86_64:20221118 Image Release : Severity : critical Type : security References : 1027519 1027519 1065729 1071995 1087072 1121365 1152472 1152489 1167608 1177460 1177578 1180995 1185032 1187312 1188238 1190497 1190651 1190651 1190653 1190888 1192439 1193859 1193923 1194023 1194047 1194530 1194869 1194869 1195917 1196018 1196444 1196632 1196668 1196869 1197659 1198189 1198471 1198472 1199062 1199856 1199904 1199944 1200022 1200288 1200567 1200622 1200692 1200788 1201051 1201293 1201309 1201310 1201361 1201590 1201631 1201689 1201959 1201987 1201994 1202021 1202095 1202146 1202148 1202148 1202187 1202324 1202344 1202627 1202686 1202700 1202821 1202914 1202960 1202981 1203039 1203046 1203066 1203069 1203098 1203101 1203197 1203229 1203250 1203263 1203290 1203299 1203338 1203360 1203361 1203389 1203410 1203435 1203505 1203514 1203552 1203614 1203618 1203619 1203620 1203652 1203664 1203681 1203693 1203699 1203699 1203767 1203767 1203769 1203770 1203779 1203794 1203798 1203802 1203806 1203806 1203807 1203807 1203893 1203902 1203906 1203908 1203911 1203922 1203935 1203939 1203987 1203988 1203989 1203992 1204017 1204051 1204059 1204060 1204111 1204112 1204113 1204125 1204142 1204145 1204166 1204168 1204171 1204179 1204211 1204241 1204244 1204256 1204353 1204354 1204355 1204357 1204366 1204367 1204383 1204386 1204402 1204413 1204415 1204417 1204428 1204431 1204439 1204470 1204479 1204482 1204483 1204485 1204487 1204488 1204489 1204490 1204494 1204496 1204498 1204533 1204569 1204574 1204575 1204619 1204635 1204637 1204646 1204647 1204649 1204650 1204653 1204690 1204693 1204705 1204708 1204719 1204728 1204753 1204868 1204926 1204933 1204934 1204947 1204957 1204963 1204968 1204970 1204986 1205156 CVE-2021-22569 CVE-2021-46848 CVE-2022-1263 CVE-2022-1664 CVE-2022-1882 CVE-2022-1941 CVE-2022-2153 CVE-2022-2586 CVE-2022-2795 CVE-2022-28748 CVE-2022-2928 CVE-2022-2929 CVE-2022-2964 CVE-2022-2978 CVE-2022-3080 CVE-2022-3169 CVE-2022-3171 CVE-2022-3202 CVE-2022-32221 CVE-2022-32296 CVE-2022-3239 CVE-2022-3303 CVE-2022-33746 CVE-2022-33746 CVE-2022-33747 CVE-2022-33748 CVE-2022-33748 CVE-2022-33981 CVE-2022-3424 CVE-2022-3435 CVE-2022-3515 CVE-2022-3521 CVE-2022-3524 CVE-2022-3526 CVE-2022-3535 CVE-2022-3542 CVE-2022-3545 CVE-2022-3565 CVE-2022-3577 CVE-2022-3586 CVE-2022-3594 CVE-2022-3619 CVE-2022-3621 CVE-2022-3625 CVE-2022-3628 CVE-2022-3629 CVE-2022-3633 CVE-2022-3640 CVE-2022-3646 CVE-2022-3649 CVE-2022-38177 CVE-2022-38178 CVE-2022-3821 CVE-2022-39189 CVE-2022-40303 CVE-2022-40304 CVE-2022-40476 CVE-2022-40768 CVE-2022-41218 CVE-2022-41674 CVE-2022-41848 CVE-2022-41849 CVE-2022-42010 CVE-2022-42011 CVE-2022-42012 CVE-2022-42309 CVE-2022-42310 CVE-2022-42311 CVE-2022-42312 CVE-2022-42313 CVE-2022-42314 CVE-2022-42315 CVE-2022-42316 CVE-2022-42317 CVE-2022-42318 CVE-2022-42319 CVE-2022-42320 CVE-2022-42321 CVE-2022-42322 CVE-2022-42323 CVE-2022-42325 CVE-2022-42326 CVE-2022-42327 CVE-2022-42703 CVE-2022-42719 CVE-2022-42720 CVE-2022-42721 CVE-2022-42722 CVE-2022-42916 CVE-2022-43680 CVE-2022-43750 CVE-2022-43995 ----------------------------------------------------------------- The container suse-sles-15-sp4-chost-byos-v20221118-hvm-ssd-x86_64 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3663-1 Released: Wed Oct 19 19:05:21 2022 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1121365,1180995,1190651,1190653,1190888,1193859,1198471,1198472,1201293,1202148,1203046,1203069 This update for openssl-1_1 fixes the following issues: - FIPS: Default to RFC-7919 groups for genparam and dhparam - FIPS: list only FIPS approved digest and public key algorithms [bsc#1121365, bsc#1190888, bsc#1193859, bsc#1198471, bsc#1198472] - FIPS: Add KAT for the RAND_DRBG implementation [bsc#1203069] - FIPS: openssl: RAND api should call into FIPS DRBG [bsc#1201293] * The FIPS_drbg implementation is not FIPS validated anymore. To provide backwards compatibility for applications that need FIPS compliant RNG number generation and use FIPS_drbg_generate, this function was re-wired to call the FIPS validated DRBG instance instead through the RAND_bytes() call. - FIPS: Fix minor memory leaks by FIPS patch [bsc#1203046] - FIPS: OpenSSL: Port openssl to use jitterentropy [bsc#1202148, jsc#SLE-24941] libcrypto.so now requires libjitterentropy3 library. - FIPS: OpenSSL Provide a service-level indicator [bsc#1190651] - FIPS: Add zeroization of temporary variables to the hmac integrity function FIPSCHECK_verify(). [bsc#1190653] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3670-1 Released: Thu Oct 20 10:44:13 2022 Summary: Recommended update for zchunk Type: recommended Severity: moderate References: 1204244 This update for zchunk fixes the following issues: - Make sure to ship libzck1 to Micro 5.3 (bsc#1204244) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3678-1 Released: Thu Oct 20 14:38:19 2022 Summary: Recommended update for kdump Type: recommended Severity: moderate References: 1187312,1201051,1202981 This update for kdump fixes the following issues: - Fix broken URL in manpage (bsc#1187312) - Fix network-related dracut options handling for fadump case (bsc#1201051) - use inst_binary to install kdump-save (bsc#1202981) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3683-1 Released: Fri Oct 21 11:48:39 2022 Summary: Security update for libksba Type: security Severity: critical References: 1204357,CVE-2022-3515 This update for libksba fixes the following issues: - CVE-2022-3515: Fixed a possible overflow in the TLV parser (bsc#1204357). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3692-1 Released: Fri Oct 21 16:15:07 2022 Summary: Security update for libxml2 Type: security Severity: important References: 1204366,1204367,CVE-2022-40303,CVE-2022-40304 This update for libxml2 fixes the following issues: - CVE-2022-40303: Fixed integer overflows with XML_PARSE_HUGE (bsc#1204366). - CVE-2022-40304: Fixed dict corruption caused by entity reference cycles (bsc#1204367). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3727-1 Released: Tue Oct 25 15:38:34 2022 Summary: Security update for xen Type: security Severity: moderate References: 1027519,1167608,1201631,1201994,1203806,1203807,CVE-2022-33746,CVE-2022-33748 This update for xen fixes the following issues: Updated to version 4.16.2 (bsc#1027519): - CVE-2022-33746: Fixed DoS due to excessively long P2M pool freeing (bsc#1203806). - CVE-2022-33748: Fixed DoS due to race in locking (bsc#1203807). Bugfixes: - Fixed Xen DomU unable to emulate audio device (bsc#1201994). - Fixed logic error in built-in default of max_event_channels (bsc#1167608, bsc#1201631). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3767-1 Released: Wed Oct 26 11:49:43 2022 Summary: Recommended update for bind Type: security Severity: important References: 1201689,1203250,1203614,1203618,1203619,1203620,CVE-2022-2795,CVE-2022-3080,CVE-2022-38177,CVE-2022-38178 This update for bind fixes the following issues: Update to release 9.16.33: - CVE-2022-2795: Fixed potential performance degredation due to missing database lookup limits when processing large delegations (bsc#1203614). - CVE-2022-3080: Fixed assertion failure when there was a stale CNAME in the cache for the incoming query and the stale-answer-client-timeout option is set to 0 (bsc#1203618). - CVE-2022-38177: Fixed a memory leak that could be externally triggered in the DNSSEC verification code for the ECDSA algorithm (bsc#1203619). - CVE-2022-38178: Fixed memory leaks that could be externally triggered in the DNSSEC verification code for the EdDSA algorithm (bsc#1203620). - Add systemd drop-in directory for named service (bsc#1201689). - Add modified createNamedConfInclude script and README-bind.chrootenv (bsc#1203250). - Feature Changes: - Response Rate Limiting (RRL) code now treats all QNAMEs that are subject to wildcard processing within a given zone as the same name, to prevent circumventing the limits enforced by RRL. - Zones using dnssec-policy now require dynamic DNS or inline-signing to be configured explicitly. - A backward-compatible approach was implemented for encoding internationalized domain names (IDN) in dig and converting the domain to IDNA2008 form; if that fails, BIND tries an IDNA2003 conversion. - The DNSSEC algorithms RSASHA1 and NSEC3RSASHA1 are now automatically disabled on systems where they are disallowed by the security policy. Primary zones using those algorithms need to be migrated to new algorithms prior to running on these systems, as graceful migration to different DNSSEC algorithms is not possible when RSASHA1 is disallowed by the operating system. - Log messages related to fetch limiting have been improved to provide more complete information. Specifically, the final counts of allowed and spilled fetches are now logged before the counter object is destroyed. - Non-dynamic zones that inherit dnssec-policy from the view or options blocks were not marked as inline-signed and therefore never scheduled to be re-signed. This has been fixed. - The old max-zone-ttl zone option was meant to be superseded by the max-zone-ttl option in dnssec-policy; however, the latter option was not fully effective. This has been corrected: zones no longer load if they contain TTLs greater than the limit configured in dnssec-policy. For zones with both the old max-zone-ttl option and dnssec-policy configured, the old option is ignored, and a warning is generated. - rndc dumpdb -expired was fixed to include expired RRsets, even if stale-cache-enable is set to no and the cache-cleaning time window has passed. (jsc#SLE-24600) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3784-1 Released: Wed Oct 26 18:03:28 2022 Summary: Security update for libtasn1 Type: security Severity: critical References: 1204690,CVE-2021-46848 This update for libtasn1 fixes the following issues: - CVE-2021-46848: Fixed off-by-one array size check that affects asn1_encode_simple_der (bsc#1204690) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3785-1 Released: Wed Oct 26 20:20:19 2022 Summary: Security update for curl Type: security Severity: important References: 1204383,1204386,CVE-2022-32221,CVE-2022-42916 This update for curl fixes the following issues: - CVE-2022-32221: Fixed POST following PUT confusion (bsc#1204383). - CVE-2022-42916: Fixed HSTS bypass via IDN (bsc#1204386). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3787-1 Released: Thu Oct 27 04:41:09 2022 Summary: Recommended update for permissions Type: recommended Severity: important References: 1194047,1203911 This update for permissions fixes the following issues: - Fix regression introduced by backport of security fix (bsc#1203911) - Add permissions for enlightenment helper on 32bit arches (bsc#1194047) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3799-1 Released: Thu Oct 27 14:59:06 2022 Summary: Recommended update for gnutls Type: recommended Severity: important References: 1202146,1203779 This update for gnutls fixes the following issues: - FIPS: Set error state when jent init failed in FIPS mode (bsc#1202146) - FIPS: Make XTS key check failure not fatal (bsc#1203779) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3806-1 Released: Thu Oct 27 17:21:11 2022 Summary: Security update for dbus-1 Type: security Severity: important References: 1087072,1204111,1204112,1204113,CVE-2022-42010,CVE-2022-42011,CVE-2022-42012 This update for dbus-1 fixes the following issues: - CVE-2022-42010: Fixed potential crash that could be triggered by an invalid signature (bsc#1204111). - CVE-2022-42011: Fixed an out of bounds read caused by a fixed length array (bsc#1204112). - CVE-2022-42012: Fixed a use-after-free that could be trigged by a message in non-native endianness with out-of-band Unix file descriptor (bsc#1204113). Bugfixes: - Disable asserts (bsc#1087072). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3812-1 Released: Mon Oct 31 09:44:26 2022 Summary: Recommended update for sudo Type: recommended Severity: moderate References: 1177578 This update for sudo fixes the following issues: - Removed redundant and confusing 'secure_path' settings in sudo-sudoers file (bsc#1177578). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3844-1 Released: Tue Nov 1 18:20:11 2022 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1185032,1190497,1194023,1194869,1195917,1196444,1196869,1197659,1198189,1200288,1200622,1201309,1201310,1201987,1202095,1202960,1203039,1203066,1203101,1203197,1203263,1203338,1203360,1203361,1203389,1203410,1203505,1203552,1203664,1203693,1203699,1203767,1203769,1203770,1203794,1203798,1203893,1203902,1203906,1203908,1203935,1203939,1203987,1203992,1204051,1204059,1204060,1204125,CVE-2022-1263,CVE-2022-2586,CVE-2022-3202,CVE-2022-32296,CVE-2022-3239,CVE-2022-3303,CVE-2022-39189,CVE-2022-41218,CVE-2022-41674,CVE-2022-41848,CVE-2022-41849,CVE-2022-42719,CVE-2022-42720,CVE-2022-42721,CVE-2022-42722 The SUSE Linux Enterprise 15 SP4 kernel was updated. The following security bugs were fixed: - CVE-2022-3303: Fixed a race condition in the sound subsystem due to improper locking (bnc#1203769). - CVE-2022-41218: Fixed an use-after-free caused by refcount races in drivers/media/dvb-core/dmxdev.c (bnc#1202960). - CVE-2022-3239: Fixed an use-after-free in the video4linux driver that could lead a local user to able to crash the system or escalate their privileges (bnc#1203552). - CVE-2022-41848: Fixed a race condition and resultant use-after-free if a physically proximate attacker removes a PCMCIA device while calling ioctl (bnc#1203987). - CVE-2022-41849: Fixed a race condition and resultant use-after-free if a physically proximate attacker removes a USB device while calling open (bnc#1203992). - CVE-2022-41674: Fixed a DoS issue where kernel can crash on the reception of specific WiFi Frames (bsc#1203770). - CVE-2022-1263: Fixed a NULL pointer dereference issue was found in KVM when releasing a vCPU with dirty ring support enabled. This flaw allowed an unprivileged local attacker on the host to issue specific ioctl calls, causing a kernel oops condition that results in a denial of service (bnc#1198189). - CVE-2022-32296: Fixed a bug which allowed TCP servers to identify clients by observing what source ports are used (bnc#1200288). - CVE-2022-3202: Fixed a NULL pointer dereference flaw in Journaled File System. This could allow a local attacker to crash the system or leak kernel internal information (bnc#1203389). - CVE-2022-39189: Fixed a bug in the x86 KVM subsystem which allows unprivileged guest users to compromise the guest kernel because TLB flush operations are mishandled (bnc#1203066). - CVE-2022-2586: Fixed a use-after-free which can be triggered when a nft table is deleted (bnc#1202095). - CVE-2022-42722: Fixed crash in beacon protection for P2P-device. (bsc#1204125) - CVE-2022-42719: Fixed MBSSID parsing use-after-free. (bsc#1204051) - CVE-2022-42721: Avoid nontransmitted BSS list corruption. (bsc#1204060) - CVE-2022-42720: Fixed BSS refcounting bugs. (bsc#1204059) The following non-security bugs were fixed: - ACPI / scan: Create platform device for CS35L41 (bsc#1203699). - ACPI: processor idle: Practically limit 'Dummy wait' workaround to old Intel systems (bsc#1203767). - ACPI: resource: skip IRQ override on AMD Zen platforms (git-fixes). - ACPI: scan: Add CLSA0101 Laptop Support (bsc#1203699). - ACPI: utils: Add api to read _SUB from ACPI (bsc#1203699). - ALSA: aloop: Fix random zeros in capture data when using jiffies timer (git-fixes). - ALSA: core: Fix double-free at snd_card_new() (git-fixes). - ALSA: cs35l41: Check hw_config before using it (bsc#1203699). - ALSA: cs35l41: Enable Internal Boost in shared lib (bsc#1203699). - ALSA: cs35l41: Move cs35l41_gpio_config to shared lib (bsc#1203699). - ALSA: cs35l41: Unify hardware configuration (bsc#1203699). - ALSA: emu10k1: Fix out of bounds access in snd_emu10k1_pcm_channel_alloc() (git-fixes). - ALSA: hda: add Intel 5 Series / 3400 PCI DID (git-fixes). - ALSA: hda: cs35l41: Add Amp Name based on channel and index (bsc#1203699). - ALSA: hda: cs35l41: Add Boost type flag (bsc#1203699). - ALSA: hda: cs35l41: Add calls to newly added test key function (bsc#1203699). - ALSA: hda: cs35l41: Add defaulted values into dsp bypass config sequence (bsc#1203699). - ALSA: hda: cs35l41: Add initial DSP support and firmware loading (bsc#1203699). - ALSA: hda: cs35l41: Add missing default cases (bsc#1203699). - ALSA: hda: cs35l41: Add module parameter to control firmware load (bsc#1203699). - ALSA: hda: cs35l41: Add support for CS35L41 in HDA systems (bsc#1203699). - ALSA: hda: cs35l41: Add Support for Interrupts (bsc#1203699). - ALSA: hda: cs35l41: Allow compilation test on non-ACPI configurations (bsc#1203699). - ALSA: hda: cs35l41: Always configure the DAI (bsc#1203699). - ALSA: hda: cs35l41: Avoid overwriting register patch (bsc#1203699). - ALSA: hda: cs35l41: Clarify support for CSC3551 without _DSD Properties (bsc#1203699). - ALSA: hda: cs35l41: Consolidate selections under SND_HDA_SCODEC_CS35L41 (bsc#1203699). - ALSA: hda: cs35l41: Do not dereference fwnode handle (bsc#1203699). - ALSA: hda: cs35l41: Drop wrong use of ACPI_PTR() (bsc#1203699). - ALSA: hda: cs35l41: Enable GPIO2 Interrupt for CLSA0100 laptops (bsc#1203699). - ALSA: hda: cs35l41: Fix comments wrt serial-multi-instantiate reference (bsc#1203699). - ALSA: hda: cs35l41: fix double free on error in probe() (bsc#1203699). - ALSA: hda: cs35l41: Fix error in spi cs35l41 hda driver name (bsc#1203699). - ALSA: hda: cs35l41: Fix I2S params comments (bsc#1203699). - ALSA: hda: cs35l41: Handle all external boost setups the same way (bsc#1203699). - ALSA: hda: cs35l41: Improve dev_err_probe() messaging (bsc#1203699). - ALSA: hda: cs35l41: Make cs35l41_hda_remove() return void (bsc#1203699). - ALSA: hda: cs35l41: Make use of the helper function dev_err_probe() (bsc#1203699). - ALSA: hda: cs35l41: Move boost config to initialization code (bsc#1203699). - ALSA: hda: cs35l41: Move cs35l41* calls to its own symbol namespace (bsc#1203699). - ALSA: hda: cs35l41: Move external boost handling to lib for ASoC use (bsc#1203699). - ALSA: hda: cs35l41: Mute the device before shutdown (bsc#1203699). - ALSA: hda: cs35l41: Put the device into safe mode for external boost (bsc#1203699). - ALSA: hda: cs35l41: Read Speaker Calibration data from UEFI variables (bsc#1203699). - ALSA: hda: cs35l41: Remove cs35l41_hda_reg_sequence struct (bsc#1203699). - ALSA: hda: cs35l41: Remove Set Channel Map api from binding (bsc#1203699). - ALSA: hda: cs35l41: Reorganize log for playback actions (bsc#1203699). - ALSA: hda: cs35l41: Save codec object inside component struct (bsc#1203699). - ALSA: hda: cs35l41: Save Subsystem ID inside CS35L41 Driver (bsc#1203699). - ALSA: hda: cs35l41: Set Speaker Position for CLSA0100 Laptop (bsc#1203699). - ALSA: hda: cs35l41: Support CLSA0101 (bsc#1203699). - ALSA: hda: cs35l41: Support Firmware switching and reloading (bsc#1203699). - ALSA: hda: cs35l41: Support Hibernation during Suspend (bsc#1203699). - ALSA: hda: cs35l41: Support multiple load paths for firmware (bsc#1203699). - ALSA: hda: cs35l41: Support reading subsystem id from ACPI (bsc#1203699). - ALSA: hda: cs35l41: Support Speaker ID for laptops (bsc#1203699). - ALSA: hda: cs35l41: Tidyup code (bsc#1203699). - ALSA: hda: cs35l41: Use the CS35L41 HDA internal define (bsc#1203699). - ALSA: hda: Fix dependencies of CS35L41 on SPI/I2C buses (bsc#1203699). - ALSA: hda: Fix dependency on ASoC cs35l41 codec (bsc#1203699). - ALSA: hda: Fix hang at HD-audio codec unbinding due to refcount saturation (git-fixes). - ALSA: hda: Fix Nvidia dp infoframe (git-fixes). - ALSA: hda: hda_cs_dsp_ctl: Add apis to write the controls directly (bsc#1203699). - ALSA: hda: hda_cs_dsp_ctl: Add fw id strings (bsc#1203699). - ALSA: hda: hda_cs_dsp_ctl: Add Library to support CS_DSP ALSA controls (bsc#1203699). - ALSA: hda: intel-dsp-config: Add RaptorLake PCI IDs (jsc#PED-720). - ALSA: hda/cs8409: Add new Dolphin HW variants (bsc#1203699). - ALSA: hda/cs8409: Add Speaker Playback Switch for Cyborg (bsc#1203699). - ALSA: hda/cs8409: Add Speaker Playback Switch for Warlock (bsc#1203699). - ALSA: hda/cs8409: change cs8409_fixups v.pins initializers to static (bsc#1203699). - ALSA: hda/cs8409: Disable HSBIAS_SENSE_EN for Cyborg (bsc#1203699). - ALSA: hda/cs8409: Fix Full Scale Volume setting for all variants (bsc#1203699). - ALSA: hda/cs8409: Fix Warlock to use mono mic configuration (bsc#1203699). - ALSA: hda/cs8409: Re-order quirk table into ascending order (bsc#1203699). - ALSA: hda/cs8409: Support manual mode detection for CS42L42 (bsc#1203699). - ALSA: hda/cs8409: Support new Dolphin Variants (bsc#1203699). - ALSA: hda/cs8409: Support new Odin Variants (bsc#1203699). - ALSA: hda/cs8409: Support new Warlock MLK Variants (bsc#1203699). - ALSA: hda/cs8409: Use general cs42l42 include in cs8409 hda driver (bsc#1203699). - ALSA: hda/realtek: Add a quirk for HP OMEN 16 (8902) mute LED (git-fixes). - ALSA: hda/realtek: Add CS35L41 support for Thinkpad laptops (bsc#1203699). - ALSA: hda/realtek: Add mute and micmut LED support for Zbook Fury 17 G9 (bsc#1203699). - ALSA: hda/realtek: Add pincfg for ASUS G513 HP jack (git-fixes). - ALSA: hda/realtek: Add pincfg for ASUS G533Z HP jack (git-fixes). - ALSA: hda/realtek: Add quirk for ASUS GA503R laptop (git-fixes). - ALSA: hda/realtek: Add quirk for HP Zbook Firefly 14 G9 model (bsc#1203699). - ALSA: hda/realtek: Add quirk for Huawei WRT-WX9 (git-fixes). - ALSA: hda/realtek: Add quirk for Lenovo Yoga7 14IAL7 (bsc#1203699). - ALSA: hda/realtek: Add quirks for ASUS Zenbooks using CS35L41 (bsc#1203699). - ALSA: hda/realtek: Add support for HP Laptops (bsc#1203699). - ALSA: hda/realtek: Add support for Legion 7 16ACHg6 laptop (bsc#1203699). - ALSA: hda/realtek: Enable 4-speaker output Dell Precision 5530 laptop (git-fixes). - ALSA: hda/realtek: Enable 4-speaker output Dell Precision 5570 laptop (git-fixes). - ALSA: hda/realtek: Enable mute/micmute LEDs and limit mic boost on EliteBook 845/865 G9 (bsc#1203699). - ALSA: hda/realtek: Enable mute/micmute LEDs support for HP Laptops (bsc#1203699). - ALSA: hda/realtek: Enable speaker and mute LEDs for HP laptops (bsc#1203699). - ALSA: hda/realtek: Fix LED on Zbook Studio G9 (bsc#1203699). - ALSA: hda/realtek: Fix mute led issue on thinkpad with cs35l41 s-codec (bsc#1203699). - ALSA: hda/realtek: More robust component matching for CS35L41 (bsc#1203699). - ALSA: hda/realtek: Re-arrange quirk table entries (git-fixes). - ALSA: hda/sigmatel: Fix unused variable warning for beep power change (git-fixes). - ALSA: hda/tegra: Add Tegra234 hda driver support (git-fixes). - ALSA: hda/tegra: Align BDL entry to 4KB boundary (git-fixes). - ALSA: hda/tegra: set depop delay for tegra (git-fixes). - ALSA: hda/tegra: Update scratch reg. communication (git-fixes). - ALSA: pcm: oss: Fix race at SNDCTL_DSP_SYNC (git-fixes). - ALSA: usb-audio: Fix an out-of-bounds bug in __snd_usb_parse_audio_interface() (git-fixes). - ALSA: usb-audio: Inform the delayed registration more properly (git-fixes). - ALSA: usb-audio: Register card again for iface over delayed_register option (git-fixes). - ALSA: usb-audio: Split endpoint setups for hw_params and prepare (git-fixes). - ARM: dts: am33xx: Fix MMCHS0 dma properties (git-fixes). - ARM: dts: imx: align SPI NOR node name with dtschema (git-fixes). - ARM: dts: imx6qdl-kontron-samx6i: fix spi-flash compatible (git-fixes). - arm64: dts: qcom: sm8350: fix UFS PHY serdes size (git-fixes). - arm64: dts: rockchip: Fix typo in lisense text for PX30.Core (git-fixes). - arm64: dts: rockchip: Pull up wlan wake# on Gru-Bob (git-fixes). - arm64: dts: rockchip: Remove 'enable-active-low' from rk3399-puma (git-fixes). - arm64: dts: rockchip: Set RK3399-Gru PCLK_EDP to 24 MHz (git-fixes). - arm64: errata: Add Cortex-A510 to the repeat tlbi list (git-fixes) Enable this errata fix configuration option to arm64/default. - arm64: kexec_file: use more system keyrings to verify kernel image signature (bsc#1196444). - arm64: lib: Import latest version of Arm Optimized Routines' strcmp (git-fixes) - arm64: select TRACE_IRQFLAGS_NMI_SUPPORT (git-fixes) - arm64: topology: fix possible overflow in amu_fie_setup() (git-fixes). - ASoC: cs35l41: Add ASP TX3/4 source to register patch (bsc#1203699). - ASoC: cs35l41: Add bindings for CS35L41 (bsc#1203699). - ASoC: cs35l41: Add common cs35l41 enter hibernate function (bsc#1203699). - ASoC: cs35l41: Add cs35l51/53 IDs (bsc#1203699). - ASoC: cs35l41: Add endianness flag in snd_soc_component_driver (bsc#1203699). - ASoC: cs35l41: Add one more variable in the debug log (bsc#1203699). - ASoC: cs35l41: Add one more variable in the debug log (bsc#1203699). - ASoC: cs35l41: Add support for CLSA3541 ACPI device ID (bsc#1203699). - ASoC: cs35l41: Add support for hibernate memory retention mode (bsc#1203699). - ASoC: cs35l41: Binding fixes (bsc#1203699). - ASoC: cs35l41: Change monitor widgets to siggens (bsc#1203699). - ASoC: cs35l41: Combine adjacent register writes (bsc#1203699). - ASoC: cs35l41: Convert tables to shared source code (bsc#1203699). - ASoC: cs35l41: Correct DSP power down (bsc#1203699). - ASoC: cs35l41: Correct handling of some registers in the cache (bsc#1203699). - ASoC: cs35l41: Correct some control names (bsc#1203699). - ASoC: cs35l41: Create shared function for boost configuration (bsc#1203699). - ASoC: cs35l41: Create shared function for errata patches (bsc#1203699). - ASoC: cs35l41: Create shared function for setting channels (bsc#1203699). - ASoC: cs35l41: CS35L41 Boosted Smart Amplifier (bsc#1203699). - ASoC: cs35l41: Do not overwrite returned error code (bsc#1203699). - ASoC: cs35l41: Do not print error when waking from hibernation (bsc#1203699). - ASoC: cs35l41: Document CS35l41 External Boost (bsc#1203699). - ASoC: cs35l41: DSP Support (bsc#1203699). - ASoC: cs35l41: Fix a bunch of trivial code formating/style issues (bsc#1203699). - ASoC: cs35l41: Fix a shift-out-of-bounds warning found by UBSAN (bsc#1203699). - ASoC: cs35l41: Fix an out-of-bounds access in otp_packed_element_t (bsc#1203699). - ASoC: cs35l41: Fix DSP mbox start command and global enable order (bsc#1203699). - ASoC: cs35l41: Fix GPIO2 configuration (bsc#1203699). - ASoC: cs35l41: Fix link problem (bsc#1203699). - ASoC: cs35l41: Fix max number of TX channels (bsc#1203699). - ASoC: cs35l41: Fix undefined reference to core functions (bsc#1203699). - ASoC: cs35l41: Fix use of an uninitialised variable (bsc#1203699). - ASoC: cs35l41: Fixup the error messages (bsc#1203699). - ASoC: cs35l41: Make cs35l41_remove() return void (bsc#1203699). - ASoC: cs35l41: Move cs_dsp config struct into shared code (bsc#1203699). - ASoC: cs35l41: Move cs35l41 exit hibernate function into shared code (bsc#1203699). - ASoC: cs35l41: Move cs35l41 fs errata into shared code (bsc#1203699). - ASoC: cs35l41: Move cs35l41_otp_unpack to shared code (bsc#1203699). - ASoC: cs35l41: Move cs35l41_set_cspl_mbox_cmd to shared code (bsc#1203699). - ASoC: cs35l41: Move power initializations to reg_sequence (bsc#1203699). - ASoC: cs35l41: Read System Name from ACPI _SUB to identify firmware (bsc#1203699). - ASoC: cs35l41: Remove incorrect comment (bsc#1203699). - ASoC: cs35l41: Remove unnecessary param (bsc#1203699). - ASoC: cs35l41: Set the max SPI speed for the whole device (bsc#1203699). - ASoC: cs35l41: Support external boost (bsc#1203699). - ASoC: cs35l41: Update handling of test key registers (bsc#1203699). - ASoC: cs35l41: Use regmap_read_poll_timeout to wait for OTP boot (bsc#1203699). - ASoC: cs42l42: Add control for audio slow-start switch (bsc#1203699). - ASoC: cs42l42: Add warnings about DETECT_MODE and PLL_START (bsc#1203699). - ASoC: cs42l42: Allow time for HP/ADC to power-up after enable (bsc#1203699). - ASoC: cs42l42: Always enable TS_PLUG and TS_UNPLUG interrupts (bsc#1203699). - ASoC: cs42l42: Change jack_detect_mutex to a lock of all IRQ handling (bsc#1203699). - ASoC: cs42l42: Do not claim to support 192k (bsc#1203699). - ASoC: cs42l42: Do not reconfigure the PLL while it is running (bsc#1203699). - ASoC: cs42l42: Fix WARN in remove() if running without an interrupt (bsc#1203699). - ASoC: cs42l42: free_irq() before powering-down on probe() fail (bsc#1203699). - ASoC: cs42l42: Handle system suspend (bsc#1203699). - ASoC: cs42l42: Implement Manual Type detection as fallback (bsc#1203699). - ASoC: cs42l42: Mark OSC_SWITCH_STATUS register volatile (bsc#1203699). - ASoC: cs42l42: Minor fix all errors reported by checkpatch.pl script (bsc#1203699). - ASoC: cs42l42: Move CS42L42 register descriptions to general include (bsc#1203699). - ASoC: cs42l42: Only report button state if there was a button interrupt (git-fixes). - ASoC: cs42l42: Prevent NULL pointer deref in interrupt handler (bsc#1203699). - ASoC: cs42l42: Remove redundant pll_divout member (bsc#1203699). - ASoC: cs42l42: Remove redundant writes to DETECT_MODE (bsc#1203699). - ASoC: cs42l42: Remove redundant writes to RS_PLUG/RS_UNPLUG masks (bsc#1203699). - ASoC: cs42l42: Remove unused runtime_suspend/runtime_resume callbacks (bsc#1203699). - ASoC: cs42l42: Report full jack status when plug is detected (bsc#1203699). - ASoC: cs42l42: Report initial jack state (bsc#1203699). - ASoC: cs42l42: Reset and power-down on remove() and failed probe() (bsc#1203699). - ASoC: cs42l42: Set correct SRC MCLK (bsc#1203699). - ASoC: cs42l42: Simplify reporting of jack unplug (bsc#1203699). - ASoC: cs42l42: Use PLL for SCLK > 12.288MHz (bsc#1203699). - ASoC: cs42l42: Use two thresholds and increased wait time for manual type detection (bsc#1203699). - ASoC: dt-bindings: cs42l42: Convert binding to yaml (bsc#1203699). - ASoC: imx-card: Fix refcount issue with of_node_put (git-fixes). - ASoC: mchp-spdiftx: Fix clang -Wbitfield-constant-conversion (git-fixes). - ASoC: mchp-spdiftx: remove references to mchp_i2s_caps (git-fixes). - ASoC: nau8824: Fix semaphore unbalance at error paths (git-fixes). - ASoC: qcom: sm8250: add missing module owner (git-fixes). - ASoC: SOF: Intel: pci-tgl: add ADL-PS support (jsc#PED-720). - ASoC: SOF: Intel: pci-tgl: add RPL-P support (jsc#PED-720). - ASoC: SOF: Intel: pci-tgl: add RPL-S support (jsc#PED-652). - ASoC: tas2770: Reinit regcache on reset (git-fixes). - ASoC: wm_adsp: Add support for 'toggle' preloaders (bsc#1203699). - ASoC: wm_adsp: Add trace caps to speaker protection FW (bsc#1203699). - ASoC: wm_adsp: Cancel ongoing work when removing controls (bsc#1203699). - ASoC: wm_adsp: Compressed stream DSP memory structs should be __packed (bsc#1203699). - ASoC: wm_adsp: Correct control read size when parsing compressed buffer (bsc#1203699). - ASoC: wm_adsp: Expand firmware loading search options (bsc#1203699). - ASoC: wm_adsp: Fix event for preloader (bsc#1203699). - ASoC: wm_adsp: Introduce cs_dsp logging macros (bsc#1203699). - ASoC: wm_adsp: Make compressed buffers optional (bsc#1203699). - ASoC: wm_adsp: Minor clean and redundant code removal (bsc#1203699). - ASoC: wm_adsp: Move check for control existence (bsc#1203699). - ASoC: wm_adsp: Move check of dsp->running to better place (bsc#1203699). - ASoC: wm_adsp: move firmware loading to client (bsc#1203699). - ASoC: wm_adsp: Move sys_config_size to wm_adsp (bsc#1203699). - ASoC: wm_adsp: Pass firmware names as parameters when starting DSP core (bsc#1203699). - ASoC: wm_adsp: remove a repeated including (bsc#1203699). - ASoC: wm_adsp: Remove pointless string comparison (bsc#1203699). - ASoC: wm_adsp: Remove the wmfw_add_ctl helper function (bsc#1203699). - ASoC: wm_adsp: Remove use of snd_ctl_elem_type_t (bsc#1203699). - ASoC: wm_adsp: Rename generic DSP support (bsc#1203699). - ASoC: wm_adsp: Separate generic cs_dsp_coeff_ctl handling (bsc#1203699). - ASoC: wm_adsp: Separate some ASoC and generic functions (bsc#1203699). - ASoC: wm_adsp: Separate wm_adsp specifics in cs_dsp_client_ops (bsc#1203699). - ASoC: wm_adsp: Split DSP power operations into helper functions (bsc#1203699). - ASoC: wm_adsp: Split out struct cs_dsp from struct wm_adsp (bsc#1203699). - ASoC: wm_adsp: Switch to using wm_coeff_read_ctrl for compressed buffers (bsc#1203699). - ASoC: wm_adsp: wm_adsp_control_add() error: uninitialized symbol 'ret' (bsc#1203699). - batman-adv: Fix hang up with small MTU hard-interface (git-fixes). - Bluetooth: btusb: mediatek: fix WMT failure during runtime suspend (git-fixes). - Bluetooth: hci_{ldisc,serdev}: check percpu_init_rwsem() failure (git-fixes). - Bluetooth: hci_core: Fix not handling link timeouts propertly (git-fixes). - bnx2x: fix built-in kernel driver load failure (git-fixes). - bnx2x: fix driver load from initrd (git-fixes). - btrfs: fix relocation crash due to premature return from btrfs_commit_transaction() (bsc#1203360). - btrfs: fix space cache corruption and potential double allocations (bsc#1203361). - can: gs_usb: gs_can_open(): fix race dev->can.state condition (git-fixes). - can: rx-offload: can_rx_offload_init_queue(): fix typo (git-fixes). - cgroup: Add missing cpus_read_lock() to cgroup_attach_task_all() (bsc#1196869). - cgroup: cgroup_get_from_id() must check the looked-up kn is a directory (bsc#1203906). - cgroup: Fix race condition at rebind_subsystems() (bsc#1203902). - cgroup: Fix threadgroup_rwsem cpus_read_lock() deadlock (bsc#1196869). - clk: bcm: rpi: Prevent out-of-bounds access (git-fixes). - clk: bcm: rpi: Use correct order for the parameters of devm_kcalloc() (git-fixes). - clk: imx: imx6sx: remove the SET_RATE_PARENT flag for QSPI clocks (git-fixes). - clk: ingenic-tcu: Properly enable registers before accessing timers (git-fixes). - clk: iproc: Do not rely on node name for correct PLL setup (git-fixes). - constraints: increase disk space for all architectures References: bsc#1203693 aarch64 is already suffering. SLE15-SP5 x86_64 stats show that it is very close to the limit. - crypto: arm64/gcm - Select AEAD for GHASH_ARM64_CE (git-fixes) - cs-dsp and serial-multi-instantiate enablement (bsc#1203699) - dmaengine: idxd: add helper for per interrupt handle drain (jsc#PED-682). - dmaengine: idxd: add knob for enqcmds retries (jsc#PED-755). - dmaengine: idxd: change MSIX allocation based on per wq activation (jsc#PED-664). - dmaengine: idxd: create locked version of idxd_quiesce() call (jsc#PED-682). - dmaengine: idxd: embed irq_entry in idxd_wq struct (jsc#PED-664). - dmaengine: idxd: fix descriptor flushing locking (jsc#PED-664). - dmaengine: idxd: fix retry value to be constant for duration of function call (git-fixes). - dmaengine: idxd: handle interrupt handle revoked event (jsc#PED-682). - dmaengine: idxd: handle invalid interrupt handle descriptors (jsc#PED-682). - dmaengine: idxd: int handle management refactoring (jsc#PED-682). - dmaengine: idxd: match type for retries var in idxd_enqcmds() (git-fixes). - dmaengine: idxd: move interrupt handle assignment (jsc#PED-682). - dmaengine: idxd: rework descriptor free path on failure (jsc#PED-682). - dmaengine: idxd: set defaults for wq configs (jsc#PED-688). - dmaengine: idxd: update IAA definitions for user header (jsc#PED-763). - dmaengine: ti: k3-udma-private: Fix refcount leak bug in of_xudma_dev_get() (git-fixes). - docs: i2c: i2c-topology: fix incorrect heading (git-fixes). - dpaa2-ptp: Fix refcount leak in dpaa2_ptp_probe (git-fixes). - drm/amd/amdgpu: fixing read wrong pf2vf data in SRIOV (git-fixes). - drm/amd/amdgpu: skip ucode loading if ucode_size == 0 (git-fixes). - drm/amd/display: Limit user regamma to a valid value (git-fixes). - drm/amd/display: Mark dml30's UseMinimumDCFCLK() as noinline for stack usage (git-fixes). - drm/amd/display: Reduce number of arguments of dml31's CalculateFlipSchedule() (git-fixes). - drm/amd/display: Reduce number of arguments of dml31's CalculateWatermarksAndDRAMSpeedChangeSupport() (git-fixes). - drm/amd/pm: disable BACO entry/exit completely on several sienna cichlid cards (git-fixes). - drm/amdgpu: Check num_gfx_rings for gfx v9_0 rb setup (git-fixes). - drm/amdgpu: do not register a dirty callback for non-atomic (git-fixes). - drm/amdgpu: make sure to init common IP before gmc (git-fixes). - drm/amdgpu: mmVM_L2_CNTL3 register not initialized correctly (git-fixes). - drm/amdgpu: move nbio ih_doorbell_range() into ih code for vega (git-fixes). - drm/amdgpu: move nbio sdma_doorbell_range() into sdma code for vega (git-fixes). - drm/amdgpu: Move psp_xgmi_terminate call from amdgpu_xgmi_remove_device to psp_hw_fini (git-fixes). - drm/amdgpu: Separate vf2pf work item init from virt data exchange (git-fixes). - drm/amdgpu: use dirty framebuffer helper (git-fixes). - drm/bridge: display-connector: implement bus fmts callbacks (git-fixes). - drm/bridge: lt8912b: add vsync hsync (git-fixes). - drm/bridge: lt8912b: fix corrupted image output (git-fixes). - drm/bridge: lt8912b: set hdmi or dvi mode (git-fixes). - drm/gem: Fix GEM handle release errors (git-fixes). - drm/gma500: Fix BUG: sleeping function called from invalid context errors (git-fixes). - drm/i915: Implement WaEdpLinkRateDataReload (git-fixes). - drm/i915: Skip wm/ddb readout for disabled pipes (git-fixes). - drm/i915/glk: ECS Liva Q2 needs GLK HDMI port timing quirk (git-fixes). - drm/i915/gt: Restrict forced preemption to the active context (git-fixes). - drm/mediatek: dsi: Add atomic {destroy,duplicate}_state, reset callbacks (git-fixes). - drm/mediatek: dsi: Move mtk_dsi_stop() call back to mtk_dsi_poweroff() (git-fixes). - drm/meson: Correct OSD1 global alpha value (git-fixes). - drm/meson: Fix OSD1 RGB to YCbCr coefficient (git-fixes). - drm/msm/rd: Fix FIFO-full deadlock (git-fixes). - drm/panel: simple: Fix innolux_g121i1_l01 bus_format (git-fixes). - drm/panfrost: devfreq: set opp to the recommended one to configure regulator (git-fixes). - drm/radeon: add a force flush to delay work when radeon (git-fixes). - drm/rockchip: Fix return type of cdn_dp_connector_mode_valid (git-fixes). - drm/tegra: vic: Fix build warning when CONFIG_PM=n (git-fixes). - dt-bindings: hwmon: (mr75203) fix 'intel,vm-map' property to be optional (git-fixes). - EDAC/dmc520: Do not print an error for each unconfigured interrupt line (bsc#1190497). - efi: capsule-loader: Fix use-after-free in efi_capsule_write (git-fixes). - efi: libstub: Disable struct randomization (git-fixes). - eth: alx: take rtnl_lock on resume (git-fixes). - eth: sun: cassini: remove dead code (git-fixes). - fbcon: Add option to enable legacy hardware acceleration (bsc#1152472) Backporting changes: * context fixes in other patch * update config - fbcon: Fix accelerated fbdev scrolling while logo is still shown (bsc#1152472) - fbdev: chipsfb: Add missing pci_disable_device() in chipsfb_pci_init() (git-fixes). - firmware: arm_scmi: Fix the asynchronous reset requests (git-fixes). - firmware: arm_scmi: Harden accesses to the reset domains (git-fixes). - firmware: cs_dsp: add driver to support firmware loading on Cirrus Logic DSPs (bsc#1203699). - firmware: cs_dsp: Add lockdep asserts to interface functions (bsc#1203699). - firmware: cs_dsp: Add memory chunk helpers (bsc#1203699). - firmware: cs_dsp: Add offset to cs_dsp read/write (bsc#1203699). - firmware: cs_dsp: Add pre_run callback (bsc#1203699). - firmware: cs_dsp: Add pre_stop callback (bsc#1203699). - firmware: cs_dsp: Add support for rev 2 coefficient files (bsc#1203699). - firmware: cs_dsp: Add version checks on coefficient loading (bsc#1203699). - firmware: cs_dsp: Allow creation of event controls (bsc#1203699). - firmware: cs_dsp: Clarify some kernel doc comments (bsc#1203699). - firmware: cs_dsp: Clear core reset for cache (bsc#1203699). - firmware: cs_dsp: Fix overrun of unterminated control name string (bsc#1203699). - firmware: cs_dsp: Move lockdep asserts to avoid potential null pointer (bsc#1203699). - firmware: cs_dsp: Perform NULL check in cs_dsp_coeff_write/read_ctrl (bsc#1203699). - firmware: cs_dsp: Print messages from bin files (bsc#1203699). - firmware: cs_dsp: tidy includes in cs_dsp.c and cs_dsp.h (bsc#1203699). - ftrace: Fix NULL pointer dereference in is_ftrace_trampoline when ftrace is dead (git-fixes). - fuse: Remove the control interface for virtio-fs (bsc#1203798). - gpio: mockup: fix NULL pointer dereference when removing debugfs (git-fixes). - gpio: mockup: remove gpio debugfs when remove device (git-fixes). - gpio: mpc8xxx: Fix support for IRQ_TYPE_LEVEL_LOW flow_type in mpc85xx (git-fixes). - gpio: mvebu: Fix check for pwm support on non-A8K platforms (git-fixes). - gpiolib: cdev: Set lineevent_state::irq after IRQ register successfully (git-fixes). - gve: Fix GFP flags when allocing pages (git-fixes). - hid: intel-ish-hid: ishtp: Fix ishtp client sending disordered message (git-fixes). - HID: ishtp-hid-clientHID: ishtp-hid-client: Fix comment typo (git-fixes). - hwmon: (gsc-hwmon) Call of_node_get() before of_find_xxx API (git-fixes). - hwmon: (mr75203) enable polling for all VM channels (git-fixes). - hwmon: (mr75203) fix multi-channel voltage reading (git-fixes). - hwmon: (mr75203) fix VM sensor allocation when 'intel,vm-map' not defined (git-fixes). - hwmon: (mr75203) fix voltage equation for negative source input (git-fixes). - hwmon: (mr75203) update pvt->v_num and vm_num to the actual number of used sensors (git-fixes). - hwmon: (pmbus/mp2888) Fix sensors readouts for MPS Multi-phase mp2888 controller (git-fixes). - hwmon: (tps23861) fix byte order in resistance register (git-fixes). - i2c: acpi: Add an i2c_acpi_client_count() helper function (bsc#1203699). - i2c: imx: If pm_runtime_get_sync() returned 1 device access is possible (git-fixes). - i2c: mlxbf: Fix frequency calculation (git-fixes). - i2c: mlxbf: incorrect base address passed during io write (git-fixes). - i2c: mlxbf: prevent stack overflow in mlxbf_i2c_smbus_start_transaction() (git-fixes). - i2c: mlxbf: support lock mechanism (git-fixes). - ice: Allow operation with reduced device MSI-X (bsc#1201987). - ice: arfs: fix use-after-free when freeing @rx_cpu_rmap (git-fixes). - ice: Do not skip not enabled queues in ice_vc_dis_qs_msg (git-fixes). - ice: fix crash when writing timestamp on RX rings (git-fixes). - ice: Fix KASAN error in LAG NETDEV_UNREGISTER handler (git-fixes). - ice: fix possible under reporting of ethtool Tx and Rx statistics (git-fixes). - ice: Fix race during aux device (un)plugging (git-fixes). - ice: Match on all profiles in slow-path (git-fixes). - ieee802154: cc2520: add rc code in cc2520_tx() (git-fixes). - igb: skip phy status check where unavailable (git-fixes). - Input: goodix - add compatible string for GT1158 (git-fixes). - Input: goodix - add support for GT1158 (git-fixes). - Input: iforce - add support for Boeder Force Feedback Wheel (git-fixes). - Input: iqs62x-keys - drop unused device node references (git-fixes). - Input: melfas_mip4 - fix return value check in mip4_probe() (git-fixes). - Input: snvs_pwrkey - fix SNVS_HPVIDR1 register address (git-fixes). - kABI workaround for spi changes (bsc#1203699). - kABI: Add back removed struct paca member (bsc#1203664 ltc#199236). - kABI: fix adding another field to scsi_device (bsc#1203039). - kABI: Fix kABI after SNP-Guest backport (jsc#SLE-19924, jsc#SLE-24814). - kbuild: disable header exports for UML in a straightforward way (git-fixes). - kexec, KEYS, s390: Make use of built-in and secondary keyring for signature verification (bsc#1196444). - kexec, KEYS: make the code in bzImage64_verify_sig generic (bsc#1196444). - kexec: clean up arch_kexec_kernel_verify_sig (bsc#1196444). - kexec: drop weak attribute from functions (bsc#1196444). - KVM: SVM: Create a separate mapping for the GHCB save area (jsc#SLE-19924, jsc#SLE-24814). - KVM: SVM: Create a separate mapping for the SEV-ES save area (jsc#SLE-19924, jsc#SLE-24814). - KVM: SVM: Define sev_features and VMPL field in the VMSA (jsc#SLE-19924, jsc#SLE-24814). - KVM: SVM: fix tsc scaling cache logic (bsc#1203263). - KVM: SVM: Update the SEV-ES save area mapping (jsc#SLE-19924, jsc#SLE-24814). - KVM: VMX: Heed the 'msr' argument in msr_write_intercepted() (git-fixes). - KVM: X86: Fix when shadow_root_level=5 and guest root_level 4 (git-fixes). - KVM: x86: hyper-v: Drop redundant 'ex' parameter from kvm_hv_send_ipi() (git-fixes). - KVM: x86: hyper-v: HVCALL_SEND_IPI_EX is an XMM fast hypercall (git-fixes). - KVM: x86: Move lookup of indexed CPUID leafs to helper (jsc#SLE-19924, jsc#SLE-24814). - libata: add ATA_HORKAGE_NOLPM for Pioneer BDR-207M and BDR-205 (git-fixes). - lockd: detect and reject lock arguments that overflow (git-fixes). - md-raid10: fix KASAN warning (git-fixes). - md: call __md_stop_writes in md_stop (git-fixes). - md: unlock mddev before reap sync_thread in action_store (bsc#1197659). - media: aspeed: Fix an error handling path in aspeed_video_probe() (git-fixes). - media: coda: Add more H264 levels for CODA960 (git-fixes). - media: coda: Fix reported H264 profile (git-fixes). - media: dvb_vb2: fix possible out of bound access (git-fixes). - media: exynos4-is: Change clk_disable to clk_disable_unprepare (git-fixes). - media: exynos4-is: Fix PM disable depth imbalance in fimc_is_probe (git-fixes). - media: flexcop-usb: fix endpoint type check (git-fixes). - media: imx-jpeg: Add pm-sleep support for imx-jpeg (git-fixes). - media: imx-jpeg: Correct some definition according specification (git-fixes). - media: imx-jpeg: Disable slot interrupt when frame done (git-fixes). - media: imx-jpeg: Fix potential array out of bounds in queue_setup (git-fixes). - media: imx-jpeg: Leave a blank space before the configuration data (git-fixes). - media: imx-jpeg: Refactor function mxc_jpeg_parse (git-fixes). - media: mceusb: Use new usb_control_msg_*() routines (git-fixes). - media: platform: mtk-mdp: Fix mdp_ipi_comm structure alignment. - media: rkvdec: Disable H.264 error detection (git-fixes). - media: st-delta: Fix PM disable depth imbalance in delta_probe (git-fixes). - media: vsp1: Fix offset calculation for plane cropping. - misc: cs35l41: Remove unused pdn variable (bsc#1203699). - mISDN: fix use-after-free bugs in l1oip timer handlers (git-fixes). - mlxsw: i2c: Fix initialization error flow (git-fixes). - mm: Fix PASID use-after-free issue (bsc#1203908). - mmc: core: Fix inconsistent sd3_bus_mode at UHS-I SD voltage switch failure (git-fixes). - mmc: hsq: Fix data stomping during mmc recovery (git-fixes). - mmc: moxart: fix 4-bit bus width and remove 8-bit bus width (git-fixes). - mwifiex: fix sleep in atomic context bugs caused by dev_coredumpv (git-fixes). - net: axienet: fix RX ring refill allocation failure handling (git-fixes). - net: axienet: reset core on initialization prior to MDIO access (git-fixes). - net: bcmgenet: hide status block before TX timestamping (git-fixes). - net: bcmgenet: Revert 'Use stronger register read/writes to assure ordering' (git-fixes). - net: cpsw: add missing of_node_put() in cpsw_probe_dt() (git-fixes). - net: dsa: bcm_sf2_cfp: fix an incorrect NULL check on list iterator (git-fixes). - net: dsa: bcm_sf2: Fix Wake-on-LAN with mac_link_down() (git-fixes). - net: dsa: felix: fix tagging protocol changes with multiple CPU ports (git-fixes). - net: dsa: felix: suppress -EPROBE_DEFER errors (git-fixes). - net: dsa: introduce helpers for iterating through ports using dp (git-fixes). - net: dsa: lantiq_gswip: Do not set GSWIP_MII_CFG_RMII_CLK (git-fixes). - net: dsa: lantiq_gswip: fix use after free in gswip_remove() (git-fixes). - net: dsa: microchip: fix bridging with more than two member ports (git-fixes). - net: dsa: mt7530: 1G can also support 1000BASE-X link mode (git-fixes). - net: dsa: mt7530: add missing of_node_put() in mt7530_setup() (git-fixes). - net: dsa: mv88e6xxx: Fix port_hidden_wait to account for port_base_addr (git-fixes). - net: dsa: mv88e6xxx: Fix refcount leak in mv88e6xxx_mdios_register (git-fixes). - net: dsa: restrict SMSC_LAN9303_I2C kconfig (git-fixes). - net: emaclite: Add error handling for of_address_to_resource() (git-fixes). - net: enetc: Use pci_release_region() to release some resources (git-fixes). - net: ethernet: mediatek: ppe: fix wrong size passed to memset() (git-fixes). - net: ethernet: mv643xx: Fix over zealous checking of_get_mac_address() (git-fixes). - net: ethernet: stmmac: fix altr_tse_pcs function when using a fixed-link (git-fixes). - net: ethernet: stmmac: fix write to sgmii_adapter_base (git-fixes). - net: fec: add missing of_node_put() in fec_enet_init_stop_mode() (git-fixes). - net: ftgmac100: access hardware register after clock ready (git-fixes). - net: hns3: add netdev reset check for hns3_set_tunable() (git-fixes). - net: hns3: fix the concurrency between functions reading debugfs (git-fixes). - net: ipa: get rid of a duplicate initialization (git-fixes). - net: ipa: kill ipa_cmd_pipeline_clear() (git-fixes). - net: ipa: record proper RX transaction count (git-fixes). - net: macb: Fix PTP one step sync support (git-fixes). - net: macb: Increment rx bd head after allocating skb and buffer (git-fixes). - net: mana: Add rmb after checking owner bits (git-fixes). - net: mana: Add support of XDP_REDIRECT action (bug#1201310, jsc#PED-529). - net: mana: Add the Linux MANA PF driver (bug#1201309, jsc#PED-529). - net: mdio: Fix ENOMEM return value in BCM6368 mux bus controller (git-fixes). - net: mscc: ocelot: avoid corrupting hardware counters when moving VCAP filters (git-fixes). - net: mscc: ocelot: fix all IP traffic getting trapped to CPU with PTP over IP (git-fixes). - net: mscc: ocelot: fix broken IP multicast flooding (git-fixes). - net: mscc: ocelot: fix last VCAP IS1/IS2 filter persisting in hardware when deleted (git-fixes). - net: mscc: ocelot: fix missing unlock on error in ocelot_hwstamp_set() (git-fixes). - net: mscc: ocelot: fix VCAP IS2 filters matching on both lookups (git-fixes). - net: mscc: ocelot: restrict tc-trap actions to VCAP IS2 lookup 0 (git-fixes). - net: phy: aquantia: wait for the suspend/resume operations to finish (git-fixes). - net: phy: at803x: move page selection fix to config_init (git-fixes). - net: phy: Do not WARN for PHY_UP state in mdio_bus_phy_resume() (git-fixes). - net: sparx5: depends on PTP_1588_CLOCK_OPTIONAL (git-fixes). - net: sparx5: uses, depends on BRIDGE or !BRIDGE (git-fixes). - net: stmmac: dwmac-qcom-ethqos: add platform level clocks management (git-fixes). - net: stmmac: dwmac-qcom-ethqos: Enable RGMII functional clock on resume (git-fixes). - net: stmmac: dwmac-sun8i: add missing of_node_put() in sun8i_dwmac_register_mdio_mux() (git-fixes). - net: stmmac: enhance XDP ZC driver level switching performance (git-fixes). - net: stmmac: fix out-of-bounds access in a selftest (git-fixes). - net: stmmac: Fix unset max_speed difference between DT and non-DT platforms (git-fixes). - net: stmmac: only enable DMA interrupts when ready (git-fixes). - net: stmmac: perserve TX and RX coalesce value during XDP setup (git-fixes). - net: stmmac: remove unused get_addr() callback (git-fixes). - net: stmmac: Use readl_poll_timeout_atomic() in atomic state (git-fixes). - net: systemport: Fix an error handling path in bcm_sysport_probe() (git-fixes). - net: thunderbolt: Enable DMA paths only after rings are enabled (git-fixes). - net: usb: qmi_wwan: add Quectel RM520N (git-fixes). - net: wwan: iosm: Call mutex_init before locking it (git-fixes). - net: wwan: iosm: remove pointless null check (git-fixes). - net/mlx5: CT: Fix header-rewrite re-use for tupels (git-fixes). - net/mlx5: Drain fw_reset when removing device (git-fixes). - net/mlx5e: Block rx-gro-hw feature in switchdev mode (git-fixes). - net/mlx5e: Properly block HW GRO when XDP is enabled (git-fixes). - net/mlx5e: Properly block LRO when XDP is enabled (git-fixes). - net/mlx5e: Remove HW-GRO from reported features (git-fixes). - net/mlx5e: TC NIC mode, fix tc chains miss table (git-fixes). - net/qla3xxx: Fix a test in ql_reset_work() (git-fixes). - net/sunrpc: fix potential memory leaks in rpc_sysfs_xprt_state_change() (git-fixes). - NFS: Do not decrease the value of seq_nr_highest_sent (git-fixes). - NFS: fix problems with __nfs42_ssc_open (git-fixes). - NFS: Fix races in the legacy idmapper upcall (git-fixes). - NFS: Fix WARN_ON due to unionization of nfs_inode.nrequests (git-fixes). - NFS: Handle NFS4ERR_DELAY replies to OP_SEQUENCE correctly (git-fixes). - NFS: LOOKUP_DIRECTORY is also ok with symlinks (git-fixes). - NFS: RECLAIM_COMPLETE must handle EACCES (git-fixes). - NFS: Turn off open-by-filehandle and NFS re-export for NFSv4.0 (git-fixes). - NFS: Update mode bits after ALLOCATE and DEALLOCATE (git-fixes). - NFSD: Clean up the show_nf_flags() macro (git-fixes). - NFSD: eliminate the NFSD_FILE_BREAK_* flags (git-fixes). - NFSD: Fix offset type in I/O trace points (git-fixes). - NFSD: Report RDMA connection errors to the server (git-fixes). - NFSD: restore EINVAL error translation in nfsd_commit() (git-fixes). - of/device: Fix up of_dma_configure_id() stub (git-fixes). - of/fdt: fix off-by-one error in unflatten_dt_nodes() (git-fixes). - parisc/sticon: fix reverse colors (bsc#1152489) - parisc/stifb: Fix fb_is_primary_device() only available with (bsc#1152489) - parisc/stifb: Implement fb_is_primary_device() (bsc#1152489) - parisc/stifb: Keep track of hardware path of graphics card (bsc#1152489) - PCI: Correct misspelled words (git-fixes). - PCI: Disable MSI for Tegra234 Root Ports (git-fixes). - PCI: Prefer 'unsigned int' over bare 'unsigned' (git-fixes). - PCI/ASPM: Make Intel DG2 L1 acceptable latency unlimited (jsc#PED-387). - pinctrl: qcom: sc8180x: Fix gpio_wakeirq_map (git-fixes). - pinctrl: qcom: sc8180x: Fix wrong pin numbers (git-fixes). - pinctrl: sunxi: Fix name for A100 R_PIO (git-fixes). - platform/surface: aggregator_registry: Add support for Surface Laptop Go 2 (git-fixes). - platform/x86: acer-wmi: Acer Aspire One AOD270/Packard Bell Dot keymap fixes (git-fixes). - platform/x86: i2c-multi-instantiate: Rename it for a generic serial driver name (bsc#1203699). - platform/x86: serial-multi-instantiate: Add CLSA0101 Laptop (bsc#1203699). - platform/x86: serial-multi-instantiate: Add SPI support (bsc#1203699). - platform/x86: serial-multi-instantiate: Reorganize I2C functions (bsc#1203699). - powerpc/pseries/vas: Pass hw_cpu_id to node associativity HCALL (bsc#1194869). - ppc64/kdump: Limit kdump base to 512MB (bsc#1203410 ltc#199904). - regulator: core: Clean up on enable failure (git-fixes). - regulator: pfuze100: Fix the global-out-of-bounds access in pfuze100_regulator_probe() (git-fixes). - regulator: qcom_rpm: Fix circular deferral regression (git-fixes). - reset: imx7: Fix the iMX8MP PCIe PHY PERST support (git-fixes). - s390: fix double free of GS and RI CBs on fork() failure (bsc#1203197 LTC#199895). - s390/boot: fix absolute zero lowcore corruption on boot (git-fixes). - scsi: core: Add BLIST_NO_ASK_VPD_SIZE for some VDASD (bsc#1203039). - scsi: lpfc: Add missing destroy_workqueue() in error path (bsc#1203939). - scsi: lpfc: Add missing free iocb and nlp kref put for early return VMID cases (bsc#1203939). - scsi: lpfc: Add reporting capability for Link Degrade Signaling (bsc#1203939). - scsi: lpfc: Fix FLOGI ACC with wrong SID in PT2PT topology (bsc#1203939). - scsi: lpfc: Fix mbuf pool resource detected as busy at driver unload (bsc#1203939). - scsi: lpfc: Fix multiple NVMe remoteport registration calls for the same NPort ID (bsc#1203939). - scsi: lpfc: Fix prli_fc4_req checks in PRLI handling (bsc#1203939). - scsi: lpfc: Fix various issues reported by tools (bsc#1203939). - scsi: lpfc: Move scsi_host_template outside dynamically allocated/freed phba (bsc#1185032 bsc#1203939). - scsi: lpfc: Remove the unneeded result variable (bsc#1203939). - scsi: lpfc: Remove unneeded result variable (bsc#1203939). - scsi: lpfc: Rename mp/bmp dma buffers to rq/rsp in lpfc_fdmi_cmd (bsc#1203939). - scsi: lpfc: Return DID_TRANSPORT_DISRUPTED instead of DID_REQUEUE (bsc#1203939). - scsi: lpfc: Rework FDMI attribute registration for unintential padding (bsc#1203939). - scsi: lpfc: Rework lpfc_fdmi_cmd() routine for cleanup and consistency (bsc#1203939). - scsi: lpfc: Update congestion mode logging for Emulex SAN Manager application (bsc#1203939). - scsi: lpfc: Update lpfc version to 14.2.0.7 (bsc#1203939). - scsi: mpt3sas: Fix use-after-free warning (git-fixes). - scsi: qla2xxx: Add debugfs create/delete helpers (bsc#1203935). - scsi: qla2xxx: Add NVMe parameters support in Auxiliary Image Status (bsc#1203935). - scsi: qla2xxx: Always wait for qlt_sess_work_fn() from qlt_stop_phase1() (bsc#1203935). - scsi: qla2xxx: Avoid flush_scheduled_work() usage (bsc#1203935). - scsi: qla2xxx: Define static symbols (bsc#1203935). - scsi: qla2xxx: Disable ATIO interrupt coalesce for quad port ISP27XX (bsc#1203935). - scsi: qla2xxx: Drop DID_TARGET_FAILURE use (bsc#1203935). - scsi: qla2xxx: Enhance driver tracing with separate tunable and more (bsc#1203935). - scsi: qla2xxx: Fix disk failure to rediscover (git-fixes). - scsi: qla2xxx: Fix memory leak in __qlt_24xx_handle_abts() (bsc#1203935). - scsi: qla2xxx: Fix response queue handler reading stale packets (bsc#1203935). - scsi: qla2xxx: Fix spelling mistake 'definiton' 'definition' (bsc#1203935). - scsi: qla2xxx: Log message 'skipping scsi_scan_host()' as informational (bsc#1203935). - scsi: qla2xxx: Remove unused declarations for qla2xxx (bsc#1203935). - scsi: qla2xxx: Remove unused del_sess_list field (bsc#1203935). - scsi: qla2xxx: Remove unused qlt_tmr_work() (bsc#1203935). - scsi: qla2xxx: Revert 'scsi: qla2xxx: Fix response queue handler reading stale packets' (bsc#1203935). - scsi: qla2xxx: Update version to 10.02.07.900-k (bsc#1203935). - scsi: Revert 'scsi: qla2xxx: Fix disk failure to rediscover' (git-fixes). - scsi: smartpqi: Add module param to disable managed ints (bsc#1203893). - scsi: smartpqi: Shorten drive visibility after removal (bsc#1200622). - selftests: Fix the if conditions of in test_extra_filter() (git-fixes). - selftests: forwarding: add shebang for sch_red.sh (git-fixes). - selftests: forwarding: Fix failing tests with old libnet (git-fixes). - serial: atmel: remove redundant assignment in rs485_config (git-fixes). - serial: Create uart_xmit_advance() (git-fixes). - serial: fsl_lpuart: Reset prior to registration (git-fixes). - serial: tegra-tcu: Use uart_xmit_advance(), fixes icount.tx accounting (git-fixes). - serial: tegra: Use uart_xmit_advance(), fixes icount.tx accounting (git-fixes). - soc: sunxi: sram: Actually claim SRAM regions (git-fixes). - soc: sunxi: sram: Fix debugfs info for A64 SRAM C (git-fixes). - soc: sunxi: sram: Prevent the driver from being unbound (git-fixes). - spi: Add API to count spi acpi resources (bsc#1203699). - spi: Create helper API to lookup ACPI info for spi device (bsc#1203699). - spi: dw: Fix PM disable depth imbalance in dw_spi_bt1_probe (git-fixes). - spi: meson-spicc: do not rely on busy flag in pow2 clk ops (git-fixes). - spi: mt7621: Fix an error message in mt7621_spi_probe() (git-fixes). - spi: propagate error code to the caller of acpi_spi_device_alloc() (bsc#1203699). - spi: qup: add missing clk_disable_unprepare on error in spi_qup_pm_resume_runtime() (git-fixes). - spi: qup: add missing clk_disable_unprepare on error in spi_qup_resume() (git-fixes). - spi: Return deferred probe error when controller isn't yet available (bsc#1203699). - spi: s3c64xx: Fix large transfers with DMA (git-fixes). - spi: Support selection of the index of the ACPI Spi Resource before alloc (bsc#1203699). - spi/omap100k:Fix PM disable depth imbalance in omap1_spi100k_probe (git-fixes). - struct ehci_hcd: hide new element going into a hole (git-fixes). - struct xhci_hcd: restore member now dynamically allocated (git-fixes). - SUNRPC: Do not call connect() more than once on a TCP socket (git-fixes). - SUNRPC: Do not leak sockets in xs_local_connect() (git-fixes). - SUNRPC: fix expiry of auth creds (git-fixes). - SUNRPC: Fix xdr_encode_bool() (git-fixes). - SUNRPC: Reinitialise the backchannel request buffers before reuse (git-fixes). - SUNRPC: RPC level errors should set task->tk_rpc_status (git-fixes). - thunderbolt: Add support for Intel Maple Ridge single port controller (git-fixes). - tracing: hold caller_addr to hardirq_{enable,disable}_ip (git-fixes). - tty: serial: atmel: Preserve previous USART mode if RS485 disabled (git-fixes). - USB: Add ignore-residue quirk for NXP PN7462AU (git-fixes). - USB: add quirks for Lenovo OneLink+ Dock (git-fixes). - USB: cdc-acm: Add Icom PMR F3400 support (0c26:0020) (git-fixes). - USB: core: Fix RST error in hub.c (git-fixes). - USB: core: Prevent nested device-reset calls (git-fixes). - USB: Drop commas after SoC match table sentinels (git-fixes). - USB: dwc3: core: leave default DMA if the controller does not support 64-bit DMA (git-fixes). - USB: dwc3: disable USB core PHY management (git-fixes). - USB: dwc3: gadget: Avoid starting DWC3 gadget during UDC unbind (git-fixes). - USB: dwc3: gadget: Do not modify GEVNTCOUNT in pullup() (git-fixes). - USB: dwc3: gadget: Refactor pullup() (git-fixes). - USB: dwc3: pci: Add support for Intel Raptor Lake (git-fixes). - USB: Fix ehci infinite suspend-resume loop issue in zhaoxin (git-fixes). - USB: Fix memory leak in usbnet_disconnect() (git-fixes). - USB: host: xhci: fix a comment typo in xhci_mem_init() (git-fixes). - USB: host: xhci: use ffs() in xhci_mem_init() (git-fixes). - USB: hub: avoid warm port reset during USB3 disconnect (git-fixes). - USB: serial: cp210x: add Decagon UCA device id (git-fixes). - USB: serial: ftdi_sio: add Omron CS1W-CIF31 device id (git-fixes). - USB: serial: option: add Quectel BG95 0x0203 composition (git-fixes). - USB: serial: option: add Quectel EM060K modem (git-fixes). - USB: serial: option: add Quectel RM520N (git-fixes). - USB: serial: option: add support for Cinterion MV32-WA/WB RmNet mode (git-fixes). - USB: serial: option: add support for OPPO R11 diag port (git-fixes). - USB: storage: Add ASUS 0x0b05:0x1932 to IGNORE_UAS (git-fixes). - USB: struct usb_device: hide new member (git-fixes). - USB: typec: intel_pmc_mux: Add new ACPI ID for Meteor Lake IOM device (git-fixes). - USB: typec: tipd: Add an additional overflow check (git-fixes). - USB: typec: tipd: Do not read/write more bytes than required (git-fixes). - USB: typec: ucsi: Remove incorrect warning (git-fixes). - USB: xhci-mtk: relax TT periodic bandwidth allocation (git-fixes). - vfio/type1: Unpin zero pages (git-fixes). - vhost/vsock: Use kvmalloc/kvfree for larger packets (git-fixes). - video: fbdev: i740fb: Error out if 'pixclock' equals zero (git-fixes). - video: fbdev: pxa3xx-gcu: Fix integer overflow in pxa3xx_gcu_write (git-fixes). - virt: Add SEV-SNP guest driver (jsc#SLE-19924, jsc#SLE-24814). - virt: sevguest: Add documentation for SEV-SNP CPUID Enforcement (jsc#SLE-19924, jsc#SLE-24814). - virt: sevguest: Add support to derive key (jsc#SLE-19924, jsc#SLE-24814). - virt: sevguest: Add support to get extended report (jsc#SLE-19924, jsc#SLE-24814). - virt: sevguest: Fix bool function returning negative value (jsc#SLE-19924, jsc#SLE-24814). - virt: sevguest: Fix return value check in alloc_shared_pages() (jsc#SLE-19924, jsc#SLE-24814). - vrf: fix packet sniffing for traffic originating from ip tunnels (git-fixes). - vt: Clear selection before changing the font (git-fixes). - watchdog: wdat_wdt: Set the min and max timeout values properly (bsc#1194023). - wifi: ath10k: add peer map clean up for peer delete in ath10k_sta_state() (git-fixes). - wifi: ath11k: fix number of VHT beamformee spatial streams (git-fixes). - wifi: iwlegacy: 4965: corrected fix for potential off-by-one overflow in il4965_rs_fill_link_cmd() (git-fixes). - wifi: mac80211_hwsim: check length for virtio packets (git-fixes). - wifi: mac80211: allow bw change during channel switch in mesh (git-fixes). - wifi: mac80211: fix regression with non-QoS drivers (git-fixes). - wifi: mac80211: Fix UAF in ieee80211_scan_rx() (git-fixes). - wifi: mt76: fix reading current per-tid starting sequence number for aggregation (git-fixes). - wifi: mt76: mt7615: add mt7615_mutex_acquire/release in mt7615_sta_set_decap_offload (git-fixes). - wifi: mt76: mt7915: do not check state before configuring implicit beamform (git-fixes). - wifi: mt76: sdio: fix transmitting packet hangs (git-fixes). - wifi: rtl8xxxu: Fix AIFS written to REG_EDCA_*_PARAM (git-fixes). - wifi: rtl8xxxu: Fix skb misuse in TX queue selection (git-fixes). - wifi: rtl8xxxu: gen2: Fix mistake in path B IQ calibration (git-fixes). - wifi: rtl8xxxu: Improve rtl8xxxu_queue_select (git-fixes). - wifi: rtl8xxxu: Remove copy-paste leftover in gen2_update_rate_mask (git-fixes). - wifi: rtl8xxxu: tighten bounds checking in rtl8xxxu_read_efuse() (git-fixes). - wifi: rtlwifi: 8192de: correct checking of IQK reload (git-fixes). - wifi: rtw88: add missing destroy_workqueue() on error path in rtw_core_init() (git-fixes). - workqueue: do not skip lockdep work dependency in cancel_work_sync() (git-fixes). - x86/boot: Add a pointer to Confidential Computing blob in bootparams (jsc#SLE-19924, jsc#SLE-24814). - x86/boot: Add Confidential Computing type to setup_data (jsc#SLE-19924, jsc#SLE-24814). - x86/boot: Introduce helpers for MSR reads/writes (jsc#SLE-19924, jsc#SLE-24814). - x86/boot: Put globals that are accessed early into the .data section (jsc#SLE-19924, jsc#SLE-24814). - x86/boot: Use MSR read/write helpers instead of inline assembly (jsc#SLE-19924, jsc#SLE-24814). - x86/compressed: Add helper for validating pages in the decompression stage (jsc#SLE-19924, jsc#SLE-24814). - x86/compressed: Add SEV-SNP feature detection/setup (jsc#SLE-19924, jsc#SLE-24814). - x86/compressed: Export and rename add_identity_map() (jsc#SLE-19924, jsc#SLE-24814). - x86/compressed: Register GHCB memory when SEV-SNP is active (jsc#SLE-19924, jsc#SLE-24814). - x86/compressed: Use firmware-validated CPUID leaves for SEV-SNP guests (jsc#SLE-19924, jsc#SLE-24814). - x86/compressed/64: Add identity mapping for Confidential Computing blob (jsc#SLE-19924, jsc#SLE-24814). - x86/compressed/64: Add support for SEV-SNP CPUID table in #VC handlers (jsc#SLE-19924, jsc#SLE-24814). - x86/compressed/64: Detect/setup SEV/SME features earlier during boot (jsc#SLE-19924, jsc#SLE-24814). - x86/compressed/acpi: Move EFI config table lookup to helper (jsc#SLE-19924, jsc#SLE-24814). - x86/compressed/acpi: Move EFI detection to helper (jsc#SLE-19924, jsc#SLE-24814). - x86/compressed/acpi: Move EFI kexec handling into common code (jsc#SLE-19924, jsc#SLE-24814). - x86/compressed/acpi: Move EFI system table lookup to helper (jsc#SLE-19924, jsc#SLE-24814). - x86/compressed/acpi: Move EFI vendor table lookup to helper (jsc#SLE-19924, jsc#SLE-24814). - x86/head/64: Re-enable stack protection (jsc#SLE-19924, jsc#SLE-24814). - x86/ibt,ftrace: Make function-graph play nice (bsc#1203969). - x86/kernel: Mark the .bss..decrypted section as shared in the RMP table (jsc#SLE-19924, jsc#SLE-24814). - x86/kernel: Validate ROM memory before accessing when SEV-SNP is active (jsc#SLE-19924, jsc#SLE-24814). - x86/kexec: fix memory leak of elf header buffer (bsc#1196444). - x86/mm: Extend cc_attr to include AMD SEV-SNP (jsc#SLE-19924, jsc#SLE-24814). - x86/mm: Validate memory when changing the C-bit (jsc#SLE-19924, jsc#SLE-24814). - x86/sev: Add a helper for the PVALIDATE instruction (jsc#SLE-19924, jsc#SLE-24814). - x86/sev: Add a sev= cmdline option (jsc#SLE-19924, jsc#SLE-24814). - x86/sev: Add helper for validating pages in early enc attribute changes (jsc#SLE-19924, jsc#SLE-24814). - x86/sev: Add missing __init annotations to SEV init routines (jsc#SLE-19924 jsc#SLE-24814). - x86/sev: Add SEV-SNP feature detection/setup (jsc#SLE-19924, jsc#SLE-24814). - x86/sev: Check SEV-SNP features support (jsc#SLE-19924, jsc#SLE-24814). - x86/sev: Check the VMPL level (jsc#SLE-19924, jsc#SLE-24814). - x86/sev: Detect/setup SEV/SME features earlier in boot (jsc#SLE-19924, jsc#SLE-24814). - x86/sev: Get the AP jump table address from secrets page (jsc#SLE-19924, jsc#SLE-24814). - x86/sev: Move MSR-based VMGEXITs for CPUID to helper (jsc#SLE-19924, jsc#SLE-24814). - x86/sev: Provide support for SNP guest request NAEs (jsc#SLE-19924, jsc#SLE-24814). - x86/sev: Register GHCB memory when SEV-SNP is active (jsc#SLE-19924, jsc#SLE-24814). - x86/sev: Register SEV-SNP guest request platform device (jsc#SLE-19924, jsc#SLE-24814). - x86/sev: Use firmware-validated CPUID for SEV-SNP guests (jsc#SLE-19924, jsc#SLE-24814). - x86/sev: Use SEV-SNP AP creation to start secondary CPUs (jsc#SLE-19924, jsc#SLE-24814). - x86/xen: Remove undefined behavior in setup_features() (git-fixes). - xen-blkback: Advertise feature-persistent as user requested (git-fixes). - xen-blkback: Apply 'feature_persistent' parameter when connect (git-fixes). - xen-blkback: fix persistent grants negotiation (git-fixes). - xen-blkfront: Advertise feature-persistent as user requested (git-fixes). - xen-blkfront: Apply 'feature_persistent' parameter when connect (git-fixes). - xen-blkfront: Cache feature_persistent value before advertisement (git-fixes). - xen-blkfront: Handle NULL gendisk (git-fixes). - xen-netback: only remove 'hotplug-status' when the vif is actually destroyed (git-fixes). - xen/gntdev: Avoid blocking in unmap_grant_pages() (git-fixes). - xen/gntdev: Ignore failure to unmap INVALID_GRANT_HANDLE (git-fixes). - xen/grants: prevent integer overflow in gnttab_dma_alloc_pages() (git-fixes). - xen/usb: do not use arbitrary_virt_to_machine() (git-fixes). - xhci: Allocate separate command structures for each LPM command (git-fixes). ----------------------------------------------------------------- Advisory ID: SUSE-feature-2022:3845-1 Released: Wed Nov 2 07:22:59 2022 Summary: Feature update for grub2 Type: feature Severity: important References: 1196668,1201361 This feature update for grub2 fixes the following issues: - Include loopback into signed grub2 image (jsc#PED-2151, jsc#PED-2150) - Enable 'Automatic TPM Disk Unlock' mechanism (jsc#PED-1423, jsc#PED-1091, bsc#1196668) - Fix installation failure due to unavailable nvram device on ppc64le (bsc#1201361) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3870-1 Released: Fri Nov 4 11:12:08 2022 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1190651,1202148 This update for openssl-1_1 fixes the following issues: - FIPS: Add a missing dependency on jitterentropy-devel for libopenssl-1_1-devel (bsc#1202148) - FIPS: OpenSSL service-level indicator: Allow AES XTS 256 (bsc#1190651) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3884-1 Released: Mon Nov 7 10:59:26 2022 Summary: Security update for expat Type: security Severity: important References: 1204708,CVE-2022-43680 This update for expat fixes the following issues: - CVE-2022-43680: Fixed use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate (bsc#1204708). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3885-1 Released: Mon Nov 7 11:32:04 2022 Summary: Recommended update for gnutls Type: recommended Severity: moderate References: 1203299 This update for gnutls fixes the following issues: - Fix AVX CPU feature detection for OSXSAVE (bsc#1203299) This fixes a SIGILL termination at the verzoupper instruction when trying to run GnuTLS on a Linux kernel with the noxsave command line parameter set. Relevant mostly for virtual systems. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3900-1 Released: Tue Nov 8 10:47:55 2022 Summary: Recommended update for docker Type: recommended Severity: moderate References: 1200022 This update for docker fixes the following issues: - Fix a crash-on-start issue with dockerd (bsc#1200022) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3904-1 Released: Tue Nov 8 10:52:13 2022 Summary: Recommended update for openssh Type: recommended Severity: moderate References: 1192439 This update for openssh fixes the following issue: - Prevent empty messages from being sent. (bsc#1192439) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3910-1 Released: Tue Nov 8 13:05:04 2022 Summary: Recommended update for pam Type: recommended Severity: moderate References: This update for pam fixes the following issue: - Update pam_motd to the most current version. (PED-1712) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3922-1 Released: Wed Nov 9 09:03:33 2022 Summary: Security update for protobuf Type: security Severity: important References: 1194530,1203681,1204256,CVE-2021-22569,CVE-2022-1941,CVE-2022-3171 This update for protobuf fixes the following issues: - CVE-2021-22569: Fixed Denial of Service in protobuf-java in the parsing procedure for binary data (bsc#1194530). - CVE-2022-1941: Fix a potential DoS issue in protobuf-cpp and protobuf-python (bsc#1203681) - CVE-2022-3171: Fix a potential DoS issue when parsing with binary data in protobuf-java (bsc#1204256) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3927-1 Released: Wed Nov 9 14:55:47 2022 Summary: Recommended update for runc Type: recommended Severity: moderate References: 1202021,1202821 This update for runc fixes the following issues: - Update to runc v1.1.4 (bsc#1202021) - Fix failed exec after systemctl daemon-reload (bsc#1202821) - Fix mounting via wrong proc - Fix 'permission denied' error from runc run on noexec filesystem ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3961-1 Released: Mon Nov 14 07:33:50 2022 Summary: Recommended update for zlib Type: recommended Severity: important References: 1203652 This update for zlib fixes the following issues: - Fix updating strm.adler with inflate() if DFLTCC is used (bsc#1203652) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3974-1 Released: Mon Nov 14 15:39:20 2022 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1201959,1204211 This update for util-linux fixes the following issues: - Fix file conflict during upgrade (bsc#1204211) - libuuid improvements (bsc#1201959, PED-1150): libuuid: Fix range when parsing UUIDs. Improve cache handling for short running applications-increment the cache size over runtime. Implement continuous clock handling for time based UUIDs. Check clock value from clock file to provide seamless libuuid. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3985-1 Released: Tue Nov 15 12:54:11 2022 Summary: Recommended update for python-apipkg Type: recommended Severity: moderate References: 1204145 This update fixes for python3-apipkg the following issues: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3991-1 Released: Tue Nov 15 13:54:13 2022 Summary: Security update for dhcp Type: security Severity: moderate References: 1203988,1203989,CVE-2022-2928,CVE-2022-2929 This update for dhcp fixes the following issues: - CVE-2022-2928: Fixed an option refcount overflow (bsc#1203988). - CVE-2022-2929: Fixed a DHCP memory leak (bsc#1203989). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3999-1 Released: Tue Nov 15 17:08:04 2022 Summary: Security update for systemd Type: security Severity: moderate References: 1204179,1204968,CVE-2022-3821 This update for systemd fixes the following issues: - CVE-2022-3821: Fixed buffer overrun in format_timespan() function (bsc#1204968). - Import commit 0cd50eedcc0692c1f907b24424215f8db7d3b428 * 0469b9f2bc pstore: do not try to load all known pstore modules * ad05f54439 pstore: Run after modules are loaded * ccad817445 core: Add trigger limit for path units * 281d818fe3 core/mount: also add default before dependency for automount mount units * ffe5b4afa8 logind: fix crash in logind on user-specified message string - Document udev naming scheme (bsc#1204179) - Make 'sle15-sp3' net naming scheme still available for backward compatibility reason ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4001-1 Released: Tue Nov 15 17:08:52 2022 Summary: Security update for sudo Type: security Severity: important References: 1204986,CVE-2022-43995 This update for sudo fixes the following issues: - CVE-2022-43995: Fixed a potential heap-based buffer over-read when entering a password of seven characters or fewer and using the crypt() password backend (bsc#1204986). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4007-1 Released: Wed Nov 16 09:12:44 2022 Summary: Security update for xen Type: security Severity: important References: 1027519,1193923,1203806,1203807,1204482,1204483,1204485,1204487,1204488,1204489,1204490,1204494,1204496,CVE-2022-33746,CVE-2022-33747,CVE-2022-33748,CVE-2022-42309,CVE-2022-42310,CVE-2022-42311,CVE-2022-42312,CVE-2022-42313,CVE-2022-42314,CVE-2022-42315,CVE-2022-42316,CVE-2022-42317,CVE-2022-42318,CVE-2022-42319,CVE-2022-42320,CVE-2022-42321,CVE-2022-42322,CVE-2022-42323,CVE-2022-42325,CVE-2022-42326,CVE-2022-42327 This update for xen fixes the following issues: - CVE-2022-33746: Fixed DoS due to excessively long P2M pool freeing (bsc#1203806). - CVE-2022-33748: Fixed DoS due to race in locking (bsc#1203807). - CVE-2022-42311, CVE-2022-42312, CVE-2022-42313, CVE-2022-42314, CVE-2022-42315, CVE-2022-42316, CVE-2022-42317, CVE-2022-42318: xen: Xenstore: Guests can let xenstored run out of memory (bsc#1204482) - CVE-2022-42309: xen: Xenstore: Guests can crash xenstored (bsc#1204485) - CVE-2022-42310: xen: Xenstore: Guests can create orphaned Xenstore nodes (bsc#1204487) - CVE-2022-42319: xen: Xenstore: Guests can cause Xenstore to not free temporary memory (bsc#1204488) - CVE-2022-42320: xen: Xenstore: Guests can get access to Xenstore nodes of deleted domains (bsc#1204489) - CVE-2022-42321: xen: Xenstore: Guests can crash xenstored via exhausting the stack (bsc#1204490) - CVE-2022-42322,CVE-2022-42323: xen: Xenstore: cooperating guests can create arbitrary numbers of nodes (bsc#1204494) - CVE-2022-42325,CVE-2022-42326: xen: Xenstore: Guests can create arbitrary number of nodes via transactions (bsc#1204496) - xen: Frontends vulnerable to backends (bsc#1193923). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4019-1 Released: Wed Nov 16 15:44:20 2022 Summary: Recommended update for apparmor Type: recommended Severity: low References: 1202344 This update for apparmor fixes the following issues: - profiles: permit php-fpm pid files directly under run/ (bsc#1202344) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4020-1 Released: Wed Nov 16 15:45:13 2022 Summary: Recommended update for nfs-utils Type: recommended Severity: moderate References: 1199856,1202627 This update for nfs-utils fixes the following issues: - Fix nfsdcltrack bug that affected non-x86 archs (bsc#1202627) - Ensure sysctl setting work (bsc#1199856) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4041-1 Released: Thu Nov 17 04:55:47 2022 Summary: Recommended update for libuv Type: recommended Severity: moderate References: 1199062 This update for libuv fixes the following issues: - Remove epoll syscall wrappers. (bsc#1199062) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4062-1 Released: Fri Nov 18 09:05:07 2022 Summary: Recommended update for libusb-1_0 Type: recommended Severity: moderate References: 1201590 This update for libusb-1_0 fixes the following issues: - Fix regression where some devices no longer work if they have a configuration value of 0 (bsc#1201590) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4066-1 Released: Fri Nov 18 10:43:00 2022 Summary: Recommended update for timezone Type: recommended Severity: important References: 1177460,1202324,1204649,1205156 This update for timezone fixes the following issues: Update timezone version from 2022a to 2022f (bsc#1177460, bsc#1204649, bsc#1205156): - Mexico will no longer observe DST except near the US border - Chihuahua moves to year-round -06 on 2022-10-30 - Fiji no longer observes DST - In vanguard form, GMT is now a Zone and Etc/GMT a link - zic now supports links to links, and vanguard form uses this - Simplify four Ontario zones - Fix a Y2438 bug when reading TZif data - Enable 64-bit time_t on 32-bit glibc platforms - Omit large-file support when no longer needed - Jordan and Syria switch from +02/+03 with DST to year-round +03 - Palestine transitions are now Saturdays at 02:00 - Simplify three Ukraine zones into one - Improve tzselect on intercontinental Zones - Chile's DST is delayed by a week in September 2022 (bsc#1202324) - Iran no longer observes DST after 2022 - Rename Europe/Kiev to Europe/Kyiv - New `zic -R` command option - Vanguard form now uses %z ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4072-1 Released: Fri Nov 18 13:36:05 2022 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1065729,1071995,1152472,1152489,1188238,1194869,1196018,1196632,1199904,1200567,1200692,1200788,1202187,1202686,1202700,1202914,1203098,1203229,1203290,1203435,1203514,1203699,1203767,1203802,1203922,1204017,1204142,1204166,1204168,1204171,1204241,1204353,1204354,1204355,1204402,1204413,1204415,1204417,1204428,1204431,1204439,1204470,1204479,1204498,1204533,1204569,1204574,1204575,1204619,1204635,1204637,1204646,1204647,1204650,1204653,1204693,1204705,1204719,1204728,1204753,1204868,1204926,1204933,1204934,1204947,1204957,1204963,1204970,CVE-2022-1882,CVE-2022-2153,CVE-2022-28748,CVE-2022-2964,CVE-2022-2978,CVE-2022-3169,CVE-2022-33981,CVE-2022-3424,CVE-2022-3435,CVE-2022-3521,CVE-2022-3524,CVE-2022-3526,CVE-2022-3535,CVE-2022-3542,CVE-2022-3545,CVE-2022-3565,CVE-2022-3577,CVE-2022-3586,CVE-2022-3594,CVE-2022-3619,CVE-2022-3621,CVE-2022-3625,CVE-2022-3628,CVE-2022-3629,CVE-2022-3633,CVE-2022-3640,CVE-2022-3646,CVE-2022-3649,CVE-2022-40476,CVE-2022-40768,CVE-2022-42703,CV E-2022-43750 The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-28748: Fixed a leak of kernel memory over the network by ax88179_178a devices (bsc#1196018). - CVE-2022-1882: Fixed a use-after-free flaw in free_pipe_info() that could allow a local user to crash or potentially escalate their privileges on the system (bsc#1199904). - CVE-2022-2964: Fixed memory corruption issues in ax88179_178a devices (bnc#1202686). - CVE-2022-3169: Fixed an denial of service though request to NVME_IOCTL_RESET and NVME_IOCTL_SUBSYS_RESET (bsc#1203290). - CVE-2022-33981: Fixed a use-after-free in floppy driver (bnc#1200692). - CVE-2022-3424: Fixed use-after-free in gru_set_context_option(), gru_fault() and gru_handle_user_call_os() that could lead to kernel panic (bsc#1204166). - CVE-2022-3435: Fixed an out-of-bounds read in fib_nh_match() of the file net/ipv4/fib_semantics.c (bsc#1204171). - CVE-2022-3521: Fixed race condition in kcm_tx_work() in net/kcm/kcmsock.c (bnc#1204355). - CVE-2022-3524: Fixed memory leak in ipv6_renew_options() in the IPv6 handler (bnc#1204354). - CVE-2022-3526: Fixed a memory leak in macvlan_handle_frame() from drivers/net/macvlan.c (bnc#1204353). - CVE-2022-3545: Fixed use-after-free in area_cache_get() in drivers/net/ethernet/netronome/nfp/nfpcore/nfp_cppcore.c (bnc#1204415). - CVE-2022-3565: Fixed use-after-free in del_timer() in drivers/isdn/mISDN/l1oip_core.c (bnc#1204431). - CVE-2022-3621: Fixed null pointer dereference in nilfs_bmap_lookup_at_level() in fs/nilfs2/inode.c (bnc#1204574). - CVE-2022-3625: Fixed use-after-free in devlink_param_set()/devlink_param_get() in net/core/devlink.c (bnc#1204637). - CVE-2022-3628: Fixed potential buffer overflow in brcmf_fweh_event_worker() in wifi/brcmfmac (bsc#1204868). - CVE-2022-3640: Fixed use-after-free in l2cap_conn_del() in net/bluetooth/l2cap_core.c (bnc#1204619). - CVE-2022-3646: Fixed memory leak in nilfs_attach_log_writer() in fs/nilfs2/segment.c (bnc#1204646). - CVE-2022-40476: Fixed a null pointer dereference in fs/io_uring.c (bnc#1203435). - CVE-2022-40768: Fixed information disclosure in stex_queuecommand_lck (bnc#1203514). - CVE-2022-43750: Fixed vulnerability in usbmon that allowed a user-space client to corrupt the monitor's internal memory (bnc#1204653). The following non-security bugs were fixed: - acpi: APEI: do not add task_work to kernel thread to avoid memory leak (git-fixes). - acpi: HMAT: Release platform device in case of platform_device_add_data() fails (git-fixes). - acpi: extlog: Handle multiple records (git-fixes). - acpi: tables: FPDT: Do not call acpi_os_map_memory() on invalid phys address (git-fixes). - acpi: video: Add Toshiba Satellite/Portege Z830 quirk (git-fixes). - acpi: video: Make backlight class device registration a separate step (v2) (git-fixes). - acpi: x86: Add a quirk for Dell Inspiron 14 2-in-1 for StorageD3Enable (git-fixes). - alsa: Use del_timer_sync() before freeing timer (git-fixes). - alsa: ac97: fix possible memory leak in snd_ac97_dev_register() (git-fixes). - alsa: aoa: Fix I2S device accounting (git-fixes). - alsa: aoa: i2sbus: fix possible memory leak in i2sbus_add_dev() (git-fixes). - alsa: asihpi - Remove useless code in hpi_meter_get_peak() (git-fixes). - alsa: au88x0: use explicitly signed char (git-fixes). - alsa: dmaengine: increment buffer pointer atomically (git-fixes). - alsa: hda/cs_dsp_ctl: Fix mutex inversion when creating controls (bsc#1203699). - alsa: hda/hdmi: Do not skip notification handling during PM operation (git-fixes). - alsa: hda/hdmi: Fix the converter allocation for the silent stream (git-fixes). - alsa: hda/hdmi: Fix the converter reuse for the silent stream (git-fixes). - alsa: hda/hdmi: change type for the 'assigned' variable (git-fixes). - alsa: hda/realtek: Add Intel Reference SSID to support headset keys (git-fixes). - alsa: hda/realtek: Add another HP ZBook G9 model quirks (bsc#1203699). - alsa: hda/realtek: Add quirk for ASUS GV601R laptop (git-fixes). - alsa: hda/realtek: Add quirk for ASUS Zenbook using CS35L41 (bsc#1203922). - alsa: hda/realtek: Correct pin configs for ASUS G533Z (git-fixes). - alsa: hda/realtek: remove ALC289_FIXUP_DUAL_SPK for Dell 5530 (git-fixes). - alsa: hda: Fix position reporting on Poulsbo (git-fixes). - alsa: hda: cs35l41: Remove suspend/resume hda hooks (bsc#1203699). - alsa: hda: cs35l41: Support System Suspend (bsc#1203699). - alsa: hda: hda_cs_dsp_ctl: Ensure pwr_lock is held before reading/writing controls (bsc#1203699). - alsa: hda: hda_cs_dsp_ctl: Minor clean and redundant code removal (bsc#1203699). - alsa: hiface: fix repeated words in comments (git-fixes). - alsa: line6: Replace sprintf() with sysfs_emit() (git-fixes). - alsa: line6: remove line6_set_raw declaration (git-fixes). - alsa: oss: Fix potential deadlock at unregistration (git-fixes). - alsa: rawmidi: Drop register_mutex in snd_rawmidi_free() (git-fixes). - alsa: rme9652: use explicitly signed char (git-fixes). - alsa: scarlett2: Add Focusrite Clarett+ 8Pre support (git-fixes). - alsa: scarlett2: Add support for the internal 'standalone' switch (git-fixes). - alsa: scarlett2: Split scarlett2_config_items[] into 3 sections (git-fixes). - alsa: usb-audio: Add mixer mapping for Gigabyte B450/550 Mobos (git-fixes). - alsa: usb-audio: Add quirk to enable Avid Mbox 3 support (git-fixes). - alsa: usb-audio: Add quirks for M-Audio Fast Track C400/600 (git-fixes). - alsa: usb-audio: Fix NULL dererence at error path (git-fixes). - alsa: usb-audio: Fix last interface check for registration (git-fixes). - alsa: usb-audio: Fix potential memory leaks (git-fixes). - alsa: usb-audio: Fix regression with Dell Dock jack detection (bsc#1204719). - alsa: usb-audio: Register card at the last interface (git-fixes). - alsa: usb-audio: make read-only array marker static const (git-fixes). - alsa: usb-audio: remove redundant assignment to variable c (git-fixes). - alsa: usb-audio: scarlett2: Use struct_size() helper in scarlett2_usb() (git-fixes). - alsa: usb/6fire: fix repeated words in comments (git-fixes). - arm64/bti: Disable in kernel BTI when cross section thunks are broken (git-fixes) - arm64/mm: Consolidate TCR_EL1 fields (git-fixes). - arm64: dts: imx8mp: Add snps,gfladj-refclk-lpm-sel quirk to USB nodes (git-fixes). - arm64: dts: imx8mq-librem5: Add bq25895 as max17055's power supply (git-fixes). - arm64: dts: qcom: sc7280: Cleanup the lpasscc node (git-fixes). - arm64: dts: ti: k3-j7200: fix main pinmux range (git-fixes). - arm64: ftrace: fix module PLTs with mcount (git-fixes). - arm64: mte: Avoid setting PG_mte_tagged if no tags cleared or restored (git-fixes). - arm64: topology: move store_cpu_topology() to shared code (git-fixes). - arm: 9242/1: kasan: Only map modules if CONFIG_KASAN_VMALLOC=n (git-fixes). - arm: 9244/1: dump: Fix wrong pg_level in walk_pmd() (git-fixes). - arm: 9247/1: mm: set readonly for MT_MEMORY_RO with ARM_LPAE (git-fixes). - arm: Drop CMDLINE_* dependency on ATAGS (git-fixes). - arm: decompressor: Include .data.rel.ro.local (git-fixes). - arm: defconfig: clean up multi_v4t and multi_v5 configs (git-fixes). - arm: defconfig: drop CONFIG_PTP_1588_CLOCK=y (git-fixes). - arm: defconfig: drop CONFIG_SERIAL_OMAP references (git-fixes). - arm: defconfig: drop CONFIG_USB_FSL_USB2 (git-fixes). - arm: dts: armada-38x: Add gpio-ranges for pin muxing (git-fixes). - arm: dts: exynos: correct s5k6a3 reset polarity on Midas family (git-fixes). - arm: dts: exynos: fix polarity of VBUS GPIO of Origen (git-fixes). - arm: dts: fix Moxa SDIO 'compatible', remove 'sdhci' misnomer (git-fixes). - arm: dts: imx6dl: add missing properties for sram (git-fixes). - arm: dts: imx6q: add missing properties for sram (git-fixes). - arm: dts: imx6qdl-kontron-samx6i: hook up DDC i2c bus (git-fixes). - arm: dts: imx6qp: add missing properties for sram (git-fixes). - arm: dts: imx6sl: add missing properties for sram (git-fixes). - arm: dts: imx6sll: add missing properties for sram (git-fixes). - arm: dts: imx6sx: add missing properties for sram (git-fixes). - arm: dts: imx7d-sdb: config the max pressure for tsc2046 (git-fixes). - arm: dts: integrator: Tag PCI host with device_type (git-fixes). - arm: dts: kirkwood: lsxl: fix serial line (git-fixes). - arm: dts: kirkwood: lsxl: remove first ethernet port (git-fixes). - arm: dts: turris-omnia: Add label for wan port (git-fixes). - arm: dts: turris-omnia: Fix mpp26 pin name and comment (git-fixes). - asoc: SOF: pci: Change DMI match info to support all Chrome platforms (git-fixes). - asoc: codecs: tx-macro: fix kcontrol put (git-fixes). - asoc: da7219: Fix an error handling path in da7219_register_dai_clks() (git-fixes). - asoc: eureka-tlv320: Hold reference returned from of_find_xxx API (git-fixes). - asoc: fsl_sai: Remove unnecessary FIFO reset in ISR (git-fixes). - asoc: mt6359: fix tests for platform_get_irq() failure (git-fixes). - asoc: mt6660: Fix PM disable depth imbalance in mt6660_i2c_probe (git-fixes). - asoc: qcom: lpass-cpu: Mark HDMI TX parity register as volatile (git-fixes). - asoc: qcom: lpass-cpu: mark HDMI TX registers as volatile (git-fixes). - asoc: rsnd: Add check for rsnd_mod_power_on (git-fixes). - asoc: tas2764: Allow mono streams (git-fixes). - asoc: tas2764: Drop conflicting set_bias_level power setting (git-fixes). - asoc: tas2764: Fix mute/unmute (git-fixes). - asoc: wcd9335: fix order of Slimbus unprepare/disable (git-fixes). - asoc: wcd934x: fix order of Slimbus unprepare/disable (git-fixes). - asoc: wm5102: Fix PM disable depth imbalance in wm5102_probe (git-fixes). - asoc: wm5110: Fix PM disable depth imbalance in wm5110_probe (git-fixes). - asoc: wm8997: Fix PM disable depth imbalance in wm8997_probe (git-fixes). - asoc: wm_adsp: Handle optional legacy support (git-fixes). - ata: ahci-imx: Fix MODULE_ALIAS (git-fixes). - ata: fix ata_id_has_devslp() (git-fixes). - ata: fix ata_id_has_dipm() (git-fixes). - ata: fix ata_id_has_ncq_autosense() (git-fixes). - ata: fix ata_id_sense_reporting_enabled() and ata_id_has_sense_reporting() (git-fixes). - ata: libahci_platform: Sanity check the DT child nodes number (git-fixes). - ata: pata_legacy: fix pdc20230_set_piomode() (git-fixes). - bluetooth: L2CAP: Fix use-after-free caused by l2cap_reassemble_sdu (git-fixes). - bluetooth: L2CAP: Fix user-after-free (git-fixes). - bluetooth: L2CAP: initialize delayed works at l2cap_chan_create() (git-fixes). - bluetooth: RFCOMM: Fix possible deadlock on socket shutdown/release (git-fixes). - bluetooth: btintel: Mark Intel controller to support LE_STATES quirk (git-fixes). - bluetooth: hci_sysfs: Fix attempting to call device_add multiple times (git-fixes). - bluetooth: virtio_bt: Use skb_put to set length (git-fixes). - bnxt_en: Fix bnxt_refclk_read() (git-fixes). - bnxt_en: Fix bnxt_reinit_after_abort() code path (git-fixes). - bnxt_en: fix livepatch query (git-fixes). - bnxt_en: reclaim max resources if sriov enable fails (git-fixes). - bonding: 802.3ad: fix no transmission of LACPDUs (git-fixes). - bonding: ARP monitor spams NETDEV_NOTIFY_PEERS notifiers (git-fixes). - can: bcm: check the result of can_send() in bcm_can_tx() (git-fixes). - can: j1939: transport: j1939_session_skb_drop_old(): spin_unlock_irqrestore() before kfree_skb() (git-fixes). - can: kvaser_usb: Fix possible completions during init_completion (git-fixes). - can: kvaser_usb: Fix use of uninitialized completion (git-fixes). - can: kvaser_usb: kvaser_usb_leaf: fix CAN clock frequency regression (git-fixes). - can: kvaser_usb: replace run-time checks with struct kvaser_usb_driver_info (git-fixes). - can: kvaser_usb_leaf: Fix CAN state after restart (git-fixes). - can: kvaser_usb_leaf: Fix TX queue out of sync after restart (git-fixes). - can: mcp251x: mcp251x_can_probe(): add missing unregister_candev() in error path (git-fixes). - can: mcp251xfd: mcp251xfd_register_get_dev_id(): fix endianness conversion (git-fixes). - can: mcp251xfd: mcp251xfd_register_get_dev_id(): use correct length to read dev_id (git-fixes). - can: mscan: mpc5xxx: mpc5xxx_can_probe(): add missing put_clock() in error path (git-fixes). - cgroup/cpuset: Enable update_tasks_cpumask() on top_cpuset (bsc#1204753). - clk: ast2600: BCLK comes from EPLL (git-fixes). - clk: at91: fix the build with binutils 2.27 (git-fixes). - clk: baikal-t1: Add SATA internal ref clock buffer (git-fixes). - clk: baikal-t1: Add shared xGMAC ref/ptp clocks internal parent (git-fixes). - clk: baikal-t1: Fix invalid xGMAC PTP clock divider (git-fixes). - clk: bcm2835: Make peripheral PLLC critical (git-fixes). - clk: bcm2835: Round UART input clock up (bsc#1188238) - clk: bcm2835: fix bcm2835_clock_rate_from_divisor declaration (git-fixes). - clk: bcm: rpi: Add support for VEC clock (bsc#1196632) - clk: berlin: Add of_node_put() for of_get_parent() (git-fixes). - clk: imx: scu: fix memleak on platform_device_add() fails (git-fixes). - clk: mediatek: mt8183: mfgcfg: Propagate rate changes to parent (git-fixes). - clk: meson: Hold reference returned by of_get_parent() (git-fixes). - clk: oxnas: Hold reference returned by of_get_parent() (git-fixes). - clk: qcom: apss-ipq6018: mark apcs_alias0_core_clk as critical (git-fixes). - clk: qcom: gcc-msm8916: use ARRAY_SIZE instead of specifying num_parents (git-fixes). - clk: qoriq: Hold reference returned by of_get_parent() (git-fixes). - clk: sprd: Hold reference returned by of_get_parent() (git-fixes). - clk: tegra20: Fix refcount leak in tegra20_clock_init (git-fixes). - clk: tegra: Fix refcount leak in tegra114_clock_init (git-fixes). - clk: tegra: Fix refcount leak in tegra210_clock_init (git-fixes). - clk: ti: dra7-atl: Fix reference leak in of_dra7_atl_clk_probe (git-fixes). - clk: vc5: Fix 5P49V6901 outputs disabling when enabling FOD (git-fixes). - clk: zynqmp: Fix stack-out-of-bounds in strncpy` (git-fixes). - clk: zynqmp: pll: rectify rate rounding in zynqmp_pll_round_rate (git-fixes). - cpufreq: qcom: fix memory leak in error path (git-fixes). - cpufreq: qcom: fix writes in read-only memory region (git-fixes). - crypto: akcipher - default implementation for setting a private key (git-fixes). - crypto: cavium - prevent integer overflow loading firmware (git-fixes). - crypto: ccp - Release dma channels before dmaengine unrgister (git-fixes). - crypto: hisilicon/zip - fix mismatch in get/set sgl_sge_nr (git-fixes). - crypto: inside-secure - Change swab to swab32 (git-fixes). - crypto: inside-secure - Replace generic aes with libaes (git-fixes). - crypto: marvell/octeontx - prevent integer overflows (git-fixes). - crypto: qat - fix default value of WDT timer (git-fixes). - crypto: sahara - do not sleep when in softirq (git-fixes). - device property: Fix documentation for *_match_string() APIs (git-fixes). - dmaengine: hisilicon: Add multi-thread support for a DMA channel (git-fixes). - dmaengine: hisilicon: Disable channels when unregister hisi_dma (git-fixes). - dmaengine: hisilicon: Fix CQ head update (git-fixes). - dmaengine: idxd: change bandwidth token to read buffers (jsc#PED-679). - dmaengine: idxd: deprecate token sysfs attributes for read buffers (jsc#PED-679). - dmaengine: idxd: force wq context cleanup on device disable path (git-fixes). - dmaengine: ioat: stop mod_timer from resurrecting deleted timer in __cleanup() (git-fixes). - dmaengine: mxs: use platform_driver_register (git-fixes). - dmaengine: ti: k3-udma: Reset UDMA_CHAN_RT byte counters to prevent overflow (git-fixes). - dmaengine: xilinx_dma: Fix devm_platform_ioremap_resource error handling (git-fixes). - dmaengine: xilinx_dma: Report error in case of dma_set_mask_and_coherent API failure (git-fixes). - dmaengine: xilinx_dma: cleanup for fetching xlnx,num-fstores property (git-fixes). - dpaa2-eth: trace the allocated address instead of page struct (git-fixes). - drivers: hv: vmbus: Fix handling of messages with transaction ID of zero (bsc#1204017). - drivers: hv: vmbus: Introduce vmbus_request_addr_match() (bsc#1204017). - drivers: hv: vmbus: Introduce vmbus_sendpacket_getid() (bsc#1204017). - drivers: hv: vmbus: Introduce {lock,unlock}_requestor() (bsc#1204017). - drivers: serial: jsm: fix some leaks in probe (git-fixes). - drm/amd/display: Assume an LTTPR is always present on fixed_vs links (git-fixes). - drm/amd/display: Changed pipe split policy to allow for multi-display (bsc#1152472) Backporting notes: * remove changes to non-existing 201 and 31 directories - drm/amd/display: Correct MPC split policy for DCN301 (git-fixes). - drm/amd/display: Fix build breakage with CONFIG_DEBUG_FS=n (git-fixes). - drm/amd/display: Fix double cursor on non-video RGB MPO (git-fixes). - drm/amd/display: Fix vblank refcount in vrr transition (git-fixes). - drm/amd/display: Remove interface for periodic interrupt 1 (git-fixes). - drm/amd/display: skip audio setup when audio stream is enabled (git-fixes). - drm/amd/display: update gamut remap if plane has changed (git-fixes). - drm/amd/pm: smu7_hwmgr: fix potential off-by-one overflow in 'performance_levels' (git-fixes). - drm/amdgpu/display: change pipe policy for DCN 2.0 (git-fixes). - drm/amdgpu/display: change pipe policy for DCN 2.1 (git-fixes). - drm/amdgpu/gfx10: add wraparound gpu counter check for APUs as well (bsc#1152472) Backporting notes: * also fix default branch - drm/amdgpu/gfx9: switch to golden tsc registers for renoir+ (bsc#1152472) Backporting notes: * replace IP_VERSION() with CHIP_ constants - drm/amdgpu: add missing pci_disable_device() in amdgpu_pmops_runtime_resume() (git-fixes). - drm/amdgpu: fix initial connector audio value (git-fixes). - drm/amdgpu: fix sdma doorbell init ordering on APUs (git-fixes). - drm/amdkfd: Fix memory leak in kfd_mem_dmamap_userptr() (git-fixes). - drm/bridge: Avoid uninitialized variable warning (git-fixes). - drm/bridge: megachips: Fix a null pointer dereference bug (git-fixes). - drm/bridge: parade-ps8640: Fix regulator supply order (git-fixes). - drm/i915/dp: Reset frl trained flag before restarting FRL training (git-fixes). - drm/i915/ehl: Update MOCS table for EHL (git-fixes). - drm/i915/gvt: fix a memory leak in intel_gvt_init_vgpu_types (git-fixes). - drm/i915/hdmi: convert intel_hdmi_to_dev to intel_hdmi_to_i915 (bsc#1152489) - drm/i915: Reject unsupported TMDS rates on ICL+ (git-fixes). - drm/komeda: Fix handling of atomic commits in the atomic_commit_tail hook (git-fixes). - drm/meson: explicitly remove aggregate driver at module unload time (git-fixes). - drm/mipi-dsi: Detach devices when removing the host (git-fixes). - drm/msm/dp: Silence inconsistent indent warning (git-fixes). - drm/msm/dp: correct 1.62G link rate at dp_catalog_ctrl_config_msa() (git-fixes). - drm/msm/dp: fix IRQ lifetime (git-fixes). - drm/msm/dpu: Fix comment typo (git-fixes). - drm/msm/dpu: index dpu_kms->hw_vbif using vbif_idx (git-fixes). - drm/msm/dsi: fix memory corruption with too many bridges (git-fixes). - drm/msm/hdmi: fix memory corruption with too many bridges (git-fixes). - drm/msm: Fix return type of mdp4_lvds_connector_mode_valid (git-fixes). - drm/msm: Make .remove and .shutdown HW shutdown consistent (git-fixes). - drm/msm: fix use-after-free on probe deferral (git-fixes). - drm/nouveau/kms/nv140-: Disable interlacing (git-fixes). - drm/nouveau/nouveau_bo: fix potential memory leak in nouveau_bo_alloc() (git-fixes). - drm/nouveau: fix a use-after-free in nouveau_gem_prime_import_sg_table() (git-fixes). - drm/nouveau: wait for the exclusive fence after the shared ones v2 (bsc#1152472) Backporting notes: * context changes - drm/omap: dss: Fix refcount leak bugs (git-fixes). - drm/scheduler: quieten kernel-doc warnings (git-fixes). - drm/virtio: Check whether transferred 2D BO is shmem (git-fixes). - drm/virtio: Unlock reservations on virtio_gpu_object_shmem_init() error (git-fixes). - drm: Prevent drm_copy_field() to attempt copying a NULL pointer (git-fixes). - drm: Use size_t type for len variable in drm_copy_field() (git-fixes). - drm: bridge: adv7511: fix CEC power down control register offset (git-fixes). - drm: bridge: dw_hdmi: only trigger hotplug event on link change (git-fixes). - drm: fix drm_mipi_dbi build errors (git-fixes). - drm: panel-orientation-quirks: Add quirk for Anbernic Win600 (git-fixes). - drm:pl111: Add of_node_put() when breaking out of for_each_available_child_of_node() (git-fixes). - drop Dell Dock regression fix patch again (bsc#1204719) - drop verbose nvme logging feature (bsc#1200567) - dt-bindings: crypto: ti,sa2ul: drop dma-coherent property (git-fixes). - dt-bindings: display/msm: dpu-sc7180: add missing DPU opp-table (git-fixes). - dt-bindings: display/msm: dpu-sdm845: add missing DPU opp-table (git-fixes). - dt-bindings: mtd: intel: lgm-nand: Fix compatible string (git-fixes). - dt-bindings: mtd: intel: lgm-nand: Fix maximum chip select value (git-fixes). - dt-bindings: pci: microchip,pcie-host: fix missing clocks properties (git-fixes). - dt-bindings: pci: microchip,pcie-host: fix missing dma-ranges (git-fixes). - dt-bindings: phy: qcom,qmp-usb3-dp: fix bogus clock-cells property (git-fixes). - dt-bindings: phy: qcom,qmp: fix bogus clock-cells property (git-fixes). - dyndbg: fix module.dyndbg handling (git-fixes). - dyndbg: fix static_branch manipulation (git-fixes). - dyndbg: let query-modname override actual module name (git-fixes). - efi: Correct Macmini DMI match in uefi cert quirk (git-fixes). - efi: libstub: drop pointless get_memory_map() call (git-fixes). - fbdev: cyber2000fb: fix missing pci_disable_device() (git-fixes). - fbdev: da8xx-fb: Fix error handling in .remove() (git-fixes). - fec: Fix timer capture timing in `fec_ptp_enable_pps()` (git-fixes). - firmware: arm_scmi: Add SCMI PM driver remove routine (git-fixes). - firmware: arm_scmi: Harden accesses to the sensor domains (git-fixes). - firmware: arm_scmi: Improve checks in the info_get operations (git-fixes). - firmware: google: Test spinlock on panic path to avoid lockups (git-fixes). - fpga: prevent integer overflow in dfl_feature_ioctl_set_irq() (git-fixes). - fs/binfmt_elf: Fix memory leak in load_elf_binary() (git-fixes). - ftrace: Fix char print issue in print_ip_ins() (git-fixes). - ftrace: Properly unset FTRACE_HASH_FL_MOD (git-fixes). - fuse: fix deadlock between atomic O_TRUNC and page invalidation (bsc#1204533). - gcov: support GCC 12.1 and newer compilers (git-fixes). - gpu: lontium-lt9611: Fix NULL pointer dereference in lt9611_connector_init() (git-fixes). - hid: hid-logitech-hidpp: avoid unnecessary assignments in hidpp_connect_event (git-fixes). - hid: hidraw: fix memory leak in hidraw_release() (git-fixes). - hid: magicmouse: Do not set BTN_MOUSE on double report (git-fixes). - hid: multitouch: Add memory barriers (git-fixes). - hid: roccat: Fix use-after-free in roccat_read() (git-fixes). - hinic: Avoid some over memory allocation (git-fixes). - hsi: omap_ssi: Fix refcount leak in ssi_probe (git-fixes). - hsi: omap_ssi_port: Fix dma_map_sg error check (git-fixes). - hwmon/coretemp: Handle large core ID value (git-fixes). - hwmon: (sht4x) do not overflow clamping operation on 32-bit platforms (git-fixes). - i2c: designware: Fix handling of real but unexpected device interrupts (git-fixes). - i2c: i801: Add support for Intel Ice Lake PCH-N (jsc#PED-634). - i2c: i801: Add support for Intel Meteor Lake-P (jsc#PED-732). - i2c: i801: Add support for Intel Raptor Lake PCH-S (jsc#PED-634). - i2c: i801: Improve handling of chip-specific feature definitions (jsc#PED-634). - i2c: qcom-cci: Fix ordering of pm_runtime_xx and i2c_add_adapter (git-fixes). - i40e: Fix call trace in setup_tx_descriptors (git-fixes). - i40e: Fix dropped jumbo frames statistics (git-fixes). - i40e: Fix to stop tx_timeout recovery if GLOBR fails (git-fixes). - iavf: Fix adminq error handling (git-fixes). - iavf: Fix handling of dummy receive descriptors (git-fixes). - iavf: Fix reset error handling (git-fixes). - ib/core: Fix a nested dead lock as part of ODP flow (git-fixes) - ib/rdmavt: Add __init/__exit annotations to module init/exit funcs (git-fixes) - ice: Fix switchdev rules book keeping (git-fixes). - ice: check (DD | EOF) bits on Rx descriptor rather than (EOP | RS) (git-fixes). - ice: do not setup vlan for loopback VSI (git-fixes). - igb: Make DMA faster when CPU is active on the PCIe link (git-fixes). - igb: fix a use-after-free issue in igb_clean_tx_ring (git-fixes). - iio: ABI: Fix wrong format of differential capacitance channel ABI (git-fixes). - iio: adc: ad7923: fix channel readings for some variants (git-fixes). - iio: adc: at91-sama5d2_adc: check return status for pressure and touch (git-fixes). - iio: adc: at91-sama5d2_adc: disable/prepare buffer on suspend/resume (git-fixes). - iio: adc: at91-sama5d2_adc: fix AT91_SAMA5D2_MR_TRACKTIM_MAX (git-fixes). - iio: adc: at91-sama5d2_adc: lock around oversampling and sample freq (git-fixes). - iio: adc: mcp3911: use correct id bits (git-fixes). - iio: adxl372: Fix unsafe buffer attributes (git-fixes). - iio: bmc150-accel-core: Fix unsafe buffer attributes (git-fixes). - iio: dac: ad5593r: Fix i2c read protocol requirements (git-fixes). - iio: inkern: fix return value in devm_of_iio_channel_get_by_name() (git-fixes). - iio: inkern: only release the device node when done with it (git-fixes). - iio: light: tsl2583: Fix module unloading (git-fixes). - iio: ltc2497: Fix reading conversion results (git-fixes). - iio: magnetometer: yas530: Change data type of hard_offsets to signed (git-fixes). - iio: pressure: dps310: Refactor startup procedure (git-fixes). - iio: pressure: dps310: Reset chip after timeout (git-fixes). - iio: temperature: ltc2983: allocate iio channels once (git-fixes). - ima: fix blocking of security.ima xattrs of unsupported algorithms (git-fixes). - input: i8042 - fix refount leak on sparc (git-fixes). - input: synaptics-rmi4 - fix firmware update operations with bootloader v8 (git-fixes). - input: xpad - add supported devices as contributed on github (git-fixes). - input: xpad - fix wireless 360 controller breaking after suspend (git-fixes). - iommu/vt-d: Do not falsely log intel_iommu is unsupported kernel option (bsc#1204947). - ip: Fix data-races around sysctl_ip_fwd_update_priority (git-fixes). - ipv4: Fix data-races around sysctl_fib_multipath_hash_policy (git-fixes). - irqchip/ls-extirq: Fix invalid wait context by avoiding to use regmap (git-fixes). - isdn: mISDN: netjet: fix wrong check of device registration (git-fixes). - ixgbe: Add locking to prevent panic when setting sriov_numvfs to zero (git-fixes). - ixgbe: fix bcast packets Rx on VF after promisc removal (git-fixes). - ixgbe: fix unexpected VLAN Rx in promisc mode on VF (git-fixes). - kABI: Fix after adding trace_iterator.wait_index (git-fixes). - kABI: Fix kABI after backport Add pmc->intr to refactor kvm_perf_overflow{_intr}() (git-fixes). - kABI: Fix kABI after backport Always set kvm_run->if_flag (git-fixes). - kABI: Fix kABI after backport Forcibly leave nested virt when SMM state is toggled (git-fixes). - kABI: Fix kABI after backport Refactoring find_arch_event() to pmc_perf_hw_id() (git-fixes). - kABI: Fix kABI after backport Update vPMCs when retiring branch instructions (git-fixes). - kabi/severities: ignore CS35L41-specific exports (bsc#1203699) - kbuild: Add skip_encoding_btf_enum64 option to pahole (git-fixes). - kbuild: remove the target in signal traps when interrupted (git-fixes). - kbuild: rpm-pkg: fix breakage when V=1 is used (git-fixes). - kernfs: fix use-after-free in __kernfs_remove (git-fixes). - kselftest/arm64: Fix validatation termination record after EXTRA_CONTEXT (git-fixes). - kvm: SVM: Exit to userspace on ENOMEM/EFAULT GHCB errors (git-fixes). - kvm: VMX: Inject #PF on ENCLS as 'emulated' #PF (git-fixes). - kvm: fix avic_set_running for preemptable kernels (git-fixes). - kvm: nVMX: Ignore SIPI that arrives in L2 when vCPU is not in WFS (git-fixes). - kvm: nVMX: Unconditionally purge queued/injected events on nested 'exit' (git-fixes). - kvm: s390: Clarify SIGP orders versus STOP/RESTART (git-fixes). - kvm: s390: pv: do not present the ecall interrupt twice (bsc#1203229 LTC#199905). - kvm: s390x: fix SCK locking (git-fixes). - kvm: x86/emulator: Fix handing of POP SS to correctly set interruptibility (git-fixes). - kvm: x86/mmu: Do not advance iterator after restart due to yielding (git-fixes). - kvm: x86/mmu: Retry page fault if root is invalidated by memslot update (git-fixes). - kvm: x86/pmu: Add pmc->intr to refactor kvm_perf_overflow{_intr}() (git-fixes). - kvm: x86/pmu: Do not truncate the PerfEvtSeln MSR when creating a perf event (git-fixes). - kvm: x86/pmu: Fix available_event_types check for REF_CPU_CYCLES event (git-fixes). - kvm: x86/pmu: Refactoring find_arch_event() to pmc_perf_hw_id() (git-fixes). - kvm: x86: Add KVM_CAP_ENABLE_CAP to x86 (git-fixes). - kvm: x86: Add compat handler for KVM_X86_SET_MSR_FILTER (git-fixes). - kvm: x86: Always set kvm_run->if_flag (git-fixes). - kvm: x86: Forcibly leave nested virt when SMM state is toggled (git-fixes). - kvm: x86: Inject #UD on emulated XSETBV if XSAVES isn't enabled (git-fixes). - kvm: x86: Keep MSR_IA32_XSS unchanged for INIT (git-fixes). - kvm: x86: Register perf callbacks after calling vendor's hardware_setup() (git-fixes). - kvm: x86: Sync the states size with the XCR0/IA32_XSS at, any time (git-fixes). - kvm: x86: Update vPMCs when retiring branch instructions (git-fixes). - kvm: x86: Update vPMCs when retiring instructions (git-fixes). - kvm: x86: do not report preemption if the steal time cache is stale (git-fixes). - kvm: x86: nSVM/nVMX: set nested_run_pending on VM entry which is a result of RSM (git-fixes). - kvm: x86: nSVM: fix potential NULL derefernce on nested migration (git-fixes). - kvm: x86: nSVM: mark vmcb01 as dirty when restoring SMM saved state (git-fixes). - lib/sg_pool: change module_init(sg_pool_init) to subsys_initcall (git-fixes). - livepatch: Add a missing newline character in klp_module_coming() (bsc#1071995). - livepatch: fix race between fork and KLP transition (bsc#1071995). - mISDN: fix possible memory leak in mISDN_register_device() (git-fixes). - mISDN: hfcpci: Fix use-after-free bug in hfcpci_softirq (git-fixes). - mac802154: Fix LQI recording (git-fixes). - macvlan: enforce a consistent minimal mtu (git-fixes). - mailbox: bcm-ferxrm-mailbox: Fix error check for dma_map_sg (git-fixes). - mailbox: mpfs: account for mbox offsets while sending (git-fixes). - mailbox: mpfs: fix handling of the reg property (git-fixes). - media: atomisp: prevent integer overflow in sh_css_set_black_frame() (git-fixes). - media: cedrus: Fix endless loop in cedrus_h265_skip_bits() (git-fixes). - media: cedrus: Set the platform driver data earlier (git-fixes). - media: cx88: Fix a null-ptr-deref bug in buffer_prepare() (git-fixes). - media: ipu3-imgu: Fix NULL pointer dereference in active selection access (git-fixes). - media: mceusb: set timeout to at least timeout provided (git-fixes). - media: meson: vdec: add missing clk_disable_unprepare on error in vdec_hevc_start() (git-fixes). - media: uvcvideo: Fix memory leak in uvc_gpio_parse (git-fixes). - media: uvcvideo: Use entity get_cur in uvc_ctrl_set (git-fixes). - media: v4l2-compat-ioctl32.c: zero buffer passed to v4l2_compat_get_array_args() (git-fixes). - media: v4l2-dv-timings: add sanity checks for blanking values (git-fixes). - media: v4l2: Fix v4l2_i2c_subdev_set_name function documentation (git-fixes). - media: venus: dec: Handle the case where find_format fails (git-fixes). - media: videodev2.h: V4L2_DV_BT_BLANKING_HEIGHT should check 'interlaced' (git-fixes). - media: vivid: dev->bitmap_cap wasn't freed in all cases (git-fixes). - media: vivid: s_fbuf: add more sanity checks (git-fixes). - media: vivid: set num_in/outputs to 0 if not supported (git-fixes). - media: xilinx: vipp: Fix refcount leak in xvip_graph_dma_init (git-fixes). - memory: of: Fix refcount leak bug in of_get_ddr_timings() (git-fixes). - memory: of: Fix refcount leak bug in of_lpddr3_get_ddr_timings() (git-fixes). - memory: pl353-smc: Fix refcount leak bug in pl353_smc_probe() (git-fixes). - mfd: fsl-imx25: Fix an error handling path in mx25_tsadc_setup_irq() (git-fixes). - mfd: fsl-imx25: Fix check for platform_get_irq() errors (git-fixes). - mfd: intel-lpss: Add Intel Raptor Lake PCH-S PCI IDs (jsc#PED-634). - mfd: intel_soc_pmic: Fix an error handling path in intel_soc_pmic_i2c_probe() (git-fixes). - mfd: lp8788: Fix an error handling path in lp8788_irq_init() and lp8788_irq_init() (git-fixes). - mfd: lp8788: Fix an error handling path in lp8788_probe() (git-fixes). - mfd: sm501: Add check for platform_driver_register() (git-fixes). - misc: ocxl: fix possible refcount leak in afu_ioctl() (git-fixes). - misc: pci_endpoint_test: Aggregate params checking for xfer (git-fixes). - misc: pci_endpoint_test: Fix pci_endpoint_test_{copy,write,read}() panic (git-fixes). - mlxsw: spectrum: Clear PTP configuration after unregistering the netdevice (git-fixes). - mlxsw: spectrum_cnt: Reorder counter pools (git-fixes). - mlxsw: spectrum_router: Fix IPv4 nexthop gateway indication (git-fixes). - mm/hugetlb: fix races when looking up a CONT-PTE/PMD size hugetlb page (bsc#1204575). - mmc: au1xmmc: Fix an error handling path in au1xmmc_probe() (git-fixes). - mmc: core: Fix kernel panic when remove non-standard SDIO card (git-fixes). - mmc: core: Replace with already defined values for readability (git-fixes). - mmc: core: Terminate infinite loop in SD-UHS voltage switch (git-fixes). - mmc: sdhci-esdhc-imx: Propagate ESDHC_FLAG_HS400* only on 8bit bus (git-fixes). - mmc: sdhci-msm: add compatible string check for sdm670 (git-fixes). - mmc: sdhci-pci-core: Disable ES for ASUS BIOS on Jasper Lake (git-fixes). - mmc: sdhci-sprd: Fix minimum clock limit (git-fixes). - mmc: sdhci_am654: 'select', not 'depends' REGMAP_MMIO (git-fixes). - mmc: wmt-sdmmc: Fix an error handling path in wmt_mci_probe() (git-fixes). - move upstreamed BT fixes into sorted section - move upstreamed patches into sorted section - move upstreamed sound patches into sorted section - mtd: devices: docg3: check the return value of devm_ioremap() in the probe (git-fixes). - mtd: rawnand: atmel: Unmap streaming DMA mappings (git-fixes). - mtd: rawnand: fsl_elbc: Fix none ECC mode (git-fixes). - mtd: rawnand: intel: Do not re-define NAND_DATA_IFACE_CHECK_ONLY (git-fixes). - mtd: rawnand: intel: Read the chip-select line from the correct OF node (git-fixes). - mtd: rawnand: intel: Remove undocumented compatible string (git-fixes). - mtd: rawnand: marvell: Use correct logic for nand-keep-config (git-fixes). - mtd: rawnand: meson: fix bit map use in meson_nfc_ecc_correct() (git-fixes). - net/dsa/hirschmann: Add missing of_node_get() in hellcreek_led_setup() (git-fixes). - net/ice: fix initializing the bitmap in the switch code (git-fixes). - net/ieee802154: fix uninit value bug in dgram_sendmsg (git-fixes). - net/mlx4_en: Fix wrong return value on ioctl EEPROM query failure (git-fixes). - net/mlx5e: Disable softirq in mlx5e_activate_rq to avoid race condition (git-fixes). - net/mlx5e: Fix enabling sriov while tc nic rules are offloaded (git-fixes). - net/mlx5e: Properly disable vlan strip on non-UL reps (git-fixes). - net/mlx5e: Remove WARN_ON when trying to offload an unsupported TLS cipher/version (git-fixes). - net/mlx5e: Ring the TX doorbell on DMA errors (git-fixes). - net/mlx5e: TC, fix decap fallback to uplink when int port not supported (git-fixes). - net/mlx5e: Update netdev features after changing XDP state (git-fixes). - net/mlx5e: xsk: Account for XSK RQ UMRs when calculating ICOSQ size (git-fixes). - net: altera: Fix refcount leak in altera_tse_mdio_create (git-fixes). - net: atlantic: fix aq_vec index out of range error (git-fixes). - net: bcmgenet: Indicate MAC is in charge of PHY PM (git-fixes). - net: bgmac: Fix a BUG triggered by wrong bytes_compl (git-fixes). - net: bgmac: Fix an erroneous kfree() in bgmac_remove() (git-fixes). - net: bgmac: support MDIO described in DT (git-fixes). - net: bonding: fix possible NULL deref in rlb code (git-fixes). - net: bonding: fix use-after-free after 802.3ad slave unbind (git-fixes). - net: chelsio: cxgb4: Avoid potential negative array offset (git-fixes). - net: dp83822: disable false carrier interrupt (git-fixes). - net: dp83822: disable rx error interrupt (git-fixes). - net: dsa: bcm_sf2: force pause link settings (git-fixes). - net: dsa: ksz9477: port mirror sniffing limited to one port (git-fixes). - net: dsa: lantiq_gswip: Fix refcount leak in gswip_gphy_fw_list (git-fixes). - net: dsa: microchip: ksz9477: fix fdb_dump last invalid entry (git-fixes). - net: dsa: microchip: ksz_common: Fix refcount leak bug (git-fixes). - net: dsa: mv88e6060: prevent crash on an unused port (git-fixes). - net: dsa: mv88e6xxx: use BMSR_ANEGCOMPLETE bit for filling an_complete (git-fixes). - net: dsa: sja1105: fix buffer overflow in sja1105_setup_devlink_regions() (git-fixes). - net: dsa: sja1105: silent spi_device_id warnings (git-fixes). - net: dsa: vitesse-vsc73xx: silent spi_device_id warnings (git-fixes). - net: ethernet: bgmac: Fix refcount leak in bcma_mdio_mii_register (git-fixes). - net: ethernet: ti: am65-cpsw: Fix devlink port register sequence (git-fixes). - net: ethernet: ti: davinci_mdio: Add workaround for errata i2329 (git-fixes). - net: ethernet: ti: davinci_mdio: fix build for mdio bitbang uses (git-fixes). - net: fix IFF_TX_SKB_NO_LINEAR definition (git-fixes). - net: ftgmac100: Hold reference returned by of_get_child_by_name() (git-fixes). - net: hns3: do not push link state to VF if unalive (git-fixes). - net: hns3: set port base vlan tbl_sta to false before removing old vlan (git-fixes). - net: huawei: hinic: Use devm_kcalloc() instead of devm_kzalloc() (git-fixes). - net: ieee802154: return -EINVAL for unknown addr type (git-fixes). - net: ipa: do not assume SMEM is page-aligned (git-fixes). - net: ipvtap - add __init/__exit annotations to module init/exit funcs (git-fixes). - net: moxa: get rid of asymmetry in DMA mapping/unmapping (git-fixes). - net: moxa: pass pdev instead of ndev to DMA functions (git-fixes). - net: mscc: ocelot: fix address of SYS_COUNT_TX_AGING counter (git-fixes). - net: pcs: xpcs: propagate xpcs_read error to xpcs_get_state_c37_sgmii (git-fixes). - net: phy: dp83822: disable MDI crossover status change interrupt (git-fixes). - net: phy: dp83867: Extend RX strap quirk for SGMII mode (git-fixes). - net: stmmac: fix dma queue left shift overflow issue (git-fixes). - net: stmmac: fix leaks in probe (git-fixes). - net: stmmac: fix pm runtime issue in stmmac_dvr_remove() (git-fixes). - net: stmmac: fix unbalanced ptp clock issue in suspend/resume flow (git-fixes). - net: stmmac: remove redunctant disable xPCS EEE call (git-fixes). - net: sungem_phy: Add of_node_put() for reference returned by of_get_parent() (git-fixes). - net: tap: NULL pointer derefence in dev_parse_header_protocol when skb->dev is null (git-fixes). - net: usb: qmi_wwan: Add new usb-id for Dell branded EM7455 (git-fixes). - net: usb: r8152: Add in new Devices that are supported for Mac-Passthru (git-fixes). - netdevsim: fib: Fix reference count leak on route deletion failure (git-fixes). - nfc: fdp: Fix potential memory leak in fdp_nci_send() (git-fixes). - nfc: nfcmrvl: Fix potential memory leak in nfcmrvl_i2c_nci_send() (git-fixes). - nfc: nxp-nci: Fix potential memory leak in nxp_nci_send() (git-fixes). - nfc: s3fwrn5: Fix potential memory leak in s3fwrn5_nci_send() (git-fixes). - nfp: ethtool: fix the display error of `ethtool -m DEVNAME` (git-fixes). - nfs: Fix another fsync() issue after a server reboot (git-fixes). - nfsv4: Fixes for nfs4_inode_return_delegation() (git-fixes). - nvme: do not print verbose errors for internal passthrough requests (bsc#1202187). - nvmem: core: Check input parameter for NULL in nvmem_unregister() (bsc#1204241). - octeontx2-af: Apply tx nibble fixup always (git-fixes). - octeontx2-af: Fix key checking for source mac (git-fixes). - octeontx2-af: Fix mcam entry resource leak (git-fixes). - octeontx2-af: suppress external profile loading warning (git-fixes). - octeontx2-pf: Fix NIX_AF_TL3_TL2X_LINKX_CFG register configuration (git-fixes). - octeontx2-pf: Fix UDP/TCP src and dst port tc filters (git-fixes). - octeontx2-pf: cn10k: Fix egress ratelimit configuration (git-fixes). - openvswitch: Fix double reporting of drops in dropwatch (git-fixes). - openvswitch: Fix overreporting of drops in dropwatch (git-fixes). - openvswitch: add nf_ct_is_confirmed check before assigning the helper (git-fixes). - openvswitch: switch from WARN to pr_warn (git-fixes). - overflow.h: restore __ab_c_size (git-fixes). - overflow: Implement size_t saturating arithmetic helpers (jsc#PED-1211). - pci/aspm: Correct LTR_L1.2_THRESHOLD computation (git-fixes). - pci/aspm: Ignore L1 PM Substates if device lacks capability (git-fixes). - pci: Fix used_buses calculation in pci_scan_child_bus_extend() (git-fixes). - pci: Sanitise firmware BAR assignments behind a PCI-PCI bridge (git-fixes). - pci: hv: Fix synchronization between channel callback and hv_compose_msi_msg() (bsc#1204017). - pci: hv: Fix synchronization between channel callback and hv_pci_bus_exit() (bsc#1204017). - pci: hv: Use vmbus_requestor to generate transaction IDs for VMbus hardening (bsc#1204017). - pci: mediatek-gen3: Change driver name to mtk-pcie-gen3 (git-fixes). - phy: amlogic: phy-meson-axg-mipi-pcie-analog: Hold reference returned by of_get_parent() (git-fixes). - phy: qualcomm: call clk_disable_unprepare in the error handling (git-fixes). - pinctrl: Ingenic: JZ4755 bug fixes (git-fixes). - pinctrl: alderlake: Add Intel Alder Lake-N pin controller support (jsc#PED-676). - pinctrl: alderlake: Add Raptor Lake-S ACPI ID (jsc#PED-634). - pinctrl: alderlake: Fix register offsets for ADL-N variant (jsc#PED-676). - pinctrl: armada-37xx: Add missing GPIO-only pins (git-fixes). - pinctrl: armada-37xx: Checks for errors in gpio_request_enable callback (git-fixes). - pinctrl: armada-37xx: Fix definitions for MPP pins 20-22 (git-fixes). - pinctrl: microchip-sgpio: Correct the fwnode_irq_get() return value check (git-fixes). - platform/chrome: cros_ec: Notify the PM of wake events during resume (git-fixes). - platform/chrome: cros_ec_proto: Update version on GET_NEXT_EVENT failure (git-fixes). - platform/chrome: cros_ec_typec: Correct alt mode index (git-fixes). - platform/chrome: fix double-free in chromeos_laptop_prepare() (git-fixes). - platform/chrome: fix memory corruption in ioctl (git-fixes). - platform/x86: asus-wmi: Document the dgpu_disable sysfs attribute (git-fixes). - platform/x86: asus-wmi: Document the egpu_enable sysfs attribute (git-fixes). - platform/x86: asus-wmi: Document the panel_od sysfs attribute (git-fixes). - platform/x86: msi-laptop: Change DMI match / alias strings to fix module autoloading (git-fixes). - platform/x86: msi-laptop: Fix old-ec check for backlight registering (git-fixes). - platform/x86: msi-laptop: Fix resource cleanup (git-fixes). - plip: avoid rcu debug splat (git-fixes). - pm: domains: Fix handling of unavailable/disabled idle states (git-fixes). - pm: hibernate: Allow hybrid sleep to work with s2idle (git-fixes). - power: supply: adp5061: fix out-of-bounds read in adp5061_get_chg_type() (git-fixes). - powerpc/64: Remove unused SYS_CALL_TABLE symbol (jsc#SLE-9246 git-fixes). - powerpc/64: pcpu setup avoid reading mmu_linear_psize on 64e or radix (bsc#1204413 ltc#200176). - powerpc/64s: Fix build failure when CONFIG_PPC_64S_HASH_MMU is not set (bsc#1204413 ltc#200176). - powerpc/64s: Make flush_and_reload_slb a no-op when radix is enabled (bsc#1204413 ltc#200176). - powerpc/64s: Make hash MMU support configurable (bsc#1204413 ltc#200176). - powerpc/64s: Move and rename do_bad_slb_fault as it is not hash specific (bsc#1204413 ltc#200176). - powerpc/64s: Move hash MMU support code under CONFIG_PPC_64S_HASH_MMU (bsc#1204413 ltc#200176). - powerpc/64s: Rename hash_hugetlbpage.c to hugetlbpage.c (bsc#1204413 ltc#200176). - powerpc/fadump: align destination address to pagesize (bsc#1204728 ltc#200074). - powerpc/kprobes: Fix null pointer reference in arch_prepare_kprobe() (jsc#SLE-13847 git-fixes). - powerpc/mm/64s: Drop pgd_huge() (bsc#1065729). - powerpc/pci_dn: Add missing of_node_put() (bsc#1065729). - powerpc/powernv: add missing of_node_put() in opal_export_attrs() (bsc#1065729). - powerpc/pseries/vas: Add VAS IRQ primary handler (bsc#1204413 ltc#200176). - powerpc/pseries: Stop selecting PPC_HASH_MMU_NATIVE (bsc#1204413 ltc#200176). - powerpc/pseries: lparcfg do not include slb_size line in radix mode (bsc#1204413 ltc#200176). - powerpc: Ignore DSI error caused by the copy/paste instruction (bsc#1204413 ltc#200176). - powerpc: Rename PPC_NATIVE to PPC_HASH_MMU_NATIVE (bsc#1204413 ltc#200176). Update config files. - powerpc: make memremap_compat_align 64s-only (bsc#1204413 ltc#200176). - printk: add missing memory barrier to wake_up_klogd() (bsc#1204934). - printk: use atomic updates for klogd work (bsc#1204934). - printk: wake waiters for safe and NMI contexts (bsc#1204934). - r8152: add PID for the Lenovo OneLink+ Dock (git-fixes). - rdma/cma: Fix arguments order in net device validation (git-fixes) - rdma/hfi1: Fix potential integer multiplication overflow errors (git-fixes) - rdma/hns: Add the detection for CMDQ status in the device initialization process (git-fixes) - rdma/irdma: Add support for address handle re-use (git-fixes) - rdma/irdma: Align AE id codes to correct flush code and event (git-fixes) - rdma/irdma: Do not advertise 1GB page size for x722 (git-fixes) - rdma/irdma: Fix VLAN connection with wildcard address (git-fixes) - rdma/irdma: Fix a window for use-after-free (git-fixes) - rdma/irdma: Fix setting of QP context err_rq_idx_valid field (git-fixes) - rdma/irdma: Fix sleep from invalid context BUG (git-fixes) - rdma/irdma: Move union irdma_sockaddr to header file (git-fixes) - rdma/irdma: Remove the unnecessary variable saddr (git-fixes) - rdma/irdma: Report RNR NAK generation in device caps (git-fixes) - rdma/irdma: Report the correct max cqes from query device (git-fixes) - rdma/irdma: Return correct WC error for bind operation failure (git-fixes) - rdma/irdma: Return error on MR deregister CQP failure (git-fixes) - rdma/irdma: Use net_type to check network type (git-fixes) - rdma/irdma: Validate udata inlen and outlen (git-fixes) - rdma/mlx5: Add missing check for return value in get namespace flow (git-fixes) - rdma/mlx5: Do not compare mkey tags in DEVX indirect mkey (git-fixes) - rdma/qedr: Fix potential memory leak in __qedr_alloc_mr() (git-fixes) - rdma/qedr: Fix reporting QP timeout attribute (git-fixes) - rdma/rxe: Fix 'kernel NULL pointer dereference' error (git-fixes) - rdma/rxe: Fix deadlock in rxe_do_local_ops() (git-fixes) - rdma/rxe: Fix error unwind in rxe_create_qp() (git-fixes) - rdma/rxe: Fix mw bind to allow any consumer key portion (git-fixes) - rdma/rxe: Fix resize_finish() in rxe_queue.c (git-fixes) - rdma/rxe: Fix rnr retry behavior (git-fixes) - rdma/rxe: Fix the error caused by qp->sk (git-fixes) - rdma/rxe: For invalidate compare according to set keys in mr (git-fixes) - rdma/rxe: Generate a completion for unsupported/invalid opcode (git-fixes) - rdma/siw: Always consume all skbuf data in sk_data_ready() upcall. (git-fixes) - rdma/siw: Fix QP destroy to wait for all references dropped. (git-fixes) - rdma/siw: Fix duplicated reported IW_CM_EVENT_CONNECT_REPLY event (git-fixes) - rdma/siw: Pass a pointer to virt_to_page() (git-fixes) - rdma/srp: Fix srp_abort() (git-fixes) - rdma/srp: Handle dev_set_name() failure (git-fixes) - rdma/srp: Rework the srp_add_port() error path (git-fixes) - rdma/srp: Set scmnd->result only when scmnd is not NULL (git-fixes) - rdma/srp: Support more than 255 rdma ports (git-fixes) - rdma/srp: Use the attribute group mechanism for sysfs attributes (git-fixes) - rdma/srpt: Duplicate port name members (git-fixes) - rdma/srpt: Fix a use-after-free (git-fixes) - rdma/srpt: Introduce a reference count in struct srpt_device (git-fixes) - rdma/usnic: fix set-but-not-unused variable 'flags' warning (git-fixes) - rdma: remove useless condition in siw_create_cq() (git-fixes) - regulator: core: Prevent integer underflow (git-fixes). - remoteproc: imx_rproc: Simplify some error message (git-fixes). - revert 'SUNRPC: Remove unreachable error condition' (git-fixes). - revert 'crypto: qat - reduce size of mapped region' (git-fixes). - revert 'drm/amdgpu: use dirty framebuffer helper' (git-fixes). - revert 'usb: storage: Add quirk for Samsung Fit flash' (git-fixes). - revert 'workqueue: remove unused cancel_work()' (bsc#1204933). - ring-buffer: Add ring_buffer_wake_waiters() (git-fixes). - ring-buffer: Allow splice to read previous partially read pages (git-fixes). - ring-buffer: Check for NULL cpu_buffer in ring_buffer_wake_waiters() (bsc#1204705). - ring-buffer: Check pending waiters when doing wake ups as well (git-fixes). - ring-buffer: Fix race between reset page and reading page (git-fixes). - ring-buffer: Have the shortest_full queue be the shortest not longest (git-fixes). - rose: Fix NULL pointer dereference in rose_send_frame() (git-fixes). - rpm/check-for-config-changes: loosen pattern for AS_HAS_* This is needed to handle CONFIG_AS_HAS_NON_CONST_LEB128. - rpmsg: qcom: glink: replace strncpy() with strscpy_pad() (git-fixes). - rtc: stmp3xxx: Add failure handling for stmp3xxx_wdt_register() (git-fixes). - s390/dasd: fix Oops in dasd_alias_get_start_dev due to missing pavgroup (git-fixes). - s390/smp: enforce lowcore protection on CPU restart (git-fixes). - sbitmap: Avoid leaving waitqueue in invalid state in __sbq_wake_up() (git-fixes). - sbitmap: fix possible io hung due to lost wakeup (git-fixes). - scsi: libsas: Fix use-after-free bug in smp_execute_task_sg() (git-fixes). - scsi: lpfc: Create a sysfs entry called lpfc_xcvr_data for transceiver info (bsc#1204957). - scsi: lpfc: Fix hard lockup when reading the rx_monitor from debugfs (bsc#1204957). - scsi: lpfc: Fix memory leak in lpfc_create_port() (bsc#1204957). - scsi: lpfc: Fix spelling mistake 'unsolicted' -> 'unsolicited' (bsc#1204957). - scsi: lpfc: Log when congestion management limits are in effect (bsc#1204957). - scsi: lpfc: Set sli4_param's cmf option to zero when CMF is turned off (bsc#1204957). - scsi: lpfc: Update lpfc version to 14.2.0.8 (bsc#1204957). - scsi: lpfc: Update the obsolete adapter list (bsc#1204142). - scsi: mpi3mr: Schedule IRQ kthreads only on non-RT kernels (bnc#1204498). - scsi: qla2xxx: Fix serialization of DCBX TLV data request (bsc#1204963). - scsi: qla2xxx: Use transport-defined speed mask for supported_speeds (bsc#1204963). - scsi: scsi_transport_fc: Use %u for dev_loss_tmo (bsc#1202914). - scsi: ufs: ufs-pci: Add support for Intel ADL (jsc#PED-707). - scsi: ufs: ufs-pci: Add support for Intel MTL (jsc#PED-732). - selftest: tpm2: Add Client.__del__() to close /dev/tpm* handle (git-fixes). - selftests/livepatch: better synchronize test_klp_callbacks_busy (bsc#1071995). - selftests/pidfd_test: Remove the erroneous ',' (git-fixes). - selftests/powerpc: Skip energy_scale_info test on older firmware (git-fixes). - selftests: netfilter: Fix nft_fib.sh for all.rp_filter=1 (git-fixes). - selinux: allow FIOCLEX and FIONCLEX with policy capability (git-fixes). - selinux: enable use of both GFP_KERNEL and GFP_ATOMIC in convert_context() (git-fixes). - selinux: use 'grep -E' instead of 'egrep' (git-fixes). - serial: 8250: Fix restoring termios speed after suspend (git-fixes). - serial: core: move RS485 configuration tasks from drivers into core (git-fixes). - sfc: disable softirqs for ptp TX (git-fixes). - sfc: fix kernel panic when creating VF (git-fixes). - sfc: fix use after free when disabling sriov (git-fixes). - signal: break out of wait loops on kthread_stop() (bsc#1204926). - slimbus: qcom-ngd: cleanup in probe error path (git-fixes). - slimbus: qcom-ngd: use correct error in message of pdr_add_lookup() failure (git-fixes). - soc/tegra: fuse: Drop Kconfig dependency on TEGRA20_APB_DMA (git-fixes). - soc: qcom: smem_state: Add refcounting for the 'state->of_node' (git-fixes). - soc: qcom: smsm: Fix refcount leak bugs in qcom_smsm_probe() (git-fixes). - soc: sunxi: sram: Fix probe function ordering issues (git-fixes). - soc: sunxi_sram: Make use of the helper function devm_platform_ioremap_resource() (git-fixes). - soundwire: cadence: Do not overwrite msg->buf during write commands (git-fixes). - soundwire: intel: fix error handling on dai registration issues (git-fixes). - spi: Ensure that sg_table won't be used after being freed (git-fixes). - spi: pxa2xx: Add support for Intel Meteor Lake-P (jsc#PED-732). - spi: pxa2xx: Add support for Intel Raptor Lake PCH-S (jsc#PED-634). - spmi: pmic-arb: correct duplicate APID to PPID mapping logic (git-fixes). - spmi: pmic-arb: do not ack and clear peripheral interrupts in cleanup_irq (git-fixes). - staging: rtl8723bs: fix a potential memory leak in rtw_init_cmd_priv() (git-fixes). - staging: rtl8723bs: fix potential memory leak in rtw_init_drv_sw() (git-fixes). - staging: vt6655: fix potential memory leak (git-fixes). - staging: vt6655: fix some erroneous memory clean-up loops (git-fixes). - stmmac: intel: Add a missing clk_disable_unprepare() call in intel_eth_pci_remove() (git-fixes). - stmmac: intel: Fix an error handling path in intel_eth_pci_probe() (git-fixes). - thermal/drivers/qcom/tsens-v0_1: Fix MSM8939 fourth sensor hw_id (git-fixes). - thermal: cpufreq_cooling: Check the policy first in cpufreq_cooling_register() (git-fixes). - thermal: int340x: Mode setting with new OS handshake (jsc#PED-678). - thermal: int340x: Update OS policy capability handshake (jsc#PED-678). - thermal: intel_powerclamp: Use first online CPU as control_cpu (git-fixes). - thermal: intel_powerclamp: Use get_cpu() instead of smp_processor_id() to avoid crash (git-fixes). - thunderbolt: Add back Intel Falcon Ridge end-to-end flow control workaround (git-fixes). - thunderbolt: Add missing device ID to tb_switch_is_alpine_ridge() (git-fixes). - thunderbolt: Add support for Intel Raptor Lake (jsc#PED-634). - thunderbolt: Disable LTTPR on Intel Titan Ridge (git-fixes). - thunderbolt: Explicitly enable lane adapter hotplug events at startup (git-fixes). - thunderbolt: Explicitly reset plug events delay back to USB4 spec value (git-fixes). - thunderbolt: Fix buffer allocation of devices with no DisplayPort adapters (git-fixes). - tracing/osnoise: Fix possible recursive locking in stop_per_cpu_kthreads (git-fixes). - tracing: Add '(fault)' name injection to kernel probes (git-fixes). - tracing: Add ioctl() to force ring buffer waiters to wake up (git-fixes). - tracing: Disable interrupt or preemption before acquiring arch_spinlock_t (git-fixes). - tracing: Do not free snapshot if tracer is on cmdline (git-fixes). - tracing: Fix reading strings from synthetic events (git-fixes). - tracing: Move duplicate code of trace_kprobe/eprobe.c into header (git-fixes). - tracing: Replace deprecated CPU-hotplug functions (git-fixes). - tracing: Simplify conditional compilation code in tracing_set_tracer() (git-fixes). - tracing: Wake up ring buffer waiters on closing of the file (git-fixes). - tracing: Wake up waiters when tracing is disabled (git-fixes). - tracing: kprobe: Fix kprobe event gen test module on exit (git-fixes).++ kernel-source.spec (revision 4)Release: <RELEASE>.g76cfe60Provides: %name-srchash-76cfe60e3ab724313d9fba4cf5ebaf12ad49ea0e - tracing: kprobe: Make gen test module work in arm and riscv (git-fixes). - tty: serial: fsl_lpuart: disable dma rx/tx use flags in lpuart_dma_shutdown (git-fixes). - tty: xilinx_uartps: Fix the ignore_status (git-fixes). - uas: add no-uas quirk for Hiksemi usb_disk (git-fixes). - uas: ignore UAS for Thinkplus chips (git-fixes). - udmabuf: Set ubuf->sg = NULL if the creation of sg table fails (git-fixes). - update kabi files. Refresh from Nov 2022 MU - 5.14.21-150400.24.28.1 - update patches.suse/kbuild-Add-skip_encoding_btf_enum64-option-to-pahole.patch (bsc#1204693). - usb-storage: Add Hiksemi USB3-FW to IGNORE_UAS (git-fixes). - usb/hcd: Fix dma_map_sg error check (git-fixes). - usb: add RESET_RESUME quirk for NVIDIA Jetson devices in RCM (git-fixes). - usb: add quirks for Lenovo OneLink+ Dock (git-fixes). - usb: bdc: change state when port disconnected (git-fixes). - usb: cdc-wdm: Use skb_put_data() instead of skb_put/memcpy pair (git-fixes). - usb: common: debug: Check non-standard control requests (git-fixes). - usb: dwc3: core: Enable GUCTL1 bit 10 for fixing termination error after resume bug (git-fixes). - usb: dwc3: gadget: Do not set IMI for no_interrupt (git-fixes). - usb: dwc3: gadget: Stop processing more requests on IMI (git-fixes). - usb: ehci: Fix a function name in comments (git-fixes). - usb: gadget: bdc: fix typo in comment (git-fixes). - usb: gadget: f_fs: stricter integer overflow checks (git-fixes). - usb: gadget: function: fix dangling pnp_string in f_printer.c (git-fixes). - usb: host: xhci-plat: suspend and resume clocks (git-fixes). - usb: host: xhci-plat: suspend/resume clks for brcm (git-fixes). - usb: host: xhci: Fix potential memory leak in xhci_alloc_stream_info() (git-fixes). - usb: idmouse: fix an uninit-value in idmouse_open (git-fixes). - usb: mon: make mmapped memory read only (git-fixes). - usb: mtu3: fix failed runtime suspend in host only mode (git-fixes). - usb: musb: Fix musb_gadget.c rxstate overflow bug (git-fixes). - usb: serial: console: move mutex_unlock() before usb_serial_put() (git-fixes). - usb: serial: ftdi_sio: fix 300 bps rate for SIO (git-fixes). - usb: serial: qcserial: add new usb-id for Dell branded EM7455 (git-fixes). - usb: typec: tcpm: fix typo in comment (git-fixes). - usb: xhci: add XHCI_SPURIOUS_SUCCESS to ASM1042 despite being a V0.96 controller (git-fixes). - virt: vbox: convert to use dev_groups (git-fixes). - vsock: fix possible infinite sleep in vsock_connectible_wait_data() (git-fixes). - vsock: remove the unused 'wait' in vsock_connectible_recvmsg() (git-fixes). - watchdog/hpwdt: Include nmi.h only if CONFIG_HPWDT_NMI_DECODING (git-fixes). - watchdog: armada_37xx_wdt: Fix .set_timeout callback (git-fixes). - watchdog: ftwdt010_wdt: fix test for platform_get_irq() failure (git-fixes). - wifi: ath9k: avoid uninit memory read in ath9k_htc_rx_msg() (git-fixes). - wifi: brcmfmac: fix invalid address access when enabling SCAN log level (git-fixes). - wifi: brcmfmac: fix use-after-free bug in brcmf_netdev_start_xmit() (git-fixes). - wifi: cfg80211/mac80211: reject bad MBSSID elements (git-fixes). - wifi: cfg80211: fix ieee80211_data_to_8023_exthdr handling of small packets (git-fixes). - wifi: cfg80211: update hidden BSSes to avoid WARN_ON (git-fixes). - wifi: iwlwifi: mvm: fix double list_add at iwl_mvm_mac_wake_tx_queue (other cases) (git-fixes). - wifi: mac80211: do not drop packets smaller than the LLC-SNAP header on fast-rx (git-fixes). - wifi: mac80211: fix decap offload for stations on AP_VLAN interfaces (git-fixes). - wifi: mac80211: fix probe req HE capabilities access (git-fixes). - wifi: mac80211_hwsim: avoid mac80211 warning on bad rate (git-fixes). - wifi: mt76: mt7921: reset msta->airtime_ac while clearing up hw value (git-fixes). - wifi: rt2x00: correctly set BBP register 86 for MT7620 (git-fixes). - wifi: rt2x00: do not run Rt5592 IQ calibration on MT7620 (git-fixes). - wifi: rt2x00: set SoC wmac clock register (git-fixes). - wifi: rt2x00: set VGC gain for both chains of MT7620 (git-fixes). - wifi: rt2x00: set correct TX_SW_CFG1 MAC register for MT7620 (git-fixes). - wwan_hwsim: fix possible memory leak in wwan_hwsim_dev_new() (git-fixes). - x86/boot: Do not propagate uninitialized boot_params->cc_blob_address (bsc#1204970). - x86/boot: Fix the setup data types max limit (bsc#1204970). - x86/compressed/64: Add identity mappings for setup_data entries (bsc#1204970). - x86/sev: Annotate stack change in the #VC handler (bsc#1204970). - x86/sev: Do not use cc_platform_has() for early SEV-SNP calls (bsc#1204970). - x86/sev: Remove duplicated assignment to variable info (bsc#1204970). - xen/gntdev: Prevent leaking grants (git-fixes). - xhci-pci: Set runtime PM as default policy on all xHC 1.2 or later devices (git-fixes). - xhci: Add quirk to reset host back to default state at shutdown (git-fixes). - xhci: Do not show warning for reinit on known broken suspend (git-fixes). - xhci: Remove device endpoints from bandwidth list when freeing the device (git-fixes). - xhci: dbc: Fix memory leak in xhci_alloc_dbc() (git-fixes). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4081-1 Released: Fri Nov 18 15:40:46 2022 Summary: Security update for dpkg Type: security Severity: low References: 1199944,CVE-2022-1664 This update for dpkg fixes the following issues: - CVE-2022-1664: Fixed a directory traversal vulnerability in Dpkg::Source::Archive (bsc#1199944). The following package changes have been done: - apparmor-abstractions-3.0.4-150400.5.3.1 updated - apparmor-parser-3.0.4-150400.5.3.1 updated - bind-utils-9.16.33-150400.5.11.1 updated - curl-7.79.1-150400.5.9.1 updated - dbus-1-1.12.2-150400.18.5.1 updated - dhcp-client-4.3.6.P1-150000.6.17.1 updated - dhcp-4.3.6.P1-150000.6.17.1 updated - docker-20.10.17_ce-150000.169.1 updated - grub2-i386-pc-2.06-150400.11.12.1 updated - grub2-x86_64-efi-2.06-150400.11.12.1 updated - grub2-x86_64-xen-2.06-150400.11.12.1 updated - grub2-2.06-150400.11.12.1 updated - kdump-1.0.2+git14.gb49d4a3-150400.3.5.1 updated - kernel-default-5.14.21-150400.24.33.2 updated - libapparmor1-3.0.4-150400.5.3.1 updated - libblkid1-2.37.2-150400.8.8.1 updated - libcurl4-7.79.1-150400.5.9.1 updated - libdbus-1-3-1.12.2-150400.18.5.1 updated - libexpat1-2.4.4-150400.3.12.1 updated - libfdisk1-2.37.2-150400.8.8.1 updated - libgnutls30-3.7.3-150400.4.19.1 updated - libksba8-1.3.5-150000.4.3.1 updated - libmount1-2.37.2-150400.8.8.1 updated - libopenssl1_1-1.1.1l-150400.7.13.1 updated - libprotobuf-lite20-3.9.2-150200.4.19.2 updated - libsmartcols1-2.37.2-150400.8.8.1 updated - libsystemd0-249.12-150400.8.13.1 updated - libtasn1-6-4.13-150000.4.8.1 updated - libtasn1-4.13-150000.4.8.1 updated - libudev1-249.12-150400.8.13.1 updated - libusb-1_0-0-1.0.24-150400.3.3.1 updated - libuuid1-2.37.2-150400.8.8.1 updated - libuv1-1.18.0-150400.11.3.1 updated - libxml2-2-2.9.14-150400.5.10.1 updated - libz1-1.2.11-150000.3.36.1 updated - libzck1-1.1.16-150400.3.2.1 updated - nfs-client-2.1.1-150100.10.27.1 updated - openssh-clients-8.4p1-150300.3.12.2 updated - openssh-common-8.4p1-150300.3.12.2 updated - openssh-server-8.4p1-150300.3.12.2 updated - openssh-8.4p1-150300.3.12.2 updated - openssl-1_1-1.1.1l-150400.7.13.1 updated - pam-1.3.0-150000.6.61.1 updated - permissions-20201225-150400.5.16.1 updated - python3-apipkg-1.4-150000.3.4.1 updated - python3-bind-9.16.33-150400.5.11.1 updated - python3-iniconfig-1.1.1-150000.1.9.1 updated - runc-1.1.4-150000.36.1 updated - sudo-1.9.9-150400.4.6.1 updated - systemd-sysvinit-249.12-150400.8.13.1 updated - systemd-249.12-150400.8.13.1 updated - timezone-2022f-150000.75.15.1 updated - udev-249.12-150400.8.13.1 updated - update-alternatives-1.19.0.4-150000.4.4.1 updated - util-linux-systemd-2.37.2-150400.8.8.1 updated - util-linux-2.37.2-150400.8.8.1 updated - xen-libs-4.16.2_08-150400.4.16.1 updated - xen-tools-domU-4.16.2_08-150400.4.16.1 updated From sle-updates at lists.suse.com Mon Nov 21 14:21:43 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 21 Nov 2022 15:21:43 +0100 (CET) Subject: SUSE-SU-2022:4140-1: important: Security update for grub2 Message-ID: <20221121142143.C0712F3E2@maintenance.suse.de> SUSE Security Update: Security update for grub2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:4140-1 Rating: important References: #1205178 #1205182 Cross-References: CVE-2022-2601 CVE-2022-3775 CVSS scores: CVE-2022-2601 (SUSE): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2022-3775 (SUSE): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server for SAP 15 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for grub2 fixes the following issues: - CVE-2022-2601: Fixed buffer overflow in grub_font_construct_glyph (bsc#1205178). - CVE-2022-3775: Fixed integer underflow in blit_comb() (bsc#1205182). Other: - Bump upstream SBAT generation to 3 Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-4140=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2022-4140=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-4140=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-4140=1 Package List: - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): grub2-2.02-150000.122.17.1 grub2-debuginfo-2.02-150000.122.17.1 - SUSE Linux Enterprise Server for SAP 15 (ppc64le): grub2-powerpc-ieee1275-2.02-150000.122.17.1 - SUSE Linux Enterprise Server for SAP 15 (noarch): grub2-snapper-plugin-2.02-150000.122.17.1 grub2-systemd-sleep-plugin-2.02-150000.122.17.1 - SUSE Linux Enterprise Server for SAP 15 (x86_64): grub2-debugsource-2.02-150000.122.17.1 grub2-i386-pc-2.02-150000.122.17.1 grub2-x86_64-efi-2.02-150000.122.17.1 grub2-x86_64-xen-2.02-150000.122.17.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): grub2-2.02-150000.122.17.1 grub2-debuginfo-2.02-150000.122.17.1 grub2-debugsource-2.02-150000.122.17.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64): grub2-arm64-efi-2.02-150000.122.17.1 - SUSE Linux Enterprise Server 15-LTSS (noarch): grub2-snapper-plugin-2.02-150000.122.17.1 grub2-systemd-sleep-plugin-2.02-150000.122.17.1 - SUSE Linux Enterprise Server 15-LTSS (s390x): grub2-s390x-emu-2.02-150000.122.17.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): grub2-2.02-150000.122.17.1 grub2-debuginfo-2.02-150000.122.17.1 grub2-debugsource-2.02-150000.122.17.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64): grub2-arm64-efi-2.02-150000.122.17.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (noarch): grub2-snapper-plugin-2.02-150000.122.17.1 grub2-systemd-sleep-plugin-2.02-150000.122.17.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (x86_64): grub2-i386-pc-2.02-150000.122.17.1 grub2-x86_64-efi-2.02-150000.122.17.1 grub2-x86_64-xen-2.02-150000.122.17.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): grub2-2.02-150000.122.17.1 grub2-debuginfo-2.02-150000.122.17.1 grub2-debugsource-2.02-150000.122.17.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64): grub2-arm64-efi-2.02-150000.122.17.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (noarch): grub2-snapper-plugin-2.02-150000.122.17.1 grub2-systemd-sleep-plugin-2.02-150000.122.17.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (x86_64): grub2-i386-pc-2.02-150000.122.17.1 grub2-x86_64-efi-2.02-150000.122.17.1 grub2-x86_64-xen-2.02-150000.122.17.1 References: https://www.suse.com/security/cve/CVE-2022-2601.html https://www.suse.com/security/cve/CVE-2022-3775.html https://bugzilla.suse.com/1205178 https://bugzilla.suse.com/1205182 From sle-updates at lists.suse.com Mon Nov 21 14:22:30 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 21 Nov 2022 15:22:30 +0100 (CET) Subject: SUSE-SU-2022:4144-1: important: Security update for grub2 Message-ID: <20221121142230.138B0F3E2@maintenance.suse.de> SUSE Security Update: Security update for grub2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:4144-1 Rating: important References: #1205178 #1205182 Cross-References: CVE-2022-2601 CVE-2022-3775 CVSS scores: CVE-2022-2601 (SUSE): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2022-3775 (SUSE): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Server 12-SP2-BCL ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for grub2 fixes the following issues: Security Fixes: - CVE-2022-2601: Fixed buffer overflow in grub_font_construct_glyph (bsc#1205178). - CVE-2022-3775: Fixed integer underflow in blit_comb() (bsc#1205182). Other: - Bump upstream SBAT generation to 3 Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2022-4144=1 Package List: - SUSE Linux Enterprise Server 12-SP2-BCL (noarch): grub2-snapper-plugin-2.02-115.72.1 grub2-systemd-sleep-plugin-2.02-115.72.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): grub2-2.02-115.72.1 grub2-debuginfo-2.02-115.72.1 grub2-debugsource-2.02-115.72.1 grub2-i386-pc-2.02-115.72.1 grub2-x86_64-efi-2.02-115.72.1 grub2-x86_64-xen-2.02-115.72.1 References: https://www.suse.com/security/cve/CVE-2022-2601.html https://www.suse.com/security/cve/CVE-2022-3775.html https://bugzilla.suse.com/1205178 https://bugzilla.suse.com/1205182 From sle-updates at lists.suse.com Mon Nov 21 14:23:52 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 21 Nov 2022 15:23:52 +0100 (CET) Subject: SUSE-SU-2022:4148-1: important: Security update for pixman Message-ID: <20221121142352.C8AB3F3E2@maintenance.suse.de> SUSE Security Update: Security update for pixman ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:4148-1 Rating: important References: #1205033 Cross-References: CVE-2022-44638 CVSS scores: CVE-2022-44638 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-44638 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Enterprise Storage 7 SUSE Enterprise Storage 7.1 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Desktop Applications 15-SP3 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.1 SUSE Manager Retail Branch Server 4.2 SUSE Manager Server 4.1 SUSE Manager Server 4.2 openSUSE Leap 15.3 openSUSE Leap Micro 5.2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for pixman fixes the following issues: - CVE-2022-44638: Fixed an integer overflow in pixman_sample_floor_y leading to heap out-of-bounds write (bsc#1205033). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap Micro 5.2: zypper in -t patch openSUSE-Leap-Micro-5.2-2022-4148=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-4148=1 - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-4148=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-4148=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-4148=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-4148=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-4148=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-4148=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-4148=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-4148=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-4148=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-4148=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2022-4148=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP3-2022-4148=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP3-2022-4148=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-4148=1 - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-4148=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-4148=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-4148=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-4148=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-4148=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-4148=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-4148=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-4148=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-4148=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-4148=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - openSUSE Leap Micro 5.2 (aarch64 x86_64): libpixman-1-0-0.34.0-150000.7.5.1 libpixman-1-0-debuginfo-0.34.0-150000.7.5.1 pixman-debugsource-0.34.0-150000.7.5.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): libpixman-1-0-0.34.0-150000.7.5.1 libpixman-1-0-debuginfo-0.34.0-150000.7.5.1 libpixman-1-0-devel-0.34.0-150000.7.5.1 pixman-debugsource-0.34.0-150000.7.5.1 - openSUSE Leap 15.3 (x86_64): libpixman-1-0-32bit-0.34.0-150000.7.5.1 libpixman-1-0-32bit-debuginfo-0.34.0-150000.7.5.1 - SUSE Manager Server 4.1 (ppc64le s390x x86_64): libpixman-1-0-0.34.0-150000.7.5.1 libpixman-1-0-debuginfo-0.34.0-150000.7.5.1 libpixman-1-0-devel-0.34.0-150000.7.5.1 pixman-debugsource-0.34.0-150000.7.5.1 - SUSE Manager Server 4.1 (x86_64): libpixman-1-0-32bit-0.34.0-150000.7.5.1 libpixman-1-0-32bit-debuginfo-0.34.0-150000.7.5.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): libpixman-1-0-0.34.0-150000.7.5.1 libpixman-1-0-32bit-0.34.0-150000.7.5.1 libpixman-1-0-32bit-debuginfo-0.34.0-150000.7.5.1 libpixman-1-0-debuginfo-0.34.0-150000.7.5.1 libpixman-1-0-devel-0.34.0-150000.7.5.1 pixman-debugsource-0.34.0-150000.7.5.1 - SUSE Manager Proxy 4.1 (x86_64): libpixman-1-0-0.34.0-150000.7.5.1 libpixman-1-0-32bit-0.34.0-150000.7.5.1 libpixman-1-0-32bit-debuginfo-0.34.0-150000.7.5.1 libpixman-1-0-debuginfo-0.34.0-150000.7.5.1 libpixman-1-0-devel-0.34.0-150000.7.5.1 pixman-debugsource-0.34.0-150000.7.5.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): libpixman-1-0-0.34.0-150000.7.5.1 libpixman-1-0-debuginfo-0.34.0-150000.7.5.1 libpixman-1-0-devel-0.34.0-150000.7.5.1 pixman-debugsource-0.34.0-150000.7.5.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (x86_64): libpixman-1-0-32bit-0.34.0-150000.7.5.1 libpixman-1-0-32bit-debuginfo-0.34.0-150000.7.5.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): libpixman-1-0-0.34.0-150000.7.5.1 libpixman-1-0-debuginfo-0.34.0-150000.7.5.1 libpixman-1-0-devel-0.34.0-150000.7.5.1 pixman-debugsource-0.34.0-150000.7.5.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (x86_64): libpixman-1-0-32bit-0.34.0-150000.7.5.1 libpixman-1-0-32bit-debuginfo-0.34.0-150000.7.5.1 - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): libpixman-1-0-0.34.0-150000.7.5.1 libpixman-1-0-debuginfo-0.34.0-150000.7.5.1 libpixman-1-0-devel-0.34.0-150000.7.5.1 pixman-debugsource-0.34.0-150000.7.5.1 - SUSE Linux Enterprise Server for SAP 15 (x86_64): libpixman-1-0-32bit-0.34.0-150000.7.5.1 libpixman-1-0-32bit-debuginfo-0.34.0-150000.7.5.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): libpixman-1-0-0.34.0-150000.7.5.1 libpixman-1-0-debuginfo-0.34.0-150000.7.5.1 libpixman-1-0-devel-0.34.0-150000.7.5.1 pixman-debugsource-0.34.0-150000.7.5.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (x86_64): libpixman-1-0-32bit-0.34.0-150000.7.5.1 libpixman-1-0-32bit-debuginfo-0.34.0-150000.7.5.1 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): libpixman-1-0-0.34.0-150000.7.5.1 libpixman-1-0-32bit-0.34.0-150000.7.5.1 libpixman-1-0-32bit-debuginfo-0.34.0-150000.7.5.1 libpixman-1-0-debuginfo-0.34.0-150000.7.5.1 libpixman-1-0-devel-0.34.0-150000.7.5.1 pixman-debugsource-0.34.0-150000.7.5.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): libpixman-1-0-0.34.0-150000.7.5.1 libpixman-1-0-debuginfo-0.34.0-150000.7.5.1 libpixman-1-0-devel-0.34.0-150000.7.5.1 pixman-debugsource-0.34.0-150000.7.5.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (x86_64): libpixman-1-0-32bit-0.34.0-150000.7.5.1 libpixman-1-0-32bit-debuginfo-0.34.0-150000.7.5.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): libpixman-1-0-0.34.0-150000.7.5.1 libpixman-1-0-32bit-0.34.0-150000.7.5.1 libpixman-1-0-32bit-debuginfo-0.34.0-150000.7.5.1 libpixman-1-0-debuginfo-0.34.0-150000.7.5.1 libpixman-1-0-devel-0.34.0-150000.7.5.1 pixman-debugsource-0.34.0-150000.7.5.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): libpixman-1-0-0.34.0-150000.7.5.1 libpixman-1-0-debuginfo-0.34.0-150000.7.5.1 libpixman-1-0-devel-0.34.0-150000.7.5.1 pixman-debugsource-0.34.0-150000.7.5.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (x86_64): libpixman-1-0-32bit-0.34.0-150000.7.5.1 libpixman-1-0-32bit-debuginfo-0.34.0-150000.7.5.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (x86_64): libpixman-1-0-32bit-0.34.0-150000.7.5.1 libpixman-1-0-32bit-debuginfo-0.34.0-150000.7.5.1 pixman-debugsource-0.34.0-150000.7.5.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): libpixman-1-0-0.34.0-150000.7.5.1 libpixman-1-0-debuginfo-0.34.0-150000.7.5.1 libpixman-1-0-devel-0.34.0-150000.7.5.1 pixman-debugsource-0.34.0-150000.7.5.1 - SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64): libpixman-1-0-0.34.0-150000.7.5.1 libpixman-1-0-debuginfo-0.34.0-150000.7.5.1 pixman-debugsource-0.34.0-150000.7.5.1 - SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64): libpixman-1-0-0.34.0-150000.7.5.1 libpixman-1-0-debuginfo-0.34.0-150000.7.5.1 pixman-debugsource-0.34.0-150000.7.5.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): libpixman-1-0-0.34.0-150000.7.5.1 libpixman-1-0-debuginfo-0.34.0-150000.7.5.1 libpixman-1-0-devel-0.34.0-150000.7.5.1 pixman-debugsource-0.34.0-150000.7.5.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (x86_64): libpixman-1-0-32bit-0.34.0-150000.7.5.1 libpixman-1-0-32bit-debuginfo-0.34.0-150000.7.5.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): libpixman-1-0-0.34.0-150000.7.5.1 libpixman-1-0-debuginfo-0.34.0-150000.7.5.1 libpixman-1-0-devel-0.34.0-150000.7.5.1 pixman-debugsource-0.34.0-150000.7.5.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (x86_64): libpixman-1-0-32bit-0.34.0-150000.7.5.1 libpixman-1-0-32bit-debuginfo-0.34.0-150000.7.5.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): libpixman-1-0-0.34.0-150000.7.5.1 libpixman-1-0-debuginfo-0.34.0-150000.7.5.1 libpixman-1-0-devel-0.34.0-150000.7.5.1 pixman-debugsource-0.34.0-150000.7.5.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (x86_64): libpixman-1-0-32bit-0.34.0-150000.7.5.1 libpixman-1-0-32bit-debuginfo-0.34.0-150000.7.5.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): libpixman-1-0-0.34.0-150000.7.5.1 libpixman-1-0-debuginfo-0.34.0-150000.7.5.1 libpixman-1-0-devel-0.34.0-150000.7.5.1 pixman-debugsource-0.34.0-150000.7.5.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (x86_64): libpixman-1-0-32bit-0.34.0-150000.7.5.1 libpixman-1-0-32bit-debuginfo-0.34.0-150000.7.5.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): libpixman-1-0-0.34.0-150000.7.5.1 libpixman-1-0-debuginfo-0.34.0-150000.7.5.1 libpixman-1-0-devel-0.34.0-150000.7.5.1 pixman-debugsource-0.34.0-150000.7.5.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (x86_64): libpixman-1-0-32bit-0.34.0-150000.7.5.1 libpixman-1-0-32bit-debuginfo-0.34.0-150000.7.5.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): libpixman-1-0-0.34.0-150000.7.5.1 libpixman-1-0-debuginfo-0.34.0-150000.7.5.1 libpixman-1-0-devel-0.34.0-150000.7.5.1 pixman-debugsource-0.34.0-150000.7.5.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (x86_64): libpixman-1-0-32bit-0.34.0-150000.7.5.1 libpixman-1-0-32bit-debuginfo-0.34.0-150000.7.5.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): libpixman-1-0-0.34.0-150000.7.5.1 libpixman-1-0-debuginfo-0.34.0-150000.7.5.1 libpixman-1-0-devel-0.34.0-150000.7.5.1 pixman-debugsource-0.34.0-150000.7.5.1 - SUSE Enterprise Storage 7 (x86_64): libpixman-1-0-32bit-0.34.0-150000.7.5.1 libpixman-1-0-32bit-debuginfo-0.34.0-150000.7.5.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): libpixman-1-0-0.34.0-150000.7.5.1 libpixman-1-0-debuginfo-0.34.0-150000.7.5.1 libpixman-1-0-devel-0.34.0-150000.7.5.1 pixman-debugsource-0.34.0-150000.7.5.1 - SUSE Enterprise Storage 6 (x86_64): libpixman-1-0-32bit-0.34.0-150000.7.5.1 libpixman-1-0-32bit-debuginfo-0.34.0-150000.7.5.1 - SUSE CaaS Platform 4.0 (x86_64): libpixman-1-0-0.34.0-150000.7.5.1 libpixman-1-0-32bit-0.34.0-150000.7.5.1 libpixman-1-0-32bit-debuginfo-0.34.0-150000.7.5.1 libpixman-1-0-debuginfo-0.34.0-150000.7.5.1 libpixman-1-0-devel-0.34.0-150000.7.5.1 pixman-debugsource-0.34.0-150000.7.5.1 References: https://www.suse.com/security/cve/CVE-2022-44638.html https://bugzilla.suse.com/1205033 From sle-updates at lists.suse.com Mon Nov 21 14:25:26 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 21 Nov 2022 15:25:26 +0100 (CET) Subject: SUSE-SU-2022:4142-1: important: Security update for grub2 Message-ID: <20221121142526.657F1F3E2@maintenance.suse.de> SUSE Security Update: Security update for grub2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:4142-1 Rating: important References: #1205178 #1205182 Cross-References: CVE-2022-2601 CVE-2022-3775 CVSS scores: CVE-2022-2601 (SUSE): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2022-3775 (SUSE): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server for SAP 15-SP1 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for grub2 fixes the following issues: Security Fixes: - CVE-2022-2601: Fixed buffer overflow in grub_font_construct_glyph (bsc#1205178). - CVE-2022-3775: Fixed integer underflow in blit_comb() (bsc#1205182). Other: - Bump upstream SBAT generation to 3 Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-4142=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-4142=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-4142=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-4142=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-4142=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-4142=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): grub2-2.02-150100.123.17.1 grub2-debuginfo-2.02-150100.123.17.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (noarch): grub2-i386-pc-2.02-150100.123.17.1 grub2-powerpc-ieee1275-2.02-150100.123.17.1 grub2-snapper-plugin-2.02-150100.123.17.1 grub2-systemd-sleep-plugin-2.02-150100.123.17.1 grub2-x86_64-efi-2.02-150100.123.17.1 grub2-x86_64-xen-2.02-150100.123.17.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (x86_64): grub2-debugsource-2.02-150100.123.17.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): grub2-2.02-150100.123.17.1 grub2-debuginfo-2.02-150100.123.17.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 s390x x86_64): grub2-debugsource-2.02-150100.123.17.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (noarch): grub2-arm64-efi-2.02-150100.123.17.1 grub2-i386-pc-2.02-150100.123.17.1 grub2-powerpc-ieee1275-2.02-150100.123.17.1 grub2-snapper-plugin-2.02-150100.123.17.1 grub2-systemd-sleep-plugin-2.02-150100.123.17.1 grub2-x86_64-efi-2.02-150100.123.17.1 grub2-x86_64-xen-2.02-150100.123.17.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (s390x): grub2-s390x-emu-2.02-150100.123.17.1 - SUSE Linux Enterprise Server 15-SP1-BCL (noarch): grub2-i386-pc-2.02-150100.123.17.1 grub2-snapper-plugin-2.02-150100.123.17.1 grub2-systemd-sleep-plugin-2.02-150100.123.17.1 grub2-x86_64-efi-2.02-150100.123.17.1 grub2-x86_64-xen-2.02-150100.123.17.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): grub2-2.02-150100.123.17.1 grub2-debuginfo-2.02-150100.123.17.1 grub2-debugsource-2.02-150100.123.17.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): grub2-2.02-150100.123.17.1 grub2-debuginfo-2.02-150100.123.17.1 grub2-debugsource-2.02-150100.123.17.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (noarch): grub2-arm64-efi-2.02-150100.123.17.1 grub2-i386-pc-2.02-150100.123.17.1 grub2-snapper-plugin-2.02-150100.123.17.1 grub2-systemd-sleep-plugin-2.02-150100.123.17.1 grub2-x86_64-efi-2.02-150100.123.17.1 grub2-x86_64-xen-2.02-150100.123.17.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): grub2-2.02-150100.123.17.1 grub2-debuginfo-2.02-150100.123.17.1 grub2-debugsource-2.02-150100.123.17.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (noarch): grub2-arm64-efi-2.02-150100.123.17.1 grub2-i386-pc-2.02-150100.123.17.1 grub2-snapper-plugin-2.02-150100.123.17.1 grub2-systemd-sleep-plugin-2.02-150100.123.17.1 grub2-x86_64-efi-2.02-150100.123.17.1 grub2-x86_64-xen-2.02-150100.123.17.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): grub2-2.02-150100.123.17.1 grub2-debuginfo-2.02-150100.123.17.1 grub2-debugsource-2.02-150100.123.17.1 - SUSE Enterprise Storage 6 (noarch): grub2-arm64-efi-2.02-150100.123.17.1 grub2-i386-pc-2.02-150100.123.17.1 grub2-snapper-plugin-2.02-150100.123.17.1 grub2-systemd-sleep-plugin-2.02-150100.123.17.1 grub2-x86_64-efi-2.02-150100.123.17.1 grub2-x86_64-xen-2.02-150100.123.17.1 - SUSE CaaS Platform 4.0 (x86_64): grub2-2.02-150100.123.17.1 grub2-debuginfo-2.02-150100.123.17.1 grub2-debugsource-2.02-150100.123.17.1 - SUSE CaaS Platform 4.0 (noarch): grub2-i386-pc-2.02-150100.123.17.1 grub2-snapper-plugin-2.02-150100.123.17.1 grub2-systemd-sleep-plugin-2.02-150100.123.17.1 grub2-x86_64-efi-2.02-150100.123.17.1 grub2-x86_64-xen-2.02-150100.123.17.1 References: https://www.suse.com/security/cve/CVE-2022-2601.html https://www.suse.com/security/cve/CVE-2022-3775.html https://bugzilla.suse.com/1205178 https://bugzilla.suse.com/1205182 From sle-updates at lists.suse.com Mon Nov 21 14:26:22 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 21 Nov 2022 15:26:22 +0100 (CET) Subject: SUSE-SU-2022:4147-1: important: Security update for kubevirt stack Message-ID: <20221121142622.DB960F3E2@maintenance.suse.de> SUSE Security Update: Security update for kubevirt stack ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:4147-1 Rating: important References: Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Micro 5.3 SUSE Linux Enterprise Module for Containers 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 openSUSE Leap Micro 5.3 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update provides rebuilds of the kubevirt containers with up to date base images, fixing various security issues. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap Micro 5.3: zypper in -t patch openSUSE-Leap-Micro-5.3-2022-4147=1 - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-4147=1 - SUSE Linux Enterprise Module for Containers 15-SP4: zypper in -t patch SUSE-SLE-Module-Containers-15-SP4-2022-4147=1 - SUSE Linux Enterprise Micro 5.3: zypper in -t patch SUSE-SLE-Micro-5.3-2022-4147=1 Package List: - openSUSE Leap Micro 5.3 (x86_64): kubevirt-manifests-0.54.0-150400.3.7.1 kubevirt-virtctl-0.54.0-150400.3.7.1 kubevirt-virtctl-debuginfo-0.54.0-150400.3.7.1 - openSUSE Leap 15.4 (x86_64): kubevirt-container-disk-0.54.0-150400.3.7.1 kubevirt-container-disk-debuginfo-0.54.0-150400.3.7.1 kubevirt-manifests-0.54.0-150400.3.7.1 kubevirt-tests-0.54.0-150400.3.7.1 kubevirt-tests-debuginfo-0.54.0-150400.3.7.1 kubevirt-virt-api-0.54.0-150400.3.7.1 kubevirt-virt-api-debuginfo-0.54.0-150400.3.7.1 kubevirt-virt-controller-0.54.0-150400.3.7.1 kubevirt-virt-controller-debuginfo-0.54.0-150400.3.7.1 kubevirt-virt-handler-0.54.0-150400.3.7.1 kubevirt-virt-handler-debuginfo-0.54.0-150400.3.7.1 kubevirt-virt-launcher-0.54.0-150400.3.7.1 kubevirt-virt-launcher-debuginfo-0.54.0-150400.3.7.1 kubevirt-virt-operator-0.54.0-150400.3.7.1 kubevirt-virt-operator-debuginfo-0.54.0-150400.3.7.1 kubevirt-virtctl-0.54.0-150400.3.7.1 kubevirt-virtctl-debuginfo-0.54.0-150400.3.7.1 obs-service-kubevirt_containers_meta-0.54.0-150400.3.7.1 - SUSE Linux Enterprise Module for Containers 15-SP4 (x86_64): kubevirt-manifests-0.54.0-150400.3.7.1 kubevirt-virtctl-0.54.0-150400.3.7.1 kubevirt-virtctl-debuginfo-0.54.0-150400.3.7.1 - SUSE Linux Enterprise Micro 5.3 (x86_64): kubevirt-manifests-0.54.0-150400.3.7.1 kubevirt-virtctl-0.54.0-150400.3.7.1 kubevirt-virtctl-debuginfo-0.54.0-150400.3.7.1 References: From sle-updates at lists.suse.com Mon Nov 21 14:26:55 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 21 Nov 2022 15:26:55 +0100 (CET) Subject: SUSE-SU-2022:4143-1: important: Security update for grub2 Message-ID: <20221121142655.23C01F3E2@maintenance.suse.de> SUSE Security Update: Security update for grub2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:4143-1 Rating: important References: #1205178 #1205182 Cross-References: CVE-2022-2601 CVE-2022-3775 CVSS scores: CVE-2022-2601 (SUSE): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2022-3775 (SUSE): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Server 12-SP3-BCL ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for grub2 fixes the following issues: Security Fixes: - CVE-2022-2601: Fixed buffer overflow in grub_font_construct_glyph (bsc#1205178). - CVE-2022-3775: Fixed integer underflow in blit_comb() (bsc#1205182). Other: - Bump upstream SBAT generation to 3 Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2022-4143=1 Package List: - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): grub2-2.02-142.1 grub2-debuginfo-2.02-142.1 grub2-debugsource-2.02-142.1 grub2-i386-pc-2.02-142.1 grub2-x86_64-efi-2.02-142.1 grub2-x86_64-xen-2.02-142.1 - SUSE Linux Enterprise Server 12-SP3-BCL (noarch): grub2-snapper-plugin-2.02-142.1 grub2-systemd-sleep-plugin-2.02-142.1 References: https://www.suse.com/security/cve/CVE-2022-2601.html https://www.suse.com/security/cve/CVE-2022-3775.html https://bugzilla.suse.com/1205178 https://bugzilla.suse.com/1205182 From sle-updates at lists.suse.com Mon Nov 21 14:28:31 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 21 Nov 2022 15:28:31 +0100 (CET) Subject: SUSE-SU-2022:4146-1: moderate: Security update for binutils Message-ID: <20221121142831.ADC92F3E2@maintenance.suse.de> SUSE Security Update: Security update for binutils ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:4146-1 Rating: moderate References: #1142579 #1185597 #1185712 #1188374 #1191473 #1193929 #1194783 #1197592 #1198237 #1202816 #1202966 #1202967 #1202969 PED-2029 PED-2030 PED-2031 PED-2032 PED-2033 PED-2034 PED-2035 PED-2038 SLE-25046 SLE-25047 Cross-References: CVE-2019-1010204 CVE-2021-3530 CVE-2021-3648 CVE-2021-3826 CVE-2021-45078 CVE-2021-46195 CVE-2022-27943 CVE-2022-38126 CVE-2022-38127 CVE-2022-38533 CVSS scores: CVE-2019-1010204 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2019-1010204 (SUSE): 4 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2021-3530 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-3530 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2021-3648 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2021-3826 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-3826 (SUSE): 6.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H CVE-2021-45078 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-45078 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2021-46195 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2021-46195 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2022-27943 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2022-27943 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2022-38126 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2022-38126 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-38127 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2022-38127 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-38533 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2022-38533 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Enterprise Storage 7 SUSE Enterprise Storage 7.1 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Module for Development Tools 15-SP3 SUSE Linux Enterprise Module for Development Tools 15-SP4 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.1 SUSE Manager Retail Branch Server 4.2 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.1 SUSE Manager Server 4.2 SUSE Manager Server 4.3 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that solves 10 vulnerabilities, contains 10 features and has three fixes is now available. Description: This update for binutils fixes the following issues: The following security bugs were fixed: - CVE-2019-1010204: Fixed out-of-bounds read in elfcpp/elfcpp_file.h (bsc#1142579). - CVE-2021-3530: Fixed stack-based buffer overflow in demangle_path() in rust-demangle.c (bsc#1185597). - CVE-2021-3648: Fixed infinite loop while demangling rust symbols (bsc#1188374). - CVE-2021-3826: Fixed heap/stack buffer overflow in the dlang_lname function in d-demangle.c (bsc#1202969). - CVE-2021-45078: Fixed out-of-bounds write in stab_xcoff_builtin_type() in stabs.c (bsc#1193929). - CVE-2021-46195: Fixed uncontrolled recursion in libiberty/rust-demangle.c (bsc#1194783). - CVE-2022-27943: Fixed stack exhaustion in demangle_const in (bsc#1197592). - CVE-2022-38126: Fixed assertion fail in the display_debug_names() function in binutils/dwarf.c (bsc#1202966). - CVE-2022-38127: Fixed NULL pointer dereference in the read_and_display_attr_value() function in binutils/dwarf.c (bsc#1202967). - CVE-2022-38533: Fixed heap out-of-bounds read in bfd_getl32 (bsc#1202816). The following non-security bugs were fixed: - SLE toolchain update of binutils, update to 2.39 from 2.37. - Update to 2.39: * The ELF linker will now generate a warning message if the stack is made executable. Similarly it will warn if the output binary contains a segment with all three of the read, write and execute permission bits set. These warnings are intended to help developers identify programs which might be vulnerable to attack via these executable memory regions. The warnings are enabled by default but can be disabled via a command line option. It is also possible to build a linker with the warnings disabled, should that be necessary. * The ELF linker now supports a --package-metadata option that allows embedding a JSON payload in accordance to the Package Metadata specification. * In linker scripts it is now possible to use TYPE= in an output section description to set the section type value. * The objdump program now supports coloured/colored syntax highlighting of its disassembler output for some architectures. (Currently: AVR, RiscV, s390, x86, x86_64). * The nm program now supports a --no-weak/-W option to make it ignore weak symbols. * The readelf and objdump programs now support a -wE option to prevent them from attempting to access debuginfod servers when following links. * The objcopy program's --weaken, --weaken-symbol, and --weaken-symbols options now works with unique symbols as well. - Update to 2.38: * elfedit: Add --output-abiversion option to update ABIVERSION. * Add support for the LoongArch instruction set. * Tools which display symbols or strings (readelf, strings, nm, objdump) have a new command line option which controls how unicode characters are handled. By default they are treated as normal for the tool. Using --unicode=locale will display them according to the current locale. Using --unicode=hex will display them as hex byte values, whilst --unicode=escape will display them as escape sequences. In addition using --unicode=highlight will display them as unicode escape sequences highlighted in red (if supported by the output device). * readelf -r dumps RELR relative relocations now. * Support for efi-app-aarch64, efi-rtdrv-aarch64 and efi-bsdrv-aarch64 has been added to objcopy in order to enable UEFI development using binutils. * ar: Add --thin for creating thin archives. -T is a deprecated alias without diagnostics. In many ar implementations -T has a different meaning, as specified by X/Open System Interface. * Add support for AArch64 system registers that were missing in previous releases. * Add support for the LoongArch instruction set. * Add a command-line option, -muse-unaligned-vector-move, for x86 target to encode aligned vector move as unaligned vector move. * Add support for Cortex-R52+ for Arm. * Add support for Cortex-A510, Cortex-A710, Cortex-X2 for AArch64. * Add support for Cortex-A710 for Arm. * Add support for Scalable Matrix Extension (SME) for AArch64. * The --multibyte-handling=[allow|warn|warn-sym-only] option tells the assembler what to when it encoutners multibyte characters in the input. The default is to allow them. Setting the option to "warn" will generate a warning message whenever any multibyte character is encountered. Using the option to "warn-sym-only" will make the assembler generate a warning whenever a symbol is defined containing multibyte characters. (References to undefined symbols will not generate warnings). * Outputs of .ds.x directive and .tfloat directive with hex input from x86 assembler have been reduced from 12 bytes to 10 bytes to match the output of .tfloat directive. * Add support for 'armv8.8-a', 'armv9-a', 'armv9.1-a', 'armv9.2-a' and 'armv9.3-a' for -march in AArch64 GAS. * Add support for 'armv8.7-a', 'armv8.8-a', 'armv9-a', 'armv9.1-a', 'armv9.2-a' and 'armv9.3-a' for -march in Arm GAS. * Add support for Intel AVX512_FP16 instructions. * Add -z pack-relative-relocs/-z no pack-relative-relocs to x86 ELF linker to pack relative relocations in the DT_RELR section. * Add support for the LoongArch architecture. * Add -z indirect-extern-access/-z noindirect-extern-access to x86 ELF linker to control canonical function pointers and copy relocation. * Add --max-cache-size=SIZE to set the the maximum cache size to SIZE bytes. - Explicitly enable --enable-warn-execstack=yes and --enable-warn-rwx-segments=yes. - Add gprofng subpackage. - Include recognition of 'z16' name for 'arch14' on s390. (bsc#1198237). - Add back fix for bsc#1191473, which got lost in the update to 2.38. - Install symlinks for all target specific tools on arm-eabi-none (bsc#1185712). - Enable PRU architecture for AM335x CPU (Beagle Bone Black board) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-4146=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-4146=1 - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-4146=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-4146=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-4146=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-4146=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-4146=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-4146=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-4146=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-4146=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-4146=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2022-4146=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP3-2022-4146=1 - SUSE Linux Enterprise Module for Development Tools 15-SP4: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2022-4146=1 - SUSE Linux Enterprise Module for Development Tools 15-SP3: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2022-4146=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-4146=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-4146=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-4146=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-4146=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-4146=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-4146=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-4146=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-4146=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): binutils-2.39-150100.7.40.1 binutils-debuginfo-2.39-150100.7.40.1 binutils-debugsource-2.39-150100.7.40.1 binutils-devel-2.39-150100.7.40.1 binutils-gold-2.39-150100.7.40.1 binutils-gold-debuginfo-2.39-150100.7.40.1 cross-arm-binutils-2.39-150100.7.40.1 cross-arm-binutils-debuginfo-2.39-150100.7.40.1 cross-arm-binutils-debugsource-2.39-150100.7.40.1 cross-avr-binutils-2.39-150100.7.40.1 cross-avr-binutils-debuginfo-2.39-150100.7.40.1 cross-avr-binutils-debugsource-2.39-150100.7.40.1 cross-epiphany-binutils-2.39-150100.7.40.1 cross-epiphany-binutils-debuginfo-2.39-150100.7.40.1 cross-epiphany-binutils-debugsource-2.39-150100.7.40.1 cross-hppa-binutils-2.39-150100.7.40.1 cross-hppa-binutils-debuginfo-2.39-150100.7.40.1 cross-hppa-binutils-debugsource-2.39-150100.7.40.1 cross-hppa64-binutils-2.39-150100.7.40.1 cross-hppa64-binutils-debuginfo-2.39-150100.7.40.1 cross-hppa64-binutils-debugsource-2.39-150100.7.40.1 cross-i386-binutils-2.39-150100.7.40.1 cross-i386-binutils-debuginfo-2.39-150100.7.40.1 cross-i386-binutils-debugsource-2.39-150100.7.40.1 cross-ia64-binutils-2.39-150100.7.40.1 cross-ia64-binutils-debuginfo-2.39-150100.7.40.1 cross-ia64-binutils-debugsource-2.39-150100.7.40.1 cross-m68k-binutils-2.39-150100.7.40.1 cross-m68k-binutils-debuginfo-2.39-150100.7.40.1 cross-m68k-binutils-debugsource-2.39-150100.7.40.1 cross-mips-binutils-2.39-150100.7.40.1 cross-mips-binutils-debuginfo-2.39-150100.7.40.1 cross-mips-binutils-debugsource-2.39-150100.7.40.1 cross-ppc-binutils-2.39-150100.7.40.1 cross-ppc-binutils-debuginfo-2.39-150100.7.40.1 cross-ppc-binutils-debugsource-2.39-150100.7.40.1 cross-ppc64-binutils-2.39-150100.7.40.1 cross-ppc64-binutils-debuginfo-2.39-150100.7.40.1 cross-ppc64-binutils-debugsource-2.39-150100.7.40.1 cross-riscv64-binutils-2.39-150100.7.40.1 cross-riscv64-binutils-debuginfo-2.39-150100.7.40.1 cross-riscv64-binutils-debugsource-2.39-150100.7.40.1 cross-rx-binutils-2.39-150100.7.40.1 cross-rx-binutils-debuginfo-2.39-150100.7.40.1 cross-rx-binutils-debugsource-2.39-150100.7.40.1 cross-s390-binutils-2.39-150100.7.40.1 cross-s390-binutils-debuginfo-2.39-150100.7.40.1 cross-s390-binutils-debugsource-2.39-150100.7.40.1 cross-sparc-binutils-2.39-150100.7.40.1 cross-sparc-binutils-debuginfo-2.39-150100.7.40.1 cross-sparc-binutils-debugsource-2.39-150100.7.40.1 cross-sparc64-binutils-2.39-150100.7.40.1 cross-sparc64-binutils-debuginfo-2.39-150100.7.40.1 cross-sparc64-binutils-debugsource-2.39-150100.7.40.1 cross-spu-binutils-2.39-150100.7.40.1 cross-spu-binutils-debuginfo-2.39-150100.7.40.1 cross-spu-binutils-debugsource-2.39-150100.7.40.1 libctf-nobfd0-2.39-150100.7.40.1 libctf-nobfd0-debuginfo-2.39-150100.7.40.1 libctf0-2.39-150100.7.40.1 libctf0-debuginfo-2.39-150100.7.40.1 - openSUSE Leap 15.4 (aarch64 ppc64le x86_64): cross-s390x-binutils-2.39-150100.7.40.1 cross-s390x-binutils-debuginfo-2.39-150100.7.40.1 cross-s390x-binutils-debugsource-2.39-150100.7.40.1 - openSUSE Leap 15.4 (aarch64 ppc64le s390x): cross-x86_64-binutils-2.39-150100.7.40.1 cross-x86_64-binutils-debuginfo-2.39-150100.7.40.1 cross-x86_64-binutils-debugsource-2.39-150100.7.40.1 - openSUSE Leap 15.4 (ppc64le s390x x86_64): cross-aarch64-binutils-2.39-150100.7.40.1 cross-aarch64-binutils-debuginfo-2.39-150100.7.40.1 cross-aarch64-binutils-debugsource-2.39-150100.7.40.1 - openSUSE Leap 15.4 (aarch64 s390x x86_64): cross-ppc64le-binutils-2.39-150100.7.40.1 cross-ppc64le-binutils-debuginfo-2.39-150100.7.40.1 cross-ppc64le-binutils-debugsource-2.39-150100.7.40.1 - openSUSE Leap 15.4 (x86_64): binutils-devel-32bit-2.39-150100.7.40.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): binutils-2.39-150100.7.40.1 binutils-debuginfo-2.39-150100.7.40.1 binutils-debugsource-2.39-150100.7.40.1 binutils-devel-2.39-150100.7.40.1 binutils-gold-2.39-150100.7.40.1 binutils-gold-debuginfo-2.39-150100.7.40.1 cross-arm-binutils-2.39-150100.7.40.1 cross-arm-binutils-debuginfo-2.39-150100.7.40.1 cross-arm-binutils-debugsource-2.39-150100.7.40.1 cross-avr-binutils-2.39-150100.7.40.1 cross-avr-binutils-debuginfo-2.39-150100.7.40.1 cross-avr-binutils-debugsource-2.39-150100.7.40.1 cross-epiphany-binutils-2.39-150100.7.40.1 cross-epiphany-binutils-debuginfo-2.39-150100.7.40.1 cross-epiphany-binutils-debugsource-2.39-150100.7.40.1 cross-hppa-binutils-2.39-150100.7.40.1 cross-hppa-binutils-debuginfo-2.39-150100.7.40.1 cross-hppa-binutils-debugsource-2.39-150100.7.40.1 cross-hppa64-binutils-2.39-150100.7.40.1 cross-hppa64-binutils-debuginfo-2.39-150100.7.40.1 cross-hppa64-binutils-debugsource-2.39-150100.7.40.1 cross-i386-binutils-2.39-150100.7.40.1 cross-i386-binutils-debuginfo-2.39-150100.7.40.1 cross-i386-binutils-debugsource-2.39-150100.7.40.1 cross-ia64-binutils-2.39-150100.7.40.1 cross-ia64-binutils-debuginfo-2.39-150100.7.40.1 cross-ia64-binutils-debugsource-2.39-150100.7.40.1 cross-m68k-binutils-2.39-150100.7.40.1 cross-m68k-binutils-debuginfo-2.39-150100.7.40.1 cross-m68k-binutils-debugsource-2.39-150100.7.40.1 cross-mips-binutils-2.39-150100.7.40.1 cross-mips-binutils-debuginfo-2.39-150100.7.40.1 cross-mips-binutils-debugsource-2.39-150100.7.40.1 cross-ppc-binutils-2.39-150100.7.40.1 cross-ppc-binutils-debuginfo-2.39-150100.7.40.1 cross-ppc-binutils-debugsource-2.39-150100.7.40.1 cross-ppc64-binutils-2.39-150100.7.40.1 cross-ppc64-binutils-debuginfo-2.39-150100.7.40.1 cross-ppc64-binutils-debugsource-2.39-150100.7.40.1 cross-riscv64-binutils-2.39-150100.7.40.1 cross-riscv64-binutils-debuginfo-2.39-150100.7.40.1 cross-riscv64-binutils-debugsource-2.39-150100.7.40.1 cross-rx-binutils-2.39-150100.7.40.1 cross-rx-binutils-debuginfo-2.39-150100.7.40.1 cross-rx-binutils-debugsource-2.39-150100.7.40.1 cross-s390-binutils-2.39-150100.7.40.1 cross-s390-binutils-debuginfo-2.39-150100.7.40.1 cross-s390-binutils-debugsource-2.39-150100.7.40.1 cross-sparc-binutils-2.39-150100.7.40.1 cross-sparc-binutils-debuginfo-2.39-150100.7.40.1 cross-sparc-binutils-debugsource-2.39-150100.7.40.1 cross-sparc64-binutils-2.39-150100.7.40.1 cross-sparc64-binutils-debuginfo-2.39-150100.7.40.1 cross-sparc64-binutils-debugsource-2.39-150100.7.40.1 cross-spu-binutils-2.39-150100.7.40.1 cross-spu-binutils-debuginfo-2.39-150100.7.40.1 cross-spu-binutils-debugsource-2.39-150100.7.40.1 libctf-nobfd0-2.39-150100.7.40.1 libctf-nobfd0-debuginfo-2.39-150100.7.40.1 libctf0-2.39-150100.7.40.1 libctf0-debuginfo-2.39-150100.7.40.1 - openSUSE Leap 15.3 (aarch64 ppc64le x86_64): cross-s390x-binutils-2.39-150100.7.40.1 cross-s390x-binutils-debuginfo-2.39-150100.7.40.1 cross-s390x-binutils-debugsource-2.39-150100.7.40.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x): cross-x86_64-binutils-2.39-150100.7.40.1 cross-x86_64-binutils-debuginfo-2.39-150100.7.40.1 cross-x86_64-binutils-debugsource-2.39-150100.7.40.1 - openSUSE Leap 15.3 (ppc64le s390x x86_64): cross-aarch64-binutils-2.39-150100.7.40.1 cross-aarch64-binutils-debuginfo-2.39-150100.7.40.1 cross-aarch64-binutils-debugsource-2.39-150100.7.40.1 - openSUSE Leap 15.3 (aarch64 s390x x86_64): cross-ppc64le-binutils-2.39-150100.7.40.1 cross-ppc64le-binutils-debuginfo-2.39-150100.7.40.1 cross-ppc64le-binutils-debugsource-2.39-150100.7.40.1 - openSUSE Leap 15.3 (x86_64): binutils-devel-32bit-2.39-150100.7.40.1 - SUSE Manager Server 4.1 (ppc64le s390x x86_64): binutils-2.39-150100.7.40.1 binutils-debuginfo-2.39-150100.7.40.1 binutils-debugsource-2.39-150100.7.40.1 binutils-devel-2.39-150100.7.40.1 libctf-nobfd0-2.39-150100.7.40.1 libctf-nobfd0-debuginfo-2.39-150100.7.40.1 libctf0-2.39-150100.7.40.1 libctf0-debuginfo-2.39-150100.7.40.1 - SUSE Manager Server 4.1 (x86_64): binutils-devel-32bit-2.39-150100.7.40.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): binutils-2.39-150100.7.40.1 binutils-debuginfo-2.39-150100.7.40.1 binutils-debugsource-2.39-150100.7.40.1 binutils-devel-2.39-150100.7.40.1 binutils-devel-32bit-2.39-150100.7.40.1 libctf-nobfd0-2.39-150100.7.40.1 libctf-nobfd0-debuginfo-2.39-150100.7.40.1 libctf0-2.39-150100.7.40.1 libctf0-debuginfo-2.39-150100.7.40.1 - SUSE Manager Proxy 4.1 (x86_64): binutils-2.39-150100.7.40.1 binutils-debuginfo-2.39-150100.7.40.1 binutils-debugsource-2.39-150100.7.40.1 binutils-devel-2.39-150100.7.40.1 binutils-devel-32bit-2.39-150100.7.40.1 libctf-nobfd0-2.39-150100.7.40.1 libctf-nobfd0-debuginfo-2.39-150100.7.40.1 libctf0-2.39-150100.7.40.1 libctf0-debuginfo-2.39-150100.7.40.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): binutils-2.39-150100.7.40.1 binutils-debuginfo-2.39-150100.7.40.1 binutils-debugsource-2.39-150100.7.40.1 binutils-devel-2.39-150100.7.40.1 libctf-nobfd0-2.39-150100.7.40.1 libctf-nobfd0-debuginfo-2.39-150100.7.40.1 libctf0-2.39-150100.7.40.1 libctf0-debuginfo-2.39-150100.7.40.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (x86_64): binutils-devel-32bit-2.39-150100.7.40.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): binutils-2.39-150100.7.40.1 binutils-debuginfo-2.39-150100.7.40.1 binutils-debugsource-2.39-150100.7.40.1 binutils-devel-2.39-150100.7.40.1 libctf-nobfd0-2.39-150100.7.40.1 libctf-nobfd0-debuginfo-2.39-150100.7.40.1 libctf0-2.39-150100.7.40.1 libctf0-debuginfo-2.39-150100.7.40.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (x86_64): binutils-devel-32bit-2.39-150100.7.40.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): binutils-2.39-150100.7.40.1 binutils-debuginfo-2.39-150100.7.40.1 binutils-debugsource-2.39-150100.7.40.1 binutils-devel-2.39-150100.7.40.1 libctf-nobfd0-2.39-150100.7.40.1 libctf-nobfd0-debuginfo-2.39-150100.7.40.1 libctf0-2.39-150100.7.40.1 libctf0-debuginfo-2.39-150100.7.40.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (x86_64): binutils-devel-32bit-2.39-150100.7.40.1 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): binutils-2.39-150100.7.40.1 binutils-debuginfo-2.39-150100.7.40.1 binutils-debugsource-2.39-150100.7.40.1 binutils-devel-2.39-150100.7.40.1 binutils-devel-32bit-2.39-150100.7.40.1 libctf-nobfd0-2.39-150100.7.40.1 libctf-nobfd0-debuginfo-2.39-150100.7.40.1 libctf0-2.39-150100.7.40.1 libctf0-debuginfo-2.39-150100.7.40.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): binutils-2.39-150100.7.40.1 binutils-debuginfo-2.39-150100.7.40.1 binutils-debugsource-2.39-150100.7.40.1 binutils-devel-2.39-150100.7.40.1 libctf-nobfd0-2.39-150100.7.40.1 libctf-nobfd0-debuginfo-2.39-150100.7.40.1 libctf0-2.39-150100.7.40.1 libctf0-debuginfo-2.39-150100.7.40.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (x86_64): binutils-devel-32bit-2.39-150100.7.40.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): binutils-2.39-150100.7.40.1 binutils-debuginfo-2.39-150100.7.40.1 binutils-debugsource-2.39-150100.7.40.1 binutils-devel-2.39-150100.7.40.1 binutils-devel-32bit-2.39-150100.7.40.1 libctf-nobfd0-2.39-150100.7.40.1 libctf-nobfd0-debuginfo-2.39-150100.7.40.1 libctf0-2.39-150100.7.40.1 libctf0-debuginfo-2.39-150100.7.40.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 (aarch64 ppc64le s390x x86_64): binutils-debuginfo-2.39-150100.7.40.1 binutils-debugsource-2.39-150100.7.40.1 binutils-gold-2.39-150100.7.40.1 binutils-gold-debuginfo-2.39-150100.7.40.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (aarch64 ppc64le s390x x86_64): binutils-debuginfo-2.39-150100.7.40.1 binutils-debugsource-2.39-150100.7.40.1 binutils-gold-2.39-150100.7.40.1 binutils-gold-debuginfo-2.39-150100.7.40.1 - SUSE Linux Enterprise Module for Development Tools 15-SP4 (x86_64): binutils-debugsource-2.39-150100.7.40.1 binutils-devel-32bit-2.39-150100.7.40.1 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (x86_64): binutils-debugsource-2.39-150100.7.40.1 binutils-devel-32bit-2.39-150100.7.40.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): binutils-2.39-150100.7.40.1 binutils-debuginfo-2.39-150100.7.40.1 binutils-debugsource-2.39-150100.7.40.1 binutils-devel-2.39-150100.7.40.1 libctf-nobfd0-2.39-150100.7.40.1 libctf-nobfd0-debuginfo-2.39-150100.7.40.1 libctf0-2.39-150100.7.40.1 libctf0-debuginfo-2.39-150100.7.40.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): binutils-2.39-150100.7.40.1 binutils-debuginfo-2.39-150100.7.40.1 binutils-debugsource-2.39-150100.7.40.1 binutils-devel-2.39-150100.7.40.1 libctf-nobfd0-2.39-150100.7.40.1 libctf-nobfd0-debuginfo-2.39-150100.7.40.1 libctf0-2.39-150100.7.40.1 libctf0-debuginfo-2.39-150100.7.40.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): binutils-2.39-150100.7.40.1 binutils-debuginfo-2.39-150100.7.40.1 binutils-debugsource-2.39-150100.7.40.1 binutils-devel-2.39-150100.7.40.1 libctf-nobfd0-2.39-150100.7.40.1 libctf-nobfd0-debuginfo-2.39-150100.7.40.1 libctf0-2.39-150100.7.40.1 libctf0-debuginfo-2.39-150100.7.40.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (x86_64): binutils-devel-32bit-2.39-150100.7.40.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): binutils-2.39-150100.7.40.1 binutils-debuginfo-2.39-150100.7.40.1 binutils-debugsource-2.39-150100.7.40.1 binutils-devel-2.39-150100.7.40.1 libctf-nobfd0-2.39-150100.7.40.1 libctf-nobfd0-debuginfo-2.39-150100.7.40.1 libctf0-2.39-150100.7.40.1 libctf0-debuginfo-2.39-150100.7.40.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (x86_64): binutils-devel-32bit-2.39-150100.7.40.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): binutils-2.39-150100.7.40.1 binutils-debuginfo-2.39-150100.7.40.1 binutils-debugsource-2.39-150100.7.40.1 binutils-devel-2.39-150100.7.40.1 libctf-nobfd0-2.39-150100.7.40.1 libctf-nobfd0-debuginfo-2.39-150100.7.40.1 libctf0-2.39-150100.7.40.1 libctf0-debuginfo-2.39-150100.7.40.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (x86_64): binutils-devel-32bit-2.39-150100.7.40.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): binutils-2.39-150100.7.40.1 binutils-debuginfo-2.39-150100.7.40.1 binutils-debugsource-2.39-150100.7.40.1 binutils-devel-2.39-150100.7.40.1 libctf-nobfd0-2.39-150100.7.40.1 libctf-nobfd0-debuginfo-2.39-150100.7.40.1 libctf0-2.39-150100.7.40.1 libctf0-debuginfo-2.39-150100.7.40.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (x86_64): binutils-devel-32bit-2.39-150100.7.40.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): binutils-2.39-150100.7.40.1 binutils-debuginfo-2.39-150100.7.40.1 binutils-debugsource-2.39-150100.7.40.1 binutils-devel-2.39-150100.7.40.1 libctf-nobfd0-2.39-150100.7.40.1 libctf-nobfd0-debuginfo-2.39-150100.7.40.1 libctf0-2.39-150100.7.40.1 libctf0-debuginfo-2.39-150100.7.40.1 - SUSE Enterprise Storage 7 (x86_64): binutils-devel-32bit-2.39-150100.7.40.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): binutils-2.39-150100.7.40.1 binutils-debuginfo-2.39-150100.7.40.1 binutils-debugsource-2.39-150100.7.40.1 binutils-devel-2.39-150100.7.40.1 libctf-nobfd0-2.39-150100.7.40.1 libctf-nobfd0-debuginfo-2.39-150100.7.40.1 libctf0-2.39-150100.7.40.1 libctf0-debuginfo-2.39-150100.7.40.1 - SUSE Enterprise Storage 6 (x86_64): binutils-devel-32bit-2.39-150100.7.40.1 - SUSE CaaS Platform 4.0 (x86_64): binutils-2.39-150100.7.40.1 binutils-debuginfo-2.39-150100.7.40.1 binutils-debugsource-2.39-150100.7.40.1 binutils-devel-2.39-150100.7.40.1 binutils-devel-32bit-2.39-150100.7.40.1 libctf-nobfd0-2.39-150100.7.40.1 libctf-nobfd0-debuginfo-2.39-150100.7.40.1 libctf0-2.39-150100.7.40.1 libctf0-debuginfo-2.39-150100.7.40.1 References: https://www.suse.com/security/cve/CVE-2019-1010204.html https://www.suse.com/security/cve/CVE-2021-3530.html https://www.suse.com/security/cve/CVE-2021-3648.html https://www.suse.com/security/cve/CVE-2021-3826.html https://www.suse.com/security/cve/CVE-2021-45078.html https://www.suse.com/security/cve/CVE-2021-46195.html https://www.suse.com/security/cve/CVE-2022-27943.html https://www.suse.com/security/cve/CVE-2022-38126.html https://www.suse.com/security/cve/CVE-2022-38127.html https://www.suse.com/security/cve/CVE-2022-38533.html https://bugzilla.suse.com/1142579 https://bugzilla.suse.com/1185597 https://bugzilla.suse.com/1185712 https://bugzilla.suse.com/1188374 https://bugzilla.suse.com/1191473 https://bugzilla.suse.com/1193929 https://bugzilla.suse.com/1194783 https://bugzilla.suse.com/1197592 https://bugzilla.suse.com/1198237 https://bugzilla.suse.com/1202816 https://bugzilla.suse.com/1202966 https://bugzilla.suse.com/1202967 https://bugzilla.suse.com/1202969 From sle-updates at lists.suse.com Mon Nov 21 14:31:13 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 21 Nov 2022 15:31:13 +0100 (CET) Subject: SUSE-SU-2022:4141-1: important: Security update for grub2 Message-ID: <20221121143113.51748F3E2@maintenance.suse.de> SUSE Security Update: Security update for grub2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:4141-1 Rating: important References: #1205178 #1205182 Cross-References: CVE-2022-2601 CVE-2022-3775 CVSS scores: CVE-2022-2601 (SUSE): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2022-3775 (SUSE): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Micro 5.3 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Module for SUSE Manager Proxy 4.3 SUSE Linux Enterprise Module for Server Applications 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 openSUSE Leap Micro 5.3 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for grub2 fixes the following issues: - CVE-2022-2601: Fixed buffer overflow in grub_font_construct_glyph (bsc#1205178). - CVE-2022-3775: Fixed integer underflow in blit_comb() (bsc#1205182). Other: - Bump upstream SBAT generation to 3 Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap Micro 5.3: zypper in -t patch openSUSE-Leap-Micro-5.3-2022-4141=1 - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-4141=1 - SUSE Linux Enterprise Module for Server Applications 15-SP4: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP4-2022-4141=1 - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.3: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Proxy-4.3-2022-4141=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-4141=1 - SUSE Linux Enterprise Micro 5.3: zypper in -t patch SUSE-SLE-Micro-5.3-2022-4141=1 Package List: - openSUSE Leap Micro 5.3 (aarch64 x86_64): grub2-2.06-150400.11.17.1 grub2-debuginfo-2.06-150400.11.17.1 grub2-debugsource-2.06-150400.11.17.1 - openSUSE Leap Micro 5.3 (noarch): grub2-arm64-efi-2.06-150400.11.17.1 grub2-i386-pc-2.06-150400.11.17.1 grub2-snapper-plugin-2.06-150400.11.17.1 grub2-x86_64-efi-2.06-150400.11.17.1 grub2-x86_64-xen-2.06-150400.11.17.1 - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): grub2-2.06-150400.11.17.1 grub2-branding-upstream-2.06-150400.11.17.1 grub2-debuginfo-2.06-150400.11.17.1 - openSUSE Leap 15.4 (aarch64 s390x x86_64): grub2-debugsource-2.06-150400.11.17.1 - openSUSE Leap 15.4 (noarch): grub2-arm64-efi-2.06-150400.11.17.1 grub2-arm64-efi-debug-2.06-150400.11.17.1 grub2-i386-pc-2.06-150400.11.17.1 grub2-i386-pc-debug-2.06-150400.11.17.1 grub2-powerpc-ieee1275-2.06-150400.11.17.1 grub2-powerpc-ieee1275-debug-2.06-150400.11.17.1 grub2-snapper-plugin-2.06-150400.11.17.1 grub2-systemd-sleep-plugin-2.06-150400.11.17.1 grub2-x86_64-efi-2.06-150400.11.17.1 grub2-x86_64-efi-debug-2.06-150400.11.17.1 grub2-x86_64-xen-2.06-150400.11.17.1 - openSUSE Leap 15.4 (s390x): grub2-s390x-emu-2.06-150400.11.17.1 grub2-s390x-emu-debug-2.06-150400.11.17.1 - SUSE Linux Enterprise Module for Server Applications 15-SP4 (noarch): grub2-x86_64-xen-2.06-150400.11.17.1 - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.3 (noarch): grub2-arm64-efi-2.06-150400.11.17.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): grub2-2.06-150400.11.17.1 grub2-debuginfo-2.06-150400.11.17.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 s390x x86_64): grub2-debugsource-2.06-150400.11.17.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (noarch): grub2-arm64-efi-2.06-150400.11.17.1 grub2-i386-pc-2.06-150400.11.17.1 grub2-powerpc-ieee1275-2.06-150400.11.17.1 grub2-snapper-plugin-2.06-150400.11.17.1 grub2-systemd-sleep-plugin-2.06-150400.11.17.1 grub2-x86_64-efi-2.06-150400.11.17.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (s390x): grub2-s390x-emu-2.06-150400.11.17.1 - SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64): grub2-2.06-150400.11.17.1 grub2-debuginfo-2.06-150400.11.17.1 grub2-debugsource-2.06-150400.11.17.1 - SUSE Linux Enterprise Micro 5.3 (noarch): grub2-arm64-efi-2.06-150400.11.17.1 grub2-i386-pc-2.06-150400.11.17.1 grub2-snapper-plugin-2.06-150400.11.17.1 grub2-x86_64-efi-2.06-150400.11.17.1 grub2-x86_64-xen-2.06-150400.11.17.1 - SUSE Linux Enterprise Micro 5.3 (s390x): grub2-s390x-emu-2.06-150400.11.17.1 References: https://www.suse.com/security/cve/CVE-2022-2601.html https://www.suse.com/security/cve/CVE-2022-3775.html https://bugzilla.suse.com/1205178 https://bugzilla.suse.com/1205182 From sle-updates at lists.suse.com Mon Nov 21 17:19:49 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 21 Nov 2022 18:19:49 +0100 (CET) Subject: SUSE-SU-2022:4155-1: important: Security update for krb5 Message-ID: <20221121171949.2D923F3E2@maintenance.suse.de> SUSE Security Update: Security update for krb5 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:4155-1 Rating: important References: #1205126 Cross-References: CVE-2022-42898 CVSS scores: CVE-2022-42898 (SUSE): 6.4 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:L Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Enterprise Storage 7 SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Manager Proxy 4.1 SUSE Manager Retail Branch Server 4.1 SUSE Manager Server 4.1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for krb5 fixes the following issues: - CVE-2022-42898: Fixed integer overflow in PAC parsing (bsc#1205126). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-4155=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-4155=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-4155=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-4155=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-4155=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-4155=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-4155=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-4155=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-4155=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-4155=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-4155=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-4155=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-4155=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-4155=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-4155=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Manager Server 4.1 (ppc64le s390x x86_64): krb5-1.16.3-150100.3.27.1 krb5-client-1.16.3-150100.3.27.1 krb5-client-debuginfo-1.16.3-150100.3.27.1 krb5-debuginfo-1.16.3-150100.3.27.1 krb5-debugsource-1.16.3-150100.3.27.1 krb5-devel-1.16.3-150100.3.27.1 krb5-plugin-kdb-ldap-1.16.3-150100.3.27.1 krb5-plugin-kdb-ldap-debuginfo-1.16.3-150100.3.27.1 krb5-plugin-preauth-otp-1.16.3-150100.3.27.1 krb5-plugin-preauth-otp-debuginfo-1.16.3-150100.3.27.1 krb5-plugin-preauth-pkinit-1.16.3-150100.3.27.1 krb5-plugin-preauth-pkinit-debuginfo-1.16.3-150100.3.27.1 krb5-server-1.16.3-150100.3.27.1 krb5-server-debuginfo-1.16.3-150100.3.27.1 - SUSE Manager Server 4.1 (x86_64): krb5-32bit-1.16.3-150100.3.27.1 krb5-32bit-debuginfo-1.16.3-150100.3.27.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): krb5-1.16.3-150100.3.27.1 krb5-32bit-1.16.3-150100.3.27.1 krb5-32bit-debuginfo-1.16.3-150100.3.27.1 krb5-client-1.16.3-150100.3.27.1 krb5-client-debuginfo-1.16.3-150100.3.27.1 krb5-debuginfo-1.16.3-150100.3.27.1 krb5-debugsource-1.16.3-150100.3.27.1 krb5-devel-1.16.3-150100.3.27.1 krb5-plugin-kdb-ldap-1.16.3-150100.3.27.1 krb5-plugin-kdb-ldap-debuginfo-1.16.3-150100.3.27.1 krb5-plugin-preauth-otp-1.16.3-150100.3.27.1 krb5-plugin-preauth-otp-debuginfo-1.16.3-150100.3.27.1 krb5-plugin-preauth-pkinit-1.16.3-150100.3.27.1 krb5-plugin-preauth-pkinit-debuginfo-1.16.3-150100.3.27.1 krb5-server-1.16.3-150100.3.27.1 krb5-server-debuginfo-1.16.3-150100.3.27.1 - SUSE Manager Proxy 4.1 (x86_64): krb5-1.16.3-150100.3.27.1 krb5-32bit-1.16.3-150100.3.27.1 krb5-32bit-debuginfo-1.16.3-150100.3.27.1 krb5-client-1.16.3-150100.3.27.1 krb5-client-debuginfo-1.16.3-150100.3.27.1 krb5-debuginfo-1.16.3-150100.3.27.1 krb5-debugsource-1.16.3-150100.3.27.1 krb5-devel-1.16.3-150100.3.27.1 krb5-plugin-kdb-ldap-1.16.3-150100.3.27.1 krb5-plugin-kdb-ldap-debuginfo-1.16.3-150100.3.27.1 krb5-plugin-preauth-otp-1.16.3-150100.3.27.1 krb5-plugin-preauth-otp-debuginfo-1.16.3-150100.3.27.1 krb5-plugin-preauth-pkinit-1.16.3-150100.3.27.1 krb5-plugin-preauth-pkinit-debuginfo-1.16.3-150100.3.27.1 krb5-server-1.16.3-150100.3.27.1 krb5-server-debuginfo-1.16.3-150100.3.27.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): krb5-1.16.3-150100.3.27.1 krb5-client-1.16.3-150100.3.27.1 krb5-client-debuginfo-1.16.3-150100.3.27.1 krb5-debuginfo-1.16.3-150100.3.27.1 krb5-debugsource-1.16.3-150100.3.27.1 krb5-devel-1.16.3-150100.3.27.1 krb5-plugin-kdb-ldap-1.16.3-150100.3.27.1 krb5-plugin-kdb-ldap-debuginfo-1.16.3-150100.3.27.1 krb5-plugin-preauth-otp-1.16.3-150100.3.27.1 krb5-plugin-preauth-otp-debuginfo-1.16.3-150100.3.27.1 krb5-plugin-preauth-pkinit-1.16.3-150100.3.27.1 krb5-plugin-preauth-pkinit-debuginfo-1.16.3-150100.3.27.1 krb5-server-1.16.3-150100.3.27.1 krb5-server-debuginfo-1.16.3-150100.3.27.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (x86_64): krb5-32bit-1.16.3-150100.3.27.1 krb5-32bit-debuginfo-1.16.3-150100.3.27.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): krb5-1.16.3-150100.3.27.1 krb5-client-1.16.3-150100.3.27.1 krb5-client-debuginfo-1.16.3-150100.3.27.1 krb5-debuginfo-1.16.3-150100.3.27.1 krb5-debugsource-1.16.3-150100.3.27.1 krb5-devel-1.16.3-150100.3.27.1 krb5-plugin-kdb-ldap-1.16.3-150100.3.27.1 krb5-plugin-kdb-ldap-debuginfo-1.16.3-150100.3.27.1 krb5-plugin-preauth-otp-1.16.3-150100.3.27.1 krb5-plugin-preauth-otp-debuginfo-1.16.3-150100.3.27.1 krb5-plugin-preauth-pkinit-1.16.3-150100.3.27.1 krb5-plugin-preauth-pkinit-debuginfo-1.16.3-150100.3.27.1 krb5-server-1.16.3-150100.3.27.1 krb5-server-debuginfo-1.16.3-150100.3.27.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (x86_64): krb5-32bit-1.16.3-150100.3.27.1 krb5-32bit-debuginfo-1.16.3-150100.3.27.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): krb5-1.16.3-150100.3.27.1 krb5-client-1.16.3-150100.3.27.1 krb5-client-debuginfo-1.16.3-150100.3.27.1 krb5-debuginfo-1.16.3-150100.3.27.1 krb5-debugsource-1.16.3-150100.3.27.1 krb5-devel-1.16.3-150100.3.27.1 krb5-plugin-kdb-ldap-1.16.3-150100.3.27.1 krb5-plugin-kdb-ldap-debuginfo-1.16.3-150100.3.27.1 krb5-plugin-preauth-otp-1.16.3-150100.3.27.1 krb5-plugin-preauth-otp-debuginfo-1.16.3-150100.3.27.1 krb5-plugin-preauth-pkinit-1.16.3-150100.3.27.1 krb5-plugin-preauth-pkinit-debuginfo-1.16.3-150100.3.27.1 krb5-server-1.16.3-150100.3.27.1 krb5-server-debuginfo-1.16.3-150100.3.27.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (x86_64): krb5-32bit-1.16.3-150100.3.27.1 krb5-32bit-debuginfo-1.16.3-150100.3.27.1 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): krb5-1.16.3-150100.3.27.1 krb5-32bit-1.16.3-150100.3.27.1 krb5-32bit-debuginfo-1.16.3-150100.3.27.1 krb5-client-1.16.3-150100.3.27.1 krb5-client-debuginfo-1.16.3-150100.3.27.1 krb5-debuginfo-1.16.3-150100.3.27.1 krb5-debugsource-1.16.3-150100.3.27.1 krb5-devel-1.16.3-150100.3.27.1 krb5-plugin-kdb-ldap-1.16.3-150100.3.27.1 krb5-plugin-kdb-ldap-debuginfo-1.16.3-150100.3.27.1 krb5-plugin-preauth-otp-1.16.3-150100.3.27.1 krb5-plugin-preauth-otp-debuginfo-1.16.3-150100.3.27.1 krb5-plugin-preauth-pkinit-1.16.3-150100.3.27.1 krb5-plugin-preauth-pkinit-debuginfo-1.16.3-150100.3.27.1 krb5-server-1.16.3-150100.3.27.1 krb5-server-debuginfo-1.16.3-150100.3.27.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): krb5-1.16.3-150100.3.27.1 krb5-client-1.16.3-150100.3.27.1 krb5-client-debuginfo-1.16.3-150100.3.27.1 krb5-debuginfo-1.16.3-150100.3.27.1 krb5-debugsource-1.16.3-150100.3.27.1 krb5-devel-1.16.3-150100.3.27.1 krb5-plugin-kdb-ldap-1.16.3-150100.3.27.1 krb5-plugin-kdb-ldap-debuginfo-1.16.3-150100.3.27.1 krb5-plugin-preauth-otp-1.16.3-150100.3.27.1 krb5-plugin-preauth-otp-debuginfo-1.16.3-150100.3.27.1 krb5-plugin-preauth-pkinit-1.16.3-150100.3.27.1 krb5-plugin-preauth-pkinit-debuginfo-1.16.3-150100.3.27.1 krb5-server-1.16.3-150100.3.27.1 krb5-server-debuginfo-1.16.3-150100.3.27.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (x86_64): krb5-32bit-1.16.3-150100.3.27.1 krb5-32bit-debuginfo-1.16.3-150100.3.27.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): krb5-1.16.3-150100.3.27.1 krb5-32bit-1.16.3-150100.3.27.1 krb5-32bit-debuginfo-1.16.3-150100.3.27.1 krb5-client-1.16.3-150100.3.27.1 krb5-client-debuginfo-1.16.3-150100.3.27.1 krb5-debuginfo-1.16.3-150100.3.27.1 krb5-debugsource-1.16.3-150100.3.27.1 krb5-devel-1.16.3-150100.3.27.1 krb5-plugin-kdb-ldap-1.16.3-150100.3.27.1 krb5-plugin-kdb-ldap-debuginfo-1.16.3-150100.3.27.1 krb5-plugin-preauth-otp-1.16.3-150100.3.27.1 krb5-plugin-preauth-otp-debuginfo-1.16.3-150100.3.27.1 krb5-plugin-preauth-pkinit-1.16.3-150100.3.27.1 krb5-plugin-preauth-pkinit-debuginfo-1.16.3-150100.3.27.1 krb5-server-1.16.3-150100.3.27.1 krb5-server-debuginfo-1.16.3-150100.3.27.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): krb5-1.16.3-150100.3.27.1 krb5-client-1.16.3-150100.3.27.1 krb5-client-debuginfo-1.16.3-150100.3.27.1 krb5-debuginfo-1.16.3-150100.3.27.1 krb5-debugsource-1.16.3-150100.3.27.1 krb5-devel-1.16.3-150100.3.27.1 krb5-plugin-kdb-ldap-1.16.3-150100.3.27.1 krb5-plugin-kdb-ldap-debuginfo-1.16.3-150100.3.27.1 krb5-plugin-preauth-otp-1.16.3-150100.3.27.1 krb5-plugin-preauth-otp-debuginfo-1.16.3-150100.3.27.1 krb5-plugin-preauth-pkinit-1.16.3-150100.3.27.1 krb5-plugin-preauth-pkinit-debuginfo-1.16.3-150100.3.27.1 krb5-server-1.16.3-150100.3.27.1 krb5-server-debuginfo-1.16.3-150100.3.27.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (x86_64): krb5-32bit-1.16.3-150100.3.27.1 krb5-32bit-debuginfo-1.16.3-150100.3.27.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): krb5-1.16.3-150100.3.27.1 krb5-client-1.16.3-150100.3.27.1 krb5-client-debuginfo-1.16.3-150100.3.27.1 krb5-debuginfo-1.16.3-150100.3.27.1 krb5-debugsource-1.16.3-150100.3.27.1 krb5-devel-1.16.3-150100.3.27.1 krb5-plugin-kdb-ldap-1.16.3-150100.3.27.1 krb5-plugin-kdb-ldap-debuginfo-1.16.3-150100.3.27.1 krb5-plugin-preauth-otp-1.16.3-150100.3.27.1 krb5-plugin-preauth-otp-debuginfo-1.16.3-150100.3.27.1 krb5-plugin-preauth-pkinit-1.16.3-150100.3.27.1 krb5-plugin-preauth-pkinit-debuginfo-1.16.3-150100.3.27.1 krb5-server-1.16.3-150100.3.27.1 krb5-server-debuginfo-1.16.3-150100.3.27.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (x86_64): krb5-32bit-1.16.3-150100.3.27.1 krb5-32bit-debuginfo-1.16.3-150100.3.27.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): krb5-1.16.3-150100.3.27.1 krb5-client-1.16.3-150100.3.27.1 krb5-client-debuginfo-1.16.3-150100.3.27.1 krb5-debuginfo-1.16.3-150100.3.27.1 krb5-debugsource-1.16.3-150100.3.27.1 krb5-devel-1.16.3-150100.3.27.1 krb5-plugin-kdb-ldap-1.16.3-150100.3.27.1 krb5-plugin-kdb-ldap-debuginfo-1.16.3-150100.3.27.1 krb5-plugin-preauth-otp-1.16.3-150100.3.27.1 krb5-plugin-preauth-otp-debuginfo-1.16.3-150100.3.27.1 krb5-plugin-preauth-pkinit-1.16.3-150100.3.27.1 krb5-plugin-preauth-pkinit-debuginfo-1.16.3-150100.3.27.1 krb5-server-1.16.3-150100.3.27.1 krb5-server-debuginfo-1.16.3-150100.3.27.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (x86_64): krb5-32bit-1.16.3-150100.3.27.1 krb5-32bit-debuginfo-1.16.3-150100.3.27.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): krb5-1.16.3-150100.3.27.1 krb5-client-1.16.3-150100.3.27.1 krb5-client-debuginfo-1.16.3-150100.3.27.1 krb5-debuginfo-1.16.3-150100.3.27.1 krb5-debugsource-1.16.3-150100.3.27.1 krb5-devel-1.16.3-150100.3.27.1 krb5-plugin-kdb-ldap-1.16.3-150100.3.27.1 krb5-plugin-kdb-ldap-debuginfo-1.16.3-150100.3.27.1 krb5-plugin-preauth-otp-1.16.3-150100.3.27.1 krb5-plugin-preauth-otp-debuginfo-1.16.3-150100.3.27.1 krb5-plugin-preauth-pkinit-1.16.3-150100.3.27.1 krb5-plugin-preauth-pkinit-debuginfo-1.16.3-150100.3.27.1 krb5-server-1.16.3-150100.3.27.1 krb5-server-debuginfo-1.16.3-150100.3.27.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (x86_64): krb5-32bit-1.16.3-150100.3.27.1 krb5-32bit-debuginfo-1.16.3-150100.3.27.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): krb5-1.16.3-150100.3.27.1 krb5-client-1.16.3-150100.3.27.1 krb5-client-debuginfo-1.16.3-150100.3.27.1 krb5-debuginfo-1.16.3-150100.3.27.1 krb5-debugsource-1.16.3-150100.3.27.1 krb5-devel-1.16.3-150100.3.27.1 krb5-plugin-kdb-ldap-1.16.3-150100.3.27.1 krb5-plugin-kdb-ldap-debuginfo-1.16.3-150100.3.27.1 krb5-plugin-preauth-otp-1.16.3-150100.3.27.1 krb5-plugin-preauth-otp-debuginfo-1.16.3-150100.3.27.1 krb5-plugin-preauth-pkinit-1.16.3-150100.3.27.1 krb5-plugin-preauth-pkinit-debuginfo-1.16.3-150100.3.27.1 krb5-server-1.16.3-150100.3.27.1 krb5-server-debuginfo-1.16.3-150100.3.27.1 - SUSE Enterprise Storage 7 (x86_64): krb5-32bit-1.16.3-150100.3.27.1 krb5-32bit-debuginfo-1.16.3-150100.3.27.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): krb5-1.16.3-150100.3.27.1 krb5-client-1.16.3-150100.3.27.1 krb5-client-debuginfo-1.16.3-150100.3.27.1 krb5-debuginfo-1.16.3-150100.3.27.1 krb5-debugsource-1.16.3-150100.3.27.1 krb5-devel-1.16.3-150100.3.27.1 krb5-plugin-kdb-ldap-1.16.3-150100.3.27.1 krb5-plugin-kdb-ldap-debuginfo-1.16.3-150100.3.27.1 krb5-plugin-preauth-otp-1.16.3-150100.3.27.1 krb5-plugin-preauth-otp-debuginfo-1.16.3-150100.3.27.1 krb5-plugin-preauth-pkinit-1.16.3-150100.3.27.1 krb5-plugin-preauth-pkinit-debuginfo-1.16.3-150100.3.27.1 krb5-server-1.16.3-150100.3.27.1 krb5-server-debuginfo-1.16.3-150100.3.27.1 - SUSE Enterprise Storage 6 (x86_64): krb5-32bit-1.16.3-150100.3.27.1 krb5-32bit-debuginfo-1.16.3-150100.3.27.1 - SUSE CaaS Platform 4.0 (x86_64): krb5-1.16.3-150100.3.27.1 krb5-32bit-1.16.3-150100.3.27.1 krb5-32bit-debuginfo-1.16.3-150100.3.27.1 krb5-client-1.16.3-150100.3.27.1 krb5-client-debuginfo-1.16.3-150100.3.27.1 krb5-debuginfo-1.16.3-150100.3.27.1 krb5-debugsource-1.16.3-150100.3.27.1 krb5-devel-1.16.3-150100.3.27.1 krb5-plugin-kdb-ldap-1.16.3-150100.3.27.1 krb5-plugin-kdb-ldap-debuginfo-1.16.3-150100.3.27.1 krb5-plugin-preauth-otp-1.16.3-150100.3.27.1 krb5-plugin-preauth-otp-debuginfo-1.16.3-150100.3.27.1 krb5-plugin-preauth-pkinit-1.16.3-150100.3.27.1 krb5-plugin-preauth-pkinit-debuginfo-1.16.3-150100.3.27.1 krb5-server-1.16.3-150100.3.27.1 krb5-server-debuginfo-1.16.3-150100.3.27.1 References: https://www.suse.com/security/cve/CVE-2022-42898.html https://bugzilla.suse.com/1205126 From sle-updates at lists.suse.com Mon Nov 21 17:20:58 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 21 Nov 2022 18:20:58 +0100 (CET) Subject: SUSE-SU-2022:4153-1: important: Security update for krb5 Message-ID: <20221121172058.3B72CF3E2@maintenance.suse.de> SUSE Security Update: Security update for krb5 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:4153-1 Rating: important References: #1205126 Cross-References: CVE-2022-42898 CVSS scores: CVE-2022-42898 (SUSE): 6.4 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:L Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Micro 5.3 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Module for Server Applications 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 openSUSE Leap Micro 5.3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for krb5 fixes the following issues: - CVE-2022-42898: Fixed integer overflow in PAC parsing (bsc#1205126). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap Micro 5.3: zypper in -t patch openSUSE-Leap-Micro-5.3-2022-4153=1 - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-4153=1 - SUSE Linux Enterprise Module for Server Applications 15-SP4: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP4-2022-4153=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-4153=1 - SUSE Linux Enterprise Micro 5.3: zypper in -t patch SUSE-SLE-Micro-5.3-2022-4153=1 Package List: - openSUSE Leap Micro 5.3 (aarch64 x86_64): krb5-1.19.2-150400.3.3.1 krb5-debuginfo-1.19.2-150400.3.3.1 krb5-debugsource-1.19.2-150400.3.3.1 - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): krb5-1.19.2-150400.3.3.1 krb5-client-1.19.2-150400.3.3.1 krb5-client-debuginfo-1.19.2-150400.3.3.1 krb5-debuginfo-1.19.2-150400.3.3.1 krb5-debugsource-1.19.2-150400.3.3.1 krb5-devel-1.19.2-150400.3.3.1 krb5-plugin-kdb-ldap-1.19.2-150400.3.3.1 krb5-plugin-kdb-ldap-debuginfo-1.19.2-150400.3.3.1 krb5-plugin-preauth-otp-1.19.2-150400.3.3.1 krb5-plugin-preauth-otp-debuginfo-1.19.2-150400.3.3.1 krb5-plugin-preauth-pkinit-1.19.2-150400.3.3.1 krb5-plugin-preauth-pkinit-debuginfo-1.19.2-150400.3.3.1 krb5-plugin-preauth-spake-1.19.2-150400.3.3.1 krb5-plugin-preauth-spake-debuginfo-1.19.2-150400.3.3.1 krb5-server-1.19.2-150400.3.3.1 krb5-server-debuginfo-1.19.2-150400.3.3.1 - openSUSE Leap 15.4 (x86_64): krb5-32bit-1.19.2-150400.3.3.1 krb5-32bit-debuginfo-1.19.2-150400.3.3.1 krb5-devel-32bit-1.19.2-150400.3.3.1 - SUSE Linux Enterprise Module for Server Applications 15-SP4 (aarch64 ppc64le s390x x86_64): krb5-debuginfo-1.19.2-150400.3.3.1 krb5-debugsource-1.19.2-150400.3.3.1 krb5-plugin-kdb-ldap-1.19.2-150400.3.3.1 krb5-plugin-kdb-ldap-debuginfo-1.19.2-150400.3.3.1 krb5-server-1.19.2-150400.3.3.1 krb5-server-debuginfo-1.19.2-150400.3.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): krb5-1.19.2-150400.3.3.1 krb5-client-1.19.2-150400.3.3.1 krb5-client-debuginfo-1.19.2-150400.3.3.1 krb5-debuginfo-1.19.2-150400.3.3.1 krb5-debugsource-1.19.2-150400.3.3.1 krb5-devel-1.19.2-150400.3.3.1 krb5-plugin-preauth-otp-1.19.2-150400.3.3.1 krb5-plugin-preauth-otp-debuginfo-1.19.2-150400.3.3.1 krb5-plugin-preauth-pkinit-1.19.2-150400.3.3.1 krb5-plugin-preauth-pkinit-debuginfo-1.19.2-150400.3.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (x86_64): krb5-32bit-1.19.2-150400.3.3.1 krb5-32bit-debuginfo-1.19.2-150400.3.3.1 - SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64): krb5-1.19.2-150400.3.3.1 krb5-debuginfo-1.19.2-150400.3.3.1 krb5-debugsource-1.19.2-150400.3.3.1 References: https://www.suse.com/security/cve/CVE-2022-42898.html https://bugzilla.suse.com/1205126 From sle-updates at lists.suse.com Mon Nov 21 17:21:40 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 21 Nov 2022 18:21:40 +0100 (CET) Subject: SUSE-SU-2022:4151-1: important: Security update for cni-plugins Message-ID: <20221121172140.30F05F3E2@maintenance.suse.de> SUSE Security Update: Security update for cni-plugins ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:4151-1 Rating: important References: #1172410 #1181961 Cross-References: CVE-2020-10749 CVE-2021-20206 CVSS scores: CVE-2020-10749 (NVD) : 6 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L CVE-2020-10749 (SUSE): 6 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L CVE-2021-20206 (NVD) : 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2021-20206 (SUSE): 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise High Performance Computing 15 SUSE Linux Enterprise Module for Public Cloud 15 SUSE Linux Enterprise Server 15 SUSE Linux Enterprise Server for SAP Applications 15 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for cni-plugins fixes the following issues: - CVE-2021-20206: Fixed arbitrary path injection via type field in CNI configuration (bsc#1181961). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 15: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-2022-4151=1 Package List: - SUSE Linux Enterprise Module for Public Cloud 15 (x86_64): cni-plugins-0.8.6-150000.1.7.1 References: https://www.suse.com/security/cve/CVE-2020-10749.html https://www.suse.com/security/cve/CVE-2021-20206.html https://bugzilla.suse.com/1172410 https://bugzilla.suse.com/1181961 From sle-updates at lists.suse.com Mon Nov 21 17:22:25 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 21 Nov 2022 18:22:25 +0100 (CET) Subject: SUSE-RU-2022:4152-1: Recommended update for novnc Message-ID: <20221121172225.3E8F3F3E2@maintenance.suse.de> SUSE Recommended Update: Recommended update for novnc ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:4152-1 Rating: low References: #1201933 Affected Products: SUSE Enterprise Storage 7.1 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.2 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.2 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.2 SUSE Manager Server 4.3 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for novnc fixes the following issues: - For greater compatibility specify string binary as protocol (bsc#1201933) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-4152=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-4152=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-4152=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-4152=1 Package List: - openSUSE Leap 15.4 (noarch): novnc-1.2.0-150100.3.6.1 - openSUSE Leap 15.3 (noarch): novnc-1.2.0-150100.3.6.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (noarch): novnc-1.2.0-150100.3.6.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch): novnc-1.2.0-150100.3.6.1 References: https://bugzilla.suse.com/1201933 From sle-updates at lists.suse.com Mon Nov 21 17:23:05 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 21 Nov 2022 18:23:05 +0100 (CET) Subject: SUSE-SU-2022:4150-1: important: Security update for cni Message-ID: <20221121172305.2DA9EF3E2@maintenance.suse.de> SUSE Security Update: Security update for cni ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:4150-1 Rating: important References: #1181961 Cross-References: CVE-2021-20206 CVSS scores: CVE-2021-20206 (NVD) : 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2021-20206 (SUSE): 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise High Performance Computing 15 SUSE Linux Enterprise Module for Public Cloud 15 SUSE Linux Enterprise Server 15 SUSE Linux Enterprise Server for SAP Applications 15 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for cni fixes the following issues: - CVE-2021-20206: Fixed arbitrary path injection via type field in CNI configuration (bsc#1181961). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 15: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-2022-4150=1 Package List: - SUSE Linux Enterprise Module for Public Cloud 15 (x86_64): cni-0.7.1-150000.1.7.1 References: https://www.suse.com/security/cve/CVE-2021-20206.html https://bugzilla.suse.com/1181961 From sle-updates at lists.suse.com Mon Nov 21 17:23:45 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 21 Nov 2022 18:23:45 +0100 (CET) Subject: SUSE-SU-2022:4154-1: important: Security update for krb5 Message-ID: <20221121172345.92074F3E2@maintenance.suse.de> SUSE Security Update: Security update for krb5 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:4154-1 Rating: important References: #1189929 #1205126 Cross-References: CVE-2021-37750 CVE-2022-42898 CVSS scores: CVE-2021-37750 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-37750 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-42898 (SUSE): 6.4 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:L Affected Products: SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server for SAP 15 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for krb5 fixes the following issues: - CVE-2021-37750: Fixed KDC null pointer dereference via a FAST inner body that lacks a server field (bsc#1189929). - CVE-2022-42898: Fixed integer overflow in PAC parsing (bsc#1205126). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-4154=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2022-4154=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-4154=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-4154=1 Package List: - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): krb5-1.15.2-150000.6.17.1 krb5-client-1.15.2-150000.6.17.1 krb5-client-debuginfo-1.15.2-150000.6.17.1 krb5-debuginfo-1.15.2-150000.6.17.1 krb5-debugsource-1.15.2-150000.6.17.1 krb5-devel-1.15.2-150000.6.17.1 krb5-plugin-kdb-ldap-1.15.2-150000.6.17.1 krb5-plugin-kdb-ldap-debuginfo-1.15.2-150000.6.17.1 krb5-plugin-preauth-otp-1.15.2-150000.6.17.1 krb5-plugin-preauth-otp-debuginfo-1.15.2-150000.6.17.1 krb5-plugin-preauth-pkinit-1.15.2-150000.6.17.1 krb5-plugin-preauth-pkinit-debuginfo-1.15.2-150000.6.17.1 krb5-server-1.15.2-150000.6.17.1 krb5-server-debuginfo-1.15.2-150000.6.17.1 - SUSE Linux Enterprise Server for SAP 15 (x86_64): krb5-32bit-1.15.2-150000.6.17.1 krb5-32bit-debuginfo-1.15.2-150000.6.17.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): krb5-1.15.2-150000.6.17.1 krb5-client-1.15.2-150000.6.17.1 krb5-client-debuginfo-1.15.2-150000.6.17.1 krb5-debuginfo-1.15.2-150000.6.17.1 krb5-debugsource-1.15.2-150000.6.17.1 krb5-devel-1.15.2-150000.6.17.1 krb5-plugin-kdb-ldap-1.15.2-150000.6.17.1 krb5-plugin-kdb-ldap-debuginfo-1.15.2-150000.6.17.1 krb5-plugin-preauth-otp-1.15.2-150000.6.17.1 krb5-plugin-preauth-otp-debuginfo-1.15.2-150000.6.17.1 krb5-plugin-preauth-pkinit-1.15.2-150000.6.17.1 krb5-plugin-preauth-pkinit-debuginfo-1.15.2-150000.6.17.1 krb5-server-1.15.2-150000.6.17.1 krb5-server-debuginfo-1.15.2-150000.6.17.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): krb5-1.15.2-150000.6.17.1 krb5-client-1.15.2-150000.6.17.1 krb5-client-debuginfo-1.15.2-150000.6.17.1 krb5-debuginfo-1.15.2-150000.6.17.1 krb5-debugsource-1.15.2-150000.6.17.1 krb5-devel-1.15.2-150000.6.17.1 krb5-plugin-kdb-ldap-1.15.2-150000.6.17.1 krb5-plugin-kdb-ldap-debuginfo-1.15.2-150000.6.17.1 krb5-plugin-preauth-otp-1.15.2-150000.6.17.1 krb5-plugin-preauth-otp-debuginfo-1.15.2-150000.6.17.1 krb5-plugin-preauth-pkinit-1.15.2-150000.6.17.1 krb5-plugin-preauth-pkinit-debuginfo-1.15.2-150000.6.17.1 krb5-server-1.15.2-150000.6.17.1 krb5-server-debuginfo-1.15.2-150000.6.17.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (x86_64): krb5-32bit-1.15.2-150000.6.17.1 krb5-32bit-debuginfo-1.15.2-150000.6.17.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): krb5-1.15.2-150000.6.17.1 krb5-client-1.15.2-150000.6.17.1 krb5-client-debuginfo-1.15.2-150000.6.17.1 krb5-debuginfo-1.15.2-150000.6.17.1 krb5-debugsource-1.15.2-150000.6.17.1 krb5-devel-1.15.2-150000.6.17.1 krb5-plugin-kdb-ldap-1.15.2-150000.6.17.1 krb5-plugin-kdb-ldap-debuginfo-1.15.2-150000.6.17.1 krb5-plugin-preauth-otp-1.15.2-150000.6.17.1 krb5-plugin-preauth-otp-debuginfo-1.15.2-150000.6.17.1 krb5-plugin-preauth-pkinit-1.15.2-150000.6.17.1 krb5-plugin-preauth-pkinit-debuginfo-1.15.2-150000.6.17.1 krb5-server-1.15.2-150000.6.17.1 krb5-server-debuginfo-1.15.2-150000.6.17.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (x86_64): krb5-32bit-1.15.2-150000.6.17.1 krb5-32bit-debuginfo-1.15.2-150000.6.17.1 References: https://www.suse.com/security/cve/CVE-2021-37750.html https://www.suse.com/security/cve/CVE-2022-42898.html https://bugzilla.suse.com/1189929 https://bugzilla.suse.com/1205126 From sle-updates at lists.suse.com Tue Nov 22 02:20:05 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 22 Nov 2022 03:20:05 +0100 (CET) Subject: SUSE-RU-2022:4157-1: moderate: Recommended update for python-parallax Message-ID: <20221122022005.5F975F3CC@maintenance.suse.de> SUSE Recommended Update: Recommended update for python-parallax ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:4157-1 Rating: moderate References: #1169581 Affected Products: SUSE Linux Enterprise High Availability 12-SP4 SUSE Linux Enterprise High Availability 12-SP5 SUSE Linux Enterprise High Performance Computing 12-SP4 SUSE Linux Enterprise High Performance Computing 12-SP5 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for python-parallax fixes the following issues: - Fix for using ssh key and avoid failures in clusters requesting passwords. (bsc#1169581) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 12-SP5: zypper in -t patch SUSE-SLE-HA-12-SP5-2022-4157=1 - SUSE Linux Enterprise High Availability 12-SP4: zypper in -t patch SUSE-SLE-HA-12-SP4-2022-4157=1 Package List: - SUSE Linux Enterprise High Availability 12-SP5 (noarch): python3-parallax-1.0.6-2.14.103 - SUSE Linux Enterprise High Availability 12-SP4 (noarch): python3-parallax-1.0.6-2.14.103 References: https://bugzilla.suse.com/1169581 From sle-updates at lists.suse.com Tue Nov 22 08:04:42 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 22 Nov 2022 09:04:42 +0100 (CET) Subject: SUSE-IU-2022:1133-1: Security update of suse-sles-15-sp3-chost-byos-v20221119-x86_64-gen2 Message-ID: <20221122080442.1EE83F3CC@maintenance.suse.de> SUSE Image Update Advisory: suse-sles-15-sp3-chost-byos-v20221119-x86_64-gen2 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2022:1133-1 Image Tags : suse-sles-15-sp3-chost-byos-v20221119-x86_64-gen2:20221119 Image Release : Severity : critical Type : security References : 1027519 1032323 1065729 1087072 1101820 1149792 1152489 1167864 1176785 1177083 1177460 1177471 1180995 1181961 1185032 1190818 1192439 1193923 1194023 1194530 1196444 1196840 1197659 1198702 1199492 1199564 1199856 1199918 1199926 1199927 1199944 1200022 1200102 1200313 1200465 1200622 1200788 1201247 1201309 1201310 1201489 1201645 1201725 1201865 1201959 1201978 1201990 1202021 1202095 1202324 1202341 1202385 1202627 1202638 1202677 1202686 1202700 1202803 1202812 1202821 1202960 1202976 1202984 1203046 1203066 1203098 1203159 1203164 1203181 1203201 1203290 1203313 1203387 1203389 1203391 1203410 1203424 1203496 1203514 1203552 1203614 1203619 1203620 1203622 1203652 1203681 1203737 1203769 1203770 1203802 1203806 1203807 1203906 1203909 1203911 1203935 1203939 1203987 1203988 1203989 1203992 1204051 1204053 1204059 1204060 1204111 1204112 1204113 1204125 1204137 1204145 1204166 1204168 1204179 1204211 1204256 1204289 1204290 1204291 1204292 1204354 1204355 1204357 1204366 1204367 1204382 1204383 1204402 1204415 1204417 1204431 1204439 1204470 1204479 1204482 1204485 1204487 1204488 1204489 1204490 1204494 1204496 1204574 1204575 1204619 1204635 1204637 1204646 1204647 1204649 1204653 1204690 1204708 1204728 1204753 1204754 1204968 1204986 1205156 CVE-2016-3709 CVE-2018-10903 CVE-2020-10696 CVE-2020-16119 CVE-2021-20206 CVE-2021-22569 CVE-2021-4037 CVE-2021-46848 CVE-2022-1615 CVE-2022-1664 CVE-2022-1941 CVE-2022-20008 CVE-2022-2153 CVE-2022-2503 CVE-2022-2586 CVE-2022-2795 CVE-2022-2928 CVE-2022-2929 CVE-2022-2964 CVE-2022-2978 CVE-2022-2990 CVE-2022-3169 CVE-2022-3171 CVE-2022-3176 CVE-2022-32221 CVE-2022-3239 CVE-2022-32743 CVE-2022-3303 CVE-2022-33746 CVE-2022-33747 CVE-2022-33748 CVE-2022-3424 CVE-2022-3515 CVE-2022-3521 CVE-2022-3524 CVE-2022-3535 CVE-2022-3542 CVE-2022-3545 CVE-2022-3565 CVE-2022-3577 CVE-2022-3586 CVE-2022-3594 CVE-2022-3621 CVE-2022-3625 CVE-2022-3629 CVE-2022-3640 CVE-2022-3646 CVE-2022-3649 CVE-2022-38177 CVE-2022-38178 CVE-2022-3821 CVE-2022-39189 CVE-2022-40303 CVE-2022-40304 CVE-2022-40768 CVE-2022-41218 CVE-2022-41222 CVE-2022-41674 CVE-2022-41848 CVE-2022-41849 CVE-2022-42010 CVE-2022-42011 CVE-2022-42012 CVE-2022-42309 CVE-2022-42310 CVE-2022-42311 CVE-2022-42312 CVE-2022-42313 CVE-2022-42314 CVE-2022-42315 CVE-2022-42316 CVE-2022-42317 CVE-2022-42318 CVE-2022-42319 CVE-2022-42320 CVE-2022-42321 CVE-2022-42322 CVE-2022-42323 CVE-2022-42325 CVE-2022-42326 CVE-2022-42703 CVE-2022-42719 CVE-2022-42720 CVE-2022-42721 CVE-2022-42722 CVE-2022-43680 CVE-2022-43750 CVE-2022-43995 ----------------------------------------------------------------- The container suse-sles-15-sp3-chost-byos-v20221119-x86_64-gen2 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3682-1 Released: Fri Oct 21 11:42:40 2022 Summary: Security update for bind Type: security Severity: important References: 1201247,1203614,1203619,1203620,CVE-2022-2795,CVE-2022-38177,CVE-2022-38178 This update for bind fixes the following issues: - CVE-2022-2795: Fixed potential performance degredation due to missing database lookup limits when processing large delegations (bsc#1203614). - CVE-2022-38177: Fixed a memory leak that could be externally triggered in the DNSSEC verification code for the ECDSA algorithm (bsc#1203619). - CVE-2022-38178: Fixed memory leaks that could be externally triggered in the DNSSEC verification code for the EdDSA algorithm (bsc#1203620). Bugfixes: - Changed ownership of /var/lib/named/master from named:named to root:root (bsc#1201247) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3683-1 Released: Fri Oct 21 11:48:39 2022 Summary: Security update for libksba Type: security Severity: critical References: 1204357,CVE-2022-3515 This update for libksba fixes the following issues: - CVE-2022-3515: Fixed a possible overflow in the TLV parser (bsc#1204357). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3766-1 Released: Wed Oct 26 11:38:01 2022 Summary: Security update for buildah Type: security Severity: important References: 1167864,1181961,1202812,CVE-2020-10696,CVE-2021-20206,CVE-2022-2990 This update for buildah fixes the following issues: - CVE-2021-20206: Fixed an issue in libcni that could allow an attacker to execute arbitrary binaries on the host (bsc#1181961). - CVE-2020-10696: Fixed an issue that could lead to files being overwritten during the image building process (bsc#1167864). - CVE-2022-2990: Fixed possible information disclosure and modification / bsc#1202812 Buildah was updated to version 1.27.1: * run: add container gid to additional groups - Add fix for CVE-2022-2990 / bsc#1202812 Update to version 1.27.0: * Don't try to call runLabelStdioPipes if spec.Linux is not set * build: support filtering cache by duration using --cache-ttl * build: support building from commit when using git repo as build context * build: clean up git repos correctly when using subdirs * integration tests: quote '?' in shell scripts * test: manifest inspect should have OCIv1 annotation * vendor: bump to c/common at 87fab4b7019a * Failure to determine a file or directory should print an error * refactor: remove unused CommitOptions from generateBuildOutput * stage_executor: generate output for cases with no commit * stage_executor, commit: output only if last stage in build * Use errors.Is() instead of os.Is{Not,}Exist * Minor test tweak for podman-remote compatibility * Cirrus: Use the latest imgts container * imagebuildah: complain about the right Dockerfile * tests: don't try to wrap `nil` errors * cmd/buildah.commitCmd: don't shadow 'err' * cmd/buildah.pullCmd: complain about DecryptConfig/EncryptConfig * Fix a copy/paste error message * Fix a typo in an error message * build,cache: support pulling/pushing cache layers to/from remote sources * Update vendor of containers/(common, storage, image) * Rename chroot/run.go to chroot/run_linux.go * Don't bother telling codespell to skip files that don't exist * Set user namespace defaults correctly for the library * imagebuildah: optimize cache hits for COPY and ADD instructions * Cirrus: Update VM images w/ updated bats * docs, run: show SELinux label flag for cache and bind mounts * imagebuildah, build: remove undefined concurrent writes * bump github.com/opencontainers/runtime-tools * Add FreeBSD support for 'buildah info' * Vendor in latest containers/(storage, common, image) * Add freebsd cross build targets * Make the jail package build on 32bit platforms * Cirrus: Ensure the build-push VM image is labeled * GHA: Fix dynamic script filename * Vendor in containers/(common, storage, image) * Run codespell * Remove import of github.com/pkg/errors * Avoid using cgo in pkg/jail * Rename footypes to fooTypes for naming consistency * Move cleanupTempVolumes and cleanupRunMounts to run_common.go * Make the various run mounts work for FreeBSD * Move get{Bind,Tmpfs,Secret,SSH}Mount to run_common.go * Move runSetupRunMounts to run_common.go * Move cleanableDestinationListFromMounts to run_common.go * Make setupMounts and runSetupBuiltinVolumes work on FreeBSD * Move setupMounts and runSetupBuiltinVolumes to run_common.go * Tidy up - runMakeStdioPipe can't be shared with linux * Move runAcceptTerminal to run_common.go * Move stdio copying utilities to run_common.go * Move runUsingRuntime and runCollectOutput to run_common.go * Move fileCloser, waitForSync and contains to run_common.go * Move checkAndOverrideIsolationOptions to run_common.go * Move DefaultNamespaceOptions to run_common.go * Move getNetworkInterface to run_common.go * Move configureEnvironment to run_common.go * Don't crash in configureUIDGID if Process.Capabilities is nil * Move configureUIDGID to run_common.go * Move runLookupPath to run_common.go * Move setupTerminal to run_common.go * Move etc file generation utilities to run_common.go * Add run support for FreeBSD * Add a simple FreeBSD jail library * Add FreeBSD support to pkg/chrootuser * Sync call signature for RunUsingChroot with chroot/run.go * test: verify feature to resolve basename with args * vendor: bump openshift/imagebuilder to master at 4151e43 * GHA: Remove required reserved-name use * buildah: set XDG_RUNTIME_DIR before setting default runroot * imagebuildah: honor build output even if build container is not commited * chroot: honor DefaultErrnoRet * [CI:DOCS] improve pull-policy documentation * tests: retrofit test since --file does not supports dir * Switch to golang native error wrapping * BuildDockerfiles: error out if path to containerfile is a directory * define.downloadToDirectory: fail early if bad HTTP response * GHA: Allow re-use of Cirrus-Cron fail-mail workflow * add: fail on bad http response instead of writing to container * [CI:DOCS] Update buildahimage comment * lint: inspectable is never nil * vendor: c/common to common at 7e1563b * build: support OCI hooks for ephemeral build containers * [CI:BUILD] Install latest buildah instead of compiling * Add subid support with BuildRequires and BUILDTAG [NO NEW TESTS NEEDED] * Make sure cpp is installed in buildah images * demo: use unshare for rootless invocations * buildah.spec.rpkg: initial addition * build: fix test for subid 4 * build, userns: add support for --userns=auto * Fix building upstream buildah image * Remove redundant buildahimages-are-sane validation * Docs: Update multi-arch buildah images readme * Cirrus: Migrate multiarch build off github actions * retrofit-tests: we skip unused stages so use stages * stage_executor: dont rely on stage while looking for additional-context * buildkit, multistage: skip computing unwanted stages * More test cleanup * copier: work around freebsd bug for 'mkdir /' * Replace $BUILDAH_BINARY with buildah() function * Fix up buildah images * Make util and copier build on FreeBSD * Vendor in latest github.com/sirupsen/logrus * Makefile: allow building without .git * run_unix: don't return an error from getNetworkInterface * run_unix: return a valid DefaultNamespaceOptions * Update vendor of containers/storage * chroot: use ActKillThread instead of ActKill * use resolvconf package from c/common/libnetwork * update c/common to latest main * copier: add `NoOverwriteNonDirDir` option * Sort buildoptions and move cli/build functions to internal * Fix TODO: de-spaghettify run mounts * Move options parsing out of build.go and into pkg/cli * [CI:DOCS] Tutorial 04 - Include Debian/Ubuntu deps * build, multiarch: support splitting build logs for --platform * [CI:BUILD] WIP Cleanup Image Dockerfiles * cli remove stutter * docker-parity: ignore sanity check if baseImage history is null * build, commit: allow disabling image history with --omit-history * Fix use generic/ambiguous DEBUG name * Cirrus: use Ubuntu 22.04 LTS * Fix codespell errors * Remove util.StringInSlice because it is defined in containers/common * buildah: add support for renaming a device in rootless setups * squash: never use build cache when computing last step of last stage * Update vendor of containers/(common, storage, image) * buildkit: supports additionalBuildContext in builds via --build-context * buildah source pull/push: show progress bar * run: allow resuing secret twice in different RUN steps * test helpers: default to being rootless-aware * Add --cpp-flag flag to buildah build * build: accept branch and subdirectory when context is git repo * Vendor in latest containers/common * vendor: update c/storage and c/image * Fix gentoo install docs * copier: move NSS load to new process * Add test for prevention of reusing encrypted layers * Make `buildah build --label foo` create an empty 'foo' label again Update to version 1.26.4: * build, multiarch: support splitting build logs for --platform * copier: add `NoOverwriteNonDirDir` option * docker-parity: ignore sanity check if baseImage history is null * build, commit: allow disabling image history with --omit-history * buildkit: supports additionalBuildContext in builds via --build-context * Add --cpp-flag flag to buildah build Update to version 1.26.3: * define.downloadToDirectory: fail early if bad HTTP response * add: fail on bad http response instead of writing to container * squash: never use build cache when computing last step of last stage * run: allow resuing secret twice in different RUN steps * integration tests: update expected error messages * integration tests: quote '?' in shell scripts * Use errors.Is() to check for storage errors * lint: inspectable is never nil * chroot: use ActKillThread instead of ActKill * chroot: honor DefaultErrnoRet * Set user namespace defaults correctly for the library * contrib/rpm/buildah.spec: fix `rpm` parser warnings Drop requires on apparmor pattern, should be moved elsewhere for systems which want AppArmor instead of SELinux. - Update BuildRequires to libassuan-devel >= 2.5.2, pkgconfig file is required to build. Update to version 1.26.2: * buildah: add support for renaming a device in rootless setups Update to version 1.26.1: * Make `buildah build --label foo` create an empty 'foo' label again * imagebuildah,build: move deepcopy of args before we spawn goroutine * Vendor in containers/storage v1.40.2 * buildah.BuilderOptions.DefaultEnv is ignored, so mark it as deprecated * help output: get more consistent about option usage text * Handle OS version and features flags * buildah build: --annotation and --label should remove values * buildah build: add a --env * buildah: deep copy options.Args before performing concurrent build/stage * test: inline platform and builtinargs behaviour * vendor: bump imagebuilder to master/009dbc6 * build: automatically set correct TARGETPLATFORM where expected * Vendor in containers/(common, storage, image) * imagebuildah, executor: process arg variables while populating baseMap * buildkit: add support for custom build output with --output * Cirrus: Update CI VMs to F36 * fix staticcheck linter warning for deprecated function * Fix docs build on FreeBSD * copier.unwrapError(): update for Go 1.16 * copier.PutOptions: add StripSetuidBit/StripSetgidBit/StripStickyBit * copier.Put(): write to read-only directories * Ed's periodic test cleanup * using consistent lowercase 'invalid' word in returned err msg * use etchosts package from c/common * run: set actual hostname in /etc/hostname to match docker parity * Update vendor of containers/(common,storage,image) * manifest-create: allow creating manifest list from local image * Update vendor of storage,common,image * Initialize network backend before first pull * oci spec: change special mount points for namespaces * tests/helpers.bash: assert handle corner cases correctly * buildah: actually use containers.conf settings * integration tests: learn to start a dummy registry * Fix error check to work on Podman * buildah build should accept at most one arg * tests: reduce concurrency for flaky bud-multiple-platform-no-run * vendor in latest containers/common,image,storage * manifest-add: allow override arch,variant while adding image * Remove a stray `\` from .containerenv * Vendor in latest opencontainers/selinux v1.10.1 * build, commit: allow removing default identity labels * Create shorter names for containers based on image IDs * test: skip rootless on cgroupv2 in root env * fix hang when oci runtime fails * Set permissions for GitHub actions * copier test: use correct UID/GID in test archives * run: set parent-death signals and forward SIGHUP/SIGINT/SIGTERM ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3773-1 Released: Wed Oct 26 12:19:29 2022 Summary: Security update for curl Type: security Severity: important References: 1204383,CVE-2022-32221 This update for curl fixes the following issues: - CVE-2022-32221: Fixed POST following PUT confusion (bsc#1204383). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3775-1 Released: Wed Oct 26 13:06:35 2022 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1177471,1185032,1194023,1196444,1197659,1199564,1200313,1200622,1201309,1201310,1201489,1201645,1201865,1201990,1202095,1202341,1202385,1202677,1202960,1202984,1203159,1203290,1203313,1203389,1203410,1203424,1203514,1203552,1203622,1203737,1203769,1203770,1203906,1203909,1203935,1203939,1203987,1203992,1204051,1204059,1204060,1204125,1204289,1204290,1204291,1204292,CVE-2020-16119,CVE-2022-20008,CVE-2022-2503,CVE-2022-2586,CVE-2022-3169,CVE-2022-3239,CVE-2022-3303,CVE-2022-40768,CVE-2022-41218,CVE-2022-41222,CVE-2022-41674,CVE-2022-41848,CVE-2022-41849,CVE-2022-42719,CVE-2022-42720,CVE-2022-42721,CVE-2022-42722 The SUSE Linux Enterprise 15 SP3 kernel was updated. The following security bugs were fixed: - CVE-2022-40768: Fixed information leak in the scsi driver which allowed local users to obtain sensitive information from kernel memory. (bnc#1203514) - CVE-2022-3169: Fixed a denial of service flaw which occurs when consecutive requests to NVME_IOCTL_RESET and the NVME_IOCTL_SUBSYS_RESET are sent. (bnc#1203290) - CVE-2022-42722: Fixed crash in beacon protection for P2P-device. (bsc#1204125) - CVE-2022-42719: Fixed MBSSID parsing use-after-free. (bsc#1204051) - CVE-2022-42721: Avoid nontransmitted BSS list corruption. (bsc#1204060) - CVE-2022-42720: Fixed BSS refcounting bugs. (bsc#1204059) - CVE-2022-3303: Fixed a race condition in the sound subsystem due to improper locking (bnc#1203769). - CVE-2022-41218: Fixed an use-after-free caused by refcount races in drivers/media/dvb-core/dmxdev.c (bnc#1202960). - CVE-2022-3239: Fixed an use-after-free in the video4linux driver that could lead a local user to able to crash the system or escalate their privileges (bnc#1203552). - CVE-2022-41848: Fixed a race condition and resultant use-after-free if a physically proximate attacker removes a PCMCIA device while calling ioctl (bnc#1203987). - CVE-2022-41849: Fixed a race condition and resultant use-after-free if a physically proximate attacker removes a USB device while calling open (bnc#1203992). - CVE-2022-41674: Fixed a DoS issue where kernel can crash on the reception of specific WiFi Frames (bsc#1203770). - CVE-2022-2586: Fixed a use-after-free which can be triggered when a nft table is deleted (bnc#1202095). - CVE-2022-41222: Fixed a use-after-free via a stale TLB because an rmap lock is not held during a PUD move (bnc#1203622). - CVE-2022-2503: Fixed a bug in dm-verity, device-mapper table reloads allowed users with root privileges to switch out the target with an equivalent dm-linear target and bypass verification till reboot. This allowed root to bypass LoadPin and can be used to load untrusted and unverified kernel modules and firmware, which implies arbitrary kernel execution and persistence for peripherals that do not verify firmware updates (bnc#1202677). - CVE-2022-20008: Fixed a bug which allowed to read kernel heap memory due to uninitialized data. This could lead to local information disclosure if reading from an SD card that triggers errors, with no additional execution privileges needed. (bnc#1199564) - CVE-2020-16119: Fixed a use-after-free vulnerability exploitable by a local attacker due to reuse of a DCCP socket. (bnc#1177471) The following non-security bugs were fixed: - ALSA: aloop: Fix random zeros in capture data when using jiffies timer (git-fixes). - ALSA: emu10k1: Fix out of bounds access in snd_emu10k1_pcm_channel_alloc() (git-fixes). - ALSA: hda/realtek: Re-arrange quirk table entries (git-fixes). - ALSA: seq: Fix data-race at module auto-loading (git-fixes). - ALSA: seq: oss: Fix data-race for max_midi_devs access (git-fixes). - ALSA: usb-audio: Fix an out-of-bounds bug in __snd_usb_parse_audio_interface() (git-fixes). - ALSA: usb-audio: fix spelling mistakes (git-fixes). - ALSA: usb-audio: Inform the delayed registration more properly (git-fixes). - ALSA: usb-audio: Register card again for iface over delayed_register option (git-fixes). - ALSA: usb-audio: Split endpoint setups for hw_params and prepare (git-fixes). - arm64: cpufeature: Allow different PMU versions in ID_DFR0_EL1 (git-fixes) - arm64: dts: allwinner: A64 Sopine: phy-mode rgmii-id (git-fixes) - arm64: dts: allwinner: a64-sopine-baseboard: change RGMII mode to (bsc#1202341) - arm64: dts: allwinner: H5: NanoPi Neo Plus2: phy-mode rgmii-id (git-fixes) - arm64: dts: rockchip: Pull up wlan wake# on Gru-Bob (git-fixes) - arm64: dts: rockchip: Remove 'enable-active-low' from rk3399-puma (git-fixes) - arm64: dts: rockchip: Set RK3399-Gru PCLK_EDP to 24 MHz (git-fixes) - arm64: dts: uniphier: Fix USB interrupts for PXs3 SoC (git-fixes) - arm64: kexec_file: use more system keyrings to verify kernel image signature (bsc#1196444). - arm64: mm: Always update TCR_EL1 from __cpu_set_tcr_t0sz() (git-fixes) - arm64: mm: fix p?d_leaf() (git-fixes) - arm64: mm: use a 48-bit ID map when possible on 52-bit VA builds (git-fixes) - arm64: tegra: Fix SDMMC1 CD on P2888 (git-fixes) - arm64: tegra: Remove non existent Tegra194 reset (git-fixes) - arm64: tlb: fix the TTL value of tlb_get_level (git-fixes) - arm64/mm: Validate hotplug range before creating linear mapping (git-fixes) - bpf: Compile out btf_parse_module() if module BTF is not enabled (git-fixes). - cgroup: cgroup_get_from_id() must check the looked-up kn is a directory (bsc#1203906). - crypto: arm64/gcm - Select AEAD for GHASH_ARM64_CE (git-fixes) - crypto: arm64/poly1305 - fix a read out-of-bound (git-fixes) - drm/amdgpu: Check num_gfx_rings for gfx v9_0 rb setup (git-fixes). - drm/amdgpu: mmVM_L2_CNTL3 register not initialized correctly (git-fixes). - drm/gem: Fix GEM handle release errors (git-fixes). - drm/i915/glk: ECS Liva Q2 needs GLK HDMI port timing quirk (git-fixes). - drm/meson: Correct OSD1 global alpha value (git-fixes). - drm/meson: Fix OSD1 RGB to YCbCr coefficient (git-fixes). - drm/msm/rd: Fix FIFO-full deadlock (git-fixes). - drm/radeon: add a force flush to delay work when radeon (git-fixes). - dtb: Do not include sources in src.rpm - refer to kernel-source Same as other kernel binary packages there is no need to carry duplicate sources in dtb packages. - efi: capsule-loader: Fix use-after-free in efi_capsule_write (git-fixes). - fbdev: chipsfb: Add missing pci_disable_device() in chipsfb_pci_init() (git-fixes). - fbdev: fb_pm2fb: Avoid potential divide by zero error (git-fixes). - ftrace: Fix NULL pointer dereference in is_ftrace_trampoline when ftrace is dead (git-fixes). - gpio: mpc8xxx: Fix support for IRQ_TYPE_LEVEL_LOW flow_type in mpc85xx (git-fixes). - HID: intel-ish-hid: ishtp: Fix ishtp client sending disordered message (git-fixes). - HID: ishtp-hid-clientHID: ishtp-hid-client: Fix comment typo (git-fixes). - ieee802154: cc2520: add rc code in cc2520_tx() (git-fixes). - ima: force signature verification when CONFIG_KEXEC_SIG is configured (bsc#1203737). - Input: iforce - add support for Boeder Force Feedback Wheel (git-fixes). - Input: melfas_mip4 - fix return value check in mip4_probe() (git-fixes). - Input: snvs_pwrkey - fix SNVS_HPVIDR1 register address (git-fixes). - JFS: fix GPF in diFree (bsc#1203389). - JFS: fix memleak in jfs_mount (git-fixes). - JFS: more checks for invalid superblock (git-fixes). - JFS: prevent NULL deref in diFree (bsc#1203389). - kABI: x86: kexec: hide new include from genksyms (bsc#1196444). - kexec: clean up arch_kexec_kernel_verify_sig (bsc#1196444). - kexec: do not verify the signature without the lockdown or mandatory signature (bsc#1203737). - kexec: drop weak attribute from arch_kexec_apply_relocations[_add] (bsc#1196444). - kexec: drop weak attribute from functions (bsc#1196444). - kexec: drop weak attribute from functions (bsc#1196444). - kexec: KEYS: make the code in bzImage64_verify_sig generic (bsc#1196444). - kexec: KEYS: s390: Make use of built-in and secondary keyring for signature verification (bsc#1196444). - KVM: nVMX: Let userspace set nVMX MSR to any _host_ supported value (git-fixes). - KVM: x86: Mark TSS busy during LTR emulation _after_ all fault checks (git-fixes). - KVM: x86: Set error code to segment selector on LLDT/LTR non-canonical #GP (git-fixes). - md-raid10: fix KASAN warning (git-fixes). - md: call __md_stop_writes in md_stop (git-fixes). - md: unlock mddev before reap sync_thread in action_store (bsc#1197659). - mm: pagewalk: Fix race between unmap and page walker (git-fixes, bsc#1203159). - mm: proc: smaps_rollup: do not stall write attempts on mmap_lock (bsc#1201990). - mm: smaps*: extend smap_gather_stats to support specified beginning (bsc#1201990). - net: mana: Add rmb after checking owner bits (git-fixes). - net: mana: Add support of XDP_REDIRECT action (bug#1201310, jsc#PED-529). - net: mana: Add the Linux MANA PF driver (bug#1201309, jsc#PED-529). - NFS: Do not decrease the value of seq_nr_highest_sent (git-fixes). - NFS: Fix races in the legacy idmapper upcall (git-fixes). - NFS: Handle NFS4ERR_DELAY replies to OP_SEQUENCE correctly (git-fixes). - NFS: RECLAIM_COMPLETE must handle EACCES (git-fixes). - NFSD: Fix offset type in I/O trace points (git-fixes). - nvme-fabrics: parse nvme connect Linux error codes (bsc#1201865). - nvme-rdma: Handle number of queue changes (bsc#1201865). - nvme-tcp: fix UAF when detecting digest errors (bsc#1200313 bsc#1201489). - nvme-tcp: Handle number of queue changes (bsc#1201865). - nvmet: Expose max queues to configfs (bsc#1201865). - of: device: Fix up of_dma_configure_id() stub (git-fixes). - of: fdt: fix off-by-one error in unflatten_dt_nodes() (git-fixes). - pinctrl: rockchip: Enhance support for IRQ_TYPE_EDGE_BOTH (git-fixes). - platform/x86: acer-wmi: Acer Aspire One AOD270/Packard Bell Dot keymap fixes (git-fixes). - powerpc/drmem: Make lmb_size 64 bit (bsc#1203424 ltc#199544). - powerpc/memhotplug: Make lmb size 64bit (bsc#1203424 ltc#199544). - ppc64/kdump: Limit kdump base to 512MB (bsc#1203410 ltc#199904). - psi: Fix uaf issue when psi trigger is destroyed while being polled (bsc#1203909). - regulator: core: Clean up on enable failure (git-fixes). - s390/qeth: cache link_info for ethtool (bsc#1202984 LTC#199607). - s390/qeth: clean up default cases for ethtool link mode (bsc#1202984 LTC#199607). - s390/qeth: improve QUERY CARD INFO processing (bsc#1202984 LTC#199607). - s390/qeth: improve selection of ethtool link modes (bsc#1202984 LTC#199607). - s390/qeth: set static link info during initialization (bsc#1202984 LTC#199607). - s390/qeth: tolerate error when querying card info (bsc#1202984 LTC#199607). - s390/qeth: use QUERY OAT for initial link info (bsc#1202984 LTC#199607). - scsi: core: Fix bad pointer dereference when ehandler kthread is invalid (git-fixes). - scsi: lpfc: Add missing destroy_workqueue() in error path (bsc#1203939). - scsi: lpfc: Add missing free iocb and nlp kref put for early return VMID cases (bsc#1203939). - scsi: lpfc: Add reporting capability for Link Degrade Signaling (bsc#1203939). - scsi: lpfc: Fix FLOGI ACC with wrong SID in PT2PT topology (bsc#1203939). - scsi: lpfc: Fix mbuf pool resource detected as busy at driver unload (bsc#1203939). - scsi: lpfc: Fix multiple NVMe remoteport registration calls for the same NPort ID (bsc#1203939). - scsi: lpfc: Fix prli_fc4_req checks in PRLI handling (bsc#1203939). - scsi: lpfc: Fix various issues reported by tools (bsc#1203939). - scsi: lpfc: Move scsi_host_template outside dynamically allocated/freed phba (bsc#1185032 bsc#1203939). - scsi: lpfc: Remove the unneeded result variable (bsc#1203939). - scsi: lpfc: Remove unneeded result variable (bsc#1203939). - scsi: lpfc: Rename mp/bmp dma buffers to rq/rsp in lpfc_fdmi_cmd (bsc#1203939). - scsi: lpfc: Return DID_TRANSPORT_DISRUPTED instead of DID_REQUEUE (bsc#1203939). - scsi: lpfc: Rework FDMI attribute registration for unintential padding (bsc#1203939). - scsi: lpfc: Rework lpfc_fdmi_cmd() routine for cleanup and consistency (bsc#1203939). - scsi: lpfc: Update congestion mode logging for Emulex SAN Manager application (bsc#1203939). - scsi: lpfc: Update lpfc version to 14.2.0.7 (bsc#1203939). - scsi: mpt3sas: Fix use-after-free warning (git-fixes). - scsi: qla2xxx: Add debugfs create/delete helpers (bsc#1203935). - scsi: qla2xxx: Add NVMe parameters support in Auxiliary Image Status (bsc#1203935). - scsi: qla2xxx: Always wait for qlt_sess_work_fn() from qlt_stop_phase1() (bsc#1203935). - scsi: qla2xxx: Avoid flush_scheduled_work() usage (bsc#1203935). - scsi: qla2xxx: Disable ATIO interrupt coalesce for quad port ISP27XX (bsc#1203935). - scsi: qla2xxx: Drop DID_TARGET_FAILURE use (bsc#1203935). - scsi: qla2xxx: Fix memory leak in __qlt_24xx_handle_abts() (bsc#1203935). - scsi: qla2xxx: Fix response queue handler reading stale packets (bsc#1203935). - scsi: qla2xxx: Log message 'skipping scsi_scan_host()' as informational (bsc#1203935). - scsi: qla2xxx: Remove unused declarations for qla2xxx (bsc#1203935). - scsi: qla2xxx: Remove unused del_sess_list field (bsc#1203935). - scsi: qla2xxx: Remove unused qlt_tmr_work() (bsc#1203935). - scsi: qla2xxx: Revert 'scsi: qla2xxx: Fix response queue handler reading stale packets' (bsc#1203935). - scsi: qla2xxx: Update version to 10.02.07.900-k (bsc#1203935). - scsi: sg: Allow waiting for commands to complete on removed device (git-fixes). - scsi: smartpqi: Fix DMA direction for RAID requests (git-fixes). - scsi: smartpqi: Shorten drive visibility after removal (bsc#1200622). - scsi: smartpqi: Update LUN reset handler (bsc#1200622). - soc: brcmstb: pm-arm: Fix refcount leak and __iomem leak bugs (git-fixes). - squashfs: fix divide error in calculate_skip() (git-fixes). - struct ehci_hcd: hide new member (git-fixes). - struct otg_fsm: hide new boolean member in gap (git-fixes). - SUNRPC: Do not call connect() more than once on a TCP socket (git-fixes). - SUNRPC: Do not leak sockets in xs_local_connect() (git-fixes). - SUNRPC: fix expiry of auth creds (git-fixes). - SUNRPC: Fix misplaced barrier in call_decode (git-fixes). - SUNRPC: Partial revert of commit 6f9f17287e78 (git-fixes). - SUNRPC: Reinitialise the backchannel request buffers before reuse (git-fixes). - SUNRPC: RPC level errors should set task->tk_rpc_status (git-fixes). - svcrdma: Hold private mutex while invoking rdma_accept() (git-fixes). - tracing: hold caller_addr to hardirq_{enable,disable}_ip (git-fixes). - USB: Add ignore-residue quirk for NXP PN7462AU (git-fixes). - USB: cdc-acm: Add Icom PMR F3400 support (0c26:0020) (git-fixes). - USB: core: Fix RST error in hub.c (git-fixes). - USB: core: Prevent nested device-reset calls (git-fixes). - USB: dwc3: disable USB core PHY management (git-fixes). - USB: ehci: handshake CMD_RUN instead of STS_HALT (git-fixes). - USB: otg-fsm: Fix hrtimer list corruption (git-fixes). - USB: serial: ch341: fix disabled rx timer on older devices (git-fixes). - USB: serial: ch341: fix lost character on LCR updates (git-fixes). - USB: serial: ch341: name prescaler, divisor registers (git-fixes). - USB: serial: cp210x: add Decagon UCA device id (git-fixes). - USB: serial: ftdi_sio: add Omron CS1W-CIF31 device id (git-fixes). - USB: serial: option: add Quectel EM060K modem (git-fixes). - USB: serial: option: add support for Cinterion MV32-WA/WB RmNet mode (git-fixes). - USB: serial: option: add support for OPPO R11 diag port (git-fixes). - USB: storage: Add ASUS <0x0b05:0x1932> to IGNORE_UAS (git-fixes). - USB: struct usb_device: hide new member (git-fixes). - usbnet: Fix memory leak in usbnet_disconnect() (git-fixes). - vt: Clear selection before changing the font (git-fixes). - vt: selection, introduce vc_is_sel (git-fixes). - watchdog: wdat_wdt: Set the min and max timeout values properly (bsc#1194023). - wifi: iwlegacy: 4965: corrected fix for potential off-by-one overflow in il4965_rs_fill_link_cmd() (git-fixes). - x86/bugs: Reenable retbleed=off While for older kernels the return thunks are statically built in and cannot be dynamically patched out, retbleed=off should still work so that it can be disabled. - x86/kexec: fix memory leak of elf header buffer (bsc#1196444). - x86/xen: Remove undefined behavior in setup_features() (git-fixes). - xen/xenbus: fix return type in xenbus_file_read() (git-fixes). - xprtrdma: Fix cwnd update ordering (git-fixes). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3776-1 Released: Wed Oct 26 14:06:43 2022 Summary: Recommended update for permissions Type: recommended Severity: important References: 1203911,1204137 This update for permissions fixes the following issues: - Revert changes that replaced ping capabilities with ICMP_PROTO sockets. Older SUSE Linux Enterprise versions don't properly support ICMP_PROTO sockets feature yet (bsc#1204137) - Fix regression introduced by backport of security fix (bsc#1203911) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3784-1 Released: Wed Oct 26 18:03:28 2022 Summary: Security update for libtasn1 Type: security Severity: critical References: 1204690,CVE-2021-46848 This update for libtasn1 fixes the following issues: - CVE-2021-46848: Fixed off-by-one array size check that affects asn1_encode_simple_der (bsc#1204690) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3805-1 Released: Thu Oct 27 17:19:46 2022 Summary: Security update for dbus-1 Type: security Severity: important References: 1087072,1204111,1204112,1204113,CVE-2022-42010,CVE-2022-42011,CVE-2022-42012 This update for dbus-1 fixes the following issues: - CVE-2022-42010: Fixed potential crash that could be triggered by an invalid signature (bsc#1204111). - CVE-2022-42011: Fixed an out of bounds read caused by a fixed length array (bsc#1204112). - CVE-2022-42012: Fixed a use-after-free that could be trigged by a message in non-native endianness with out-of-band Unix file descriptor (bsc#1204113). Bugfixes: - Disable asserts (bsc#1087072). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3871-1 Released: Fri Nov 4 13:26:29 2022 Summary: Security update for libxml2 Type: security Severity: important References: 1201978,1204366,1204367,CVE-2016-3709,CVE-2022-40303,CVE-2022-40304 This update for libxml2 fixes the following issues: - CVE-2016-3709: Fixed possible XSS vulnerability (bsc#1201978). - CVE-2022-40303: Fixed integer overflows with XML_PARSE_HUGE (bsc#1204366). - CVE-2022-40304: Fixed dict corruption caused by entity reference cycles (bsc#1204367). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3900-1 Released: Tue Nov 8 10:47:55 2022 Summary: Recommended update for docker Type: recommended Severity: moderate References: 1200022 This update for docker fixes the following issues: - Fix a crash-on-start issue with dockerd (bsc#1200022) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3901-1 Released: Tue Nov 8 10:50:06 2022 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1180995,1203046 This update for openssl-1_1 fixes the following issues: - Default to RFC7919 groups when generating ECDH parameters using 'genpkey' or 'dhparam' in FIPS mode (bsc#1180995) - Fix memory leaks (bsc#1203046) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3904-1 Released: Tue Nov 8 10:52:13 2022 Summary: Recommended update for openssh Type: recommended Severity: moderate References: 1192439 This update for openssh fixes the following issue: - Prevent empty messages from being sent. (bsc#1192439) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3905-1 Released: Tue Nov 8 12:23:17 2022 Summary: Recommended update for aaa_base Type: recommended Severity: important References: 1196840,1199492,1199918,1199926,1199927 This update for aaa_base and iputils fixes the following issues: aaa_base: - Failures in ping for SUSE Linux Enterprise 15 and 15 SP1 due to sysctl setting for ping_group_range (bsc#1199926, bsc#1199927) - The wrapper rootsh is not a restricted shell (bsc#1199492) iputils: - Fix device binding on ping6 for ICMP datagram socket. (bsc#1196840, bsc#1199918, bsc#1199926, bsc#1199927) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3910-1 Released: Tue Nov 8 13:05:04 2022 Summary: Recommended update for pam Type: recommended Severity: moderate References: This update for pam fixes the following issue: - Update pam_motd to the most current version. (PED-1712) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3912-1 Released: Tue Nov 8 13:38:11 2022 Summary: Security update for expat Type: security Severity: important References: 1204708,CVE-2022-43680 This update for expat fixes the following issues: - CVE-2022-43680: Fixed use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate (bsc#1204708). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3917-1 Released: Tue Nov 8 16:41:28 2022 Summary: Recommended update for python-azure-agent Type: recommended Severity: moderate References: 1203164,1203181 This update for python-azure-agent fixes the following issues: - Properly set OS.EnableRDMA flag (bsc#1203181) - Update to version 2.8.0.11 (bsc#1203164) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3922-1 Released: Wed Nov 9 09:03:33 2022 Summary: Security update for protobuf Type: security Severity: important References: 1194530,1203681,1204256,CVE-2021-22569,CVE-2022-1941,CVE-2022-3171 This update for protobuf fixes the following issues: - CVE-2021-22569: Fixed Denial of Service in protobuf-java in the parsing procedure for binary data (bsc#1194530). - CVE-2022-1941: Fix a potential DoS issue in protobuf-cpp and protobuf-python (bsc#1203681) - CVE-2022-3171: Fix a potential DoS issue when parsing with binary data in protobuf-java (bsc#1204256) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3927-1 Released: Wed Nov 9 14:55:47 2022 Summary: Recommended update for runc Type: recommended Severity: moderate References: 1202021,1202821 This update for runc fixes the following issues: - Update to runc v1.1.4 (bsc#1202021) - Fix failed exec after systemctl daemon-reload (bsc#1202821) - Fix mounting via wrong proc - Fix 'permission denied' error from runc run on noexec filesystem ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3947-1 Released: Fri Nov 11 09:04:30 2022 Summary: Security update for xen Type: security Severity: important References: 1027519,1193923,1203806,1203807,1204482,1204485,1204487,1204488,1204489,1204490,1204494,1204496,CVE-2022-33746,CVE-2022-33747,CVE-2022-33748,CVE-2022-42309,CVE-2022-42310,CVE-2022-42311,CVE-2022-42312,CVE-2022-42313,CVE-2022-42314,CVE-2022-42315,CVE-2022-42316,CVE-2022-42317,CVE-2022-42318,CVE-2022-42319,CVE-2022-42320,CVE-2022-42321,CVE-2022-42322,CVE-2022-42323,CVE-2022-42325,CVE-2022-42326 This update for xen fixes the following issues: - CVE-2022-33746: Fixed DoS due to excessively long P2M pool freeing (bsc#1203806) - CVE-2022-33748: Fixed DoS due to race in locking (bsc#1203807) - CVE-2022-42311, CVE-2022-42312, CVE-2022-42313, CVE-2022-42314, CVE-2022-42315, CVE-2022-42316, CVE-2022-42317, CVE-2022-42318: xen: Xenstore: Guests can let xenstored run out of memory (bsc#1204482) - CVE-2022-42309: xen: Xenstore: Guests can crash xenstored (bsc#1204485) - CVE-2022-42310: xen: Xenstore: Guests can create orphaned Xenstore nodes (bsc#1204487) - CVE-2022-42319: xen: Xenstore: Guests can cause Xenstore to not free temporary memory (bsc#1204488) - CVE-2022-42320: xen: Xenstore: Guests can get access to Xenstore nodes of deleted domains (bsc#1204489) - CVE-2022-42321: xen: Xenstore: Guests can crash xenstored via exhausting the stack (bsc#1204490) - CVE-2022-42322,CVE-2022-42323: xen: Xenstore: cooperating guests can create arbitrary numbers of nodes (bsc#1204494) - CVE-2022-42325,CVE-2022-42326: xen: Xenstore: Guests can create arbitrary number of nodes via transactions (bsc#1204496) - xen: Frontends vulnerable to backends (bsc#1193923) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3955-1 Released: Fri Nov 11 12:24:27 2022 Summary: Security update for samba Type: security Severity: important References: 1200102,1202803,1202976,CVE-2022-1615,CVE-2022-32743 This update for samba fixes the following issues: - CVE-2022-1615: Fixed error handling in random number generation (bso#15103)(bsc#1202976). - CVE-2022-32743: Implement validated dnsHostName write rights (bso#14833)(bsc#1202803). Bugfixes: - Fixed use after free when iterating smbd_server_connection->connections after tree disconnect failure (bso#15128)(bsc#1200102). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3961-1 Released: Mon Nov 14 07:33:50 2022 Summary: Recommended update for zlib Type: recommended Severity: important References: 1203652 This update for zlib fixes the following issues: - Fix updating strm.adler with inflate() if DFLTCC is used (bsc#1203652) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3973-1 Released: Mon Nov 14 15:38:25 2022 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1201959,1204211 This update for util-linux fixes the following issues: - Fix file conflict during upgrade (bsc#1204211) - libuuid improvements (bsc#1201959, PED-1150): libuuid: Fix range when parsing UUIDs. Improve cache handling for short running applications-increment the cache size over runtime. Implement continuous clock handling for time based UUIDs. Check clock value from clock file to provide seamless libuuid. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3985-1 Released: Tue Nov 15 12:54:11 2022 Summary: Recommended update for python-apipkg Type: recommended Severity: moderate References: 1204145 This update fixes for python3-apipkg the following issues: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3991-1 Released: Tue Nov 15 13:54:13 2022 Summary: Security update for dhcp Type: security Severity: moderate References: 1203988,1203989,CVE-2022-2928,CVE-2022-2929 This update for dhcp fixes the following issues: - CVE-2022-2928: Fixed an option refcount overflow (bsc#1203988). - CVE-2022-2929: Fixed a DHCP memory leak (bsc#1203989). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4020-1 Released: Wed Nov 16 15:45:13 2022 Summary: Recommended update for nfs-utils Type: recommended Severity: moderate References: 1199856,1202627 This update for nfs-utils fixes the following issues: - Fix nfsdcltrack bug that affected non-x86 archs (bsc#1202627) - Ensure sysctl setting work (bsc#1199856) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4044-1 Released: Thu Nov 17 09:07:24 2022 Summary: Security update for python-cryptography, python-cryptography-vectors Type: security Severity: important References: 1101820,1149792,1176785,1177083,CVE-2018-10903 This update for python-cryptography, python-cryptography-vectors fixes the following issues: - Update in SLE-15 (bsc#1177083, jsc#PM-2730, jsc#SLE-18312) - Refresh patches for new version - Update in SLE-15 (bsc#1176785, jsc#ECO-3105, jsc#PM-2352) - update to 2.9.2 * 2.9.2 - 2020-04-22 - Updated the macOS wheel to fix an issue where it would not run on macOS versions older than 10.15. * 2.9.1 - 2020-04-21 - Updated Windows, macOS, and manylinux wheels to be compiled with OpenSSL 1.1.1g. * 2.9 - 2020-04-02 - BACKWARDS INCOMPATIBLE: Support for Python 3.4 has been removed due to low usage and maintenance burden. - BACKWARDS INCOMPATIBLE: Support for OpenSSL 1.0.1 has been removed. Users on older version of OpenSSL will need to upgrade. - BACKWARDS INCOMPATIBLE: Support for LibreSSL 2.6.x has been removed. - Removed support for calling public_bytes() with no arguments, as per our deprecation policy. You must now pass encoding and format. - BACKWARDS INCOMPATIBLE: Reversed the order in which rfc4514_string() returns the RDNs as required by RFC 4514. - Updated Windows, macOS, and manylinux wheels to be compiled with OpenSSL 1.1.1f. - Added support for parsing single_extensions in an OCSP response. - NameAttribute values can now be empty strings. - Add openSSL_111d.patch to make this version of the package compatible with OpenSSL 1.1.1d, thus fixing bsc#1149792. - bsc#1101820 CVE-2018-10903 GCM tag forgery via truncated tag in finalize_with_tag API - Update in SLE-15 (bsc#1177083, jsc#PM-2730, jsc#SLE-18312) - Include in SLE-15 (bsc#1176785, jsc#ECO-3105, jsc#PM-2352) - update to 2.9.2: * updated vectors for the cryptography 2.9.2 testing ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4053-1 Released: Thu Nov 17 15:35:55 2022 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1032323,1065729,1152489,1198702,1200465,1200788,1201725,1202638,1202686,1202700,1203066,1203098,1203387,1203391,1203496,1203802,1204053,1204166,1204168,1204354,1204355,1204382,1204402,1204415,1204417,1204431,1204439,1204470,1204479,1204574,1204575,1204619,1204635,1204637,1204646,1204647,1204653,1204728,1204753,1204754,CVE-2021-4037,CVE-2022-2153,CVE-2022-2964,CVE-2022-2978,CVE-2022-3176,CVE-2022-3424,CVE-2022-3521,CVE-2022-3524,CVE-2022-3535,CVE-2022-3542,CVE-2022-3545,CVE-2022-3565,CVE-2022-3577,CVE-2022-3586,CVE-2022-3594,CVE-2022-3621,CVE-2022-3625,CVE-2022-3629,CVE-2022-3640,CVE-2022-3646,CVE-2022-3649,CVE-2022-39189,CVE-2022-42703,CVE-2022-43750 The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2021-4037: Fixed function logic vulnerability that allowed local users to create files for the XFS file-system with an unintended group ownership and with group execution and SGID permission bits set (bnc#1198702). - CVE-2022-2153: Fixed vulnerability in KVM that could allow an unprivileged local attacker on the host to cause DoS (bnc#1200788). - CVE-2022-2964: Fixed memory corruption issues in ax88179_178a devices (bnc#1202686). - CVE-2022-2978: Fixed use-after-free in the NILFS file system that could lead to local privilege escalation or DoS (bnc#1202700). - CVE-2022-3176: Fixed use-after-free in io_uring when using POLLFREE (bnc#1203391). - CVE-2022-3424: Fixed use-after-free in gru_set_context_option(), gru_fault() and gru_handle_user_call_os() that could lead to kernel panic (bsc#1204166). - CVE-2022-3521: Fixed race condition in kcm_tx_work() in net/kcm/kcmsock.c (bnc#1204355). - CVE-2022-3524: Fixed memory leak in ipv6_renew_options() in the IPv6 handler (bnc#1204354). - CVE-2022-3535: Fixed memory leak in mvpp2_dbgfs_port_init() in drivers/net/ethernet/marvell/mvpp2/mvpp2_debugfs.c (bnc#1204417). - CVE-2022-3542: Fixed memory leak in bnx2x_tpa_stop() in drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.c (bnc#1204402). - CVE-2022-3545: Fixed use-after-free in area_cache_get() in drivers/net/ethernet/netronome/nfp/nfpcore/nfp_cppcore.c (bnc#1204415). - CVE-2022-3565: Fixed use-after-free in del_timer() in drivers/isdn/mISDN/l1oip_core.c (bnc#1204431). - CVE-2022-3577: Fixed out-of-bounds memory write flaw in bigben device driver that could lead to local privilege escalation or DoS (bnc#1204470). - CVE-2022-3586: Fixed use-after-free in socket buffer (SKB) that could allow a local unprivileged user to cause a denial of service (bnc#1204439). - CVE-2022-3594: Fixed excessive data logging in intr_callback() in drivers/net/usb/r8152.c (bnc#1204479). - CVE-2022-3621: Fixed null pointer dereference in nilfs_bmap_lookup_at_level() in fs/nilfs2/inode.c (bnc#1204574). - CVE-2022-3625: Fixed use-after-free in devlink_param_set()/devlink_param_get() in net/core/devlink.c (bnc#1204637). - CVE-2022-3629: Fixed memory leak in vsock_connect() in net/vmw_vsock/af_vsock.c (bnc#1204635). - CVE-2022-3640: Fixed use-after-free in l2cap_conn_del() in net/bluetooth/l2cap_core.c (bnc#1204619). - CVE-2022-3646: Fixed memory leak in nilfs_attach_log_writer() in fs/nilfs2/segment.c (bnc#1204646). - CVE-2022-3649: Fixed use-after-free in nilfs_new_inode() in fs/nilfs2/inode.c (bnc#1204647). - CVE-2022-39189: Fixed a flaw in the x86 KVM subsystem that could allow unprivileged guest users to compromise the guest kernel via TLB flush operations on preempted vCPU (bnc#1203066). - CVE-2022-42703: Fixed use-after-free in mm/rmap.c related to leaf anon_vma double reuse (bnc#1204168). - CVE-2022-43750: Fixed vulnerability in usbmon that allowed a user-space client to corrupt the monitor's internal memory (bnc#1204653). The following non-security bugs were fixed: - ACPI: APEI: do not add task_work to kernel thread to avoid memory leak (git-fixes). - ACPI: HMAT: Release platform device in case of platform_device_add_data() fails (git-fixes). - ACPI: extlog: Handle multiple records (git-fixes). - ACPI: processor idle: Practically limit 'Dummy wait' workaround to old Intel systems (bnc#1203802). - ACPI: video: Add Toshiba Satellite/Portege Z830 quirk (git-fixes). - ALSA: Use del_timer_sync() before freeing timer (git-fixes). - ALSA: ac97: fix possible memory leak in snd_ac97_dev_register() (git-fixes). - ALSA: aoa: Fix I2S device accounting (git-fixes). - ALSA: aoa: i2sbus: fix possible memory leak in i2sbus_add_dev() (git-fixes). - ALSA: asihpi - Remove useless code in hpi_meter_get_peak() (git-fixes). - ALSA: au88x0: use explicitly signed char (git-fixes). - ALSA: dmaengine: increment buffer pointer atomically (git-fixes). - ALSA: hda/hdmi: Do not skip notification handling during PM operation (git-fixes). - ALSA: hda/realtek: Add Intel Reference SSID to support headset keys (git-fixes). - ALSA: hda/realtek: Add pincfg for ASUS G513 HP jack (git-fixes). - ALSA: hda/realtek: Add pincfg for ASUS G533Z HP jack (git-fixes). - ALSA: hda/realtek: Add quirk for ASUS GA503R laptop (git-fixes). - ALSA: hda/realtek: Add quirk for ASUS GV601R laptop (git-fixes). - ALSA: hda/realtek: Add quirk for Huawei WRT-WX9 (git-fixes). - ALSA: hda/realtek: Correct pin configs for ASUS G533Z (git-fixes). - ALSA: hda/realtek: Enable 4-speaker output Dell Precision 5530 laptop (git-fixes). - ALSA: hda/realtek: remove ALC289_FIXUP_DUAL_SPK for Dell 5530 (git-fixes). - ALSA: hda/sigmatel: Fix unused variable warning for beep power change (git-fixes). - ALSA: hda/sigmatel: Keep power up while beep is enabled (git-fixes). - ALSA: hda/tegra: Align BDL entry to 4KB boundary (git-fixes). - ALSA: hda: Fix position reporting on Poulsbo (git-fixes). - ALSA: hda: add Intel 5 Series / 3400 PCI DID (git-fixes). - ALSA: oss: Fix potential deadlock at unregistration (git-fixes). - ALSA: rawmidi: Drop register_mutex in snd_rawmidi_free() (git-fixes). - ALSA: rme9652: use explicitly signed char (git-fixes). - ALSA: usb-audio: Fix NULL dererence at error path (git-fixes). - ALSA: usb-audio: Fix potential memory leaks (git-fixes). - ASoC: eureka-tlv320: Hold reference returned from of_find_xxx API (git-fixes). - ASoC: fsl_sai: Remove unnecessary FIFO reset in ISR (git-fixes). - ASoC: mt6660: Fix PM disable depth imbalance in mt6660_i2c_probe (git-fixes). - ASoC: nau8824: Fix semaphore unbalance at error paths (git-fixes). - ASoC: rsnd: Add check for rsnd_mod_power_on (git-fixes). - ASoC: tas2770: Reinit regcache on reset (git-fixes). - ASoC: wcd9335: fix order of Slimbus unprepare/disable (git-fixes). - ASoC: wcd934x: fix order of Slimbus unprepare/disable (git-fixes). - ASoC: wm5102: Fix PM disable depth imbalance in wm5102_probe (git-fixes). - ASoC: wm5110: Fix PM disable depth imbalance in wm5110_probe (git-fixes). - ASoC: wm8997: Fix PM disable depth imbalance in wm8997_probe (git-fixes). - Bluetooth: L2CAP: Fix user-after-free (git-fixes). - Bluetooth: L2CAP: initialize delayed works at l2cap_chan_create() (git-fixes). - Bluetooth: hci_core: Fix not handling link timeouts propertly (git-fixes). - Bluetooth: hci_sysfs: Fix attempting to call device_add multiple times (git-fixes). - HID: hidraw: fix memory leak in hidraw_release() (git-fixes). - HID: magicmouse: Do not set BTN_MOUSE on double report (git-fixes). - HID: multitouch: Add memory barriers (git-fixes). - HID: roccat: Fix use-after-free in roccat_read() (git-fixes). - HSI: omap_ssi: Fix refcount leak in ssi_probe (git-fixes). - HSI: omap_ssi_port: Fix dma_map_sg error check (git-fixes). - IB/cm: Cancel mad on the DREQ event when the state is MRA_REP_RCVD (git-fixes) - IB/cma: Allow XRC INI QPs to set their local ACK timeout (git-fixes) - IB/core: Only update PKEY and GID caches on respective events (git-fixes) - IB/hfi1: Adjust pkey entry in index 0 (git-fixes) - IB/hfi1: Fix abba locking issue with sc_disable() (git-fixes) - IB/hfi1: Fix possible null-pointer dereference in _extend_sdma_tx_descs() (git-fixes) - IB/mlx4: Add support for REJ due to timeout (git-fixes) - IB/mlx4: Use port iterator and validation APIs (git-fixes) - IB/qib: Protect from buffer overflow in struct qib_user_sdma_pkt fields (git-fixes) - IB/rdmavt: Add __init/__exit annotations to module init/exit funcs (git-fixes) - IB/srpt: Remove redundant assignment to ret (git-fixes) - Input: i8042 - fix refount leak on sparc (git-fixes). - Input: xpad - add supported devices as contributed on github (git-fixes). - Input: xpad - fix wireless 360 controller breaking after suspend (git-fixes). - KVM: nVMX: Unconditionally purge queued/injected events on nested 'exit' (git-fixes). - KVM: s390: Clarify SIGP orders versus STOP/RESTART (git-fixes). - KVM: s390: VSIE: fix MVPG handling for prefixing and MSO (git-fixes). - KVM: s390: clear kicked_mask before sleeping again (git-fixes). - KVM: s390: preserve deliverable_mask in __airqs_kick_single_vcpu (git-fixes). - KVM: s390: pv: do not present the ecall interrupt twice (git-fixes). - KVM: s390: split kvm_s390_real_to_abs (git-fixes). - KVM: s390x: fix SCK locking (git-fixes). - KVM: x86/emulator: Fix handing of POP SS to correctly set interruptibility (git-fixes). - PCI: Dynamically map ECAM regions (bsc#1204382). - PCI: Fix used_buses calculation in pci_scan_child_bus_extend() (git-fixes). - PCI: Sanitise firmware BAR assignments behind a PCI-PCI bridge (git-fixes). - PM: domains: Fix handling of unavailable/disabled idle states (git-fixes). - PM: hibernate: Allow hybrid sleep to work with s2idle (git-fixes). - RDMA/bnxt_re: Add missing spin lock initialization (git-fixes) - RDMA/bnxt_re: Fix query SRQ failure (git-fixes) - RDMA/cm: Fix memory leak in ib_cm_insert_listen (git-fixes) - RDMA/cma: Ensure rdma_addr_cancel() happens before issuing more requests (git-fixes) - RDMA/cma: Fix arguments order in net device validation (git-fixes) - RDMA/core: Sanitize WQ state received from the userspace (git-fixes) - RDMA/cxgb4: Remove MW support (git-fixes) - RDMA/efa: Free IRQ vectors on error flow (git-fixes) - RDMA/efa: Remove double QP type assignment (git-fixes) - RDMA/efa: Use ib_umem_num_dma_pages() (git-fixes) - RDMA/hfi1: Fix potential integer multiplication overflow errors (git-fixes) - RDMA/hns: Remove unnecessary check for the sgid_attr when modifying QP (git-fixes) - RDMA/i40iw: Use ib_umem_num_dma_pages() (git-fixes) - RDMA/iwcm: Release resources if iw_cm module initialization fails (git-fixes) - RDMA/mlx4: Return missed an error if device does not support steering (git-fixes) - RDMA/mlx5: Add missing check for return value in get namespace flow (git-fixes) - RDMA/mlx5: Block FDB rules when not in switchdev mode (git-fixes) - RDMA/mlx5: Fix memory leak in error flow for subscribe event routine (git-fixes) - RDMA/mlx5: Make mkeys always owned by the kernel's PD when not enabled (git-fixes) - RDMA/mlx5: Set user priority for DCT (git-fixes) - RDMA/mlx5: Use set_mkc_access_pd_addr_fields() in reg_create() (git-fixes) - RDMA/qedr: Fix NULL deref for query_qp on the GSI QP (git-fixes) - RDMA/qedr: Fix potential memory leak in __qedr_alloc_mr() (git-fixes) - RDMA/qedr: Fix reporting QP timeout attribute (git-fixes) - RDMA/qib: Remove superfluous fallthrough statements (git-fixes) - RDMA/rtrs-srv: Pass the correct number of entries for dma mapped SGL (git-fixes) - RDMA/rxe: Do not overwrite errno from ib_umem_get() (git-fixes) - RDMA/rxe: Fix 'kernel NULL pointer dereference' error (git-fixes) - RDMA/rxe: Fix error unwind in rxe_create_qp() (git-fixes) - RDMA/rxe: Fix extra copies in build_rdma_network_hdr (git-fixes) - RDMA/rxe: Fix extra copy in prepare_ack_packet (git-fixes) - RDMA/rxe: Fix failure during driver load (git-fixes) - RDMA/rxe: Fix over copying in get_srq_wqe (git-fixes) - RDMA/rxe: Fix redundant call to ip_send_check (git-fixes) - RDMA/rxe: Fix redundant skb_put_zero (git-fixes) - RDMA/rxe: Fix rnr retry behavior (git-fixes) - RDMA/rxe: Fix the error caused by qp->sk (git-fixes) - RDMA/rxe: Fix wrong port_cap_flags (git-fixes) - RDMA/rxe: Generate a completion for unsupported/invalid opcode (git-fixes) - RDMA/rxe: Remove unused pkt->offset (git-fixes) - RDMA/rxe: Return CQE error if invalid lkey was supplied (git-fixes) - RDMA/sa_query: Use strscpy_pad instead of memcpy to copy a string (git-fixes) - RDMA/siw: Always consume all skbuf data in sk_data_ready() upcall. (git-fixes) - RDMA/siw: Fix a condition race issue in MPA request processing (git-fixes) - RDMA/siw: Fix duplicated reported IW_CM_EVENT_CONNECT_REPLY event (git-fixes) - RDMA/siw: Pass a pointer to virt_to_page() (git-fixes) - RDMA/usnic: fix set-but-not-unused variable 'flags' warning (git-fixes) - RDMA: Verify port when creating flow rule (git-fixes) - RDMA: remove useless condition in siw_create_cq() (git-fixes) - RDMa/mthca: Work around -Wenum-conversion warning (git-fixes) - Revert 'drivers/video/backlight/platform_lcd.c: add support for (bsc#1152489) - Revert 'drm: bridge: analogix/dp: add panel prepare/unprepare in suspend/resume time' (git-fixes). - Revert 'usb: add quirks for Lenovo OneLink+ Dock' (git-fixes). - Revert 'usb: storage: Add quirk for Samsung Fit flash' (git-fixes). - Revert 'usb: storage: Add quirk for Samsung Fit flash' (git-fixes). - USB: serial: console: move mutex_unlock() before usb_serial_put() (git-fixes). - USB: serial: ftdi_sio: fix 300 bps rate for SIO (git-fixes). - USB: serial: option: add Quectel BG95 0x0203 composition (git-fixes). - USB: serial: option: add Quectel BG95 0x0203 composition (git-fixes). - USB: serial: option: add Quectel RM520N (git-fixes). - USB: serial: option: add Quectel RM520N (git-fixes). - USB: serial: qcserial: add new usb-id for Dell branded EM7455 (git-fixes). - USB: serial: qcserial: add new usb-id for Dell branded EM7455 (git-fixes). - arm64: assembler: add cond_yield macro (git-fixes) - ata: fix ata_id_has_devslp() (git-fixes). - ata: fix ata_id_has_dipm() (git-fixes). - ata: fix ata_id_has_ncq_autosense() (git-fixes). - ata: fix ata_id_sense_reporting_enabled() and ata_id_has_sense_reporting() (git-fixes). - ata: libahci_platform: Sanity check the DT child nodes number (git-fixes). - can: bcm: check the result of can_send() in bcm_can_tx() (git-fixes). - can: gs_usb: gs_can_open(): fix race dev->can.state condition (git-fixes). - can: kvaser_usb: Fix possible completions during init_completion (git-fixes). - can: kvaser_usb: Fix use of uninitialized completion (git-fixes). - can: kvaser_usb_leaf: Fix CAN state after restart (git-fixes). - can: kvaser_usb_leaf: Fix TX queue out of sync after restart (git-fixes). - can: mscan: mpc5xxx: mpc5xxx_can_probe(): add missing put_clock() in error path (git-fixes). - cgroup/cpuset: Enable update_tasks_cpumask() on top_cpuset (bsc#1204753). - clk: bcm2835: Make peripheral PLLC critical (git-fixes). - clk: bcm2835: fix bcm2835_clock_rate_from_divisor declaration (git-fixes). - clk: berlin: Add of_node_put() for of_get_parent() (git-fixes). - clk: imx: imx6sx: remove the SET_RATE_PARENT flag for QSPI clocks (git-fixes). - clk: iproc: Do not rely on node name for correct PLL setup (git-fixes). - clk: mediatek: mt8183: mfgcfg: Propagate rate changes to parent (git-fixes). - clk: oxnas: Hold reference returned by of_get_parent() (git-fixes). - clk: qcom: gcc-msm8916: use ARRAY_SIZE instead of specifying num_parents (git-fixes). - clk: qoriq: Hold reference returned by of_get_parent() (git-fixes). - clk: tegra20: Fix refcount leak in tegra20_clock_init (git-fixes). - clk: tegra: Fix refcount leak in tegra114_clock_init (git-fixes). - clk: tegra: Fix refcount leak in tegra210_clock_init (git-fixes). - clk: ti: dra7-atl: Fix reference leak in of_dra7_atl_clk_probe (git-fixes). - clk: zynqmp: Fix stack-out-of-bounds in strncpy` (git-fixes). - clk: zynqmp: pll: rectify rate rounding in zynqmp_pll_round_rate (git-fixes). - crypto: akcipher - default implementation for setting a private key (git-fixes). - crypto: arm64/sha - fix function types (git-fixes) - crypto: arm64/sha1-ce - simplify NEON yield (git-fixes) - crypto: arm64/sha2-ce - simplify NEON yield (git-fixes) - crypto: arm64/sha3-ce - simplify NEON yield (git-fixes) - crypto: arm64/sha512-ce - simplify NEON yield (git-fixes) - crypto: cavium - prevent integer overflow loading firmware (git-fixes). - crypto: ccp - Release dma channels before dmaengine unrgister (git-fixes). - crypto: hisilicon/zip - fix mismatch in get/set sgl_sge_nr (git-fixes). - device property: Fix documentation for *_match_string() APIs (git-fixes). - dmaengine: ioat: stop mod_timer from resurrecting deleted timer in __cleanup() (git-fixes). - dmaengine: xilinx_dma: Report error in case of dma_set_mask_and_coherent API failure (git-fixes). - dmaengine: xilinx_dma: cleanup for fetching xlnx,num-fstores property (git-fixes). - docs: update mediator information in CoC docs (git-fixes). - drivers: serial: jsm: fix some leaks in probe (git-fixes). - drm/amd/display: Limit user regamma to a valid value (git-fixes). - drm/amdgpu: do not register a dirty callback for non-atomic (git-fixes). - drm/amdgpu: fix initial connector audio value (git-fixes). - drm/amdgpu: use dirty framebuffer helper (git-fixes). - drm/bridge: Avoid uninitialized variable warning (git-fixes). - drm/bridge: megachips: Fix a null pointer dereference bug (git-fixes). - drm/bridge: parade-ps8640: Fix regulator supply order (git-fixes). - drm/i915/gvt: fix a memory leak in intel_gvt_init_vgpu_types (git-fixes). - drm/mipi-dsi: Detach devices when removing the host (git-fixes). - drm/msm/dpu: Fix comment typo (git-fixes). - drm/msm/dpu: index dpu_kms->hw_vbif using vbif_idx (git-fixes). - drm/msm/dsi: fix memory corruption with too many bridges (git-fixes). - drm/msm/hdmi: fix memory corruption with too many bridges (git-fixes). - drm/msm: Fix return type of mdp4_lvds_connector_mode_valid (git-fixes). - drm/msm: Make .remove and .shutdown HW shutdown consistent (git-fixes). - drm/nouveau/nouveau_bo: fix potential memory leak in nouveau_bo_alloc() (git-fixes). - drm/nouveau: fix a use-after-free in nouveau_gem_prime_import_sg_table() (git-fixes). - drm/omap: dss: Fix refcount leak bugs (git-fixes). - drm/rockchip: Fix return type of cdn_dp_connector_mode_valid (git-fixes). - drm/scheduler: quieten kernel-doc warnings (git-fixes). - drm/udl: Restore display mode on resume (git-fixes). - drm: Prevent drm_copy_field() to attempt copying a NULL pointer (git-fixes). - drm: Use size_t type for len variable in drm_copy_field() (git-fixes). - drm: bridge: adv7511: fix CEC power down control register offset (git-fixes). - drm: fix drm_mipi_dbi build errors (git-fixes). - drm: panel-orientation-quirks: Add quirk for Anbernic Win600 (git-fixes). - drm:pl111: Add of_node_put() when breaking out of for_each_available_child_of_node() (git-fixes). - dyndbg: fix module.dyndbg handling (git-fixes). - dyndbg: let query-modname override actual module name (git-fixes). - efi: Correct Macmini DMI match in uefi cert quirk (git-fixes). - efi: libstub: drop pointless get_memory_map() call (git-fixes). - exfat: Return ENAMETOOLONG consistently for oversized paths (bsc#1204053 bsc#1201725). - fbdev: cyber2000fb: fix missing pci_disable_device() (git-fixes). - fbdev: da8xx-fb: Fix error handling in .remove() (git-fixes). - firmware: arm_scmi: Add SCMI PM driver remove routine (git-fixes). - firmware: google: Test spinlock on panic path to avoid lockups (git-fixes). - fpga: prevent integer overflow in dfl_feature_ioctl_set_irq() (git-fixes). - gpio: rockchip: request GPIO mux to pinctrl when setting direction (git-fixes). - hid: hid-logitech-hidpp: avoid unnecessary assignments in hidpp_connect_event (git-fixes). - hwmon/coretemp: Handle large core ID value (git-fixes). - iio: ABI: Fix wrong format of differential capacitance channel ABI (git-fixes). - iio: adc: ad7923: fix channel readings for some variants (git-fixes). - iio: adc: at91-sama5d2_adc: check return status for pressure and touch (git-fixes). - iio: adc: at91-sama5d2_adc: fix AT91_SAMA5D2_MR_TRACKTIM_MAX (git-fixes). - iio: adc: at91-sama5d2_adc: lock around oversampling and sample freq (git-fixes). - iio: adc: mcp3911: use correct id bits (git-fixes). - iio: dac: ad5593r: Fix i2c read protocol requirements (git-fixes). - iio: inkern: only release the device node when done with it (git-fixes). - iio: light: tsl2583: Fix module unloading (git-fixes). - iio: pressure: dps310: Refactor startup procedure (git-fixes). - iio: pressure: dps310: Reset chip after timeout (git-fixes). - irqchip/ls-extirq: Fix invalid wait context by avoiding to use regmap (git-fixes). - kABI: arm64/crypto/sha512 Preserve function signature (git-fixes). - kbuild: Add skip_encoding_btf_enum64 option to pahole (git-fixes). - kbuild: remove the target in signal traps when interrupted (git-fixes). - kbuild: sink stdout from cmd for silent build (git-fixes). - kbuild: skip per-CPU BTF generation for pahole v1.18-v1.21 (jsc#SLE-24559). - kthread: Extract KTHREAD_IS_PER_CPU (bsc#1204753). - lib/sg_pool: change module_init(sg_pool_init) to subsys_initcall (git-fixes). - libata: add ATA_HORKAGE_NOLPM for Pioneer BDR-207M and BDR-205 (git-fixes). - locking/csd_lock: Change csdlock_debug from early_param to __setup (git-fixes). - mISDN: fix use-after-free bugs in l1oip timer handlers (git-fixes). - mISDN: hfcpci: Fix use-after-free bug in hfcpci_softirq (git-fixes). - mac802154: Fix LQI recording (git-fixes). - mailbox: bcm-ferxrm-mailbox: Fix error check for dma_map_sg (git-fixes). - media: aspeed-video: ignore interrupts that are not enabled (git-fixes). - media: cedrus: Set the platform driver data earlier (git-fixes). - media: coda: Add more H264 levels for CODA960 (git-fixes). - media: coda: Fix reported H264 profile (git-fixes). - media: cx88: Fix a null-ptr-deref bug in buffer_prepare() (git-fixes). - media: dvb_vb2: fix possible out of bound access (git-fixes). - media: v4l2-dv-timings: add sanity checks for blanking values (git-fixes). - media: videodev2.h: V4L2_DV_BT_BLANKING_HEIGHT should check 'interlaced' (git-fixes). - media: xilinx: vipp: Fix refcount leak in xvip_graph_dma_init (git-fixes). - memory: of: Fix refcount leak bug in of_get_ddr_timings() (git-fixes). - memory: pl353-smc: Fix refcount leak bug in pl353_smc_probe() (git-fixes). - mfd: fsl-imx25: Fix an error handling path in mx25_tsadc_setup_irq() (git-fixes). - mfd: intel_soc_pmic: Fix an error handling path in intel_soc_pmic_i2c_probe() (git-fixes). - mfd: lp8788: Fix an error handling path in lp8788_irq_init() and lp8788_irq_init() (git-fixes). - mfd: lp8788: Fix an error handling path in lp8788_probe() (git-fixes). - mfd: sm501: Add check for platform_driver_register() (git-fixes). - misc: ocxl: fix possible refcount leak in afu_ioctl() (git-fixes). - mm, memcg: avoid stale protection values when cgroup is above protection (bsc#1204754). - mm/hugetlb: fix races when looking up a CONT-PTE/PMD size hugetlb page (bsc#1204575). - mm: memcontrol: fix occasional OOMs due to proportional memory.low reclaim (bsc#1204754). - mmc: au1xmmc: Fix an error handling path in au1xmmc_probe() (git-fixes). - mmc: core: Fix kernel panic when remove non-standard SDIO card (git-fixes). - mmc: core: Replace with already defined values for readability (git-fixes). - mmc: core: Terminate infinite loop in SD-UHS voltage switch (git-fixes). - mmc: moxart: fix 4-bit bus width and remove 8-bit bus width (git-fixes). - mmc: sdhci-msm: add compatible string check for sdm670 (git-fixes). - mmc: sdhci-sprd: Fix minimum clock limit (git-fixes). - mmc: wmt-sdmmc: Fix an error handling path in wmt_mci_probe() (git-fixes). - mtd: devices: docg3: check the return value of devm_ioremap() in the probe (git-fixes). - mtd: rawnand: atmel: Unmap streaming DMA mappings (git-fixes). - mtd: rawnand: marvell: Use correct logic for nand-keep-config (git-fixes). - mtd: rawnand: meson: fix bit map use in meson_nfc_ecc_correct() (git-fixes). - net/ieee802154: fix uninit value bug in dgram_sendmsg (git-fixes). - net: ieee802154: return -EINVAL for unknown addr type (git-fixes). - net: usb: qmi_wwan: Add new usb-id for Dell branded EM7455 (git-fixes). - net: usb: qmi_wwan: Add new usb-id for Dell branded EM7455 (git-fixes). - net: usb: qmi_wwan: add Quectel RM520N (git-fixes). - openvswitch: Fix double reporting of drops in dropwatch (git-fixes). - openvswitch: Fix overreporting of drops in dropwatch (git-fixes). - openvswitch: switch from WARN to pr_warn (git-fixes). - padata: introduce internal padata_get/put_pd() helpers (bsc#1202638). - padata: make padata_free_shell() to respect pd's ->refcnt (bsc#1202638). - parisc/sticon: fix reverse colors (bsc#1152489) Backporting notes: * context changes - parisc: parisc-agp requires SBA IOMMU driver (bsc#1152489) - phy: qualcomm: call clk_disable_unprepare in the error handling (git-fixes). - pinctrl: armada-37xx: Add missing GPIO-only pins (git-fixes). - pinctrl: armada-37xx: Checks for errors in gpio_request_enable callback (git-fixes). - pinctrl: armada-37xx: Fix definitions for MPP pins 20-22 (git-fixes). - pinctrl: rockchip: add pinmux_ops.gpio_set_direction callback (git-fixes). - platform/x86: msi-laptop: Change DMI match / alias strings to fix module autoloading (git-fixes). - platform/x86: msi-laptop: Fix old-ec check for backlight registering (git-fixes). - platform/x86: msi-laptop: Fix resource cleanup (git-fixes). - power: supply: adp5061: fix out-of-bounds read in adp5061_get_chg_type() (git-fixes). - powerpc/64: Remove unused SYS_CALL_TABLE symbol (jsc#SLE-9246 git-fixes). - powerpc/fadump: align destination address to pagesize (bsc#1204728 ltc#200074). - powerpc/kprobes: Fix null pointer reference in arch_prepare_kprobe() (jsc#SLE-13847 git-fixes). - powerpc/mm/64s: Drop pgd_huge() (bsc#1065729). - powerpc/mm: remove pmd_huge/pud_huge stubs and include hugetlb.h (bsc#1065729). - powerpc/pci_dn: Add missing of_node_put() (bsc#1065729). - powerpc/powernv: add missing of_node_put() in opal_export_attrs() (bsc#1065729). - powerpc/pseries: Interface to represent PAPR firmware attributes (bsc#1200465 ltc#197256 jsc#PED-1931). - quota: widen timestamps for the fs_disk_quota structure (bsc#1203387). - regulator: pfuze100: Fix the global-out-of-bounds access in pfuze100_regulator_probe() (git-fixes). - regulator: qcom_rpm: Fix circular deferral regression (git-fixes). - reset: imx7: Fix the iMX8MP PCIe PHY PERST support (git-fixes). - rpmsg: qcom: glink: replace strncpy() with strscpy_pad() (git-fixes). - rtc: stmp3xxx: Add failure handling for stmp3xxx_wdt_register() (git-fixes). - s390/hypfs: avoid error message under KVM (bsc#1032323). - sbitmap: Avoid leaving waitqueue in invalid state in __sbq_wake_up() (git-fixes). - sbitmap: fix possible io hung due to lost wakeup (git-fixes). - scsi: libsas: Fix use-after-free bug in smp_execute_task_sg() (git-fixes). - scsi: mpt3sas: Fix return value check of dma_get_required_mask() (git-fixes). - scsi: qla2xxx: Fix disk failure to rediscover (git-fixes). - selftest/powerpc: Add PAPR sysfs attributes sniff test (bsc#1200465 ltc#197256 jsc#PED-1931). - selftests/powerpc: Skip energy_scale_info test on older firmware (git-fixes). - serial: Create uart_xmit_advance() (git-fixes). - serial: tegra-tcu: Use uart_xmit_advance(), fixes icount.tx accounting (git-fixes). - serial: tegra: Use uart_xmit_advance(), fixes icount.tx accounting (git-fixes). - soc: qcom: smem_state: Add refcounting for the 'state->of_node' (git-fixes). - soc: qcom: smsm: Fix refcount leak bugs in qcom_smsm_probe() (git-fixes). - soc: sunxi: sram: Actually claim SRAM regions (git-fixes). - soc: sunxi: sram: Fix debugfs info for A64 SRAM C (git-fixes). - soc: sunxi: sram: Prevent the driver from being unbound (git-fixes). - soc: sunxi_sram: Make use of the helper function devm_platform_ioremap_resource() (git-fixes). - spi/omap100k:Fix PM disable depth imbalance in omap1_spi100k_probe (git-fixes). - spi: mt7621: Fix an error message in mt7621_spi_probe() (git-fixes). - spi: qup: add missing clk_disable_unprepare on error in spi_qup_pm_resume_runtime() (git-fixes). - spi: qup: add missing clk_disable_unprepare on error in spi_qup_resume() (git-fixes). - spi: s3c64xx: Fix large transfers with DMA (git-fixes). - staging: rtl8723bs: fix a potential memory leak in rtw_init_cmd_priv() (git-fixes). - staging: vt6655: fix potential memory leak (git-fixes). - staging: vt6655: fix some erroneous memory clean-up loops (git-fixes). - struct pci_config_window kABI workaround (bsc#1204382). - thermal: intel_powerclamp: Use first online CPU as control_cpu (git-fixes). - thermal: intel_powerclamp: Use get_cpu() instead of smp_processor_id() to avoid crash (git-fixes). - tty/serial: atmel: RS485 & ISO7816: wait for TXRDY before sending data (git-fixes). - tty: serial: fsl_lpuart: disable dma rx/tx use flags in lpuart_dma_shutdown (git-fixes). - tty: xilinx_uartps: Fix the ignore_status (git-fixes). - uas: add no-uas quirk for Hiksemi usb_disk (git-fixes). - uas: ignore UAS for Thinkplus chips (git-fixes). - usb-storage: Add Hiksemi USB3-FW to IGNORE_UAS (git-fixes). - usb: add quirks for Lenovo OneLink+ Dock (git-fixes). - usb: add quirks for Lenovo OneLink+ Dock (git-fixes). - usb: bdc: change state when port disconnected (git-fixes). - usb: dwc3: gadget: Avoid starting DWC3 gadget during UDC unbind (git-fixes). - usb: dwc3: gadget: Do not set IMI for no_interrupt (git-fixes). - usb: dwc3: gadget: Prevent repeat pullup() (git-fixes). - usb: dwc3: gadget: Stop processing more requests on IMI (git-fixes). - usb: gadget: function: fix dangling pnp_string in f_printer.c (git-fixes). - usb: host: xhci: Fix potential memory leak in xhci_alloc_stream_info() (git-fixes). - usb: idmouse: fix an uninit-value in idmouse_open (git-fixes). - usb: mon: make mmapped memory read only (git-fixes). - usb: musb: Fix musb_gadget.c rxstate overflow bug (git-fixes). - usb: typec: ucsi: Remove incorrect warning (git-fixes). - usb: xhci-mtk: add a function to (un)load bandwidth info (git-fixes). - usb: xhci-mtk: add only one extra CS for FS/LS INTR (git-fixes). - usb: xhci-mtk: add some schedule error number (git-fixes). - usb: xhci-mtk: fix issue of out-of-bounds array access (git-fixes). - usb: xhci-mtk: get the microframe boundary for ESIT (git-fixes). - usb: xhci-mtk: use @sch_tt to check whether need do TT schedule (git-fixes). - vhost/vsock: Use kvmalloc/kvfree for larger packets (git-fixes). - video: fbdev: pxa3xx-gcu: Fix integer overflow in pxa3xx_gcu_write (git-fixes). - watchdog: armada_37xx_wdt: Fix .set_timeout callback (git-fixes). - watchdog: ftwdt010_wdt: fix test for platform_get_irq() failure (git-fixes). - wifi: ath10k: add peer map clean up for peer delete in ath10k_sta_state() (git-fixes). - wifi: ath9k: avoid uninit memory read in ath9k_htc_rx_msg() (git-fixes). - wifi: brcmfmac: fix invalid address access when enabling SCAN log level (git-fixes). - wifi: brcmfmac: fix use-after-free bug in brcmf_netdev_start_xmit() (git-fixes). - wifi: cfg80211: update hidden BSSes to avoid WARN_ON (git-fixes). - wifi: iwlwifi: mvm: fix double list_add at iwl_mvm_mac_wake_tx_queue (other cases) (git-fixes). - wifi: mac80211: Fix UAF in ieee80211_scan_rx() (git-fixes). - wifi: mac80211: allow bw change during channel switch in mesh (git-fixes). - wifi: mac80211: do not drop packets smaller than the LLC-SNAP header on fast-rx (git-fixes). - wifi: mac80211_hwsim: avoid mac80211 warning on bad rate (git-fixes). - wifi: rt2x00: correctly set BBP register 86 for MT7620 (git-fixes). - wifi: rt2x00: do not run Rt5592 IQ calibration on MT7620 (git-fixes). - wifi: rt2x00: set SoC wmac clock register (git-fixes). - wifi: rt2x00: set VGC gain for both chains of MT7620 (git-fixes). - wifi: rt2x00: set correct TX_SW_CFG1 MAC register for MT7620 (git-fixes). - wifi: rtl8xxxu: Fix AIFS written to REG_EDCA_*_PARAM (git-fixes). - wifi: rtl8xxxu: Fix skb misuse in TX queue selection (git-fixes). - wifi: rtl8xxxu: Improve rtl8xxxu_queue_select (git-fixes). - wifi: rtl8xxxu: Remove copy-paste leftover in gen2_update_rate_mask (git-fixes). - wifi: rtl8xxxu: gen2: Fix mistake in path B IQ calibration (git-fixes). - wifi: rtl8xxxu: tighten bounds checking in rtl8xxxu_read_efuse() (git-fixes). - xfs: add missing assert in xfs_fsmap_owner_from_rmap (git-fixes). - xfs: enable big timestamps (bsc#1203387). - xfs: enable new inode btree counters feature (bsc#1203387). - xfs: explicitly define inode timestamp range (bsc#1203387). - xfs: fix memory corruption during remote attr value buffer invalidation (git-fixes). - xfs: fix s_maxbytes computation on 32-bit kernels (git-fixes). - xfs: hoist out xfs_resizefs_init_new_ags() (git-fixes). - xfs: move incore structures out of xfs_da_format.h (git-fixes). - xfs: quota: move to time64_t interfaces (bsc#1203387). - xfs: redefine xfs_ictimestamp_t (bsc#1203387). - xfs: redefine xfs_timestamp_t (bsc#1203387). - xfs: refactor remote attr value buffer invalidation (git-fixes). - xfs: remove obsolete AGF counter debugging (git-fixes). - xfs: rename `new' to `delta' in xfs_growfs_data_private() (git-fixes). - xfs: reserve data and rt quota at the same time (bsc#1203496). - xfs: slightly tweak an assert in xfs_fs_map_blocks (git-fixes). - xfs: store inode btree block counts in AGI header (bsc#1203387). - xfs: streamline xfs_attr3_leaf_inactive (git-fixes). - xfs: use a struct timespec64 for the in-core crtime (bsc#1203387). - xfs: use the finobt block counts to speed up mount times (bsc#1203387). - xfs: widen ondisk inode timestamps to deal with y2038+ (bsc#1203387). - xfs: widen ondisk quota expiration timestamps to handle y2038+ (bsc#1203387). - xhci: Do not show warning for reinit on known broken suspend (git-fixes). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4056-1 Released: Thu Nov 17 15:38:08 2022 Summary: Security update for systemd Type: security Severity: moderate References: 1204179,1204968,CVE-2022-3821 This update for systemd fixes the following issues: - CVE-2022-3821: Fixed buffer overrun in format_timespan() function (bsc#1204968). - Import commit 56bee38fd0da18dad5fc5c5d12c02238a22b50e2 * 8a70235d8a core: Add trigger limit for path units * 93e544f3a0 core/mount: also add default before dependency for automount mount units * 5916a7748c logind: fix crash in logind on user-specified message string - Document udev naming scheme (bsc#1204179). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4066-1 Released: Fri Nov 18 10:43:00 2022 Summary: Recommended update for timezone Type: recommended Severity: important References: 1177460,1202324,1204649,1205156 This update for timezone fixes the following issues: Update timezone version from 2022a to 2022f (bsc#1177460, bsc#1204649, bsc#1205156): - Mexico will no longer observe DST except near the US border - Chihuahua moves to year-round -06 on 2022-10-30 - Fiji no longer observes DST - In vanguard form, GMT is now a Zone and Etc/GMT a link - zic now supports links to links, and vanguard form uses this - Simplify four Ontario zones - Fix a Y2438 bug when reading TZif data - Enable 64-bit time_t on 32-bit glibc platforms - Omit large-file support when no longer needed - Jordan and Syria switch from +02/+03 with DST to year-round +03 - Palestine transitions are now Saturdays at 02:00 - Simplify three Ukraine zones into one - Improve tzselect on intercontinental Zones - Chile's DST is delayed by a week in September 2022 (bsc#1202324) - Iran no longer observes DST after 2022 - Rename Europe/Kiev to Europe/Kyiv - New `zic -R` command option - Vanguard form now uses %z ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4077-1 Released: Fri Nov 18 15:05:28 2022 Summary: Security update for sudo Type: security Severity: important References: 1190818,1203201,1204986,CVE-2022-43995 This update for sudo fixes the following issues: - CVE-2022-43995: Fixed a potential heap-based buffer over-read when entering a passwor dof seven characters or fewer and using the crypt() password backend (bsc#1204986). - Fix wrong information output in the error message (bsc#1190818). - Make sure SIGCHLD is not ignored when sudo is executed; fixes race condition (bsc#1203201). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4081-1 Released: Fri Nov 18 15:40:46 2022 Summary: Security update for dpkg Type: security Severity: low References: 1199944,CVE-2022-1664 This update for dpkg fixes the following issues: - CVE-2022-1664: Fixed a directory traversal vulnerability in Dpkg::Source::Archive (bsc#1199944). The following package changes have been done: - bind-utils-9.16.6-150300.22.21.2 updated - curl-7.66.0-150200.4.42.1 updated - dbus-1-1.12.2-150100.8.14.1 updated - dhcp-client-4.3.6.P1-150000.6.17.1 updated - dhcp-4.3.6.P1-150000.6.17.1 updated - docker-20.10.17_ce-150000.169.1 updated - iputils-s20161105-150000.8.6.1 updated - kernel-default-5.3.18-150300.59.101.1 updated - libbind9-1600-9.16.6-150300.22.21.2 updated - libblkid1-2.36.2-150300.4.28.1 updated - libcurl4-7.66.0-150200.4.42.1 updated - libdbus-1-3-1.12.2-150100.8.14.1 updated - libdns1605-9.16.6-150300.22.21.2 updated - libexpat1-2.2.5-150000.3.25.1 updated - libfdisk1-2.36.2-150300.4.28.1 updated - libgpg-error0-1.42-150300.9.3.1 updated - libirs1601-9.16.6-150300.22.21.2 updated - libisc1606-9.16.6-150300.22.21.2 updated - libisccc1600-9.16.6-150300.22.21.2 updated - libisccfg1600-9.16.6-150300.22.21.2 updated - libksba8-1.3.5-150000.4.3.1 updated - libmount1-2.36.2-150300.4.28.1 updated - libns1604-9.16.6-150300.22.21.2 updated - libopenssl1_1-1.1.1d-150200.11.54.1 updated - libprotobuf-lite20-3.9.2-150200.4.19.2 updated - libsmartcols1-2.36.2-150300.4.28.1 updated - libsystemd0-246.16-150300.7.54.1 updated - libtasn1-6-4.13-150000.4.8.1 updated - libtasn1-4.13-150000.4.8.1 updated - libudev1-246.16-150300.7.54.1 updated - libuuid1-2.36.2-150300.4.28.1 updated - libxml2-2-2.9.7-150000.3.51.1 updated - libz1-1.2.11-150000.3.36.1 updated - nfs-client-2.1.1-150100.10.27.1 updated - openssh-clients-8.4p1-150300.3.12.2 updated - openssh-common-8.4p1-150300.3.12.2 updated - openssh-server-8.4p1-150300.3.12.2 updated - openssh-8.4p1-150300.3.12.2 updated - openssl-1_1-1.1.1d-150200.11.54.1 updated - pam-1.3.0-150000.6.61.1 updated - permissions-20181225-150200.23.20.1 updated - python-azure-agent-2.8.0.11-150100.3.26.1 updated - python3-apipkg-1.4-150000.3.4.1 updated - python3-bind-9.16.6-150300.22.21.2 updated - python3-cryptography-2.9.2-150200.13.1 updated - python3-iniconfig-1.1.1-150000.1.9.1 updated - runc-1.1.4-150000.36.1 updated - samba-client-libs-4.15.8+git.527.8d0c05d313e-150300.3.40.2 updated - sudo-1.9.5p2-150300.3.13.1 updated - systemd-sysvinit-246.16-150300.7.54.1 updated - systemd-246.16-150300.7.54.1 updated - timezone-2022f-150000.75.15.1 updated - udev-246.16-150300.7.54.1 updated - update-alternatives-1.19.0.4-150000.4.4.1 updated - util-linux-systemd-2.36.2-150300.4.28.1 updated - util-linux-2.36.2-150300.4.28.1 updated - xen-libs-4.14.5_08-150300.3.40.1 updated From sle-updates at lists.suse.com Tue Nov 22 08:08:08 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 22 Nov 2022 09:08:08 +0100 (CET) Subject: SUSE-IU-2022:1134-1: Security update of suse-sles-15-sp3-chost-byos-v20221119-hvm-ssd-x86_64 Message-ID: <20221122080808.F22AAF3CC@maintenance.suse.de> SUSE Image Update Advisory: suse-sles-15-sp3-chost-byos-v20221119-hvm-ssd-x86_64 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2022:1134-1 Image Tags : suse-sles-15-sp3-chost-byos-v20221119-hvm-ssd-x86_64:20221119 Image Release : Severity : critical Type : security References : 1027519 1032323 1065729 1087072 1101820 1149792 1152489 1167864 1176785 1177083 1177460 1177471 1180995 1181961 1185032 1190818 1192439 1193923 1194023 1194530 1196444 1196840 1197659 1198702 1199492 1199564 1199856 1199918 1199926 1199927 1199944 1200022 1200102 1200313 1200465 1200622 1200788 1201247 1201309 1201310 1201489 1201645 1201725 1201865 1201959 1201978 1201990 1202021 1202095 1202324 1202341 1202385 1202627 1202638 1202677 1202686 1202700 1202803 1202812 1202821 1202960 1202976 1202984 1203046 1203066 1203098 1203159 1203201 1203290 1203313 1203387 1203389 1203391 1203410 1203424 1203496 1203514 1203552 1203614 1203619 1203620 1203622 1203652 1203681 1203737 1203769 1203770 1203802 1203806 1203807 1203906 1203909 1203911 1203935 1203939 1203987 1203988 1203989 1203992 1204051 1204053 1204059 1204060 1204111 1204112 1204113 1204125 1204137 1204145 1204166 1204168 1204179 1204211 1204256 1204289 1204290 1204291 1204292 1204354 1204355 1204357 1204366 1204367 1204382 1204383 1204402 1204415 1204417 1204431 1204439 1204470 1204479 1204482 1204485 1204487 1204488 1204489 1204490 1204494 1204496 1204574 1204575 1204619 1204635 1204637 1204646 1204647 1204649 1204653 1204690 1204708 1204728 1204753 1204754 1204968 1204986 1205156 CVE-2016-3709 CVE-2018-10903 CVE-2020-10696 CVE-2020-16119 CVE-2021-20206 CVE-2021-22569 CVE-2021-4037 CVE-2021-46848 CVE-2022-1615 CVE-2022-1664 CVE-2022-1941 CVE-2022-20008 CVE-2022-2153 CVE-2022-2503 CVE-2022-2586 CVE-2022-2795 CVE-2022-2928 CVE-2022-2929 CVE-2022-2964 CVE-2022-2978 CVE-2022-2990 CVE-2022-3169 CVE-2022-3171 CVE-2022-3176 CVE-2022-32221 CVE-2022-3239 CVE-2022-32743 CVE-2022-3303 CVE-2022-33746 CVE-2022-33747 CVE-2022-33748 CVE-2022-3424 CVE-2022-3515 CVE-2022-3521 CVE-2022-3524 CVE-2022-3535 CVE-2022-3542 CVE-2022-3545 CVE-2022-3565 CVE-2022-3577 CVE-2022-3586 CVE-2022-3594 CVE-2022-3621 CVE-2022-3625 CVE-2022-3629 CVE-2022-3640 CVE-2022-3646 CVE-2022-3649 CVE-2022-38177 CVE-2022-38178 CVE-2022-3821 CVE-2022-39189 CVE-2022-40303 CVE-2022-40304 CVE-2022-40768 CVE-2022-41218 CVE-2022-41222 CVE-2022-41674 CVE-2022-41848 CVE-2022-41849 CVE-2022-42010 CVE-2022-42011 CVE-2022-42012 CVE-2022-42309 CVE-2022-42310 CVE-2022-42311 CVE-2022-42312 CVE-2022-42313 CVE-2022-42314 CVE-2022-42315 CVE-2022-42316 CVE-2022-42317 CVE-2022-42318 CVE-2022-42319 CVE-2022-42320 CVE-2022-42321 CVE-2022-42322 CVE-2022-42323 CVE-2022-42325 CVE-2022-42326 CVE-2022-42703 CVE-2022-42719 CVE-2022-42720 CVE-2022-42721 CVE-2022-42722 CVE-2022-43680 CVE-2022-43750 CVE-2022-43995 ----------------------------------------------------------------- The container suse-sles-15-sp3-chost-byos-v20221119-hvm-ssd-x86_64 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3682-1 Released: Fri Oct 21 11:42:40 2022 Summary: Security update for bind Type: security Severity: important References: 1201247,1203614,1203619,1203620,CVE-2022-2795,CVE-2022-38177,CVE-2022-38178 This update for bind fixes the following issues: - CVE-2022-2795: Fixed potential performance degredation due to missing database lookup limits when processing large delegations (bsc#1203614). - CVE-2022-38177: Fixed a memory leak that could be externally triggered in the DNSSEC verification code for the ECDSA algorithm (bsc#1203619). - CVE-2022-38178: Fixed memory leaks that could be externally triggered in the DNSSEC verification code for the EdDSA algorithm (bsc#1203620). Bugfixes: - Changed ownership of /var/lib/named/master from named:named to root:root (bsc#1201247) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3683-1 Released: Fri Oct 21 11:48:39 2022 Summary: Security update for libksba Type: security Severity: critical References: 1204357,CVE-2022-3515 This update for libksba fixes the following issues: - CVE-2022-3515: Fixed a possible overflow in the TLV parser (bsc#1204357). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3766-1 Released: Wed Oct 26 11:38:01 2022 Summary: Security update for buildah Type: security Severity: important References: 1167864,1181961,1202812,CVE-2020-10696,CVE-2021-20206,CVE-2022-2990 This update for buildah fixes the following issues: - CVE-2021-20206: Fixed an issue in libcni that could allow an attacker to execute arbitrary binaries on the host (bsc#1181961). - CVE-2020-10696: Fixed an issue that could lead to files being overwritten during the image building process (bsc#1167864). - CVE-2022-2990: Fixed possible information disclosure and modification / bsc#1202812 Buildah was updated to version 1.27.1: * run: add container gid to additional groups - Add fix for CVE-2022-2990 / bsc#1202812 Update to version 1.27.0: * Don't try to call runLabelStdioPipes if spec.Linux is not set * build: support filtering cache by duration using --cache-ttl * build: support building from commit when using git repo as build context * build: clean up git repos correctly when using subdirs * integration tests: quote '?' in shell scripts * test: manifest inspect should have OCIv1 annotation * vendor: bump to c/common at 87fab4b7019a * Failure to determine a file or directory should print an error * refactor: remove unused CommitOptions from generateBuildOutput * stage_executor: generate output for cases with no commit * stage_executor, commit: output only if last stage in build * Use errors.Is() instead of os.Is{Not,}Exist * Minor test tweak for podman-remote compatibility * Cirrus: Use the latest imgts container * imagebuildah: complain about the right Dockerfile * tests: don't try to wrap `nil` errors * cmd/buildah.commitCmd: don't shadow 'err' * cmd/buildah.pullCmd: complain about DecryptConfig/EncryptConfig * Fix a copy/paste error message * Fix a typo in an error message * build,cache: support pulling/pushing cache layers to/from remote sources * Update vendor of containers/(common, storage, image) * Rename chroot/run.go to chroot/run_linux.go * Don't bother telling codespell to skip files that don't exist * Set user namespace defaults correctly for the library * imagebuildah: optimize cache hits for COPY and ADD instructions * Cirrus: Update VM images w/ updated bats * docs, run: show SELinux label flag for cache and bind mounts * imagebuildah, build: remove undefined concurrent writes * bump github.com/opencontainers/runtime-tools * Add FreeBSD support for 'buildah info' * Vendor in latest containers/(storage, common, image) * Add freebsd cross build targets * Make the jail package build on 32bit platforms * Cirrus: Ensure the build-push VM image is labeled * GHA: Fix dynamic script filename * Vendor in containers/(common, storage, image) * Run codespell * Remove import of github.com/pkg/errors * Avoid using cgo in pkg/jail * Rename footypes to fooTypes for naming consistency * Move cleanupTempVolumes and cleanupRunMounts to run_common.go * Make the various run mounts work for FreeBSD * Move get{Bind,Tmpfs,Secret,SSH}Mount to run_common.go * Move runSetupRunMounts to run_common.go * Move cleanableDestinationListFromMounts to run_common.go * Make setupMounts and runSetupBuiltinVolumes work on FreeBSD * Move setupMounts and runSetupBuiltinVolumes to run_common.go * Tidy up - runMakeStdioPipe can't be shared with linux * Move runAcceptTerminal to run_common.go * Move stdio copying utilities to run_common.go * Move runUsingRuntime and runCollectOutput to run_common.go * Move fileCloser, waitForSync and contains to run_common.go * Move checkAndOverrideIsolationOptions to run_common.go * Move DefaultNamespaceOptions to run_common.go * Move getNetworkInterface to run_common.go * Move configureEnvironment to run_common.go * Don't crash in configureUIDGID if Process.Capabilities is nil * Move configureUIDGID to run_common.go * Move runLookupPath to run_common.go * Move setupTerminal to run_common.go * Move etc file generation utilities to run_common.go * Add run support for FreeBSD * Add a simple FreeBSD jail library * Add FreeBSD support to pkg/chrootuser * Sync call signature for RunUsingChroot with chroot/run.go * test: verify feature to resolve basename with args * vendor: bump openshift/imagebuilder to master at 4151e43 * GHA: Remove required reserved-name use * buildah: set XDG_RUNTIME_DIR before setting default runroot * imagebuildah: honor build output even if build container is not commited * chroot: honor DefaultErrnoRet * [CI:DOCS] improve pull-policy documentation * tests: retrofit test since --file does not supports dir * Switch to golang native error wrapping * BuildDockerfiles: error out if path to containerfile is a directory * define.downloadToDirectory: fail early if bad HTTP response * GHA: Allow re-use of Cirrus-Cron fail-mail workflow * add: fail on bad http response instead of writing to container * [CI:DOCS] Update buildahimage comment * lint: inspectable is never nil * vendor: c/common to common at 7e1563b * build: support OCI hooks for ephemeral build containers * [CI:BUILD] Install latest buildah instead of compiling * Add subid support with BuildRequires and BUILDTAG [NO NEW TESTS NEEDED] * Make sure cpp is installed in buildah images * demo: use unshare for rootless invocations * buildah.spec.rpkg: initial addition * build: fix test for subid 4 * build, userns: add support for --userns=auto * Fix building upstream buildah image * Remove redundant buildahimages-are-sane validation * Docs: Update multi-arch buildah images readme * Cirrus: Migrate multiarch build off github actions * retrofit-tests: we skip unused stages so use stages * stage_executor: dont rely on stage while looking for additional-context * buildkit, multistage: skip computing unwanted stages * More test cleanup * copier: work around freebsd bug for 'mkdir /' * Replace $BUILDAH_BINARY with buildah() function * Fix up buildah images * Make util and copier build on FreeBSD * Vendor in latest github.com/sirupsen/logrus * Makefile: allow building without .git * run_unix: don't return an error from getNetworkInterface * run_unix: return a valid DefaultNamespaceOptions * Update vendor of containers/storage * chroot: use ActKillThread instead of ActKill * use resolvconf package from c/common/libnetwork * update c/common to latest main * copier: add `NoOverwriteNonDirDir` option * Sort buildoptions and move cli/build functions to internal * Fix TODO: de-spaghettify run mounts * Move options parsing out of build.go and into pkg/cli * [CI:DOCS] Tutorial 04 - Include Debian/Ubuntu deps * build, multiarch: support splitting build logs for --platform * [CI:BUILD] WIP Cleanup Image Dockerfiles * cli remove stutter * docker-parity: ignore sanity check if baseImage history is null * build, commit: allow disabling image history with --omit-history * Fix use generic/ambiguous DEBUG name * Cirrus: use Ubuntu 22.04 LTS * Fix codespell errors * Remove util.StringInSlice because it is defined in containers/common * buildah: add support for renaming a device in rootless setups * squash: never use build cache when computing last step of last stage * Update vendor of containers/(common, storage, image) * buildkit: supports additionalBuildContext in builds via --build-context * buildah source pull/push: show progress bar * run: allow resuing secret twice in different RUN steps * test helpers: default to being rootless-aware * Add --cpp-flag flag to buildah build * build: accept branch and subdirectory when context is git repo * Vendor in latest containers/common * vendor: update c/storage and c/image * Fix gentoo install docs * copier: move NSS load to new process * Add test for prevention of reusing encrypted layers * Make `buildah build --label foo` create an empty 'foo' label again Update to version 1.26.4: * build, multiarch: support splitting build logs for --platform * copier: add `NoOverwriteNonDirDir` option * docker-parity: ignore sanity check if baseImage history is null * build, commit: allow disabling image history with --omit-history * buildkit: supports additionalBuildContext in builds via --build-context * Add --cpp-flag flag to buildah build Update to version 1.26.3: * define.downloadToDirectory: fail early if bad HTTP response * add: fail on bad http response instead of writing to container * squash: never use build cache when computing last step of last stage * run: allow resuing secret twice in different RUN steps * integration tests: update expected error messages * integration tests: quote '?' in shell scripts * Use errors.Is() to check for storage errors * lint: inspectable is never nil * chroot: use ActKillThread instead of ActKill * chroot: honor DefaultErrnoRet * Set user namespace defaults correctly for the library * contrib/rpm/buildah.spec: fix `rpm` parser warnings Drop requires on apparmor pattern, should be moved elsewhere for systems which want AppArmor instead of SELinux. - Update BuildRequires to libassuan-devel >= 2.5.2, pkgconfig file is required to build. Update to version 1.26.2: * buildah: add support for renaming a device in rootless setups Update to version 1.26.1: * Make `buildah build --label foo` create an empty 'foo' label again * imagebuildah,build: move deepcopy of args before we spawn goroutine * Vendor in containers/storage v1.40.2 * buildah.BuilderOptions.DefaultEnv is ignored, so mark it as deprecated * help output: get more consistent about option usage text * Handle OS version and features flags * buildah build: --annotation and --label should remove values * buildah build: add a --env * buildah: deep copy options.Args before performing concurrent build/stage * test: inline platform and builtinargs behaviour * vendor: bump imagebuilder to master/009dbc6 * build: automatically set correct TARGETPLATFORM where expected * Vendor in containers/(common, storage, image) * imagebuildah, executor: process arg variables while populating baseMap * buildkit: add support for custom build output with --output * Cirrus: Update CI VMs to F36 * fix staticcheck linter warning for deprecated function * Fix docs build on FreeBSD * copier.unwrapError(): update for Go 1.16 * copier.PutOptions: add StripSetuidBit/StripSetgidBit/StripStickyBit * copier.Put(): write to read-only directories * Ed's periodic test cleanup * using consistent lowercase 'invalid' word in returned err msg * use etchosts package from c/common * run: set actual hostname in /etc/hostname to match docker parity * Update vendor of containers/(common,storage,image) * manifest-create: allow creating manifest list from local image * Update vendor of storage,common,image * Initialize network backend before first pull * oci spec: change special mount points for namespaces * tests/helpers.bash: assert handle corner cases correctly * buildah: actually use containers.conf settings * integration tests: learn to start a dummy registry * Fix error check to work on Podman * buildah build should accept at most one arg * tests: reduce concurrency for flaky bud-multiple-platform-no-run * vendor in latest containers/common,image,storage * manifest-add: allow override arch,variant while adding image * Remove a stray `\` from .containerenv * Vendor in latest opencontainers/selinux v1.10.1 * build, commit: allow removing default identity labels * Create shorter names for containers based on image IDs * test: skip rootless on cgroupv2 in root env * fix hang when oci runtime fails * Set permissions for GitHub actions * copier test: use correct UID/GID in test archives * run: set parent-death signals and forward SIGHUP/SIGINT/SIGTERM ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3773-1 Released: Wed Oct 26 12:19:29 2022 Summary: Security update for curl Type: security Severity: important References: 1204383,CVE-2022-32221 This update for curl fixes the following issues: - CVE-2022-32221: Fixed POST following PUT confusion (bsc#1204383). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3775-1 Released: Wed Oct 26 13:06:35 2022 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1177471,1185032,1194023,1196444,1197659,1199564,1200313,1200622,1201309,1201310,1201489,1201645,1201865,1201990,1202095,1202341,1202385,1202677,1202960,1202984,1203159,1203290,1203313,1203389,1203410,1203424,1203514,1203552,1203622,1203737,1203769,1203770,1203906,1203909,1203935,1203939,1203987,1203992,1204051,1204059,1204060,1204125,1204289,1204290,1204291,1204292,CVE-2020-16119,CVE-2022-20008,CVE-2022-2503,CVE-2022-2586,CVE-2022-3169,CVE-2022-3239,CVE-2022-3303,CVE-2022-40768,CVE-2022-41218,CVE-2022-41222,CVE-2022-41674,CVE-2022-41848,CVE-2022-41849,CVE-2022-42719,CVE-2022-42720,CVE-2022-42721,CVE-2022-42722 The SUSE Linux Enterprise 15 SP3 kernel was updated. The following security bugs were fixed: - CVE-2022-40768: Fixed information leak in the scsi driver which allowed local users to obtain sensitive information from kernel memory. (bnc#1203514) - CVE-2022-3169: Fixed a denial of service flaw which occurs when consecutive requests to NVME_IOCTL_RESET and the NVME_IOCTL_SUBSYS_RESET are sent. (bnc#1203290) - CVE-2022-42722: Fixed crash in beacon protection for P2P-device. (bsc#1204125) - CVE-2022-42719: Fixed MBSSID parsing use-after-free. (bsc#1204051) - CVE-2022-42721: Avoid nontransmitted BSS list corruption. (bsc#1204060) - CVE-2022-42720: Fixed BSS refcounting bugs. (bsc#1204059) - CVE-2022-3303: Fixed a race condition in the sound subsystem due to improper locking (bnc#1203769). - CVE-2022-41218: Fixed an use-after-free caused by refcount races in drivers/media/dvb-core/dmxdev.c (bnc#1202960). - CVE-2022-3239: Fixed an use-after-free in the video4linux driver that could lead a local user to able to crash the system or escalate their privileges (bnc#1203552). - CVE-2022-41848: Fixed a race condition and resultant use-after-free if a physically proximate attacker removes a PCMCIA device while calling ioctl (bnc#1203987). - CVE-2022-41849: Fixed a race condition and resultant use-after-free if a physically proximate attacker removes a USB device while calling open (bnc#1203992). - CVE-2022-41674: Fixed a DoS issue where kernel can crash on the reception of specific WiFi Frames (bsc#1203770). - CVE-2022-2586: Fixed a use-after-free which can be triggered when a nft table is deleted (bnc#1202095). - CVE-2022-41222: Fixed a use-after-free via a stale TLB because an rmap lock is not held during a PUD move (bnc#1203622). - CVE-2022-2503: Fixed a bug in dm-verity, device-mapper table reloads allowed users with root privileges to switch out the target with an equivalent dm-linear target and bypass verification till reboot. This allowed root to bypass LoadPin and can be used to load untrusted and unverified kernel modules and firmware, which implies arbitrary kernel execution and persistence for peripherals that do not verify firmware updates (bnc#1202677). - CVE-2022-20008: Fixed a bug which allowed to read kernel heap memory due to uninitialized data. This could lead to local information disclosure if reading from an SD card that triggers errors, with no additional execution privileges needed. (bnc#1199564) - CVE-2020-16119: Fixed a use-after-free vulnerability exploitable by a local attacker due to reuse of a DCCP socket. (bnc#1177471) The following non-security bugs were fixed: - ALSA: aloop: Fix random zeros in capture data when using jiffies timer (git-fixes). - ALSA: emu10k1: Fix out of bounds access in snd_emu10k1_pcm_channel_alloc() (git-fixes). - ALSA: hda/realtek: Re-arrange quirk table entries (git-fixes). - ALSA: seq: Fix data-race at module auto-loading (git-fixes). - ALSA: seq: oss: Fix data-race for max_midi_devs access (git-fixes). - ALSA: usb-audio: Fix an out-of-bounds bug in __snd_usb_parse_audio_interface() (git-fixes). - ALSA: usb-audio: fix spelling mistakes (git-fixes). - ALSA: usb-audio: Inform the delayed registration more properly (git-fixes). - ALSA: usb-audio: Register card again for iface over delayed_register option (git-fixes). - ALSA: usb-audio: Split endpoint setups for hw_params and prepare (git-fixes). - arm64: cpufeature: Allow different PMU versions in ID_DFR0_EL1 (git-fixes) - arm64: dts: allwinner: A64 Sopine: phy-mode rgmii-id (git-fixes) - arm64: dts: allwinner: a64-sopine-baseboard: change RGMII mode to (bsc#1202341) - arm64: dts: allwinner: H5: NanoPi Neo Plus2: phy-mode rgmii-id (git-fixes) - arm64: dts: rockchip: Pull up wlan wake# on Gru-Bob (git-fixes) - arm64: dts: rockchip: Remove 'enable-active-low' from rk3399-puma (git-fixes) - arm64: dts: rockchip: Set RK3399-Gru PCLK_EDP to 24 MHz (git-fixes) - arm64: dts: uniphier: Fix USB interrupts for PXs3 SoC (git-fixes) - arm64: kexec_file: use more system keyrings to verify kernel image signature (bsc#1196444). - arm64: mm: Always update TCR_EL1 from __cpu_set_tcr_t0sz() (git-fixes) - arm64: mm: fix p?d_leaf() (git-fixes) - arm64: mm: use a 48-bit ID map when possible on 52-bit VA builds (git-fixes) - arm64: tegra: Fix SDMMC1 CD on P2888 (git-fixes) - arm64: tegra: Remove non existent Tegra194 reset (git-fixes) - arm64: tlb: fix the TTL value of tlb_get_level (git-fixes) - arm64/mm: Validate hotplug range before creating linear mapping (git-fixes) - bpf: Compile out btf_parse_module() if module BTF is not enabled (git-fixes). - cgroup: cgroup_get_from_id() must check the looked-up kn is a directory (bsc#1203906). - crypto: arm64/gcm - Select AEAD for GHASH_ARM64_CE (git-fixes) - crypto: arm64/poly1305 - fix a read out-of-bound (git-fixes) - drm/amdgpu: Check num_gfx_rings for gfx v9_0 rb setup (git-fixes). - drm/amdgpu: mmVM_L2_CNTL3 register not initialized correctly (git-fixes). - drm/gem: Fix GEM handle release errors (git-fixes). - drm/i915/glk: ECS Liva Q2 needs GLK HDMI port timing quirk (git-fixes). - drm/meson: Correct OSD1 global alpha value (git-fixes). - drm/meson: Fix OSD1 RGB to YCbCr coefficient (git-fixes). - drm/msm/rd: Fix FIFO-full deadlock (git-fixes). - drm/radeon: add a force flush to delay work when radeon (git-fixes). - dtb: Do not include sources in src.rpm - refer to kernel-source Same as other kernel binary packages there is no need to carry duplicate sources in dtb packages. - efi: capsule-loader: Fix use-after-free in efi_capsule_write (git-fixes). - fbdev: chipsfb: Add missing pci_disable_device() in chipsfb_pci_init() (git-fixes). - fbdev: fb_pm2fb: Avoid potential divide by zero error (git-fixes). - ftrace: Fix NULL pointer dereference in is_ftrace_trampoline when ftrace is dead (git-fixes). - gpio: mpc8xxx: Fix support for IRQ_TYPE_LEVEL_LOW flow_type in mpc85xx (git-fixes). - HID: intel-ish-hid: ishtp: Fix ishtp client sending disordered message (git-fixes). - HID: ishtp-hid-clientHID: ishtp-hid-client: Fix comment typo (git-fixes). - ieee802154: cc2520: add rc code in cc2520_tx() (git-fixes). - ima: force signature verification when CONFIG_KEXEC_SIG is configured (bsc#1203737). - Input: iforce - add support for Boeder Force Feedback Wheel (git-fixes). - Input: melfas_mip4 - fix return value check in mip4_probe() (git-fixes). - Input: snvs_pwrkey - fix SNVS_HPVIDR1 register address (git-fixes). - JFS: fix GPF in diFree (bsc#1203389). - JFS: fix memleak in jfs_mount (git-fixes). - JFS: more checks for invalid superblock (git-fixes). - JFS: prevent NULL deref in diFree (bsc#1203389). - kABI: x86: kexec: hide new include from genksyms (bsc#1196444). - kexec: clean up arch_kexec_kernel_verify_sig (bsc#1196444). - kexec: do not verify the signature without the lockdown or mandatory signature (bsc#1203737). - kexec: drop weak attribute from arch_kexec_apply_relocations[_add] (bsc#1196444). - kexec: drop weak attribute from functions (bsc#1196444). - kexec: drop weak attribute from functions (bsc#1196444). - kexec: KEYS: make the code in bzImage64_verify_sig generic (bsc#1196444). - kexec: KEYS: s390: Make use of built-in and secondary keyring for signature verification (bsc#1196444). - KVM: nVMX: Let userspace set nVMX MSR to any _host_ supported value (git-fixes). - KVM: x86: Mark TSS busy during LTR emulation _after_ all fault checks (git-fixes). - KVM: x86: Set error code to segment selector on LLDT/LTR non-canonical #GP (git-fixes). - md-raid10: fix KASAN warning (git-fixes). - md: call __md_stop_writes in md_stop (git-fixes). - md: unlock mddev before reap sync_thread in action_store (bsc#1197659). - mm: pagewalk: Fix race between unmap and page walker (git-fixes, bsc#1203159). - mm: proc: smaps_rollup: do not stall write attempts on mmap_lock (bsc#1201990). - mm: smaps*: extend smap_gather_stats to support specified beginning (bsc#1201990). - net: mana: Add rmb after checking owner bits (git-fixes). - net: mana: Add support of XDP_REDIRECT action (bug#1201310, jsc#PED-529). - net: mana: Add the Linux MANA PF driver (bug#1201309, jsc#PED-529). - NFS: Do not decrease the value of seq_nr_highest_sent (git-fixes). - NFS: Fix races in the legacy idmapper upcall (git-fixes). - NFS: Handle NFS4ERR_DELAY replies to OP_SEQUENCE correctly (git-fixes). - NFS: RECLAIM_COMPLETE must handle EACCES (git-fixes). - NFSD: Fix offset type in I/O trace points (git-fixes). - nvme-fabrics: parse nvme connect Linux error codes (bsc#1201865). - nvme-rdma: Handle number of queue changes (bsc#1201865). - nvme-tcp: fix UAF when detecting digest errors (bsc#1200313 bsc#1201489). - nvme-tcp: Handle number of queue changes (bsc#1201865). - nvmet: Expose max queues to configfs (bsc#1201865). - of: device: Fix up of_dma_configure_id() stub (git-fixes). - of: fdt: fix off-by-one error in unflatten_dt_nodes() (git-fixes). - pinctrl: rockchip: Enhance support for IRQ_TYPE_EDGE_BOTH (git-fixes). - platform/x86: acer-wmi: Acer Aspire One AOD270/Packard Bell Dot keymap fixes (git-fixes). - powerpc/drmem: Make lmb_size 64 bit (bsc#1203424 ltc#199544). - powerpc/memhotplug: Make lmb size 64bit (bsc#1203424 ltc#199544). - ppc64/kdump: Limit kdump base to 512MB (bsc#1203410 ltc#199904). - psi: Fix uaf issue when psi trigger is destroyed while being polled (bsc#1203909). - regulator: core: Clean up on enable failure (git-fixes). - s390/qeth: cache link_info for ethtool (bsc#1202984 LTC#199607). - s390/qeth: clean up default cases for ethtool link mode (bsc#1202984 LTC#199607). - s390/qeth: improve QUERY CARD INFO processing (bsc#1202984 LTC#199607). - s390/qeth: improve selection of ethtool link modes (bsc#1202984 LTC#199607). - s390/qeth: set static link info during initialization (bsc#1202984 LTC#199607). - s390/qeth: tolerate error when querying card info (bsc#1202984 LTC#199607). - s390/qeth: use QUERY OAT for initial link info (bsc#1202984 LTC#199607). - scsi: core: Fix bad pointer dereference when ehandler kthread is invalid (git-fixes). - scsi: lpfc: Add missing destroy_workqueue() in error path (bsc#1203939). - scsi: lpfc: Add missing free iocb and nlp kref put for early return VMID cases (bsc#1203939). - scsi: lpfc: Add reporting capability for Link Degrade Signaling (bsc#1203939). - scsi: lpfc: Fix FLOGI ACC with wrong SID in PT2PT topology (bsc#1203939). - scsi: lpfc: Fix mbuf pool resource detected as busy at driver unload (bsc#1203939). - scsi: lpfc: Fix multiple NVMe remoteport registration calls for the same NPort ID (bsc#1203939). - scsi: lpfc: Fix prli_fc4_req checks in PRLI handling (bsc#1203939). - scsi: lpfc: Fix various issues reported by tools (bsc#1203939). - scsi: lpfc: Move scsi_host_template outside dynamically allocated/freed phba (bsc#1185032 bsc#1203939). - scsi: lpfc: Remove the unneeded result variable (bsc#1203939). - scsi: lpfc: Remove unneeded result variable (bsc#1203939). - scsi: lpfc: Rename mp/bmp dma buffers to rq/rsp in lpfc_fdmi_cmd (bsc#1203939). - scsi: lpfc: Return DID_TRANSPORT_DISRUPTED instead of DID_REQUEUE (bsc#1203939). - scsi: lpfc: Rework FDMI attribute registration for unintential padding (bsc#1203939). - scsi: lpfc: Rework lpfc_fdmi_cmd() routine for cleanup and consistency (bsc#1203939). - scsi: lpfc: Update congestion mode logging for Emulex SAN Manager application (bsc#1203939). - scsi: lpfc: Update lpfc version to 14.2.0.7 (bsc#1203939). - scsi: mpt3sas: Fix use-after-free warning (git-fixes). - scsi: qla2xxx: Add debugfs create/delete helpers (bsc#1203935). - scsi: qla2xxx: Add NVMe parameters support in Auxiliary Image Status (bsc#1203935). - scsi: qla2xxx: Always wait for qlt_sess_work_fn() from qlt_stop_phase1() (bsc#1203935). - scsi: qla2xxx: Avoid flush_scheduled_work() usage (bsc#1203935). - scsi: qla2xxx: Disable ATIO interrupt coalesce for quad port ISP27XX (bsc#1203935). - scsi: qla2xxx: Drop DID_TARGET_FAILURE use (bsc#1203935). - scsi: qla2xxx: Fix memory leak in __qlt_24xx_handle_abts() (bsc#1203935). - scsi: qla2xxx: Fix response queue handler reading stale packets (bsc#1203935). - scsi: qla2xxx: Log message 'skipping scsi_scan_host()' as informational (bsc#1203935). - scsi: qla2xxx: Remove unused declarations for qla2xxx (bsc#1203935). - scsi: qla2xxx: Remove unused del_sess_list field (bsc#1203935). - scsi: qla2xxx: Remove unused qlt_tmr_work() (bsc#1203935). - scsi: qla2xxx: Revert 'scsi: qla2xxx: Fix response queue handler reading stale packets' (bsc#1203935). - scsi: qla2xxx: Update version to 10.02.07.900-k (bsc#1203935). - scsi: sg: Allow waiting for commands to complete on removed device (git-fixes). - scsi: smartpqi: Fix DMA direction for RAID requests (git-fixes). - scsi: smartpqi: Shorten drive visibility after removal (bsc#1200622). - scsi: smartpqi: Update LUN reset handler (bsc#1200622). - soc: brcmstb: pm-arm: Fix refcount leak and __iomem leak bugs (git-fixes). - squashfs: fix divide error in calculate_skip() (git-fixes). - struct ehci_hcd: hide new member (git-fixes). - struct otg_fsm: hide new boolean member in gap (git-fixes). - SUNRPC: Do not call connect() more than once on a TCP socket (git-fixes). - SUNRPC: Do not leak sockets in xs_local_connect() (git-fixes). - SUNRPC: fix expiry of auth creds (git-fixes). - SUNRPC: Fix misplaced barrier in call_decode (git-fixes). - SUNRPC: Partial revert of commit 6f9f17287e78 (git-fixes). - SUNRPC: Reinitialise the backchannel request buffers before reuse (git-fixes). - SUNRPC: RPC level errors should set task->tk_rpc_status (git-fixes). - svcrdma: Hold private mutex while invoking rdma_accept() (git-fixes). - tracing: hold caller_addr to hardirq_{enable,disable}_ip (git-fixes). - USB: Add ignore-residue quirk for NXP PN7462AU (git-fixes). - USB: cdc-acm: Add Icom PMR F3400 support (0c26:0020) (git-fixes). - USB: core: Fix RST error in hub.c (git-fixes). - USB: core: Prevent nested device-reset calls (git-fixes). - USB: dwc3: disable USB core PHY management (git-fixes). - USB: ehci: handshake CMD_RUN instead of STS_HALT (git-fixes). - USB: otg-fsm: Fix hrtimer list corruption (git-fixes). - USB: serial: ch341: fix disabled rx timer on older devices (git-fixes). - USB: serial: ch341: fix lost character on LCR updates (git-fixes). - USB: serial: ch341: name prescaler, divisor registers (git-fixes). - USB: serial: cp210x: add Decagon UCA device id (git-fixes). - USB: serial: ftdi_sio: add Omron CS1W-CIF31 device id (git-fixes). - USB: serial: option: add Quectel EM060K modem (git-fixes). - USB: serial: option: add support for Cinterion MV32-WA/WB RmNet mode (git-fixes). - USB: serial: option: add support for OPPO R11 diag port (git-fixes). - USB: storage: Add ASUS <0x0b05:0x1932> to IGNORE_UAS (git-fixes). - USB: struct usb_device: hide new member (git-fixes). - usbnet: Fix memory leak in usbnet_disconnect() (git-fixes). - vt: Clear selection before changing the font (git-fixes). - vt: selection, introduce vc_is_sel (git-fixes). - watchdog: wdat_wdt: Set the min and max timeout values properly (bsc#1194023). - wifi: iwlegacy: 4965: corrected fix for potential off-by-one overflow in il4965_rs_fill_link_cmd() (git-fixes). - x86/bugs: Reenable retbleed=off While for older kernels the return thunks are statically built in and cannot be dynamically patched out, retbleed=off should still work so that it can be disabled. - x86/kexec: fix memory leak of elf header buffer (bsc#1196444). - x86/xen: Remove undefined behavior in setup_features() (git-fixes). - xen/xenbus: fix return type in xenbus_file_read() (git-fixes). - xprtrdma: Fix cwnd update ordering (git-fixes). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3776-1 Released: Wed Oct 26 14:06:43 2022 Summary: Recommended update for permissions Type: recommended Severity: important References: 1203911,1204137 This update for permissions fixes the following issues: - Revert changes that replaced ping capabilities with ICMP_PROTO sockets. Older SUSE Linux Enterprise versions don't properly support ICMP_PROTO sockets feature yet (bsc#1204137) - Fix regression introduced by backport of security fix (bsc#1203911) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3784-1 Released: Wed Oct 26 18:03:28 2022 Summary: Security update for libtasn1 Type: security Severity: critical References: 1204690,CVE-2021-46848 This update for libtasn1 fixes the following issues: - CVE-2021-46848: Fixed off-by-one array size check that affects asn1_encode_simple_der (bsc#1204690) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3805-1 Released: Thu Oct 27 17:19:46 2022 Summary: Security update for dbus-1 Type: security Severity: important References: 1087072,1204111,1204112,1204113,CVE-2022-42010,CVE-2022-42011,CVE-2022-42012 This update for dbus-1 fixes the following issues: - CVE-2022-42010: Fixed potential crash that could be triggered by an invalid signature (bsc#1204111). - CVE-2022-42011: Fixed an out of bounds read caused by a fixed length array (bsc#1204112). - CVE-2022-42012: Fixed a use-after-free that could be trigged by a message in non-native endianness with out-of-band Unix file descriptor (bsc#1204113). Bugfixes: - Disable asserts (bsc#1087072). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3871-1 Released: Fri Nov 4 13:26:29 2022 Summary: Security update for libxml2 Type: security Severity: important References: 1201978,1204366,1204367,CVE-2016-3709,CVE-2022-40303,CVE-2022-40304 This update for libxml2 fixes the following issues: - CVE-2016-3709: Fixed possible XSS vulnerability (bsc#1201978). - CVE-2022-40303: Fixed integer overflows with XML_PARSE_HUGE (bsc#1204366). - CVE-2022-40304: Fixed dict corruption caused by entity reference cycles (bsc#1204367). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3900-1 Released: Tue Nov 8 10:47:55 2022 Summary: Recommended update for docker Type: recommended Severity: moderate References: 1200022 This update for docker fixes the following issues: - Fix a crash-on-start issue with dockerd (bsc#1200022) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3901-1 Released: Tue Nov 8 10:50:06 2022 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1180995,1203046 This update for openssl-1_1 fixes the following issues: - Default to RFC7919 groups when generating ECDH parameters using 'genpkey' or 'dhparam' in FIPS mode (bsc#1180995) - Fix memory leaks (bsc#1203046) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3904-1 Released: Tue Nov 8 10:52:13 2022 Summary: Recommended update for openssh Type: recommended Severity: moderate References: 1192439 This update for openssh fixes the following issue: - Prevent empty messages from being sent. (bsc#1192439) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3905-1 Released: Tue Nov 8 12:23:17 2022 Summary: Recommended update for aaa_base Type: recommended Severity: important References: 1196840,1199492,1199918,1199926,1199927 This update for aaa_base and iputils fixes the following issues: aaa_base: - Failures in ping for SUSE Linux Enterprise 15 and 15 SP1 due to sysctl setting for ping_group_range (bsc#1199926, bsc#1199927) - The wrapper rootsh is not a restricted shell (bsc#1199492) iputils: - Fix device binding on ping6 for ICMP datagram socket. (bsc#1196840, bsc#1199918, bsc#1199926, bsc#1199927) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3910-1 Released: Tue Nov 8 13:05:04 2022 Summary: Recommended update for pam Type: recommended Severity: moderate References: This update for pam fixes the following issue: - Update pam_motd to the most current version. (PED-1712) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3912-1 Released: Tue Nov 8 13:38:11 2022 Summary: Security update for expat Type: security Severity: important References: 1204708,CVE-2022-43680 This update for expat fixes the following issues: - CVE-2022-43680: Fixed use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate (bsc#1204708). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3922-1 Released: Wed Nov 9 09:03:33 2022 Summary: Security update for protobuf Type: security Severity: important References: 1194530,1203681,1204256,CVE-2021-22569,CVE-2022-1941,CVE-2022-3171 This update for protobuf fixes the following issues: - CVE-2021-22569: Fixed Denial of Service in protobuf-java in the parsing procedure for binary data (bsc#1194530). - CVE-2022-1941: Fix a potential DoS issue in protobuf-cpp and protobuf-python (bsc#1203681) - CVE-2022-3171: Fix a potential DoS issue when parsing with binary data in protobuf-java (bsc#1204256) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3927-1 Released: Wed Nov 9 14:55:47 2022 Summary: Recommended update for runc Type: recommended Severity: moderate References: 1202021,1202821 This update for runc fixes the following issues: - Update to runc v1.1.4 (bsc#1202021) - Fix failed exec after systemctl daemon-reload (bsc#1202821) - Fix mounting via wrong proc - Fix 'permission denied' error from runc run on noexec filesystem ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3947-1 Released: Fri Nov 11 09:04:30 2022 Summary: Security update for xen Type: security Severity: important References: 1027519,1193923,1203806,1203807,1204482,1204485,1204487,1204488,1204489,1204490,1204494,1204496,CVE-2022-33746,CVE-2022-33747,CVE-2022-33748,CVE-2022-42309,CVE-2022-42310,CVE-2022-42311,CVE-2022-42312,CVE-2022-42313,CVE-2022-42314,CVE-2022-42315,CVE-2022-42316,CVE-2022-42317,CVE-2022-42318,CVE-2022-42319,CVE-2022-42320,CVE-2022-42321,CVE-2022-42322,CVE-2022-42323,CVE-2022-42325,CVE-2022-42326 This update for xen fixes the following issues: - CVE-2022-33746: Fixed DoS due to excessively long P2M pool freeing (bsc#1203806) - CVE-2022-33748: Fixed DoS due to race in locking (bsc#1203807) - CVE-2022-42311, CVE-2022-42312, CVE-2022-42313, CVE-2022-42314, CVE-2022-42315, CVE-2022-42316, CVE-2022-42317, CVE-2022-42318: xen: Xenstore: Guests can let xenstored run out of memory (bsc#1204482) - CVE-2022-42309: xen: Xenstore: Guests can crash xenstored (bsc#1204485) - CVE-2022-42310: xen: Xenstore: Guests can create orphaned Xenstore nodes (bsc#1204487) - CVE-2022-42319: xen: Xenstore: Guests can cause Xenstore to not free temporary memory (bsc#1204488) - CVE-2022-42320: xen: Xenstore: Guests can get access to Xenstore nodes of deleted domains (bsc#1204489) - CVE-2022-42321: xen: Xenstore: Guests can crash xenstored via exhausting the stack (bsc#1204490) - CVE-2022-42322,CVE-2022-42323: xen: Xenstore: cooperating guests can create arbitrary numbers of nodes (bsc#1204494) - CVE-2022-42325,CVE-2022-42326: xen: Xenstore: Guests can create arbitrary number of nodes via transactions (bsc#1204496) - xen: Frontends vulnerable to backends (bsc#1193923) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3955-1 Released: Fri Nov 11 12:24:27 2022 Summary: Security update for samba Type: security Severity: important References: 1200102,1202803,1202976,CVE-2022-1615,CVE-2022-32743 This update for samba fixes the following issues: - CVE-2022-1615: Fixed error handling in random number generation (bso#15103)(bsc#1202976). - CVE-2022-32743: Implement validated dnsHostName write rights (bso#14833)(bsc#1202803). Bugfixes: - Fixed use after free when iterating smbd_server_connection->connections after tree disconnect failure (bso#15128)(bsc#1200102). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3961-1 Released: Mon Nov 14 07:33:50 2022 Summary: Recommended update for zlib Type: recommended Severity: important References: 1203652 This update for zlib fixes the following issues: - Fix updating strm.adler with inflate() if DFLTCC is used (bsc#1203652) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3973-1 Released: Mon Nov 14 15:38:25 2022 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1201959,1204211 This update for util-linux fixes the following issues: - Fix file conflict during upgrade (bsc#1204211) - libuuid improvements (bsc#1201959, PED-1150): libuuid: Fix range when parsing UUIDs. Improve cache handling for short running applications-increment the cache size over runtime. Implement continuous clock handling for time based UUIDs. Check clock value from clock file to provide seamless libuuid. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3985-1 Released: Tue Nov 15 12:54:11 2022 Summary: Recommended update for python-apipkg Type: recommended Severity: moderate References: 1204145 This update fixes for python3-apipkg the following issues: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3991-1 Released: Tue Nov 15 13:54:13 2022 Summary: Security update for dhcp Type: security Severity: moderate References: 1203988,1203989,CVE-2022-2928,CVE-2022-2929 This update for dhcp fixes the following issues: - CVE-2022-2928: Fixed an option refcount overflow (bsc#1203988). - CVE-2022-2929: Fixed a DHCP memory leak (bsc#1203989). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4020-1 Released: Wed Nov 16 15:45:13 2022 Summary: Recommended update for nfs-utils Type: recommended Severity: moderate References: 1199856,1202627 This update for nfs-utils fixes the following issues: - Fix nfsdcltrack bug that affected non-x86 archs (bsc#1202627) - Ensure sysctl setting work (bsc#1199856) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4044-1 Released: Thu Nov 17 09:07:24 2022 Summary: Security update for python-cryptography, python-cryptography-vectors Type: security Severity: important References: 1101820,1149792,1176785,1177083,CVE-2018-10903 This update for python-cryptography, python-cryptography-vectors fixes the following issues: - Update in SLE-15 (bsc#1177083, jsc#PM-2730, jsc#SLE-18312) - Refresh patches for new version - Update in SLE-15 (bsc#1176785, jsc#ECO-3105, jsc#PM-2352) - update to 2.9.2 * 2.9.2 - 2020-04-22 - Updated the macOS wheel to fix an issue where it would not run on macOS versions older than 10.15. * 2.9.1 - 2020-04-21 - Updated Windows, macOS, and manylinux wheels to be compiled with OpenSSL 1.1.1g. * 2.9 - 2020-04-02 - BACKWARDS INCOMPATIBLE: Support for Python 3.4 has been removed due to low usage and maintenance burden. - BACKWARDS INCOMPATIBLE: Support for OpenSSL 1.0.1 has been removed. Users on older version of OpenSSL will need to upgrade. - BACKWARDS INCOMPATIBLE: Support for LibreSSL 2.6.x has been removed. - Removed support for calling public_bytes() with no arguments, as per our deprecation policy. You must now pass encoding and format. - BACKWARDS INCOMPATIBLE: Reversed the order in which rfc4514_string() returns the RDNs as required by RFC 4514. - Updated Windows, macOS, and manylinux wheels to be compiled with OpenSSL 1.1.1f. - Added support for parsing single_extensions in an OCSP response. - NameAttribute values can now be empty strings. - Add openSSL_111d.patch to make this version of the package compatible with OpenSSL 1.1.1d, thus fixing bsc#1149792. - bsc#1101820 CVE-2018-10903 GCM tag forgery via truncated tag in finalize_with_tag API - Update in SLE-15 (bsc#1177083, jsc#PM-2730, jsc#SLE-18312) - Include in SLE-15 (bsc#1176785, jsc#ECO-3105, jsc#PM-2352) - update to 2.9.2: * updated vectors for the cryptography 2.9.2 testing ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4053-1 Released: Thu Nov 17 15:35:55 2022 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1032323,1065729,1152489,1198702,1200465,1200788,1201725,1202638,1202686,1202700,1203066,1203098,1203387,1203391,1203496,1203802,1204053,1204166,1204168,1204354,1204355,1204382,1204402,1204415,1204417,1204431,1204439,1204470,1204479,1204574,1204575,1204619,1204635,1204637,1204646,1204647,1204653,1204728,1204753,1204754,CVE-2021-4037,CVE-2022-2153,CVE-2022-2964,CVE-2022-2978,CVE-2022-3176,CVE-2022-3424,CVE-2022-3521,CVE-2022-3524,CVE-2022-3535,CVE-2022-3542,CVE-2022-3545,CVE-2022-3565,CVE-2022-3577,CVE-2022-3586,CVE-2022-3594,CVE-2022-3621,CVE-2022-3625,CVE-2022-3629,CVE-2022-3640,CVE-2022-3646,CVE-2022-3649,CVE-2022-39189,CVE-2022-42703,CVE-2022-43750 The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2021-4037: Fixed function logic vulnerability that allowed local users to create files for the XFS file-system with an unintended group ownership and with group execution and SGID permission bits set (bnc#1198702). - CVE-2022-2153: Fixed vulnerability in KVM that could allow an unprivileged local attacker on the host to cause DoS (bnc#1200788). - CVE-2022-2964: Fixed memory corruption issues in ax88179_178a devices (bnc#1202686). - CVE-2022-2978: Fixed use-after-free in the NILFS file system that could lead to local privilege escalation or DoS (bnc#1202700). - CVE-2022-3176: Fixed use-after-free in io_uring when using POLLFREE (bnc#1203391). - CVE-2022-3424: Fixed use-after-free in gru_set_context_option(), gru_fault() and gru_handle_user_call_os() that could lead to kernel panic (bsc#1204166). - CVE-2022-3521: Fixed race condition in kcm_tx_work() in net/kcm/kcmsock.c (bnc#1204355). - CVE-2022-3524: Fixed memory leak in ipv6_renew_options() in the IPv6 handler (bnc#1204354). - CVE-2022-3535: Fixed memory leak in mvpp2_dbgfs_port_init() in drivers/net/ethernet/marvell/mvpp2/mvpp2_debugfs.c (bnc#1204417). - CVE-2022-3542: Fixed memory leak in bnx2x_tpa_stop() in drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.c (bnc#1204402). - CVE-2022-3545: Fixed use-after-free in area_cache_get() in drivers/net/ethernet/netronome/nfp/nfpcore/nfp_cppcore.c (bnc#1204415). - CVE-2022-3565: Fixed use-after-free in del_timer() in drivers/isdn/mISDN/l1oip_core.c (bnc#1204431). - CVE-2022-3577: Fixed out-of-bounds memory write flaw in bigben device driver that could lead to local privilege escalation or DoS (bnc#1204470). - CVE-2022-3586: Fixed use-after-free in socket buffer (SKB) that could allow a local unprivileged user to cause a denial of service (bnc#1204439). - CVE-2022-3594: Fixed excessive data logging in intr_callback() in drivers/net/usb/r8152.c (bnc#1204479). - CVE-2022-3621: Fixed null pointer dereference in nilfs_bmap_lookup_at_level() in fs/nilfs2/inode.c (bnc#1204574). - CVE-2022-3625: Fixed use-after-free in devlink_param_set()/devlink_param_get() in net/core/devlink.c (bnc#1204637). - CVE-2022-3629: Fixed memory leak in vsock_connect() in net/vmw_vsock/af_vsock.c (bnc#1204635). - CVE-2022-3640: Fixed use-after-free in l2cap_conn_del() in net/bluetooth/l2cap_core.c (bnc#1204619). - CVE-2022-3646: Fixed memory leak in nilfs_attach_log_writer() in fs/nilfs2/segment.c (bnc#1204646). - CVE-2022-3649: Fixed use-after-free in nilfs_new_inode() in fs/nilfs2/inode.c (bnc#1204647). - CVE-2022-39189: Fixed a flaw in the x86 KVM subsystem that could allow unprivileged guest users to compromise the guest kernel via TLB flush operations on preempted vCPU (bnc#1203066). - CVE-2022-42703: Fixed use-after-free in mm/rmap.c related to leaf anon_vma double reuse (bnc#1204168). - CVE-2022-43750: Fixed vulnerability in usbmon that allowed a user-space client to corrupt the monitor's internal memory (bnc#1204653). The following non-security bugs were fixed: - ACPI: APEI: do not add task_work to kernel thread to avoid memory leak (git-fixes). - ACPI: HMAT: Release platform device in case of platform_device_add_data() fails (git-fixes). - ACPI: extlog: Handle multiple records (git-fixes). - ACPI: processor idle: Practically limit 'Dummy wait' workaround to old Intel systems (bnc#1203802). - ACPI: video: Add Toshiba Satellite/Portege Z830 quirk (git-fixes). - ALSA: Use del_timer_sync() before freeing timer (git-fixes). - ALSA: ac97: fix possible memory leak in snd_ac97_dev_register() (git-fixes). - ALSA: aoa: Fix I2S device accounting (git-fixes). - ALSA: aoa: i2sbus: fix possible memory leak in i2sbus_add_dev() (git-fixes). - ALSA: asihpi - Remove useless code in hpi_meter_get_peak() (git-fixes). - ALSA: au88x0: use explicitly signed char (git-fixes). - ALSA: dmaengine: increment buffer pointer atomically (git-fixes). - ALSA: hda/hdmi: Do not skip notification handling during PM operation (git-fixes). - ALSA: hda/realtek: Add Intel Reference SSID to support headset keys (git-fixes). - ALSA: hda/realtek: Add pincfg for ASUS G513 HP jack (git-fixes). - ALSA: hda/realtek: Add pincfg for ASUS G533Z HP jack (git-fixes). - ALSA: hda/realtek: Add quirk for ASUS GA503R laptop (git-fixes). - ALSA: hda/realtek: Add quirk for ASUS GV601R laptop (git-fixes). - ALSA: hda/realtek: Add quirk for Huawei WRT-WX9 (git-fixes). - ALSA: hda/realtek: Correct pin configs for ASUS G533Z (git-fixes). - ALSA: hda/realtek: Enable 4-speaker output Dell Precision 5530 laptop (git-fixes). - ALSA: hda/realtek: remove ALC289_FIXUP_DUAL_SPK for Dell 5530 (git-fixes). - ALSA: hda/sigmatel: Fix unused variable warning for beep power change (git-fixes). - ALSA: hda/sigmatel: Keep power up while beep is enabled (git-fixes). - ALSA: hda/tegra: Align BDL entry to 4KB boundary (git-fixes). - ALSA: hda: Fix position reporting on Poulsbo (git-fixes). - ALSA: hda: add Intel 5 Series / 3400 PCI DID (git-fixes). - ALSA: oss: Fix potential deadlock at unregistration (git-fixes). - ALSA: rawmidi: Drop register_mutex in snd_rawmidi_free() (git-fixes). - ALSA: rme9652: use explicitly signed char (git-fixes). - ALSA: usb-audio: Fix NULL dererence at error path (git-fixes). - ALSA: usb-audio: Fix potential memory leaks (git-fixes). - ASoC: eureka-tlv320: Hold reference returned from of_find_xxx API (git-fixes). - ASoC: fsl_sai: Remove unnecessary FIFO reset in ISR (git-fixes). - ASoC: mt6660: Fix PM disable depth imbalance in mt6660_i2c_probe (git-fixes). - ASoC: nau8824: Fix semaphore unbalance at error paths (git-fixes). - ASoC: rsnd: Add check for rsnd_mod_power_on (git-fixes). - ASoC: tas2770: Reinit regcache on reset (git-fixes). - ASoC: wcd9335: fix order of Slimbus unprepare/disable (git-fixes). - ASoC: wcd934x: fix order of Slimbus unprepare/disable (git-fixes). - ASoC: wm5102: Fix PM disable depth imbalance in wm5102_probe (git-fixes). - ASoC: wm5110: Fix PM disable depth imbalance in wm5110_probe (git-fixes). - ASoC: wm8997: Fix PM disable depth imbalance in wm8997_probe (git-fixes). - Bluetooth: L2CAP: Fix user-after-free (git-fixes). - Bluetooth: L2CAP: initialize delayed works at l2cap_chan_create() (git-fixes). - Bluetooth: hci_core: Fix not handling link timeouts propertly (git-fixes). - Bluetooth: hci_sysfs: Fix attempting to call device_add multiple times (git-fixes). - HID: hidraw: fix memory leak in hidraw_release() (git-fixes). - HID: magicmouse: Do not set BTN_MOUSE on double report (git-fixes). - HID: multitouch: Add memory barriers (git-fixes). - HID: roccat: Fix use-after-free in roccat_read() (git-fixes). - HSI: omap_ssi: Fix refcount leak in ssi_probe (git-fixes). - HSI: omap_ssi_port: Fix dma_map_sg error check (git-fixes). - IB/cm: Cancel mad on the DREQ event when the state is MRA_REP_RCVD (git-fixes) - IB/cma: Allow XRC INI QPs to set their local ACK timeout (git-fixes) - IB/core: Only update PKEY and GID caches on respective events (git-fixes) - IB/hfi1: Adjust pkey entry in index 0 (git-fixes) - IB/hfi1: Fix abba locking issue with sc_disable() (git-fixes) - IB/hfi1: Fix possible null-pointer dereference in _extend_sdma_tx_descs() (git-fixes) - IB/mlx4: Add support for REJ due to timeout (git-fixes) - IB/mlx4: Use port iterator and validation APIs (git-fixes) - IB/qib: Protect from buffer overflow in struct qib_user_sdma_pkt fields (git-fixes) - IB/rdmavt: Add __init/__exit annotations to module init/exit funcs (git-fixes) - IB/srpt: Remove redundant assignment to ret (git-fixes) - Input: i8042 - fix refount leak on sparc (git-fixes). - Input: xpad - add supported devices as contributed on github (git-fixes). - Input: xpad - fix wireless 360 controller breaking after suspend (git-fixes). - KVM: nVMX: Unconditionally purge queued/injected events on nested 'exit' (git-fixes). - KVM: s390: Clarify SIGP orders versus STOP/RESTART (git-fixes). - KVM: s390: VSIE: fix MVPG handling for prefixing and MSO (git-fixes). - KVM: s390: clear kicked_mask before sleeping again (git-fixes). - KVM: s390: preserve deliverable_mask in __airqs_kick_single_vcpu (git-fixes). - KVM: s390: pv: do not present the ecall interrupt twice (git-fixes). - KVM: s390: split kvm_s390_real_to_abs (git-fixes). - KVM: s390x: fix SCK locking (git-fixes). - KVM: x86/emulator: Fix handing of POP SS to correctly set interruptibility (git-fixes). - PCI: Dynamically map ECAM regions (bsc#1204382). - PCI: Fix used_buses calculation in pci_scan_child_bus_extend() (git-fixes). - PCI: Sanitise firmware BAR assignments behind a PCI-PCI bridge (git-fixes). - PM: domains: Fix handling of unavailable/disabled idle states (git-fixes). - PM: hibernate: Allow hybrid sleep to work with s2idle (git-fixes). - RDMA/bnxt_re: Add missing spin lock initialization (git-fixes) - RDMA/bnxt_re: Fix query SRQ failure (git-fixes) - RDMA/cm: Fix memory leak in ib_cm_insert_listen (git-fixes) - RDMA/cma: Ensure rdma_addr_cancel() happens before issuing more requests (git-fixes) - RDMA/cma: Fix arguments order in net device validation (git-fixes) - RDMA/core: Sanitize WQ state received from the userspace (git-fixes) - RDMA/cxgb4: Remove MW support (git-fixes) - RDMA/efa: Free IRQ vectors on error flow (git-fixes) - RDMA/efa: Remove double QP type assignment (git-fixes) - RDMA/efa: Use ib_umem_num_dma_pages() (git-fixes) - RDMA/hfi1: Fix potential integer multiplication overflow errors (git-fixes) - RDMA/hns: Remove unnecessary check for the sgid_attr when modifying QP (git-fixes) - RDMA/i40iw: Use ib_umem_num_dma_pages() (git-fixes) - RDMA/iwcm: Release resources if iw_cm module initialization fails (git-fixes) - RDMA/mlx4: Return missed an error if device does not support steering (git-fixes) - RDMA/mlx5: Add missing check for return value in get namespace flow (git-fixes) - RDMA/mlx5: Block FDB rules when not in switchdev mode (git-fixes) - RDMA/mlx5: Fix memory leak in error flow for subscribe event routine (git-fixes) - RDMA/mlx5: Make mkeys always owned by the kernel's PD when not enabled (git-fixes) - RDMA/mlx5: Set user priority for DCT (git-fixes) - RDMA/mlx5: Use set_mkc_access_pd_addr_fields() in reg_create() (git-fixes) - RDMA/qedr: Fix NULL deref for query_qp on the GSI QP (git-fixes) - RDMA/qedr: Fix potential memory leak in __qedr_alloc_mr() (git-fixes) - RDMA/qedr: Fix reporting QP timeout attribute (git-fixes) - RDMA/qib: Remove superfluous fallthrough statements (git-fixes) - RDMA/rtrs-srv: Pass the correct number of entries for dma mapped SGL (git-fixes) - RDMA/rxe: Do not overwrite errno from ib_umem_get() (git-fixes) - RDMA/rxe: Fix 'kernel NULL pointer dereference' error (git-fixes) - RDMA/rxe: Fix error unwind in rxe_create_qp() (git-fixes) - RDMA/rxe: Fix extra copies in build_rdma_network_hdr (git-fixes) - RDMA/rxe: Fix extra copy in prepare_ack_packet (git-fixes) - RDMA/rxe: Fix failure during driver load (git-fixes) - RDMA/rxe: Fix over copying in get_srq_wqe (git-fixes) - RDMA/rxe: Fix redundant call to ip_send_check (git-fixes) - RDMA/rxe: Fix redundant skb_put_zero (git-fixes) - RDMA/rxe: Fix rnr retry behavior (git-fixes) - RDMA/rxe: Fix the error caused by qp->sk (git-fixes) - RDMA/rxe: Fix wrong port_cap_flags (git-fixes) - RDMA/rxe: Generate a completion for unsupported/invalid opcode (git-fixes) - RDMA/rxe: Remove unused pkt->offset (git-fixes) - RDMA/rxe: Return CQE error if invalid lkey was supplied (git-fixes) - RDMA/sa_query: Use strscpy_pad instead of memcpy to copy a string (git-fixes) - RDMA/siw: Always consume all skbuf data in sk_data_ready() upcall. (git-fixes) - RDMA/siw: Fix a condition race issue in MPA request processing (git-fixes) - RDMA/siw: Fix duplicated reported IW_CM_EVENT_CONNECT_REPLY event (git-fixes) - RDMA/siw: Pass a pointer to virt_to_page() (git-fixes) - RDMA/usnic: fix set-but-not-unused variable 'flags' warning (git-fixes) - RDMA: Verify port when creating flow rule (git-fixes) - RDMA: remove useless condition in siw_create_cq() (git-fixes) - RDMa/mthca: Work around -Wenum-conversion warning (git-fixes) - Revert 'drivers/video/backlight/platform_lcd.c: add support for (bsc#1152489) - Revert 'drm: bridge: analogix/dp: add panel prepare/unprepare in suspend/resume time' (git-fixes). - Revert 'usb: add quirks for Lenovo OneLink+ Dock' (git-fixes). - Revert 'usb: storage: Add quirk for Samsung Fit flash' (git-fixes). - Revert 'usb: storage: Add quirk for Samsung Fit flash' (git-fixes). - USB: serial: console: move mutex_unlock() before usb_serial_put() (git-fixes). - USB: serial: ftdi_sio: fix 300 bps rate for SIO (git-fixes). - USB: serial: option: add Quectel BG95 0x0203 composition (git-fixes). - USB: serial: option: add Quectel BG95 0x0203 composition (git-fixes). - USB: serial: option: add Quectel RM520N (git-fixes). - USB: serial: option: add Quectel RM520N (git-fixes). - USB: serial: qcserial: add new usb-id for Dell branded EM7455 (git-fixes). - USB: serial: qcserial: add new usb-id for Dell branded EM7455 (git-fixes). - arm64: assembler: add cond_yield macro (git-fixes) - ata: fix ata_id_has_devslp() (git-fixes). - ata: fix ata_id_has_dipm() (git-fixes). - ata: fix ata_id_has_ncq_autosense() (git-fixes). - ata: fix ata_id_sense_reporting_enabled() and ata_id_has_sense_reporting() (git-fixes). - ata: libahci_platform: Sanity check the DT child nodes number (git-fixes). - can: bcm: check the result of can_send() in bcm_can_tx() (git-fixes). - can: gs_usb: gs_can_open(): fix race dev->can.state condition (git-fixes). - can: kvaser_usb: Fix possible completions during init_completion (git-fixes). - can: kvaser_usb: Fix use of uninitialized completion (git-fixes). - can: kvaser_usb_leaf: Fix CAN state after restart (git-fixes). - can: kvaser_usb_leaf: Fix TX queue out of sync after restart (git-fixes). - can: mscan: mpc5xxx: mpc5xxx_can_probe(): add missing put_clock() in error path (git-fixes). - cgroup/cpuset: Enable update_tasks_cpumask() on top_cpuset (bsc#1204753). - clk: bcm2835: Make peripheral PLLC critical (git-fixes). - clk: bcm2835: fix bcm2835_clock_rate_from_divisor declaration (git-fixes). - clk: berlin: Add of_node_put() for of_get_parent() (git-fixes). - clk: imx: imx6sx: remove the SET_RATE_PARENT flag for QSPI clocks (git-fixes). - clk: iproc: Do not rely on node name for correct PLL setup (git-fixes). - clk: mediatek: mt8183: mfgcfg: Propagate rate changes to parent (git-fixes). - clk: oxnas: Hold reference returned by of_get_parent() (git-fixes). - clk: qcom: gcc-msm8916: use ARRAY_SIZE instead of specifying num_parents (git-fixes). - clk: qoriq: Hold reference returned by of_get_parent() (git-fixes). - clk: tegra20: Fix refcount leak in tegra20_clock_init (git-fixes). - clk: tegra: Fix refcount leak in tegra114_clock_init (git-fixes). - clk: tegra: Fix refcount leak in tegra210_clock_init (git-fixes). - clk: ti: dra7-atl: Fix reference leak in of_dra7_atl_clk_probe (git-fixes). - clk: zynqmp: Fix stack-out-of-bounds in strncpy` (git-fixes). - clk: zynqmp: pll: rectify rate rounding in zynqmp_pll_round_rate (git-fixes). - crypto: akcipher - default implementation for setting a private key (git-fixes). - crypto: arm64/sha - fix function types (git-fixes) - crypto: arm64/sha1-ce - simplify NEON yield (git-fixes) - crypto: arm64/sha2-ce - simplify NEON yield (git-fixes) - crypto: arm64/sha3-ce - simplify NEON yield (git-fixes) - crypto: arm64/sha512-ce - simplify NEON yield (git-fixes) - crypto: cavium - prevent integer overflow loading firmware (git-fixes). - crypto: ccp - Release dma channels before dmaengine unrgister (git-fixes). - crypto: hisilicon/zip - fix mismatch in get/set sgl_sge_nr (git-fixes). - device property: Fix documentation for *_match_string() APIs (git-fixes). - dmaengine: ioat: stop mod_timer from resurrecting deleted timer in __cleanup() (git-fixes). - dmaengine: xilinx_dma: Report error in case of dma_set_mask_and_coherent API failure (git-fixes). - dmaengine: xilinx_dma: cleanup for fetching xlnx,num-fstores property (git-fixes). - docs: update mediator information in CoC docs (git-fixes). - drivers: serial: jsm: fix some leaks in probe (git-fixes). - drm/amd/display: Limit user regamma to a valid value (git-fixes). - drm/amdgpu: do not register a dirty callback for non-atomic (git-fixes). - drm/amdgpu: fix initial connector audio value (git-fixes). - drm/amdgpu: use dirty framebuffer helper (git-fixes). - drm/bridge: Avoid uninitialized variable warning (git-fixes). - drm/bridge: megachips: Fix a null pointer dereference bug (git-fixes). - drm/bridge: parade-ps8640: Fix regulator supply order (git-fixes). - drm/i915/gvt: fix a memory leak in intel_gvt_init_vgpu_types (git-fixes). - drm/mipi-dsi: Detach devices when removing the host (git-fixes). - drm/msm/dpu: Fix comment typo (git-fixes). - drm/msm/dpu: index dpu_kms->hw_vbif using vbif_idx (git-fixes). - drm/msm/dsi: fix memory corruption with too many bridges (git-fixes). - drm/msm/hdmi: fix memory corruption with too many bridges (git-fixes). - drm/msm: Fix return type of mdp4_lvds_connector_mode_valid (git-fixes). - drm/msm: Make .remove and .shutdown HW shutdown consistent (git-fixes). - drm/nouveau/nouveau_bo: fix potential memory leak in nouveau_bo_alloc() (git-fixes). - drm/nouveau: fix a use-after-free in nouveau_gem_prime_import_sg_table() (git-fixes). - drm/omap: dss: Fix refcount leak bugs (git-fixes). - drm/rockchip: Fix return type of cdn_dp_connector_mode_valid (git-fixes). - drm/scheduler: quieten kernel-doc warnings (git-fixes). - drm/udl: Restore display mode on resume (git-fixes). - drm: Prevent drm_copy_field() to attempt copying a NULL pointer (git-fixes). - drm: Use size_t type for len variable in drm_copy_field() (git-fixes). - drm: bridge: adv7511: fix CEC power down control register offset (git-fixes). - drm: fix drm_mipi_dbi build errors (git-fixes). - drm: panel-orientation-quirks: Add quirk for Anbernic Win600 (git-fixes). - drm:pl111: Add of_node_put() when breaking out of for_each_available_child_of_node() (git-fixes). - dyndbg: fix module.dyndbg handling (git-fixes). - dyndbg: let query-modname override actual module name (git-fixes). - efi: Correct Macmini DMI match in uefi cert quirk (git-fixes). - efi: libstub: drop pointless get_memory_map() call (git-fixes). - exfat: Return ENAMETOOLONG consistently for oversized paths (bsc#1204053 bsc#1201725). - fbdev: cyber2000fb: fix missing pci_disable_device() (git-fixes). - fbdev: da8xx-fb: Fix error handling in .remove() (git-fixes). - firmware: arm_scmi: Add SCMI PM driver remove routine (git-fixes). - firmware: google: Test spinlock on panic path to avoid lockups (git-fixes). - fpga: prevent integer overflow in dfl_feature_ioctl_set_irq() (git-fixes). - gpio: rockchip: request GPIO mux to pinctrl when setting direction (git-fixes). - hid: hid-logitech-hidpp: avoid unnecessary assignments in hidpp_connect_event (git-fixes). - hwmon/coretemp: Handle large core ID value (git-fixes). - iio: ABI: Fix wrong format of differential capacitance channel ABI (git-fixes). - iio: adc: ad7923: fix channel readings for some variants (git-fixes). - iio: adc: at91-sama5d2_adc: check return status for pressure and touch (git-fixes). - iio: adc: at91-sama5d2_adc: fix AT91_SAMA5D2_MR_TRACKTIM_MAX (git-fixes). - iio: adc: at91-sama5d2_adc: lock around oversampling and sample freq (git-fixes). - iio: adc: mcp3911: use correct id bits (git-fixes). - iio: dac: ad5593r: Fix i2c read protocol requirements (git-fixes). - iio: inkern: only release the device node when done with it (git-fixes). - iio: light: tsl2583: Fix module unloading (git-fixes). - iio: pressure: dps310: Refactor startup procedure (git-fixes). - iio: pressure: dps310: Reset chip after timeout (git-fixes). - irqchip/ls-extirq: Fix invalid wait context by avoiding to use regmap (git-fixes). - kABI: arm64/crypto/sha512 Preserve function signature (git-fixes). - kbuild: Add skip_encoding_btf_enum64 option to pahole (git-fixes). - kbuild: remove the target in signal traps when interrupted (git-fixes). - kbuild: sink stdout from cmd for silent build (git-fixes). - kbuild: skip per-CPU BTF generation for pahole v1.18-v1.21 (jsc#SLE-24559). - kthread: Extract KTHREAD_IS_PER_CPU (bsc#1204753). - lib/sg_pool: change module_init(sg_pool_init) to subsys_initcall (git-fixes). - libata: add ATA_HORKAGE_NOLPM for Pioneer BDR-207M and BDR-205 (git-fixes). - locking/csd_lock: Change csdlock_debug from early_param to __setup (git-fixes). - mISDN: fix use-after-free bugs in l1oip timer handlers (git-fixes). - mISDN: hfcpci: Fix use-after-free bug in hfcpci_softirq (git-fixes). - mac802154: Fix LQI recording (git-fixes). - mailbox: bcm-ferxrm-mailbox: Fix error check for dma_map_sg (git-fixes). - media: aspeed-video: ignore interrupts that are not enabled (git-fixes). - media: cedrus: Set the platform driver data earlier (git-fixes). - media: coda: Add more H264 levels for CODA960 (git-fixes). - media: coda: Fix reported H264 profile (git-fixes). - media: cx88: Fix a null-ptr-deref bug in buffer_prepare() (git-fixes). - media: dvb_vb2: fix possible out of bound access (git-fixes). - media: v4l2-dv-timings: add sanity checks for blanking values (git-fixes). - media: videodev2.h: V4L2_DV_BT_BLANKING_HEIGHT should check 'interlaced' (git-fixes). - media: xilinx: vipp: Fix refcount leak in xvip_graph_dma_init (git-fixes). - memory: of: Fix refcount leak bug in of_get_ddr_timings() (git-fixes). - memory: pl353-smc: Fix refcount leak bug in pl353_smc_probe() (git-fixes). - mfd: fsl-imx25: Fix an error handling path in mx25_tsadc_setup_irq() (git-fixes). - mfd: intel_soc_pmic: Fix an error handling path in intel_soc_pmic_i2c_probe() (git-fixes). - mfd: lp8788: Fix an error handling path in lp8788_irq_init() and lp8788_irq_init() (git-fixes). - mfd: lp8788: Fix an error handling path in lp8788_probe() (git-fixes). - mfd: sm501: Add check for platform_driver_register() (git-fixes). - misc: ocxl: fix possible refcount leak in afu_ioctl() (git-fixes). - mm, memcg: avoid stale protection values when cgroup is above protection (bsc#1204754). - mm/hugetlb: fix races when looking up a CONT-PTE/PMD size hugetlb page (bsc#1204575). - mm: memcontrol: fix occasional OOMs due to proportional memory.low reclaim (bsc#1204754). - mmc: au1xmmc: Fix an error handling path in au1xmmc_probe() (git-fixes). - mmc: core: Fix kernel panic when remove non-standard SDIO card (git-fixes). - mmc: core: Replace with already defined values for readability (git-fixes). - mmc: core: Terminate infinite loop in SD-UHS voltage switch (git-fixes). - mmc: moxart: fix 4-bit bus width and remove 8-bit bus width (git-fixes). - mmc: sdhci-msm: add compatible string check for sdm670 (git-fixes). - mmc: sdhci-sprd: Fix minimum clock limit (git-fixes). - mmc: wmt-sdmmc: Fix an error handling path in wmt_mci_probe() (git-fixes). - mtd: devices: docg3: check the return value of devm_ioremap() in the probe (git-fixes). - mtd: rawnand: atmel: Unmap streaming DMA mappings (git-fixes). - mtd: rawnand: marvell: Use correct logic for nand-keep-config (git-fixes). - mtd: rawnand: meson: fix bit map use in meson_nfc_ecc_correct() (git-fixes). - net/ieee802154: fix uninit value bug in dgram_sendmsg (git-fixes). - net: ieee802154: return -EINVAL for unknown addr type (git-fixes). - net: usb: qmi_wwan: Add new usb-id for Dell branded EM7455 (git-fixes). - net: usb: qmi_wwan: Add new usb-id for Dell branded EM7455 (git-fixes). - net: usb: qmi_wwan: add Quectel RM520N (git-fixes). - openvswitch: Fix double reporting of drops in dropwatch (git-fixes). - openvswitch: Fix overreporting of drops in dropwatch (git-fixes). - openvswitch: switch from WARN to pr_warn (git-fixes). - padata: introduce internal padata_get/put_pd() helpers (bsc#1202638). - padata: make padata_free_shell() to respect pd's ->refcnt (bsc#1202638). - parisc/sticon: fix reverse colors (bsc#1152489) Backporting notes: * context changes - parisc: parisc-agp requires SBA IOMMU driver (bsc#1152489) - phy: qualcomm: call clk_disable_unprepare in the error handling (git-fixes). - pinctrl: armada-37xx: Add missing GPIO-only pins (git-fixes). - pinctrl: armada-37xx: Checks for errors in gpio_request_enable callback (git-fixes). - pinctrl: armada-37xx: Fix definitions for MPP pins 20-22 (git-fixes). - pinctrl: rockchip: add pinmux_ops.gpio_set_direction callback (git-fixes). - platform/x86: msi-laptop: Change DMI match / alias strings to fix module autoloading (git-fixes). - platform/x86: msi-laptop: Fix old-ec check for backlight registering (git-fixes). - platform/x86: msi-laptop: Fix resource cleanup (git-fixes). - power: supply: adp5061: fix out-of-bounds read in adp5061_get_chg_type() (git-fixes). - powerpc/64: Remove unused SYS_CALL_TABLE symbol (jsc#SLE-9246 git-fixes). - powerpc/fadump: align destination address to pagesize (bsc#1204728 ltc#200074). - powerpc/kprobes: Fix null pointer reference in arch_prepare_kprobe() (jsc#SLE-13847 git-fixes). - powerpc/mm/64s: Drop pgd_huge() (bsc#1065729). - powerpc/mm: remove pmd_huge/pud_huge stubs and include hugetlb.h (bsc#1065729). - powerpc/pci_dn: Add missing of_node_put() (bsc#1065729). - powerpc/powernv: add missing of_node_put() in opal_export_attrs() (bsc#1065729). - powerpc/pseries: Interface to represent PAPR firmware attributes (bsc#1200465 ltc#197256 jsc#PED-1931). - quota: widen timestamps for the fs_disk_quota structure (bsc#1203387). - regulator: pfuze100: Fix the global-out-of-bounds access in pfuze100_regulator_probe() (git-fixes). - regulator: qcom_rpm: Fix circular deferral regression (git-fixes). - reset: imx7: Fix the iMX8MP PCIe PHY PERST support (git-fixes). - rpmsg: qcom: glink: replace strncpy() with strscpy_pad() (git-fixes). - rtc: stmp3xxx: Add failure handling for stmp3xxx_wdt_register() (git-fixes). - s390/hypfs: avoid error message under KVM (bsc#1032323). - sbitmap: Avoid leaving waitqueue in invalid state in __sbq_wake_up() (git-fixes). - sbitmap: fix possible io hung due to lost wakeup (git-fixes). - scsi: libsas: Fix use-after-free bug in smp_execute_task_sg() (git-fixes). - scsi: mpt3sas: Fix return value check of dma_get_required_mask() (git-fixes). - scsi: qla2xxx: Fix disk failure to rediscover (git-fixes). - selftest/powerpc: Add PAPR sysfs attributes sniff test (bsc#1200465 ltc#197256 jsc#PED-1931). - selftests/powerpc: Skip energy_scale_info test on older firmware (git-fixes). - serial: Create uart_xmit_advance() (git-fixes). - serial: tegra-tcu: Use uart_xmit_advance(), fixes icount.tx accounting (git-fixes). - serial: tegra: Use uart_xmit_advance(), fixes icount.tx accounting (git-fixes). - soc: qcom: smem_state: Add refcounting for the 'state->of_node' (git-fixes). - soc: qcom: smsm: Fix refcount leak bugs in qcom_smsm_probe() (git-fixes). - soc: sunxi: sram: Actually claim SRAM regions (git-fixes). - soc: sunxi: sram: Fix debugfs info for A64 SRAM C (git-fixes). - soc: sunxi: sram: Prevent the driver from being unbound (git-fixes). - soc: sunxi_sram: Make use of the helper function devm_platform_ioremap_resource() (git-fixes). - spi/omap100k:Fix PM disable depth imbalance in omap1_spi100k_probe (git-fixes). - spi: mt7621: Fix an error message in mt7621_spi_probe() (git-fixes). - spi: qup: add missing clk_disable_unprepare on error in spi_qup_pm_resume_runtime() (git-fixes). - spi: qup: add missing clk_disable_unprepare on error in spi_qup_resume() (git-fixes). - spi: s3c64xx: Fix large transfers with DMA (git-fixes). - staging: rtl8723bs: fix a potential memory leak in rtw_init_cmd_priv() (git-fixes). - staging: vt6655: fix potential memory leak (git-fixes). - staging: vt6655: fix some erroneous memory clean-up loops (git-fixes). - struct pci_config_window kABI workaround (bsc#1204382). - thermal: intel_powerclamp: Use first online CPU as control_cpu (git-fixes). - thermal: intel_powerclamp: Use get_cpu() instead of smp_processor_id() to avoid crash (git-fixes). - tty/serial: atmel: RS485 & ISO7816: wait for TXRDY before sending data (git-fixes). - tty: serial: fsl_lpuart: disable dma rx/tx use flags in lpuart_dma_shutdown (git-fixes). - tty: xilinx_uartps: Fix the ignore_status (git-fixes). - uas: add no-uas quirk for Hiksemi usb_disk (git-fixes). - uas: ignore UAS for Thinkplus chips (git-fixes). - usb-storage: Add Hiksemi USB3-FW to IGNORE_UAS (git-fixes). - usb: add quirks for Lenovo OneLink+ Dock (git-fixes). - usb: add quirks for Lenovo OneLink+ Dock (git-fixes). - usb: bdc: change state when port disconnected (git-fixes). - usb: dwc3: gadget: Avoid starting DWC3 gadget during UDC unbind (git-fixes). - usb: dwc3: gadget: Do not set IMI for no_interrupt (git-fixes). - usb: dwc3: gadget: Prevent repeat pullup() (git-fixes). - usb: dwc3: gadget: Stop processing more requests on IMI (git-fixes). - usb: gadget: function: fix dangling pnp_string in f_printer.c (git-fixes). - usb: host: xhci: Fix potential memory leak in xhci_alloc_stream_info() (git-fixes). - usb: idmouse: fix an uninit-value in idmouse_open (git-fixes). - usb: mon: make mmapped memory read only (git-fixes). - usb: musb: Fix musb_gadget.c rxstate overflow bug (git-fixes). - usb: typec: ucsi: Remove incorrect warning (git-fixes). - usb: xhci-mtk: add a function to (un)load bandwidth info (git-fixes). - usb: xhci-mtk: add only one extra CS for FS/LS INTR (git-fixes). - usb: xhci-mtk: add some schedule error number (git-fixes). - usb: xhci-mtk: fix issue of out-of-bounds array access (git-fixes). - usb: xhci-mtk: get the microframe boundary for ESIT (git-fixes). - usb: xhci-mtk: use @sch_tt to check whether need do TT schedule (git-fixes). - vhost/vsock: Use kvmalloc/kvfree for larger packets (git-fixes). - video: fbdev: pxa3xx-gcu: Fix integer overflow in pxa3xx_gcu_write (git-fixes). - watchdog: armada_37xx_wdt: Fix .set_timeout callback (git-fixes). - watchdog: ftwdt010_wdt: fix test for platform_get_irq() failure (git-fixes). - wifi: ath10k: add peer map clean up for peer delete in ath10k_sta_state() (git-fixes). - wifi: ath9k: avoid uninit memory read in ath9k_htc_rx_msg() (git-fixes). - wifi: brcmfmac: fix invalid address access when enabling SCAN log level (git-fixes). - wifi: brcmfmac: fix use-after-free bug in brcmf_netdev_start_xmit() (git-fixes). - wifi: cfg80211: update hidden BSSes to avoid WARN_ON (git-fixes). - wifi: iwlwifi: mvm: fix double list_add at iwl_mvm_mac_wake_tx_queue (other cases) (git-fixes). - wifi: mac80211: Fix UAF in ieee80211_scan_rx() (git-fixes). - wifi: mac80211: allow bw change during channel switch in mesh (git-fixes). - wifi: mac80211: do not drop packets smaller than the LLC-SNAP header on fast-rx (git-fixes). - wifi: mac80211_hwsim: avoid mac80211 warning on bad rate (git-fixes). - wifi: rt2x00: correctly set BBP register 86 for MT7620 (git-fixes). - wifi: rt2x00: do not run Rt5592 IQ calibration on MT7620 (git-fixes). - wifi: rt2x00: set SoC wmac clock register (git-fixes). - wifi: rt2x00: set VGC gain for both chains of MT7620 (git-fixes). - wifi: rt2x00: set correct TX_SW_CFG1 MAC register for MT7620 (git-fixes). - wifi: rtl8xxxu: Fix AIFS written to REG_EDCA_*_PARAM (git-fixes). - wifi: rtl8xxxu: Fix skb misuse in TX queue selection (git-fixes). - wifi: rtl8xxxu: Improve rtl8xxxu_queue_select (git-fixes). - wifi: rtl8xxxu: Remove copy-paste leftover in gen2_update_rate_mask (git-fixes). - wifi: rtl8xxxu: gen2: Fix mistake in path B IQ calibration (git-fixes). - wifi: rtl8xxxu: tighten bounds checking in rtl8xxxu_read_efuse() (git-fixes). - xfs: add missing assert in xfs_fsmap_owner_from_rmap (git-fixes). - xfs: enable big timestamps (bsc#1203387). - xfs: enable new inode btree counters feature (bsc#1203387). - xfs: explicitly define inode timestamp range (bsc#1203387). - xfs: fix memory corruption during remote attr value buffer invalidation (git-fixes). - xfs: fix s_maxbytes computation on 32-bit kernels (git-fixes). - xfs: hoist out xfs_resizefs_init_new_ags() (git-fixes). - xfs: move incore structures out of xfs_da_format.h (git-fixes). - xfs: quota: move to time64_t interfaces (bsc#1203387). - xfs: redefine xfs_ictimestamp_t (bsc#1203387). - xfs: redefine xfs_timestamp_t (bsc#1203387). - xfs: refactor remote attr value buffer invalidation (git-fixes). - xfs: remove obsolete AGF counter debugging (git-fixes). - xfs: rename `new' to `delta' in xfs_growfs_data_private() (git-fixes). - xfs: reserve data and rt quota at the same time (bsc#1203496). - xfs: slightly tweak an assert in xfs_fs_map_blocks (git-fixes). - xfs: store inode btree block counts in AGI header (bsc#1203387). - xfs: streamline xfs_attr3_leaf_inactive (git-fixes). - xfs: use a struct timespec64 for the in-core crtime (bsc#1203387). - xfs: use the finobt block counts to speed up mount times (bsc#1203387). - xfs: widen ondisk inode timestamps to deal with y2038+ (bsc#1203387). - xfs: widen ondisk quota expiration timestamps to handle y2038+ (bsc#1203387). - xhci: Do not show warning for reinit on known broken suspend (git-fixes). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4056-1 Released: Thu Nov 17 15:38:08 2022 Summary: Security update for systemd Type: security Severity: moderate References: 1204179,1204968,CVE-2022-3821 This update for systemd fixes the following issues: - CVE-2022-3821: Fixed buffer overrun in format_timespan() function (bsc#1204968). - Import commit 56bee38fd0da18dad5fc5c5d12c02238a22b50e2 * 8a70235d8a core: Add trigger limit for path units * 93e544f3a0 core/mount: also add default before dependency for automount mount units * 5916a7748c logind: fix crash in logind on user-specified message string - Document udev naming scheme (bsc#1204179). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4066-1 Released: Fri Nov 18 10:43:00 2022 Summary: Recommended update for timezone Type: recommended Severity: important References: 1177460,1202324,1204649,1205156 This update for timezone fixes the following issues: Update timezone version from 2022a to 2022f (bsc#1177460, bsc#1204649, bsc#1205156): - Mexico will no longer observe DST except near the US border - Chihuahua moves to year-round -06 on 2022-10-30 - Fiji no longer observes DST - In vanguard form, GMT is now a Zone and Etc/GMT a link - zic now supports links to links, and vanguard form uses this - Simplify four Ontario zones - Fix a Y2438 bug when reading TZif data - Enable 64-bit time_t on 32-bit glibc platforms - Omit large-file support when no longer needed - Jordan and Syria switch from +02/+03 with DST to year-round +03 - Palestine transitions are now Saturdays at 02:00 - Simplify three Ukraine zones into one - Improve tzselect on intercontinental Zones - Chile's DST is delayed by a week in September 2022 (bsc#1202324) - Iran no longer observes DST after 2022 - Rename Europe/Kiev to Europe/Kyiv - New `zic -R` command option - Vanguard form now uses %z ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4077-1 Released: Fri Nov 18 15:05:28 2022 Summary: Security update for sudo Type: security Severity: important References: 1190818,1203201,1204986,CVE-2022-43995 This update for sudo fixes the following issues: - CVE-2022-43995: Fixed a potential heap-based buffer over-read when entering a passwor dof seven characters or fewer and using the crypt() password backend (bsc#1204986). - Fix wrong information output in the error message (bsc#1190818). - Make sure SIGCHLD is not ignored when sudo is executed; fixes race condition (bsc#1203201). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4081-1 Released: Fri Nov 18 15:40:46 2022 Summary: Security update for dpkg Type: security Severity: low References: 1199944,CVE-2022-1664 This update for dpkg fixes the following issues: - CVE-2022-1664: Fixed a directory traversal vulnerability in Dpkg::Source::Archive (bsc#1199944). The following package changes have been done: - bind-utils-9.16.6-150300.22.21.2 updated - curl-7.66.0-150200.4.42.1 updated - dbus-1-1.12.2-150100.8.14.1 updated - dhcp-client-4.3.6.P1-150000.6.17.1 updated - dhcp-4.3.6.P1-150000.6.17.1 updated - docker-20.10.17_ce-150000.169.1 updated - iputils-s20161105-150000.8.6.1 updated - kernel-default-5.3.18-150300.59.101.1 updated - libbind9-1600-9.16.6-150300.22.21.2 updated - libblkid1-2.36.2-150300.4.28.1 updated - libcurl4-7.66.0-150200.4.42.1 updated - libdbus-1-3-1.12.2-150100.8.14.1 updated - libdns1605-9.16.6-150300.22.21.2 updated - libexpat1-2.2.5-150000.3.25.1 updated - libfdisk1-2.36.2-150300.4.28.1 updated - libgpg-error0-1.42-150300.9.3.1 updated - libirs1601-9.16.6-150300.22.21.2 updated - libisc1606-9.16.6-150300.22.21.2 updated - libisccc1600-9.16.6-150300.22.21.2 updated - libisccfg1600-9.16.6-150300.22.21.2 updated - libksba8-1.3.5-150000.4.3.1 updated - libmount1-2.36.2-150300.4.28.1 updated - libns1604-9.16.6-150300.22.21.2 updated - libopenssl1_1-1.1.1d-150200.11.54.1 updated - libprotobuf-lite20-3.9.2-150200.4.19.2 updated - libsmartcols1-2.36.2-150300.4.28.1 updated - libsystemd0-246.16-150300.7.54.1 updated - libtasn1-6-4.13-150000.4.8.1 updated - libtasn1-4.13-150000.4.8.1 updated - libudev1-246.16-150300.7.54.1 updated - libuuid1-2.36.2-150300.4.28.1 updated - libxml2-2-2.9.7-150000.3.51.1 updated - libz1-1.2.11-150000.3.36.1 updated - nfs-client-2.1.1-150100.10.27.1 updated - openssh-clients-8.4p1-150300.3.12.2 updated - openssh-common-8.4p1-150300.3.12.2 updated - openssh-server-8.4p1-150300.3.12.2 updated - openssh-8.4p1-150300.3.12.2 updated - openssl-1_1-1.1.1d-150200.11.54.1 updated - pam-1.3.0-150000.6.61.1 updated - permissions-20181225-150200.23.20.1 updated - python3-apipkg-1.4-150000.3.4.1 updated - python3-bind-9.16.6-150300.22.21.2 updated - python3-cryptography-2.9.2-150200.13.1 updated - python3-iniconfig-1.1.1-150000.1.9.1 updated - runc-1.1.4-150000.36.1 updated - samba-client-libs-4.15.8+git.527.8d0c05d313e-150300.3.40.2 updated - sudo-1.9.5p2-150300.3.13.1 updated - systemd-sysvinit-246.16-150300.7.54.1 updated - systemd-246.16-150300.7.54.1 updated - timezone-2022f-150000.75.15.1 updated - udev-246.16-150300.7.54.1 updated - update-alternatives-1.19.0.4-150000.4.4.1 updated - util-linux-systemd-2.36.2-150300.4.28.1 updated - util-linux-2.36.2-150300.4.28.1 updated - xen-libs-4.14.5_08-150300.3.40.1 updated - xen-tools-domU-4.14.5_08-150300.3.40.1 updated From sle-updates at lists.suse.com Tue Nov 22 08:36:39 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 22 Nov 2022 09:36:39 +0100 (CET) Subject: SUSE-CU-2022:3071-1: Security update of bci/dotnet-aspnet Message-ID: <20221122083639.AB014F3CC@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-aspnet ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3071-1 Container Tags : bci/dotnet-aspnet:3.1 , bci/dotnet-aspnet:3.1-42.36 , bci/dotnet-aspnet:3.1.30 , bci/dotnet-aspnet:3.1.30-42.36 Container Release : 42.36 Severity : important Type : security References : 1198165 1205126 CVE-2022-42898 ----------------------------------------------------------------- The container bci/dotnet-aspnet was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4135-1 Released: Mon Nov 21 00:13:40 2022 Summary: Recommended update for libeconf Type: recommended Severity: moderate References: 1198165 This update for libeconf fixes the following issues: - Update to version 0.4.6+git - econftool: Parsing error: Reporting file and line nr. --delimeters=spaces accepting all kind of spaces for delimiter. - libeconf: Parse files correctly on space characters (1198165) - Update to version 0.4.5+git - econftool: New call 'syntax' for checking the configuration files only. Returns an error string with line number if error. New options '--comment' and '--delimeters' ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4153-1 Released: Mon Nov 21 14:34:09 2022 Summary: Security update for krb5 Type: security Severity: important References: 1205126,CVE-2022-42898 This update for krb5 fixes the following issues: - CVE-2022-42898: Fixed integer overflow in PAC parsing (bsc#1205126). The following package changes have been done: - libeconf0-0.4.6+git20220427.3016f4e-150400.3.3.1 updated - krb5-1.19.2-150400.3.3.1 updated - container:sles15-image-15.0.0-27.14.18 updated From sle-updates at lists.suse.com Tue Nov 22 08:38:35 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 22 Nov 2022 09:38:35 +0100 (CET) Subject: SUSE-CU-2022:3072-1: Security update of bci/dotnet-aspnet Message-ID: <20221122083835.4D5AAF3CC@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-aspnet ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3072-1 Container Tags : bci/dotnet-aspnet:5.0 , bci/dotnet-aspnet:5.0-27.51 , bci/dotnet-aspnet:5.0.17 , bci/dotnet-aspnet:5.0.17-27.51 Container Release : 27.51 Severity : important Type : security References : 1198165 1205126 CVE-2022-42898 ----------------------------------------------------------------- The container bci/dotnet-aspnet was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4135-1 Released: Mon Nov 21 00:13:40 2022 Summary: Recommended update for libeconf Type: recommended Severity: moderate References: 1198165 This update for libeconf fixes the following issues: - Update to version 0.4.6+git - econftool: Parsing error: Reporting file and line nr. --delimeters=spaces accepting all kind of spaces for delimiter. - libeconf: Parse files correctly on space characters (1198165) - Update to version 0.4.5+git - econftool: New call 'syntax' for checking the configuration files only. Returns an error string with line number if error. New options '--comment' and '--delimeters' ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4153-1 Released: Mon Nov 21 14:34:09 2022 Summary: Security update for krb5 Type: security Severity: important References: 1205126,CVE-2022-42898 This update for krb5 fixes the following issues: - CVE-2022-42898: Fixed integer overflow in PAC parsing (bsc#1205126). The following package changes have been done: - libeconf0-0.4.6+git20220427.3016f4e-150400.3.3.1 updated - krb5-1.19.2-150400.3.3.1 updated - container:sles15-image-15.0.0-27.14.18 updated From sle-updates at lists.suse.com Tue Nov 22 08:40:40 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 22 Nov 2022 09:40:40 +0100 (CET) Subject: SUSE-CU-2022:3073-1: Security update of bci/dotnet-aspnet Message-ID: <20221122084040.9525AF3CC@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-aspnet ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3073-1 Container Tags : bci/dotnet-aspnet:6.0 , bci/dotnet-aspnet:6.0-22.51 , bci/dotnet-aspnet:6.0.9 , bci/dotnet-aspnet:6.0.9-22.51 Container Release : 22.51 Severity : important Type : security References : 1198165 1205126 CVE-2022-42898 ----------------------------------------------------------------- The container bci/dotnet-aspnet was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4135-1 Released: Mon Nov 21 00:13:40 2022 Summary: Recommended update for libeconf Type: recommended Severity: moderate References: 1198165 This update for libeconf fixes the following issues: - Update to version 0.4.6+git - econftool: Parsing error: Reporting file and line nr. --delimeters=spaces accepting all kind of spaces for delimiter. - libeconf: Parse files correctly on space characters (1198165) - Update to version 0.4.5+git - econftool: New call 'syntax' for checking the configuration files only. Returns an error string with line number if error. New options '--comment' and '--delimeters' ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4153-1 Released: Mon Nov 21 14:34:09 2022 Summary: Security update for krb5 Type: security Severity: important References: 1205126,CVE-2022-42898 This update for krb5 fixes the following issues: - CVE-2022-42898: Fixed integer overflow in PAC parsing (bsc#1205126). The following package changes have been done: - libeconf0-0.4.6+git20220427.3016f4e-150400.3.3.1 updated - krb5-1.19.2-150400.3.3.1 updated - container:sles15-image-15.0.0-27.14.18 updated From sle-updates at lists.suse.com Tue Nov 22 08:42:54 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 22 Nov 2022 09:42:54 +0100 (CET) Subject: SUSE-CU-2022:3074-1: Security update of bci/dotnet-sdk Message-ID: <20221122084254.14819F3CC@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-sdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3074-1 Container Tags : bci/dotnet-sdk:3.1 , bci/dotnet-sdk:3.1-47.34 , bci/dotnet-sdk:3.1.30 , bci/dotnet-sdk:3.1.30-47.34 Container Release : 47.34 Severity : important Type : security References : 1198165 1205126 CVE-2022-42898 ----------------------------------------------------------------- The container bci/dotnet-sdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4135-1 Released: Mon Nov 21 00:13:40 2022 Summary: Recommended update for libeconf Type: recommended Severity: moderate References: 1198165 This update for libeconf fixes the following issues: - Update to version 0.4.6+git - econftool: Parsing error: Reporting file and line nr. --delimeters=spaces accepting all kind of spaces for delimiter. - libeconf: Parse files correctly on space characters (1198165) - Update to version 0.4.5+git - econftool: New call 'syntax' for checking the configuration files only. Returns an error string with line number if error. New options '--comment' and '--delimeters' ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4153-1 Released: Mon Nov 21 14:34:09 2022 Summary: Security update for krb5 Type: security Severity: important References: 1205126,CVE-2022-42898 This update for krb5 fixes the following issues: - CVE-2022-42898: Fixed integer overflow in PAC parsing (bsc#1205126). The following package changes have been done: - libeconf0-0.4.6+git20220427.3016f4e-150400.3.3.1 updated - krb5-1.19.2-150400.3.3.1 updated - container:sles15-image-15.0.0-27.14.18 updated From sle-updates at lists.suse.com Tue Nov 22 08:44:44 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 22 Nov 2022 09:44:44 +0100 (CET) Subject: SUSE-CU-2022:3075-1: Security update of bci/dotnet-sdk Message-ID: <20221122084444.5BEBCF3CC@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-sdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3075-1 Container Tags : bci/dotnet-sdk:5.0 , bci/dotnet-sdk:5.0-35.50 , bci/dotnet-sdk:5.0.17 , bci/dotnet-sdk:5.0.17-35.50 Container Release : 35.50 Severity : important Type : security References : 1177460 1198165 1202324 1204179 1204649 1204968 1205126 1205156 CVE-2022-3821 CVE-2022-42898 ----------------------------------------------------------------- The container bci/dotnet-sdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3999-1 Released: Tue Nov 15 17:08:04 2022 Summary: Security update for systemd Type: security Severity: moderate References: 1204179,1204968,CVE-2022-3821 This update for systemd fixes the following issues: - CVE-2022-3821: Fixed buffer overrun in format_timespan() function (bsc#1204968). - Import commit 0cd50eedcc0692c1f907b24424215f8db7d3b428 * 0469b9f2bc pstore: do not try to load all known pstore modules * ad05f54439 pstore: Run after modules are loaded * ccad817445 core: Add trigger limit for path units * 281d818fe3 core/mount: also add default before dependency for automount mount units * ffe5b4afa8 logind: fix crash in logind on user-specified message string - Document udev naming scheme (bsc#1204179) - Make 'sle15-sp3' net naming scheme still available for backward compatibility reason ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4066-1 Released: Fri Nov 18 10:43:00 2022 Summary: Recommended update for timezone Type: recommended Severity: important References: 1177460,1202324,1204649,1205156 This update for timezone fixes the following issues: Update timezone version from 2022a to 2022f (bsc#1177460, bsc#1204649, bsc#1205156): - Mexico will no longer observe DST except near the US border - Chihuahua moves to year-round -06 on 2022-10-30 - Fiji no longer observes DST - In vanguard form, GMT is now a Zone and Etc/GMT a link - zic now supports links to links, and vanguard form uses this - Simplify four Ontario zones - Fix a Y2438 bug when reading TZif data - Enable 64-bit time_t on 32-bit glibc platforms - Omit large-file support when no longer needed - Jordan and Syria switch from +02/+03 with DST to year-round +03 - Palestine transitions are now Saturdays at 02:00 - Simplify three Ukraine zones into one - Improve tzselect on intercontinental Zones - Chile's DST is delayed by a week in September 2022 (bsc#1202324) - Iran no longer observes DST after 2022 - Rename Europe/Kiev to Europe/Kyiv - New `zic -R` command option - Vanguard form now uses %z ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4135-1 Released: Mon Nov 21 00:13:40 2022 Summary: Recommended update for libeconf Type: recommended Severity: moderate References: 1198165 This update for libeconf fixes the following issues: - Update to version 0.4.6+git - econftool: Parsing error: Reporting file and line nr. --delimeters=spaces accepting all kind of spaces for delimiter. - libeconf: Parse files correctly on space characters (1198165) - Update to version 0.4.5+git - econftool: New call 'syntax' for checking the configuration files only. Returns an error string with line number if error. New options '--comment' and '--delimeters' ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4153-1 Released: Mon Nov 21 14:34:09 2022 Summary: Security update for krb5 Type: security Severity: important References: 1205126,CVE-2022-42898 This update for krb5 fixes the following issues: - CVE-2022-42898: Fixed integer overflow in PAC parsing (bsc#1205126). The following package changes have been done: - libeconf0-0.4.6+git20220427.3016f4e-150400.3.3.1 updated - libsystemd0-249.12-150400.8.13.1 updated - krb5-1.19.2-150400.3.3.1 updated - timezone-2022f-150000.75.15.1 updated - container:sles15-image-15.0.0-27.14.18 updated From sle-updates at lists.suse.com Tue Nov 22 08:46:48 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 22 Nov 2022 09:46:48 +0100 (CET) Subject: SUSE-CU-2022:3076-1: Security update of bci/dotnet-sdk Message-ID: <20221122084648.4FC4BF3CC@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-sdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3076-1 Container Tags : bci/dotnet-sdk:6.0 , bci/dotnet-sdk:6.0-24.50 , bci/dotnet-sdk:6.0.9 , bci/dotnet-sdk:6.0.9-24.50 Container Release : 24.50 Severity : important Type : security References : 1198165 1205126 CVE-2022-42898 ----------------------------------------------------------------- The container bci/dotnet-sdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4135-1 Released: Mon Nov 21 00:13:40 2022 Summary: Recommended update for libeconf Type: recommended Severity: moderate References: 1198165 This update for libeconf fixes the following issues: - Update to version 0.4.6+git - econftool: Parsing error: Reporting file and line nr. --delimeters=spaces accepting all kind of spaces for delimiter. - libeconf: Parse files correctly on space characters (1198165) - Update to version 0.4.5+git - econftool: New call 'syntax' for checking the configuration files only. Returns an error string with line number if error. New options '--comment' and '--delimeters' ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4153-1 Released: Mon Nov 21 14:34:09 2022 Summary: Security update for krb5 Type: security Severity: important References: 1205126,CVE-2022-42898 This update for krb5 fixes the following issues: - CVE-2022-42898: Fixed integer overflow in PAC parsing (bsc#1205126). The following package changes have been done: - libeconf0-0.4.6+git20220427.3016f4e-150400.3.3.1 updated - krb5-1.19.2-150400.3.3.1 updated - container:sles15-image-15.0.0-27.14.18 updated From sle-updates at lists.suse.com Tue Nov 22 08:48:42 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 22 Nov 2022 09:48:42 +0100 (CET) Subject: SUSE-CU-2022:3077-1: Security update of bci/dotnet-runtime Message-ID: <20221122084842.344CFF3CC@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-runtime ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3077-1 Container Tags : bci/dotnet-runtime:3.1 , bci/dotnet-runtime:3.1-48.34 , bci/dotnet-runtime:3.1.30 , bci/dotnet-runtime:3.1.30-48.34 Container Release : 48.34 Severity : important Type : security References : 1198165 1205126 CVE-2022-42898 ----------------------------------------------------------------- The container bci/dotnet-runtime was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4135-1 Released: Mon Nov 21 00:13:40 2022 Summary: Recommended update for libeconf Type: recommended Severity: moderate References: 1198165 This update for libeconf fixes the following issues: - Update to version 0.4.6+git - econftool: Parsing error: Reporting file and line nr. --delimeters=spaces accepting all kind of spaces for delimiter. - libeconf: Parse files correctly on space characters (1198165) - Update to version 0.4.5+git - econftool: New call 'syntax' for checking the configuration files only. Returns an error string with line number if error. New options '--comment' and '--delimeters' ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4153-1 Released: Mon Nov 21 14:34:09 2022 Summary: Security update for krb5 Type: security Severity: important References: 1205126,CVE-2022-42898 This update for krb5 fixes the following issues: - CVE-2022-42898: Fixed integer overflow in PAC parsing (bsc#1205126). The following package changes have been done: - libeconf0-0.4.6+git20220427.3016f4e-150400.3.3.1 updated - krb5-1.19.2-150400.3.3.1 updated - container:sles15-image-15.0.0-27.14.18 updated From sle-updates at lists.suse.com Tue Nov 22 08:50:33 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 22 Nov 2022 09:50:33 +0100 (CET) Subject: SUSE-CU-2022:3078-1: Security update of bci/dotnet-runtime Message-ID: <20221122085033.6E503F3CC@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-runtime ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3078-1 Container Tags : bci/dotnet-runtime:5.0 , bci/dotnet-runtime:5.0-34.50 , bci/dotnet-runtime:5.0.17 , bci/dotnet-runtime:5.0.17-34.50 Container Release : 34.50 Severity : important Type : security References : 1198165 1205126 CVE-2022-42898 ----------------------------------------------------------------- The container bci/dotnet-runtime was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4135-1 Released: Mon Nov 21 00:13:40 2022 Summary: Recommended update for libeconf Type: recommended Severity: moderate References: 1198165 This update for libeconf fixes the following issues: - Update to version 0.4.6+git - econftool: Parsing error: Reporting file and line nr. --delimeters=spaces accepting all kind of spaces for delimiter. - libeconf: Parse files correctly on space characters (1198165) - Update to version 0.4.5+git - econftool: New call 'syntax' for checking the configuration files only. Returns an error string with line number if error. New options '--comment' and '--delimeters' ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4153-1 Released: Mon Nov 21 14:34:09 2022 Summary: Security update for krb5 Type: security Severity: important References: 1205126,CVE-2022-42898 This update for krb5 fixes the following issues: - CVE-2022-42898: Fixed integer overflow in PAC parsing (bsc#1205126). The following package changes have been done: - libeconf0-0.4.6+git20220427.3016f4e-150400.3.3.1 updated - krb5-1.19.2-150400.3.3.1 updated - container:sles15-image-15.0.0-27.14.18 updated From sle-updates at lists.suse.com Tue Nov 22 08:52:19 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 22 Nov 2022 09:52:19 +0100 (CET) Subject: SUSE-CU-2022:3079-1: Security update of bci/dotnet-runtime Message-ID: <20221122085219.1E115F3CC@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-runtime ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3079-1 Container Tags : bci/dotnet-runtime:6.0 , bci/dotnet-runtime:6.0-21.50 , bci/dotnet-runtime:6.0.9 , bci/dotnet-runtime:6.0.9-21.50 Container Release : 21.50 Severity : important Type : security References : 1198165 1205126 CVE-2022-42898 ----------------------------------------------------------------- The container bci/dotnet-runtime was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4135-1 Released: Mon Nov 21 00:13:40 2022 Summary: Recommended update for libeconf Type: recommended Severity: moderate References: 1198165 This update for libeconf fixes the following issues: - Update to version 0.4.6+git - econftool: Parsing error: Reporting file and line nr. --delimeters=spaces accepting all kind of spaces for delimiter. - libeconf: Parse files correctly on space characters (1198165) - Update to version 0.4.5+git - econftool: New call 'syntax' for checking the configuration files only. Returns an error string with line number if error. New options '--comment' and '--delimeters' ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4153-1 Released: Mon Nov 21 14:34:09 2022 Summary: Security update for krb5 Type: security Severity: important References: 1205126,CVE-2022-42898 This update for krb5 fixes the following issues: - CVE-2022-42898: Fixed integer overflow in PAC parsing (bsc#1205126). The following package changes have been done: - libeconf0-0.4.6+git20220427.3016f4e-150400.3.3.1 updated - krb5-1.19.2-150400.3.3.1 updated - container:sles15-image-15.0.0-27.14.18 updated From sle-updates at lists.suse.com Tue Nov 22 08:54:07 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 22 Nov 2022 09:54:07 +0100 (CET) Subject: SUSE-CU-2022:3080-1: Recommended update of suse/sle15 Message-ID: <20221122085407.65CD4F3CC@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3080-1 Container Tags : bci/bci-base:15.4 , bci/bci-base:15.4.27.14.17 , suse/sle15:15.4 , suse/sle15:15.4.27.14.17 Container Release : 27.14.17 Severity : moderate Type : recommended References : 1198165 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4135-1 Released: Mon Nov 21 00:13:40 2022 Summary: Recommended update for libeconf Type: recommended Severity: moderate References: 1198165 This update for libeconf fixes the following issues: - Update to version 0.4.6+git - econftool: Parsing error: Reporting file and line nr. --delimeters=spaces accepting all kind of spaces for delimiter. - libeconf: Parse files correctly on space characters (1198165) - Update to version 0.4.5+git - econftool: New call 'syntax' for checking the configuration files only. Returns an error string with line number if error. New options '--comment' and '--delimeters' The following package changes have been done: - libeconf0-0.4.6+git20220427.3016f4e-150400.3.3.1 updated From sle-updates at lists.suse.com Tue Nov 22 14:20:37 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 22 Nov 2022 15:20:37 +0100 (CET) Subject: SUSE-RU-2022:4162-1: moderate: Recommended update for dracut Message-ID: <20221122142037.A29C8F3E2@maintenance.suse.de> SUSE Recommended Update: Recommended update for dracut ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:4162-1 Rating: moderate References: #1202014 #1203267 #1203368 #1203749 #1203894 Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Micro 5.3 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has 5 recommended fixes can now be installed. Description: This update for dracut fixes the following issues: - A series of fixes for NVMeoF boot to resolve wrong information that is added by dracut (bsc#1203368) - network-manager: always install the library plugins directory (bsc#1202014) - dmsquash-live: correct regression introduced with shellcheck changes (bsc#1203894) - systemd: add missing modprobe at .service (bsc#1203749) - i18n: do not fail if FONT in /etc/vconsole.conf has the file extension (bsc#1203267) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-4162=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-4162=1 - SUSE Linux Enterprise Micro 5.3: zypper in -t patch SUSE-SLE-Micro-5.3-2022-4162=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): dracut-055+suse.323.gca0e74f0-150400.3.13.1 dracut-debuginfo-055+suse.323.gca0e74f0-150400.3.13.1 dracut-debugsource-055+suse.323.gca0e74f0-150400.3.13.1 dracut-extra-055+suse.323.gca0e74f0-150400.3.13.1 dracut-fips-055+suse.323.gca0e74f0-150400.3.13.1 dracut-ima-055+suse.323.gca0e74f0-150400.3.13.1 dracut-mkinitrd-deprecated-055+suse.323.gca0e74f0-150400.3.13.1 dracut-tools-055+suse.323.gca0e74f0-150400.3.13.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): dracut-055+suse.323.gca0e74f0-150400.3.13.1 dracut-debuginfo-055+suse.323.gca0e74f0-150400.3.13.1 dracut-debugsource-055+suse.323.gca0e74f0-150400.3.13.1 dracut-fips-055+suse.323.gca0e74f0-150400.3.13.1 dracut-ima-055+suse.323.gca0e74f0-150400.3.13.1 dracut-mkinitrd-deprecated-055+suse.323.gca0e74f0-150400.3.13.1 - SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64): dracut-055+suse.323.gca0e74f0-150400.3.13.1 dracut-debuginfo-055+suse.323.gca0e74f0-150400.3.13.1 dracut-debugsource-055+suse.323.gca0e74f0-150400.3.13.1 dracut-fips-055+suse.323.gca0e74f0-150400.3.13.1 dracut-mkinitrd-deprecated-055+suse.323.gca0e74f0-150400.3.13.1 References: https://bugzilla.suse.com/1202014 https://bugzilla.suse.com/1203267 https://bugzilla.suse.com/1203368 https://bugzilla.suse.com/1203749 https://bugzilla.suse.com/1203894 From sle-updates at lists.suse.com Tue Nov 22 14:21:38 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 22 Nov 2022 15:21:38 +0100 (CET) Subject: SUSE-RU-2022:4164-1: moderate: Recommended update for PackageKit Message-ID: <20221122142138.7522DF3E2@maintenance.suse.de> SUSE Recommended Update: Recommended update for PackageKit ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:4164-1 Rating: moderate References: #1199895 #1202585 Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Desktop Applications 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Linux Enterprise Workstation Extension 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for PackageKit fixes the following issues: - Ensure that package locks are honored (bsc#1199895): * Avoid clearing status information on locked packages * Check if packages are locked before attempting to remove them * Don't refresh repos before searching * Updatelibzypp dependency version to 17.31.0 * Restore pool status after simulating an update - Add repository data in the package id (bsc#1202585) - Implement upgrade-system method in openSUSE Leap (not supported in SUSE Linux Enterprise) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-4164=1 - SUSE Linux Enterprise Workstation Extension 15-SP4: zypper in -t patch SUSE-SLE-Product-WE-15-SP4-2022-4164=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP4: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP4-2022-4164=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): PackageKit-1.2.4-150400.3.6.1 PackageKit-backend-dnf-1.2.4-150400.3.6.1 PackageKit-backend-dnf-debuginfo-1.2.4-150400.3.6.1 PackageKit-backend-zypp-1.2.4-150400.3.6.1 PackageKit-backend-zypp-debuginfo-1.2.4-150400.3.6.1 PackageKit-debuginfo-1.2.4-150400.3.6.1 PackageKit-debugsource-1.2.4-150400.3.6.1 PackageKit-devel-1.2.4-150400.3.6.1 PackageKit-devel-debuginfo-1.2.4-150400.3.6.1 PackageKit-gstreamer-plugin-1.2.4-150400.3.6.1 PackageKit-gstreamer-plugin-debuginfo-1.2.4-150400.3.6.1 PackageKit-gtk3-module-1.2.4-150400.3.6.1 PackageKit-gtk3-module-debuginfo-1.2.4-150400.3.6.1 libpackagekit-glib2-18-1.2.4-150400.3.6.1 libpackagekit-glib2-18-debuginfo-1.2.4-150400.3.6.1 libpackagekit-glib2-devel-1.2.4-150400.3.6.1 typelib-1_0-PackageKitGlib-1_0-1.2.4-150400.3.6.1 - openSUSE Leap 15.4 (x86_64): libpackagekit-glib2-18-32bit-1.2.4-150400.3.6.1 libpackagekit-glib2-18-32bit-debuginfo-1.2.4-150400.3.6.1 libpackagekit-glib2-devel-32bit-1.2.4-150400.3.6.1 - openSUSE Leap 15.4 (noarch): PackageKit-branding-upstream-1.2.4-150400.3.6.1 PackageKit-lang-1.2.4-150400.3.6.1 - SUSE Linux Enterprise Workstation Extension 15-SP4 (x86_64): PackageKit-debuginfo-1.2.4-150400.3.6.1 PackageKit-debugsource-1.2.4-150400.3.6.1 PackageKit-gstreamer-plugin-1.2.4-150400.3.6.1 PackageKit-gstreamer-plugin-debuginfo-1.2.4-150400.3.6.1 PackageKit-gtk3-module-1.2.4-150400.3.6.1 PackageKit-gtk3-module-debuginfo-1.2.4-150400.3.6.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP4 (aarch64 ppc64le s390x x86_64): PackageKit-1.2.4-150400.3.6.1 PackageKit-backend-zypp-1.2.4-150400.3.6.1 PackageKit-backend-zypp-debuginfo-1.2.4-150400.3.6.1 PackageKit-debuginfo-1.2.4-150400.3.6.1 PackageKit-debugsource-1.2.4-150400.3.6.1 PackageKit-devel-1.2.4-150400.3.6.1 PackageKit-devel-debuginfo-1.2.4-150400.3.6.1 libpackagekit-glib2-18-1.2.4-150400.3.6.1 libpackagekit-glib2-18-debuginfo-1.2.4-150400.3.6.1 libpackagekit-glib2-devel-1.2.4-150400.3.6.1 typelib-1_0-PackageKitGlib-1_0-1.2.4-150400.3.6.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP4 (noarch): PackageKit-lang-1.2.4-150400.3.6.1 References: https://bugzilla.suse.com/1199895 https://bugzilla.suse.com/1202585 From sle-updates at lists.suse.com Tue Nov 22 14:22:35 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 22 Nov 2022 15:22:35 +0100 (CET) Subject: SUSE-SU-2022:4167-1: important: Security update for krb5 Message-ID: <20221122142235.7020CF3E2@maintenance.suse.de> SUSE Security Update: Security update for krb5 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:4167-1 Rating: important References: #1205126 Cross-References: CVE-2022-42898 CVSS scores: CVE-2022-42898 (SUSE): 6.4 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:L Affected Products: SUSE Enterprise Storage 7.1 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Server Applications 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 openSUSE Leap Micro 5.2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for krb5 fixes the following issues: - CVE-2022-42898: Fixed integer overflow in PAC parsing (bsc#1205126). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap Micro 5.2: zypper in -t patch openSUSE-Leap-Micro-5.2-2022-4167=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-4167=1 - SUSE Linux Enterprise Module for Server Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP3-2022-4167=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-4167=1 - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-4167=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-4167=1 Package List: - openSUSE Leap Micro 5.2 (aarch64 x86_64): krb5-1.19.2-150300.7.7.1 krb5-debuginfo-1.19.2-150300.7.7.1 krb5-debugsource-1.19.2-150300.7.7.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): krb5-1.19.2-150300.7.7.1 krb5-client-1.19.2-150300.7.7.1 krb5-client-debuginfo-1.19.2-150300.7.7.1 krb5-debuginfo-1.19.2-150300.7.7.1 krb5-debugsource-1.19.2-150300.7.7.1 krb5-devel-1.19.2-150300.7.7.1 krb5-mini-1.19.2-150300.7.7.1 krb5-mini-debuginfo-1.19.2-150300.7.7.1 krb5-mini-debugsource-1.19.2-150300.7.7.1 krb5-mini-devel-1.19.2-150300.7.7.1 krb5-plugin-kdb-ldap-1.19.2-150300.7.7.1 krb5-plugin-kdb-ldap-debuginfo-1.19.2-150300.7.7.1 krb5-plugin-preauth-otp-1.19.2-150300.7.7.1 krb5-plugin-preauth-otp-debuginfo-1.19.2-150300.7.7.1 krb5-plugin-preauth-pkinit-1.19.2-150300.7.7.1 krb5-plugin-preauth-pkinit-debuginfo-1.19.2-150300.7.7.1 krb5-plugin-preauth-spake-1.19.2-150300.7.7.1 krb5-plugin-preauth-spake-debuginfo-1.19.2-150300.7.7.1 krb5-server-1.19.2-150300.7.7.1 krb5-server-debuginfo-1.19.2-150300.7.7.1 - openSUSE Leap 15.3 (x86_64): krb5-32bit-1.19.2-150300.7.7.1 krb5-32bit-debuginfo-1.19.2-150300.7.7.1 krb5-devel-32bit-1.19.2-150300.7.7.1 - SUSE Linux Enterprise Module for Server Applications 15-SP3 (aarch64 ppc64le s390x x86_64): krb5-debuginfo-1.19.2-150300.7.7.1 krb5-debugsource-1.19.2-150300.7.7.1 krb5-plugin-kdb-ldap-1.19.2-150300.7.7.1 krb5-plugin-kdb-ldap-debuginfo-1.19.2-150300.7.7.1 krb5-server-1.19.2-150300.7.7.1 krb5-server-debuginfo-1.19.2-150300.7.7.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): krb5-1.19.2-150300.7.7.1 krb5-client-1.19.2-150300.7.7.1 krb5-client-debuginfo-1.19.2-150300.7.7.1 krb5-debuginfo-1.19.2-150300.7.7.1 krb5-debugsource-1.19.2-150300.7.7.1 krb5-devel-1.19.2-150300.7.7.1 krb5-plugin-preauth-otp-1.19.2-150300.7.7.1 krb5-plugin-preauth-otp-debuginfo-1.19.2-150300.7.7.1 krb5-plugin-preauth-pkinit-1.19.2-150300.7.7.1 krb5-plugin-preauth-pkinit-debuginfo-1.19.2-150300.7.7.1 krb5-plugin-preauth-spake-1.19.2-150300.7.7.1 krb5-plugin-preauth-spake-debuginfo-1.19.2-150300.7.7.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (x86_64): krb5-32bit-1.19.2-150300.7.7.1 krb5-32bit-debuginfo-1.19.2-150300.7.7.1 - SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64): krb5-1.19.2-150300.7.7.1 krb5-debuginfo-1.19.2-150300.7.7.1 krb5-debugsource-1.19.2-150300.7.7.1 - SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64): krb5-1.19.2-150300.7.7.1 krb5-debuginfo-1.19.2-150300.7.7.1 krb5-debugsource-1.19.2-150300.7.7.1 References: https://www.suse.com/security/cve/CVE-2022-42898.html https://bugzilla.suse.com/1205126 From sle-updates at lists.suse.com Tue Nov 22 14:23:36 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 22 Nov 2022 15:23:36 +0100 (CET) Subject: SUSE-RU-2022:4160-1: moderate: Recommended update for nfsidmap Message-ID: <20221122142336.D6466F3E2@maintenance.suse.de> SUSE Recommended Update: Recommended update for nfsidmap ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:4160-1 Rating: moderate References: #1200901 Affected Products: SUSE Enterprise Storage 7.1 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Micro 5.3 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.2 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.2 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.2 SUSE Manager Server 4.3 openSUSE Leap 15.3 openSUSE Leap 15.4 openSUSE Leap Micro 5.2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for nfsidmap fixes the following issues: - Various bugfixes and improvemes from upstream In particular, fixed a crash that can happen when a 'static' mapping is configured. (bsc#1200901) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap Micro 5.2: zypper in -t patch openSUSE-Leap-Micro-5.2-2022-4160=1 - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-4160=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-4160=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-4160=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-4160=1 - SUSE Linux Enterprise Micro 5.3: zypper in -t patch SUSE-SLE-Micro-5.3-2022-4160=1 - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-4160=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-4160=1 Package List: - openSUSE Leap Micro 5.2 (aarch64 x86_64): nfsidmap-0.26-150000.3.7.1 nfsidmap-debuginfo-0.26-150000.3.7.1 nfsidmap-debugsource-0.26-150000.3.7.1 - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): nfsidmap-0.26-150000.3.7.1 nfsidmap-debuginfo-0.26-150000.3.7.1 nfsidmap-debugsource-0.26-150000.3.7.1 nfsidmap-devel-0.26-150000.3.7.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): nfsidmap-0.26-150000.3.7.1 nfsidmap-debuginfo-0.26-150000.3.7.1 nfsidmap-debugsource-0.26-150000.3.7.1 nfsidmap-devel-0.26-150000.3.7.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): nfsidmap-0.26-150000.3.7.1 nfsidmap-debuginfo-0.26-150000.3.7.1 nfsidmap-debugsource-0.26-150000.3.7.1 nfsidmap-devel-0.26-150000.3.7.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): nfsidmap-0.26-150000.3.7.1 nfsidmap-debuginfo-0.26-150000.3.7.1 nfsidmap-debugsource-0.26-150000.3.7.1 nfsidmap-devel-0.26-150000.3.7.1 - SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64): nfsidmap-0.26-150000.3.7.1 nfsidmap-debuginfo-0.26-150000.3.7.1 nfsidmap-debugsource-0.26-150000.3.7.1 - SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64): nfsidmap-0.26-150000.3.7.1 nfsidmap-debuginfo-0.26-150000.3.7.1 nfsidmap-debugsource-0.26-150000.3.7.1 - SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64): nfsidmap-0.26-150000.3.7.1 nfsidmap-debuginfo-0.26-150000.3.7.1 nfsidmap-debugsource-0.26-150000.3.7.1 References: https://bugzilla.suse.com/1200901 From sle-updates at lists.suse.com Tue Nov 22 14:24:31 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 22 Nov 2022 15:24:31 +0100 (CET) Subject: SUSE-RU-2022:4165-1: moderate: Recommended update for kiwi Message-ID: <20221122142431.D06FFF3E2@maintenance.suse.de> SUSE Recommended Update: Recommended update for kiwi ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:4165-1 Rating: moderate References: #1203486 Affected Products: SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for kiwi fixes the following issues: - Improve wicked dhcp query handling by allowing it to try up to 5 times in the attempt to get an IP address (bsc#1203486) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-4165=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-4165=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): kiwi-instsource-7.04.53-2.24.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): kiwi-7.04.53-2.24.1 kiwi-desc-oemboot-7.04.53-2.24.1 kiwi-desc-vmxboot-7.04.53-2.24.1 kiwi-templates-7.04.53-2.24.1 - SUSE Linux Enterprise Server 12-SP5 (ppc64le s390x x86_64): kiwi-desc-netboot-7.04.53-2.24.1 - SUSE Linux Enterprise Server 12-SP5 (x86_64): kiwi-desc-isoboot-7.04.53-2.24.1 - SUSE Linux Enterprise Server 12-SP5 (noarch): kiwi-doc-7.04.53-2.24.1 References: https://bugzilla.suse.com/1203486 From sle-updates at lists.suse.com Tue Nov 22 14:25:46 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 22 Nov 2022 15:25:46 +0100 (CET) Subject: SUSE-SU-2022:4166-1: important: Security update for java-1_8_0-ibm Message-ID: <20221122142546.1A729F3E2@maintenance.suse.de> SUSE Security Update: Security update for java-1_8_0-ibm ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:4166-1 Rating: important References: #1201684 #1201685 #1201692 #1201694 #1202427 #1204468 #1204471 #1204472 #1204473 #1204475 #1204480 #1205302 Cross-References: CVE-2022-21540 CVE-2022-21541 CVE-2022-21549 CVE-2022-21618 CVE-2022-21619 CVE-2022-21624 CVE-2022-21626 CVE-2022-21628 CVE-2022-34169 CVE-2022-39399 CVSS scores: CVE-2022-21540 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVE-2022-21540 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVE-2022-21541 (NVD) : 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N CVE-2022-21541 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N CVE-2022-21549 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVE-2022-21549 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVE-2022-21618 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVE-2022-21618 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVE-2022-21619 (NVD) : 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N CVE-2022-21619 (SUSE): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N CVE-2022-21624 (NVD) : 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N CVE-2022-21624 (SUSE): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N CVE-2022-21626 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2022-21626 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2022-21628 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2022-21628 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2022-34169 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVE-2022-34169 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVE-2022-39399 (NVD) : 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N CVE-2022-39399 (SUSE): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Enterprise Storage 7 SUSE Enterprise Storage 7.1 SUSE Linux Enterprise High Performance Computing SUSE Linux Enterprise Module for Legacy Software 15-SP3 SUSE Linux Enterprise Module for Legacy Software 15-SP4 SUSE Linux Enterprise Server SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP Applications SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.1 SUSE Manager Retail Branch Server 4.2 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.1 SUSE Manager Server 4.2 SUSE Manager Server 4.3 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that solves 10 vulnerabilities and has two fixes is now available. Description: This update for java-1_8_0-ibm fixes the following issues: - CVE-2022-21626: An unauthenticated attacker with network access via HTTPS can compromise Oracle Java SE, Oracle GraalVM Enterprise Edition (bsc#1204471). - CVE-2022-21618: An unauthenticated attacker with network access via Kerberos can compromise Oracle Java SE, Oracle GraalVM Enterprise Edition (bsc#1204468). - CVE-2022-21619: An unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE (bsc#1204473). - CVE-2022-21628: An unauthenticated attacker with network access via HTTP can compromise Oracle Java SE, Oracle GraalVM Enterprise Edition (bsc#1204472). - CVE-2022-21624: An unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise (bsc#1204475). - CVE-2022-39399: An unauthenticated attacker with network access via HTTP can compromise Oracle Java SE, Oracle GraalVM Enterprise Edition (bsc#1204480). - CVE-2022-21549: Fixed exponentials issue (bsc#1201685). - CVE-2022-21541: Fixed an improper restriction of MethodHandle.invokeBasic() (bsc#1201692). - CVE-2022-34169; Fixed an integer truncation issue in Xalan (bsc#1201684). - CVE-2022-21540: Fixed a class compilation issue (bsc#1201694). - Update to Java 8.0 Service Refresh 7 Fix Pack 20. * Security: - The IBM ORB Does Not Support Object-Serialisation Data Filtering - Large Allocation In CipherSuite - Avoid Evaluating Sslalgorithmconstraints Twice - Cache The Results Of Constraint Checks - An incorrect ShortBufferException is thrown by IBMJCEPlus, IBMJCEPlusFIPS during cipher update operation - Disable SHA-1 Signed Jars For Ea - JSSE Performance Improvement - Oracle Road Map Kerberos Deprecation Of 3DES And RC4 Encryption * Java 8/Orb: - Upgrade ibmcfw.jar To Version o2228.02 * Class Libraries: - Crash In Libjsor.So During An Rdma Failover - High CPU Consumption Observed In ZosEventPort$EventHandlerTask.run - Update Timezone Information To The Latest tzdata2022c * Jit Compiler: - Crash During JIT Compilation - Incorrect JIT Optimization Of Java Code - Incorrect Return From Class.isArray() - Unexpected ClassCastException - Performance Regression When Calling VM Helper Code On X86 * X/Os Extentions: - Add RSA-OAEP Cipher Function To IBMJCECCA - Update to Java 8.0 Service Refresh 7 Fix Pack 16 * Java Virtual Machine - Assertion failure at ClassLoaderRememberedSet.cpp - Assertion failure at StandardAccessBarrier.cpp when -Xgc:concurrentScavenge is set. - GC can have unflushed ownable synchronizer objects which can eventually lead to heap corruption and failure when -Xgc:concurrentScavenge is set. * JIT Compiler: - Incorrect JIT optimization of Java code - JAVA JIT Power: JIT compile time assert on AIX or LINUXPPC * Reliability and Serviceability: - javacore with "kill -3" SIGQUIT signal freezes Java process Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-4166=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-4166=1 - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-4166=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-4166=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-4166=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-4166=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-4166=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-4166=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-4166=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-4166=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-4166=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2022-4166=1 - SUSE Linux Enterprise Module for Legacy Software 15-SP4: zypper in -t patch SUSE-SLE-Module-Legacy-15-SP4-2022-4166=1 - SUSE Linux Enterprise Module for Legacy Software 15-SP3: zypper in -t patch SUSE-SLE-Module-Legacy-15-SP3-2022-4166=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-4166=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-4166=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - openSUSE Leap 15.4 (ppc64le s390x x86_64): java-1_8_0-ibm-1.8.0_sr7.20-150000.3.65.1 java-1_8_0-ibm-demo-1.8.0_sr7.20-150000.3.65.1 java-1_8_0-ibm-devel-1.8.0_sr7.20-150000.3.65.1 java-1_8_0-ibm-src-1.8.0_sr7.20-150000.3.65.1 - openSUSE Leap 15.4 (x86_64): java-1_8_0-ibm-32bit-1.8.0_sr7.20-150000.3.65.1 java-1_8_0-ibm-alsa-1.8.0_sr7.20-150000.3.65.1 java-1_8_0-ibm-devel-32bit-1.8.0_sr7.20-150000.3.65.1 java-1_8_0-ibm-plugin-1.8.0_sr7.20-150000.3.65.1 - openSUSE Leap 15.3 (ppc64le s390x x86_64): java-1_8_0-ibm-1.8.0_sr7.20-150000.3.65.1 java-1_8_0-ibm-demo-1.8.0_sr7.20-150000.3.65.1 java-1_8_0-ibm-devel-1.8.0_sr7.20-150000.3.65.1 java-1_8_0-ibm-src-1.8.0_sr7.20-150000.3.65.1 - openSUSE Leap 15.3 (x86_64): java-1_8_0-ibm-32bit-1.8.0_sr7.20-150000.3.65.1 java-1_8_0-ibm-alsa-1.8.0_sr7.20-150000.3.65.1 java-1_8_0-ibm-devel-32bit-1.8.0_sr7.20-150000.3.65.1 java-1_8_0-ibm-plugin-1.8.0_sr7.20-150000.3.65.1 - SUSE Manager Server 4.1 (ppc64le s390x x86_64): java-1_8_0-ibm-1.8.0_sr7.20-150000.3.65.1 java-1_8_0-ibm-devel-1.8.0_sr7.20-150000.3.65.1 - SUSE Manager Server 4.1 (x86_64): java-1_8_0-ibm-alsa-1.8.0_sr7.20-150000.3.65.1 java-1_8_0-ibm-plugin-1.8.0_sr7.20-150000.3.65.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): java-1_8_0-ibm-1.8.0_sr7.20-150000.3.65.1 java-1_8_0-ibm-alsa-1.8.0_sr7.20-150000.3.65.1 java-1_8_0-ibm-devel-1.8.0_sr7.20-150000.3.65.1 java-1_8_0-ibm-plugin-1.8.0_sr7.20-150000.3.65.1 - SUSE Manager Proxy 4.1 (x86_64): java-1_8_0-ibm-1.8.0_sr7.20-150000.3.65.1 java-1_8_0-ibm-alsa-1.8.0_sr7.20-150000.3.65.1 java-1_8_0-ibm-devel-1.8.0_sr7.20-150000.3.65.1 java-1_8_0-ibm-plugin-1.8.0_sr7.20-150000.3.65.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): java-1_8_0-ibm-1.8.0_sr7.20-150000.3.65.1 java-1_8_0-ibm-devel-1.8.0_sr7.20-150000.3.65.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (x86_64): java-1_8_0-ibm-alsa-1.8.0_sr7.20-150000.3.65.1 java-1_8_0-ibm-plugin-1.8.0_sr7.20-150000.3.65.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): java-1_8_0-ibm-1.8.0_sr7.20-150000.3.65.1 java-1_8_0-ibm-devel-1.8.0_sr7.20-150000.3.65.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (x86_64): java-1_8_0-ibm-alsa-1.8.0_sr7.20-150000.3.65.1 java-1_8_0-ibm-plugin-1.8.0_sr7.20-150000.3.65.1 - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): java-1_8_0-ibm-1.8.0_sr7.20-150000.3.65.1 java-1_8_0-ibm-devel-1.8.0_sr7.20-150000.3.65.1 - SUSE Linux Enterprise Server for SAP 15 (x86_64): java-1_8_0-ibm-alsa-1.8.0_sr7.20-150000.3.65.1 java-1_8_0-ibm-plugin-1.8.0_sr7.20-150000.3.65.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (ppc64le s390x x86_64): java-1_8_0-ibm-1.8.0_sr7.20-150000.3.65.1 java-1_8_0-ibm-devel-1.8.0_sr7.20-150000.3.65.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (x86_64): java-1_8_0-ibm-alsa-1.8.0_sr7.20-150000.3.65.1 java-1_8_0-ibm-plugin-1.8.0_sr7.20-150000.3.65.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (ppc64le s390x x86_64): java-1_8_0-ibm-1.8.0_sr7.20-150000.3.65.1 java-1_8_0-ibm-devel-1.8.0_sr7.20-150000.3.65.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (x86_64): java-1_8_0-ibm-alsa-1.8.0_sr7.20-150000.3.65.1 java-1_8_0-ibm-plugin-1.8.0_sr7.20-150000.3.65.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): java-1_8_0-ibm-1.8.0_sr7.20-150000.3.65.1 java-1_8_0-ibm-alsa-1.8.0_sr7.20-150000.3.65.1 java-1_8_0-ibm-devel-1.8.0_sr7.20-150000.3.65.1 java-1_8_0-ibm-plugin-1.8.0_sr7.20-150000.3.65.1 - SUSE Linux Enterprise Server 15-LTSS (s390x): java-1_8_0-ibm-1.8.0_sr7.20-150000.3.65.1 java-1_8_0-ibm-devel-1.8.0_sr7.20-150000.3.65.1 - SUSE Linux Enterprise Module for Legacy Software 15-SP4 (ppc64le s390x x86_64): java-1_8_0-ibm-1.8.0_sr7.20-150000.3.65.1 java-1_8_0-ibm-devel-1.8.0_sr7.20-150000.3.65.1 - SUSE Linux Enterprise Module for Legacy Software 15-SP4 (x86_64): java-1_8_0-ibm-alsa-1.8.0_sr7.20-150000.3.65.1 java-1_8_0-ibm-plugin-1.8.0_sr7.20-150000.3.65.1 - SUSE Linux Enterprise Module for Legacy Software 15-SP3 (ppc64le s390x x86_64): java-1_8_0-ibm-1.8.0_sr7.20-150000.3.65.1 java-1_8_0-ibm-devel-1.8.0_sr7.20-150000.3.65.1 - SUSE Linux Enterprise Module for Legacy Software 15-SP3 (x86_64): java-1_8_0-ibm-alsa-1.8.0_sr7.20-150000.3.65.1 java-1_8_0-ibm-plugin-1.8.0_sr7.20-150000.3.65.1 - SUSE Enterprise Storage 7 (x86_64): java-1_8_0-ibm-1.8.0_sr7.20-150000.3.65.1 java-1_8_0-ibm-alsa-1.8.0_sr7.20-150000.3.65.1 java-1_8_0-ibm-devel-1.8.0_sr7.20-150000.3.65.1 java-1_8_0-ibm-plugin-1.8.0_sr7.20-150000.3.65.1 - SUSE Enterprise Storage 6 (x86_64): java-1_8_0-ibm-1.8.0_sr7.20-150000.3.65.1 java-1_8_0-ibm-alsa-1.8.0_sr7.20-150000.3.65.1 java-1_8_0-ibm-devel-1.8.0_sr7.20-150000.3.65.1 java-1_8_0-ibm-plugin-1.8.0_sr7.20-150000.3.65.1 - SUSE CaaS Platform 4.0 (x86_64): java-1_8_0-ibm-1.8.0_sr7.20-150000.3.65.1 java-1_8_0-ibm-alsa-1.8.0_sr7.20-150000.3.65.1 java-1_8_0-ibm-devel-1.8.0_sr7.20-150000.3.65.1 java-1_8_0-ibm-plugin-1.8.0_sr7.20-150000.3.65.1 References: https://www.suse.com/security/cve/CVE-2022-21540.html https://www.suse.com/security/cve/CVE-2022-21541.html https://www.suse.com/security/cve/CVE-2022-21549.html https://www.suse.com/security/cve/CVE-2022-21618.html https://www.suse.com/security/cve/CVE-2022-21619.html https://www.suse.com/security/cve/CVE-2022-21624.html https://www.suse.com/security/cve/CVE-2022-21626.html https://www.suse.com/security/cve/CVE-2022-21628.html https://www.suse.com/security/cve/CVE-2022-34169.html https://www.suse.com/security/cve/CVE-2022-39399.html https://bugzilla.suse.com/1201684 https://bugzilla.suse.com/1201685 https://bugzilla.suse.com/1201692 https://bugzilla.suse.com/1201694 https://bugzilla.suse.com/1202427 https://bugzilla.suse.com/1204468 https://bugzilla.suse.com/1204471 https://bugzilla.suse.com/1204472 https://bugzilla.suse.com/1204473 https://bugzilla.suse.com/1204475 https://bugzilla.suse.com/1204480 https://bugzilla.suse.com/1205302 From sle-updates at lists.suse.com Tue Nov 22 14:27:54 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 22 Nov 2022 15:27:54 +0100 (CET) Subject: SUSE-SU-2022:4159-1: moderate: Security update for strongswan Message-ID: <20221122142754.76B67F3E2@maintenance.suse.de> SUSE Security Update: Security update for strongswan ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:4159-1 Rating: moderate References: #1203556 Cross-References: CVE-2022-40617 CVSS scores: CVE-2022-40617 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-40617 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Affected Products: SUSE Enterprise Storage 7.1 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Workstation Extension 15-SP3 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for strongswan fixes the following issues: - CVE-2022-40617: Fixed that using untrusted URIs for revocation checking could lead to denial of service (bsc#1203556) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-4159=1 - SUSE Linux Enterprise Workstation Extension 15-SP3: zypper in -t patch SUSE-SLE-Product-WE-15-SP3-2022-4159=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP3-2022-4159=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-4159=1 Package List: - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): strongswan-5.8.2-150200.11.30.1 strongswan-debuginfo-5.8.2-150200.11.30.1 strongswan-debugsource-5.8.2-150200.11.30.1 strongswan-hmac-5.8.2-150200.11.30.1 strongswan-ipsec-5.8.2-150200.11.30.1 strongswan-ipsec-debuginfo-5.8.2-150200.11.30.1 strongswan-libs0-5.8.2-150200.11.30.1 strongswan-libs0-debuginfo-5.8.2-150200.11.30.1 strongswan-mysql-5.8.2-150200.11.30.1 strongswan-mysql-debuginfo-5.8.2-150200.11.30.1 strongswan-nm-5.8.2-150200.11.30.1 strongswan-nm-debuginfo-5.8.2-150200.11.30.1 strongswan-sqlite-5.8.2-150200.11.30.1 strongswan-sqlite-debuginfo-5.8.2-150200.11.30.1 - openSUSE Leap 15.3 (noarch): strongswan-doc-5.8.2-150200.11.30.1 - SUSE Linux Enterprise Workstation Extension 15-SP3 (x86_64): strongswan-debuginfo-5.8.2-150200.11.30.1 strongswan-debugsource-5.8.2-150200.11.30.1 strongswan-nm-5.8.2-150200.11.30.1 strongswan-nm-debuginfo-5.8.2-150200.11.30.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (aarch64 ppc64le s390x x86_64): strongswan-debuginfo-5.8.2-150200.11.30.1 strongswan-debugsource-5.8.2-150200.11.30.1 strongswan-nm-5.8.2-150200.11.30.1 strongswan-nm-debuginfo-5.8.2-150200.11.30.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): strongswan-5.8.2-150200.11.30.1 strongswan-debuginfo-5.8.2-150200.11.30.1 strongswan-debugsource-5.8.2-150200.11.30.1 strongswan-hmac-5.8.2-150200.11.30.1 strongswan-ipsec-5.8.2-150200.11.30.1 strongswan-ipsec-debuginfo-5.8.2-150200.11.30.1 strongswan-libs0-5.8.2-150200.11.30.1 strongswan-libs0-debuginfo-5.8.2-150200.11.30.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch): strongswan-doc-5.8.2-150200.11.30.1 References: https://www.suse.com/security/cve/CVE-2022-40617.html https://bugzilla.suse.com/1203556 From sle-updates at lists.suse.com Tue Nov 22 14:28:43 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 22 Nov 2022 15:28:43 +0100 (CET) Subject: SUSE-RU-2022:4163-1: moderate: Recommended update for dracut Message-ID: <20221122142843.0427AF3E2@maintenance.suse.de> SUSE Recommended Update: Recommended update for dracut ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:4163-1 Rating: moderate References: #1187654 #1195618 #1203267 #1203749 Affected Products: SUSE Enterprise Storage 7.1 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 openSUSE Leap Micro 5.2 ______________________________________________________________________________ An update that has four recommended fixes can now be installed. Description: This update for dracut fixes the following issues: - systemd: add missing modprobe at .service (bsc#1203749) - i18n: do not fail if FONT in /etc/vconsole.conf has the file extension (bsc#1203267) - drm: consider also drm_dev_register when looking for gpu driver (bsc#1195618) - integrity: do not display any error if there is no IMA certificate (bsc#1187654) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap Micro 5.2: zypper in -t patch openSUSE-Leap-Micro-5.2-2022-4163=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-4163=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-4163=1 - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-4163=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-4163=1 Package List: - openSUSE Leap Micro 5.2 (aarch64 x86_64): dracut-049.1+suse.247.gfb7df05c-150200.3.63.1 dracut-debuginfo-049.1+suse.247.gfb7df05c-150200.3.63.1 dracut-debugsource-049.1+suse.247.gfb7df05c-150200.3.63.1 dracut-fips-049.1+suse.247.gfb7df05c-150200.3.63.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): dracut-049.1+suse.247.gfb7df05c-150200.3.63.1 dracut-debuginfo-049.1+suse.247.gfb7df05c-150200.3.63.1 dracut-debugsource-049.1+suse.247.gfb7df05c-150200.3.63.1 dracut-extra-049.1+suse.247.gfb7df05c-150200.3.63.1 dracut-fips-049.1+suse.247.gfb7df05c-150200.3.63.1 dracut-ima-049.1+suse.247.gfb7df05c-150200.3.63.1 dracut-tools-049.1+suse.247.gfb7df05c-150200.3.63.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): dracut-049.1+suse.247.gfb7df05c-150200.3.63.1 dracut-debuginfo-049.1+suse.247.gfb7df05c-150200.3.63.1 dracut-debugsource-049.1+suse.247.gfb7df05c-150200.3.63.1 dracut-fips-049.1+suse.247.gfb7df05c-150200.3.63.1 dracut-ima-049.1+suse.247.gfb7df05c-150200.3.63.1 - SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64): dracut-049.1+suse.247.gfb7df05c-150200.3.63.1 dracut-debuginfo-049.1+suse.247.gfb7df05c-150200.3.63.1 dracut-debugsource-049.1+suse.247.gfb7df05c-150200.3.63.1 dracut-fips-049.1+suse.247.gfb7df05c-150200.3.63.1 - SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64): dracut-049.1+suse.247.gfb7df05c-150200.3.63.1 dracut-debuginfo-049.1+suse.247.gfb7df05c-150200.3.63.1 dracut-debugsource-049.1+suse.247.gfb7df05c-150200.3.63.1 dracut-fips-049.1+suse.247.gfb7df05c-150200.3.63.1 References: https://bugzilla.suse.com/1187654 https://bugzilla.suse.com/1195618 https://bugzilla.suse.com/1203267 https://bugzilla.suse.com/1203749 From sle-updates at lists.suse.com Tue Nov 22 17:20:01 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 22 Nov 2022 18:20:01 +0100 (CET) Subject: SUSE-SU-2022:4170-1: Security update for colord Message-ID: <20221122172001.AFE4AF3CC@maintenance.suse.de> SUSE Security Update: Security update for colord ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:4170-1 Rating: low References: #1202802 Cross-References: CVE-2021-42523 CVSS scores: CVE-2021-42523 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2021-42523 (SUSE): 4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Affected Products: SUSE Enterprise Storage 7.1 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Desktop Applications 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Workstation Extension 15-SP3 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 openSUSE Leap Micro 5.2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for colord fixes the following issues: - CVE-2021-42523: Fixed small memory leak in sqlite3_exec (bsc#1202802). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap Micro 5.2: zypper in -t patch openSUSE-Leap-Micro-5.2-2022-4170=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-4170=1 - SUSE Linux Enterprise Workstation Extension 15-SP3: zypper in -t patch SUSE-SLE-Product-WE-15-SP3-2022-4170=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP3-2022-4170=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-4170=1 - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-4170=1 Package List: - openSUSE Leap Micro 5.2 (aarch64 x86_64): colord-debuginfo-1.4.4-150200.4.6.1 colord-debugsource-1.4.4-150200.4.6.1 libcolord2-1.4.4-150200.4.6.1 libcolord2-debuginfo-1.4.4-150200.4.6.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): colord-1.4.4-150200.4.6.1 colord-color-profiles-1.4.4-150200.4.6.1 colord-debuginfo-1.4.4-150200.4.6.1 colord-debugsource-1.4.4-150200.4.6.1 libcolord-devel-1.4.4-150200.4.6.1 libcolord2-1.4.4-150200.4.6.1 libcolord2-debuginfo-1.4.4-150200.4.6.1 libcolorhug2-1.4.4-150200.4.6.1 libcolorhug2-debuginfo-1.4.4-150200.4.6.1 typelib-1_0-Colord-1_0-1.4.4-150200.4.6.1 typelib-1_0-Colorhug-1_0-1.4.4-150200.4.6.1 - openSUSE Leap 15.3 (x86_64): libcolord2-32bit-1.4.4-150200.4.6.1 libcolord2-32bit-debuginfo-1.4.4-150200.4.6.1 - openSUSE Leap 15.3 (noarch): colord-lang-1.4.4-150200.4.6.1 - SUSE Linux Enterprise Workstation Extension 15-SP3 (x86_64): colord-1.4.4-150200.4.6.1 colord-debuginfo-1.4.4-150200.4.6.1 colord-debugsource-1.4.4-150200.4.6.1 - SUSE Linux Enterprise Workstation Extension 15-SP3 (noarch): colord-lang-1.4.4-150200.4.6.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (aarch64 ppc64le s390x x86_64): colord-color-profiles-1.4.4-150200.4.6.1 colord-debuginfo-1.4.4-150200.4.6.1 colord-debugsource-1.4.4-150200.4.6.1 libcolord-devel-1.4.4-150200.4.6.1 libcolorhug2-1.4.4-150200.4.6.1 libcolorhug2-debuginfo-1.4.4-150200.4.6.1 typelib-1_0-Colord-1_0-1.4.4-150200.4.6.1 typelib-1_0-Colorhug-1_0-1.4.4-150200.4.6.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): colord-debuginfo-1.4.4-150200.4.6.1 colord-debugsource-1.4.4-150200.4.6.1 libcolord2-1.4.4-150200.4.6.1 libcolord2-debuginfo-1.4.4-150200.4.6.1 - SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64): colord-debuginfo-1.4.4-150200.4.6.1 colord-debugsource-1.4.4-150200.4.6.1 libcolord2-1.4.4-150200.4.6.1 libcolord2-debuginfo-1.4.4-150200.4.6.1 References: https://www.suse.com/security/cve/CVE-2021-42523.html https://bugzilla.suse.com/1202802 From sle-updates at lists.suse.com Tue Nov 22 17:20:46 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 22 Nov 2022 18:20:46 +0100 (CET) Subject: SUSE-SU-2022:4168-1: Security update for redis Message-ID: <20221122172046.3C4DBF3CC@maintenance.suse.de> SUSE Security Update: Security update for redis ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:4168-1 Rating: low References: #1204633 Cross-References: CVE-2022-3647 CVSS scores: CVE-2022-3647 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-3647 (SUSE): 0 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:N Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Server Applications 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for redis fixes the following issues: - CVE-2022-3647: Fixed crash in sigsegvHandler debug function (bsc#1204633). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-4168=1 - SUSE Linux Enterprise Module for Server Applications 15-SP4: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP4-2022-4168=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): redis-6.2.6-150400.3.6.1 redis-debuginfo-6.2.6-150400.3.6.1 redis-debugsource-6.2.6-150400.3.6.1 - SUSE Linux Enterprise Module for Server Applications 15-SP4 (aarch64 ppc64le s390x x86_64): redis-6.2.6-150400.3.6.1 redis-debuginfo-6.2.6-150400.3.6.1 redis-debugsource-6.2.6-150400.3.6.1 References: https://www.suse.com/security/cve/CVE-2022-3647.html https://bugzilla.suse.com/1204633 From sle-updates at lists.suse.com Tue Nov 22 17:21:23 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 22 Nov 2022 18:21:23 +0100 (CET) Subject: SUSE-SU-2022:4169-1: Security update for redis Message-ID: <20221122172123.111E2F3CC@maintenance.suse.de> SUSE Security Update: Security update for redis ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:4169-1 Rating: low References: #1204633 Cross-References: CVE-2022-3647 CVSS scores: CVE-2022-3647 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-3647 (SUSE): 0 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:N Affected Products: SUSE Enterprise Storage 7.1 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Module for Server Applications 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for redis fixes the following issues: - CVE-2022-3647: Fixed crash in sigsegvHandler debug function (bsc#1204633). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-4169=1 - SUSE Linux Enterprise Module for Server Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP3-2022-4169=1 Package List: - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): redis-6.0.14-150200.6.14.1 redis-debuginfo-6.0.14-150200.6.14.1 redis-debugsource-6.0.14-150200.6.14.1 - SUSE Linux Enterprise Module for Server Applications 15-SP3 (aarch64 ppc64le s390x x86_64): redis-6.0.14-150200.6.14.1 redis-debuginfo-6.0.14-150200.6.14.1 redis-debugsource-6.0.14-150200.6.14.1 References: https://www.suse.com/security/cve/CVE-2022-3647.html https://bugzilla.suse.com/1204633 From sle-updates at lists.suse.com Tue Nov 22 20:19:33 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 22 Nov 2022 21:19:33 +0100 (CET) Subject: SUSE-SU-2022:4185-1: moderate: Security update for strongswan Message-ID: <20221122201933.C1A79F3E2@maintenance.suse.de> SUSE Security Update: Security update for strongswan ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:4185-1 Rating: moderate References: #1203556 Cross-References: CVE-2022-40617 CVSS scores: CVE-2022-40617 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-40617 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for strongswan fixes the following issues: - CVE-2022-40617: Fixed that using untrusted URIs for revocation checking could lead to denial of service (bsc#1203556) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-4185=1 Package List: - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): strongswan-5.1.3-26.23.1 strongswan-debugsource-5.1.3-26.23.1 strongswan-hmac-5.1.3-26.23.1 strongswan-ipsec-5.1.3-26.23.1 strongswan-ipsec-debuginfo-5.1.3-26.23.1 strongswan-libs0-5.1.3-26.23.1 strongswan-libs0-debuginfo-5.1.3-26.23.1 - SUSE Linux Enterprise Server 12-SP5 (noarch): strongswan-doc-5.1.3-26.23.1 References: https://www.suse.com/security/cve/CVE-2022-40617.html https://bugzilla.suse.com/1203556 From sle-updates at lists.suse.com Tue Nov 22 20:20:15 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 22 Nov 2022 21:20:15 +0100 (CET) Subject: SUSE-RU-2022:4180-1: moderate: Recommended update for release-notes-sles Message-ID: <20221122202015.E73CAF3E2@maintenance.suse.de> SUSE Recommended Update: Recommended update for release-notes-sles ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:4180-1 Rating: moderate References: #1203221 #933411 PED-1590 SLE-13241 SLE-23312 SLE-3193 Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Linux Enterprise Desktop 15-SP1 SUSE Linux Enterprise High Performance Computing 15-SP1 SUSE Linux Enterprise Installer 15-SP1 SUSE Linux Enterprise Server 15-SP1 SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP Applications 15-SP1 SUSE Manager Proxy 4.0 SUSE Manager Retail Branch Server 4.0 SUSE Manager Server 4.0 ______________________________________________________________________________ An update that has two recommended fixes and contains four features can now be installed. Description: This update for release-notes-sles fixes the following issues: Update release notes from version 15.1.20211130 to version 15.1.20220930 (bsc#933411): - Updated Java lifecycle (jsc#PED-1590) - Added note about SUSEConnect tracking (jsc#SLE-23312) - Added note about ODBC driver location (jsc#SLE-13241) - Removed ICMP section because it's not true anymore (bsc#1203221) - Added note about 32-bit components (jsc#SLE-3193) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-4180=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-4180=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-4180=1 - SUSE Linux Enterprise Installer 15-SP1: zypper in -t patch SUSE-SLE-INSTALLER-15-SP1-2022-4180=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-4180=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Linux Enterprise Server for SAP 15-SP1 (noarch): release-notes-sles-15.1.20220930-150100.3.28.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (noarch): release-notes-sles-15.1.20220930-150100.3.28.1 - SUSE Linux Enterprise Server 15-SP1-BCL (noarch): release-notes-sles-15.1.20220930-150100.3.28.1 - SUSE Linux Enterprise Installer 15-SP1 (noarch): release-notes-sles-15.1.20220930-150100.3.28.1 - SUSE Enterprise Storage 6 (noarch): release-notes-sles-15.1.20220930-150100.3.28.1 - SUSE CaaS Platform 4.0 (noarch): release-notes-sles-15.1.20220930-150100.3.28.1 References: https://bugzilla.suse.com/1203221 https://bugzilla.suse.com/933411 From sle-updates at lists.suse.com Tue Nov 22 20:21:09 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 22 Nov 2022 21:21:09 +0100 (CET) Subject: SUSE-RU-2022:4182-1: moderate: Recommended update for release-notes-sles Message-ID: <20221122202109.BCABEF3E2@maintenance.suse.de> SUSE Recommended Update: Recommended update for release-notes-sles ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:4182-1 Rating: moderate References: #1201266 #1201370 #1201709 #1202115 #1203256 #1203259 #1203461 #1203527 #1203528 #1203781 #933411 PED-1590 SLE-20484 SLE-21233 SLE-21491 SLE-21511 SLE-21779 SLE-22902 SLE-23312 SLE-23694 SLE-24526 SLE-24988 Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Installer 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has 11 recommended fixes and contains 11 features can now be installed. Description: This update for release-notes-sles fixes the following issues: Update release notes from version 15.4.20220714 to version 15.4.20220930 (bsc#933411): - Added note about SUSEConnect tracking (jsc#SLE-23312) - Added note about global crypto policies (bsc#1203781) - Added note about PHP7 (bsc#1203461) - Added note about removal of bind-chrootenv (bsc#1201266) - Added note about SUSEConnect tracking (jsc#SLE-24988) - Added AWS Graviton3 (jsc#SLE-24526) - Updated wording of ULP note (bsc#1203528) - Fixed broken link (bsc#1203527) - Fixed incorrect information about ODBC driver location (bsc#1203256) - Fixed spelling of SUSEConnect and suseconnect-ng (bsc#1203259) - Updated Java lifecycle (jsc#PED-1590) - Added note about zypper async downloads (jsc#SLE-20484) - Added note about Eclipse removal (jsc#SLE-23694) - Added note about nodejs16 addition (jsc#SLE-21779) - Added note about nodejs-common update (jsc#SLE-21233) - Added note about cloud-init 21.3 (jsc#SLE-22902) - Added note about GUI apps under WSL (jsc#SLE-21511) - Added note about AMX (jsc#SLE-21491) - Added note about Tomoyo (bsc#1202115) - Updated PHP 8 note to refer to version 8.0.10 (bsc#1201709) - Updated wording around list of updated packages/modules (bsc#1201370) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-4182=1 - SUSE Linux Enterprise Server 15-SP4: zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-2022-4182=1 - SUSE Linux Enterprise Installer 15-SP4: zypper in -t patch SUSE-SLE-INSTALLER-15-SP4-2022-4182=1 Package List: - openSUSE Leap 15.4 (noarch): release-notes-sles-15.4.20220930-150400.3.7.1 - SUSE Linux Enterprise Server 15-SP4 (noarch): release-notes-sles-15.4.20220930-150400.3.7.1 - SUSE Linux Enterprise Installer 15-SP4 (noarch): release-notes-sles-15.4.20220930-150400.3.7.1 References: https://bugzilla.suse.com/1201266 https://bugzilla.suse.com/1201370 https://bugzilla.suse.com/1201709 https://bugzilla.suse.com/1202115 https://bugzilla.suse.com/1203256 https://bugzilla.suse.com/1203259 https://bugzilla.suse.com/1203461 https://bugzilla.suse.com/1203527 https://bugzilla.suse.com/1203528 https://bugzilla.suse.com/1203781 https://bugzilla.suse.com/933411 From sle-updates at lists.suse.com Tue Nov 22 20:22:30 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 22 Nov 2022 21:22:30 +0100 (CET) Subject: SUSE-RU-2022:4184-1: Recommended update for release-notes-sle-micro Message-ID: <20221122202230.5CA24F3E2@maintenance.suse.de> SUSE Recommended Update: Recommended update for release-notes-sle-micro ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:4184-1 Rating: low References: Affected Products: SUSE Linux Enterprise Micro 5.1 ______________________________________________________________________________ An update that has 0 recommended fixes can now be installed. Description: This update for release-notes-sle-micro fixes the following issues: - Add links to 5.1 docs Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-4184=1 Package List: - SUSE Linux Enterprise Micro 5.1 (noarch): release-notes-sle-micro-5.1.20220901-150300.3.6.1 References: From sle-updates at lists.suse.com Tue Nov 22 20:23:00 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 22 Nov 2022 21:23:00 +0100 (CET) Subject: SUSE-RU-2022:4171-1: moderate: Recommended update for release-notes-sle_hpc Message-ID: <20221122202300.8E364F457@maintenance.suse.de> SUSE Recommended Update: Recommended update for release-notes-sle_hpc ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:4171-1 Rating: moderate References: #933411 SLE-23312 Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for HPC 15-SP4 ______________________________________________________________________________ An update that has one recommended fix and contains one feature can now be installed. Description: This update for release-notes-sle_hpc fixes the following issues: Version update of release notes from 15.4.20220831 to 15.4.20220930 (bsc#933411): - Added note about SUSEConnect tracking (jsc#SLE-23312) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for HPC 15-SP4: zypper in -t patch SUSE-SLE-Module-HPC-15-SP4-2022-4171=1 - SUSE Linux Enterprise High Performance Computing 15-SP4: zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-2022-4171=1 Package List: - SUSE Linux Enterprise Module for HPC 15-SP4 (noarch): release-notes-sle_hpc-15.400000000.20220930-150400.3.6.1 - SUSE Linux Enterprise High Performance Computing 15-SP4 (noarch): release-notes-sle_hpc-15.400000000.20220930-150400.3.6.1 References: https://bugzilla.suse.com/933411 From sle-updates at lists.suse.com Tue Nov 22 20:23:40 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 22 Nov 2022 21:23:40 +0100 (CET) Subject: SUSE-RU-2022:4181-1: moderate: Recommended update for release-notes-sles Message-ID: <20221122202340.4BFFEF457@maintenance.suse.de> SUSE Recommended Update: Recommended update for release-notes-sles ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:4181-1 Rating: moderate References: #1176440 #1194837 #1200646 #933411 PED-1590 SLE-22133 SLE-22144 SLE-23312 SLE-23330 Affected Products: SUSE Enterprise Storage 7.1 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Installer 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 ______________________________________________________________________________ An update that has four recommended fixes and contains 5 features can now be installed. Description: This update for release-notes-sles fixes the following issues: Update release notes from version 15.3.20220407 to version 15.3.20220930 (bsc#933411): - Added note about SUSEConnect tracking (jsc#SLE-23312) - Added note about BCI minimal container (jsc#SLE-22133) - Added note about BCI containers (jsc#SLE-22144) - Added note about XFS V4 filesystem (bsc#1200646) - Updated Java lifecycle (jsc#PED-1590) - Added note about schedutil (bsc#1176440) - Added note about insserv-compat migration failure (bsc#1194837) - Added note about Samba 4.15 (jsc#SLE-23330) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-4181=1 - SUSE Linux Enterprise Server 15-SP3: zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-2022-4181=1 - SUSE Linux Enterprise Installer 15-SP3: zypper in -t patch SUSE-SLE-INSTALLER-15-SP3-2022-4181=1 Package List: - openSUSE Leap 15.3 (noarch): release-notes-sles-15.3.20220930-150300.3.29.1 - SUSE Linux Enterprise Server 15-SP3 (noarch): release-notes-sles-15.3.20220930-150300.3.29.1 - SUSE Linux Enterprise Installer 15-SP3 (noarch): release-notes-sles-15.3.20220930-150300.3.29.1 References: https://bugzilla.suse.com/1176440 https://bugzilla.suse.com/1194837 https://bugzilla.suse.com/1200646 https://bugzilla.suse.com/933411 From sle-updates at lists.suse.com Tue Nov 22 20:24:33 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 22 Nov 2022 21:24:33 +0100 (CET) Subject: SUSE-RU-2022:4178-1: moderate: Recommended update for release-notes-sles-for-sap Message-ID: <20221122202433.82AD3F457@maintenance.suse.de> SUSE Recommended Update: Recommended update for release-notes-sles-for-sap ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:4178-1 Rating: moderate References: #933411 SLE-23312 Affected Products: SUSE Linux Enterprise Module for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 ______________________________________________________________________________ An update that has one recommended fix and contains one feature can now be installed. Description: This update for release-notes-sles-for-sap fixes the following issues: Update release notes from version 20220712 to version 15.3.20220930 (bsc#933411): - Added note about SUSEConnect tracking (jsc#SLE-23312) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for SAP Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-SP3-2022-4178=1 Package List: - SUSE Linux Enterprise Module for SAP Applications 15-SP3 (noarch): release-notes-sles-for-sap-15.3.20220930-150300.3.18.1 References: https://bugzilla.suse.com/933411 From sle-updates at lists.suse.com Tue Nov 22 20:25:19 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 22 Nov 2022 21:25:19 +0100 (CET) Subject: SUSE-RU-2022:4177-1: moderate: Recommended update for release-notes-sles Message-ID: <20221122202519.49E0FF457@maintenance.suse.de> SUSE Recommended Update: Recommended update for release-notes-sles ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:4177-1 Rating: moderate References: #1203221 #933411 PED-1590 SLE-23312 Affected Products: SUSE Enterprise Storage 7 SUSE Linux Enterprise Desktop 15-SP2 SUSE Linux Enterprise High Performance Computing 15-SP2 SUSE Linux Enterprise Installer 15-SP2 SUSE Linux Enterprise Server 15-SP2 SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP2 SUSE Manager Proxy 4.1 SUSE Manager Retail Branch Server 4.1 SUSE Manager Server 4.1 ______________________________________________________________________________ An update that has two recommended fixes and contains two features can now be installed. Description: This update for release-notes-sles fixes the following issues: Update release notes from version 15.2.20220614 to version 15.2.20220930 (bsc#933411): - Added note about SUSEConnect tracking (jsc#SLE-23312) - Removed ICMP section because it's not true anymore (bsc#1203221) - Updated Java lifecycle (jsc#PED-1590) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-4177=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-4177=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-4177=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-4177=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-4177=1 - SUSE Linux Enterprise Installer 15-SP2: zypper in -t patch SUSE-SLE-INSTALLER-15-SP2-2022-4177=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-4177=1 Package List: - SUSE Manager Server 4.1 (noarch): release-notes-sles-15.2.20220930-150200.3.41.1 - SUSE Manager Retail Branch Server 4.1 (noarch): release-notes-sles-15.2.20220930-150200.3.41.1 - SUSE Manager Proxy 4.1 (noarch): release-notes-sles-15.2.20220930-150200.3.41.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (noarch): release-notes-sles-15.2.20220930-150200.3.41.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (noarch): release-notes-sles-15.2.20220930-150200.3.41.1 - SUSE Linux Enterprise Installer 15-SP2 (noarch): release-notes-sles-15.2.20220930-150200.3.41.1 - SUSE Enterprise Storage 7 (noarch): release-notes-sles-15.2.20220930-150200.3.41.1 References: https://bugzilla.suse.com/1203221 https://bugzilla.suse.com/933411 From sle-updates at lists.suse.com Tue Nov 22 20:26:11 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 22 Nov 2022 21:26:11 +0100 (CET) Subject: SUSE-RU-2022:4174-1: moderate: Recommended update for release-notes-sle_hpc Message-ID: <20221122202611.477AFF457@maintenance.suse.de> SUSE Recommended Update: Recommended update for release-notes-sle_hpc ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:4174-1 Rating: moderate References: #933411 SLE-23312 Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Module for HPC 15-SP3 ______________________________________________________________________________ An update that has one recommended fix and contains one feature can now be installed. Description: This update for release-notes-sle_hpc fixes the following issues: Update release notes from version 15.3.20220831 to version 15.3.20220930 (bsc#933411): - Added note about SUSEConnect tracking (jsc#SLE-23312) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for HPC 15-SP3: zypper in -t patch SUSE-SLE-Module-HPC-15-SP3-2022-4174=1 - SUSE Linux Enterprise High Performance Computing 15-SP3: zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-2022-4174=1 Package List: - SUSE Linux Enterprise Module for HPC 15-SP3 (noarch): release-notes-sle_hpc-15.300000000.20220930-150300.3.6.1 - SUSE Linux Enterprise High Performance Computing 15-SP3 (noarch): release-notes-sle_hpc-15.300000000.20220930-150300.3.6.1 References: https://bugzilla.suse.com/933411 From sle-updates at lists.suse.com Tue Nov 22 20:26:45 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 22 Nov 2022 21:26:45 +0100 (CET) Subject: SUSE-RU-2022:4173-1: moderate: Recommended update for release-notes-sle_rt Message-ID: <20221122202645.97D47F457@maintenance.suse.de> SUSE Recommended Update: Recommended update for release-notes-sle_rt ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:4173-1 Rating: moderate References: #933411 SLE-23312 SLE-24923 Affected Products: SUSE Linux Enterprise Module for Realtime 15-SP4 SUSE Linux Enterprise Real Time 15-SP4 SUSE Linux Enterprise Realtime Extension 15-SP4 ______________________________________________________________________________ An update that has one recommended fix and contains two features can now be installed. Description: This update for release-notes-sle_rt fixes the following issues: Update release notes to version 15.4.20220802 to version 15.4.20220930 (bsc#933411): - Added note about SUSEConnect tracking (jsc#SLE-23312) - Added disable C-states in what's new section (jsc#SLE-24923) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Realtime Extension 15-SP4: zypper in -t patch SUSE-SLE-Product-RT-15-SP4-2022-4173=1 - SUSE Linux Enterprise Module for Realtime 15-SP4: zypper in -t patch SUSE-SLE-Module-RT-15-SP4-2022-4173=1 Package List: - SUSE Linux Enterprise Realtime Extension 15-SP4 (noarch): release-notes-sle_rt-15.4.20220930-150400.3.3.1 - SUSE Linux Enterprise Module for Realtime 15-SP4 (noarch): release-notes-sle_rt-15.4.20220930-150400.3.3.1 References: https://bugzilla.suse.com/933411 From sle-updates at lists.suse.com Tue Nov 22 20:27:18 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 22 Nov 2022 21:27:18 +0100 (CET) Subject: SUSE-RU-2022:4176-1: moderate: Recommended update for release-notes-sled Message-ID: <20221122202718.C9A4FF457@maintenance.suse.de> SUSE Recommended Update: Recommended update for release-notes-sled ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:4176-1 Rating: moderate References: #933411 SLE-23312 Affected Products: SUSE Linux Enterprise Desktop 15-SP4 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has one recommended fix and contains one feature can now be installed. Description: This update for release-notes-sled fixes the following issues: Update release notes from version 15.4.20220511 to version 15.4.20220930 (bsc#933411): - Added note about SUSEConnect tracking (jsc#SLE-23312) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-4176=1 - SUSE Linux Enterprise Desktop 15-SP4: zypper in -t patch SUSE-SLE-Product-SLED-15-SP4-2022-4176=1 Package List: - openSUSE Leap 15.4 (noarch): release-notes-sled-15.4.20220930-150400.3.3.1 - SUSE Linux Enterprise Desktop 15-SP4 (noarch): release-notes-sled-15.4.20220930-150400.3.3.1 References: https://bugzilla.suse.com/933411 From sle-updates at lists.suse.com Tue Nov 22 20:27:55 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 22 Nov 2022 21:27:55 +0100 (CET) Subject: SUSE-RU-2022:4183-1: Recommended update for release-notes-sle-micro Message-ID: <20221122202755.19100F457@maintenance.suse.de> SUSE Recommended Update: Recommended update for release-notes-sle-micro ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:4183-1 Rating: low References: Affected Products: SUSE Linux Enterprise Micro 5.2 ______________________________________________________________________________ An update that has 0 recommended fixes can now be installed. Description: This update for release-notes-sle-micro fixes the following issues: - Improve wording Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-4183=1 Package List: - SUSE Linux Enterprise Micro 5.2 (noarch): release-notes-sle-micro-5.2.20220901-150300.3.3.1 References: From sle-updates at lists.suse.com Tue Nov 22 20:28:23 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 22 Nov 2022 21:28:23 +0100 (CET) Subject: SUSE-RU-2022:4172-1: moderate: Recommended update for release-notes-sled Message-ID: <20221122202823.A3C59F457@maintenance.suse.de> SUSE Recommended Update: Recommended update for release-notes-sled ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:4172-1 Rating: moderate References: #933411 SLE-23312 Affected Products: SUSE Linux Enterprise Desktop 15-SP3 openSUSE Leap 15.3 ______________________________________________________________________________ An update that has one recommended fix and contains one feature can now be installed. Description: This update for release-notes-sled fixes the following issues: Version update of release notes from 15.3.20220831 to 15.3.20220930 (bsc#933411): - Added note about SUSEConnect tracking (jsc#SLE-23312) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-4172=1 - SUSE Linux Enterprise Desktop 15-SP3: zypper in -t patch SUSE-SLE-Product-SLED-15-SP3-2022-4172=1 Package List: - openSUSE Leap 15.3 (noarch): release-notes-sled-15.3.20220930-150300.3.9.1 - SUSE Linux Enterprise Desktop 15-SP3 (noarch): release-notes-sled-15.3.20220930-150300.3.9.1 References: https://bugzilla.suse.com/933411 From sle-updates at lists.suse.com Tue Nov 22 20:29:02 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 22 Nov 2022 21:29:02 +0100 (CET) Subject: SUSE-RU-2022:4179-1: moderate: Recommended update for release-notes-sles Message-ID: <20221122202902.8FB41F457@maintenance.suse.de> SUSE Recommended Update: Recommended update for release-notes-sles ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:4179-1 Rating: moderate References: #1203221 #933411 PED-1590 SLE-13244 SLE-23312 Affected Products: SUSE Linux Enterprise Desktop 15 SUSE Linux Enterprise High Performance Computing 15 SUSE Linux Enterprise Installer 15 SUSE Linux Enterprise Server 15 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server for SAP Applications 15 ______________________________________________________________________________ An update that has two recommended fixes and contains three features can now be installed. Description: This update for release-notes-sles fixes the following issues: Update release notes from version 15.0.20220318 to version 15.0.20220930 (bsc#933411): - Added note about SUSEConnect tracking (jsc#SLE-23312) - Added note about ODBC driver location (jsc#SLE-13244) - Removed ICMP section because it's not true anymore (bsc#1203221) - Updated Java lifecycle (jsc#PED-1590) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-4179=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2022-4179=1 - SUSE Linux Enterprise Installer 15: zypper in -t patch SUSE-SLE-INSTALLER-15-2022-4179=1 Package List: - SUSE Linux Enterprise Server for SAP 15 (noarch): release-notes-sles-15.0.20220930-150000.3.35.1 - SUSE Linux Enterprise Server 15-LTSS (noarch): release-notes-sles-15.0.20220930-150000.3.35.1 - SUSE Linux Enterprise Installer 15 (noarch): release-notes-sles-15.0.20220930-150000.3.35.1 References: https://bugzilla.suse.com/1203221 https://bugzilla.suse.com/933411 From sle-updates at lists.suse.com Tue Nov 22 20:29:44 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 22 Nov 2022 21:29:44 +0100 (CET) Subject: SUSE-RU-2022:4175-1: moderate: Recommended update for release-notes-sle_rt Message-ID: <20221122202944.861C3F457@maintenance.suse.de> SUSE Recommended Update: Recommended update for release-notes-sle_rt ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:4175-1 Rating: moderate References: #933411 SLE-23312 Affected Products: SUSE Linux Enterprise Module for Realtime 15-SP3 SUSE Linux Enterprise Real Time 15-SP3 SUSE Linux Enterprise Realtime Extension 15-SP3 ______________________________________________________________________________ An update that has one recommended fix and contains one feature can now be installed. Description: This update for release-notes-sle_rt fixes the following issues: Update release notes from version 15.3.20220422 to version 15.3.20220930 (bsc#933411): - Added note about SUSEConnect tracking (jsc#SLE-23312) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Realtime Extension 15-SP3: zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2022-4175=1 - SUSE Linux Enterprise Module for Realtime 15-SP3: zypper in -t patch SUSE-SLE-Module-RT-15-SP3-2022-4175=1 Package List: - SUSE Linux Enterprise Realtime Extension 15-SP3 (noarch): release-notes-sle_rt-15.3.20220930-150300.3.6.1 - SUSE Linux Enterprise Module for Realtime 15-SP3 (noarch): release-notes-sle_rt-15.3.20220930-150300.3.6.1 References: https://bugzilla.suse.com/933411 From sle-updates at lists.suse.com Wed Nov 23 08:19:15 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 23 Nov 2022 09:19:15 +0100 (CET) Subject: SUSE-RU-2022:4188-1: moderate: Recommended update for release-notes-sles-for-sap Message-ID: <20221123081915.CAE76F3CC@maintenance.suse.de> SUSE Recommended Update: Recommended update for release-notes-sles-for-sap ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:4188-1 Rating: moderate References: #1201401 #933411 SLE-23312 Affected Products: SUSE Linux Enterprise Module for SAP Applications 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 ______________________________________________________________________________ An update that has two recommended fixes and contains one feature can now be installed. Description: This update for release-notes-sles-for-sap fixes the following issues: Update release notes from version 15.4.20220714 to version 15.4.20220930 (bsc#933411): - Added note about SUSEConnect tracking (jsc#SLE-23312) - Added note about deprecating sapwmp (bsc#1201401) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for SAP Applications 15-SP4: zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-SP4-2022-4188=1 Package List: - SUSE Linux Enterprise Module for SAP Applications 15-SP4 (noarch): release-notes-sles-for-sap-15.4.20220930-150400.3.6.1 References: https://bugzilla.suse.com/1201401 https://bugzilla.suse.com/933411 From sle-updates at lists.suse.com Wed Nov 23 08:19:59 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 23 Nov 2022 09:19:59 +0100 (CET) Subject: SUSE-RU-2022:4187-1: moderate: Recommended update for release-notes-sles Message-ID: <20221123081959.E72F1F3CC@maintenance.suse.de> SUSE Recommended Update: Recommended update for release-notes-sles ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:4187-1 Rating: moderate References: #933411 PED-2073 SLE-23312 SLE-24441 SLE-5601 Affected Products: SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server Installer 12-SP5 ______________________________________________________________________________ An update that has one recommended fix and contains four features can now be installed. Description: This update for release-notes-sles fixes the following issues: Update release notes from version 12.5.20220718 to version 12.5.20220930 (bsc#933411): - Added note about /var/run volatility (jsc#SLE-5601) - Added note about SUSEConnect tracking (jsc#SLE-23312) - Updated LibreOffice note (jsc#SLE-24441) - Updated Java 1.7 lifecycle (jsc#PED-2073) - Updated Java lifecycle (jsc#PED-2073) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server Installer 12-SP5: zypper in -t patch SUSE-SLE-SERVER-INSTALLER-12-SP5-2022-4187=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-4187=1 Package List: - SUSE Linux Enterprise Server Installer 12-SP5 (noarch): release-notes-sles-12.5.20220930-3.34.1 - SUSE Linux Enterprise Server 12-SP5 (noarch): release-notes-sles-12.5.20220930-3.34.1 References: https://bugzilla.suse.com/933411 From sle-updates at lists.suse.com Wed Nov 23 08:41:52 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 23 Nov 2022 09:41:52 +0100 (CET) Subject: SUSE-CU-2022:3083-1: Recommended update of suse/sles12sp4 Message-ID: <20221123084152.DD1DFF3CC@maintenance.suse.de> SUSE Container Update Advisory: suse/sles12sp4 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3083-1 Container Tags : suse/sles12sp4:26.532 , suse/sles12sp4:latest Container Release : 26.532 Severity : moderate Type : recommended References : 1084542 1142050 ----------------------------------------------------------------- The container suse/sles12sp4 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4161-1 Released: Tue Nov 22 10:54:46 2022 Summary: Recommended update for augeas Type: recommended Severity: moderate References: 1084542,1142050 This update for augeas fixes the following issues: - Recognize fudge flags in ntp lens (bsc#1142050) - Fix issues with build time tests (bsc#1084542) The following package changes have been done: - base-container-licenses-3.0-1.327 updated - libaugeas0-1.2.0-17.12.1 updated From sle-updates at lists.suse.com Wed Nov 23 09:09:02 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 23 Nov 2022 10:09:02 +0100 (CET) Subject: SUSE-CU-2022:3087-1: Security update of bci/python Message-ID: <20221123090902.F1C83F3CC@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3087-1 Container Tags : bci/python:3 , bci/python:3.9 , bci/python:3.9-20.43 Container Release : 20.43 Severity : important Type : security References : 1177460 1199944 1202324 1204649 1204886 1205156 1205244 CVE-2022-1664 CVE-2022-42919 CVE-2022-45061 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4066-1 Released: Fri Nov 18 10:43:00 2022 Summary: Recommended update for timezone Type: recommended Severity: important References: 1177460,1202324,1204649,1205156 This update for timezone fixes the following issues: Update timezone version from 2022a to 2022f (bsc#1177460, bsc#1204649, bsc#1205156): - Mexico will no longer observe DST except near the US border - Chihuahua moves to year-round -06 on 2022-10-30 - Fiji no longer observes DST - In vanguard form, GMT is now a Zone and Etc/GMT a link - zic now supports links to links, and vanguard form uses this - Simplify four Ontario zones - Fix a Y2438 bug when reading TZif data - Enable 64-bit time_t on 32-bit glibc platforms - Omit large-file support when no longer needed - Jordan and Syria switch from +02/+03 with DST to year-round +03 - Palestine transitions are now Saturdays at 02:00 - Simplify three Ukraine zones into one - Improve tzselect on intercontinental Zones - Chile's DST is delayed by a week in September 2022 (bsc#1202324) - Iran no longer observes DST after 2022 - Rename Europe/Kiev to Europe/Kyiv - New `zic -R` command option - Vanguard form now uses %z ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4071-1 Released: Fri Nov 18 13:05:48 2022 Summary: Security update for python39 Type: security Severity: important References: 1204886,1205244,CVE-2022-42919,CVE-2022-45061 This update for python39 fixes the following issues: Security fixes: - CVE-2022-42919: Fixed local privilege escalation via the multiprocessing forkserver start method (bsc#1204886). - CVE-2022-45061: Fixed a quadratic IDNA decoding time (bsc#1205244). Other fixes: - Allow building of documentation with the latest Sphinx 5.3.0 (gh#python/cpython#98366). - Update to 3.9.15: - Fix multiplying a list by an integer (list *= int): detect the integer overflow when the new allocated length is close to the maximum size. - Fix a shell code injection vulnerability in the get-remote-certificate.py example script. The script no longer uses a shell to run openssl commands. (originally filed as CVE-2022-37460, later withdrawn) - Fix command line parsing: reject -X int_max_str_digits option with no value (invalid) when the PYTHONINTMAXSTRDIGITS environment variable is set to a valid limit. - When ValueError is raised if an integer is larger than the limit, mention the sys.set_int_max_str_digits() function in the error message. - Update bundled libexpat to 2.4.9 ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4081-1 Released: Fri Nov 18 15:40:46 2022 Summary: Security update for dpkg Type: security Severity: low References: 1199944,CVE-2022-1664 This update for dpkg fixes the following issues: - CVE-2022-1664: Fixed a directory traversal vulnerability in Dpkg::Source::Archive (bsc#1199944). The following package changes have been done: - krb5-1.19.2-150300.7.7.1 updated - libpython3_9-1_0-3.9.15-150300.4.21.1 updated - python39-base-3.9.15-150300.4.21.1 updated - python39-3.9.15-150300.4.21.1 updated - timezone-2022f-150000.75.15.1 updated - update-alternatives-1.19.0.4-150000.4.4.1 updated - container:sles15-image-15.0.0-17.20.74 updated From sle-updates at lists.suse.com Wed Nov 23 09:10:53 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 23 Nov 2022 10:10:53 +0100 (CET) Subject: SUSE-CU-2022:3088-1: Security update of suse/389-ds Message-ID: <20221123091053.BF441F3CC@maintenance.suse.de> SUSE Container Update Advisory: suse/389-ds ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3088-1 Container Tags : suse/389-ds:2.0 , suse/389-ds:2.0-17.51 , suse/389-ds:latest Container Release : 17.51 Severity : important Type : security References : 1198165 1205126 CVE-2022-42898 ----------------------------------------------------------------- The container suse/389-ds was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4135-1 Released: Mon Nov 21 00:13:40 2022 Summary: Recommended update for libeconf Type: recommended Severity: moderate References: 1198165 This update for libeconf fixes the following issues: - Update to version 0.4.6+git - econftool: Parsing error: Reporting file and line nr. --delimeters=spaces accepting all kind of spaces for delimiter. - libeconf: Parse files correctly on space characters (1198165) - Update to version 0.4.5+git - econftool: New call 'syntax' for checking the configuration files only. Returns an error string with line number if error. New options '--comment' and '--delimeters' ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4153-1 Released: Mon Nov 21 14:34:09 2022 Summary: Security update for krb5 Type: security Severity: important References: 1205126,CVE-2022-42898 This update for krb5 fixes the following issues: - CVE-2022-42898: Fixed integer overflow in PAC parsing (bsc#1205126). The following package changes have been done: - libeconf0-0.4.6+git20220427.3016f4e-150400.3.3.1 updated - krb5-1.19.2-150400.3.3.1 updated - krb5-client-1.19.2-150400.3.3.1 updated - container:sles15-image-15.0.0-27.14.18 updated From sle-updates at lists.suse.com Wed Nov 23 09:23:32 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 23 Nov 2022 10:23:32 +0100 (CET) Subject: SUSE-CU-2022:3095-1: Security update of bci/golang Message-ID: <20221123092332.5D5DCF3CC@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3095-1 Container Tags : bci/golang:1.17 , bci/golang:1.17-29.94 Container Release : 29.94 Severity : important Type : security References : 1142579 1185597 1185712 1188374 1191473 1193929 1194783 1197592 1198165 1198237 1202816 1202966 1202967 1202969 1205126 CVE-2019-1010204 CVE-2021-3530 CVE-2021-3648 CVE-2021-3826 CVE-2021-45078 CVE-2021-46195 CVE-2022-27943 CVE-2022-38126 CVE-2022-38127 CVE-2022-38533 CVE-2022-42898 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4135-1 Released: Mon Nov 21 00:13:40 2022 Summary: Recommended update for libeconf Type: recommended Severity: moderate References: 1198165 This update for libeconf fixes the following issues: - Update to version 0.4.6+git - econftool: Parsing error: Reporting file and line nr. --delimeters=spaces accepting all kind of spaces for delimiter. - libeconf: Parse files correctly on space characters (1198165) - Update to version 0.4.5+git - econftool: New call 'syntax' for checking the configuration files only. Returns an error string with line number if error. New options '--comment' and '--delimeters' ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4146-1 Released: Mon Nov 21 09:56:12 2022 Summary: Security update for binutils Type: security Severity: moderate References: 1142579,1185597,1185712,1188374,1191473,1193929,1194783,1197592,1198237,1202816,1202966,1202967,1202969,CVE-2019-1010204,CVE-2021-3530,CVE-2021-3648,CVE-2021-3826,CVE-2021-45078,CVE-2021-46195,CVE-2022-27943,CVE-2022-38126,CVE-2022-38127,CVE-2022-38533 This update for binutils fixes the following issues: The following security bugs were fixed: - CVE-2019-1010204: Fixed out-of-bounds read in elfcpp/elfcpp_file.h (bsc#1142579). - CVE-2021-3530: Fixed stack-based buffer overflow in demangle_path() in rust-demangle.c (bsc#1185597). - CVE-2021-3648: Fixed infinite loop while demangling rust symbols (bsc#1188374). - CVE-2021-3826: Fixed heap/stack buffer overflow in the dlang_lname function in d-demangle.c (bsc#1202969). - CVE-2021-45078: Fixed out-of-bounds write in stab_xcoff_builtin_type() in stabs.c (bsc#1193929). - CVE-2021-46195: Fixed uncontrolled recursion in libiberty/rust-demangle.c (bsc#1194783). - CVE-2022-27943: Fixed stack exhaustion in demangle_const in (bsc#1197592). - CVE-2022-38126: Fixed assertion fail in the display_debug_names() function in binutils/dwarf.c (bsc#1202966). - CVE-2022-38127: Fixed NULL pointer dereference in the read_and_display_attr_value() function in binutils/dwarf.c (bsc#1202967). - CVE-2022-38533: Fixed heap out-of-bounds read in bfd_getl32 (bsc#1202816). The following non-security bugs were fixed: - SLE toolchain update of binutils, update to 2.39 from 2.37. - Update to 2.39: * The ELF linker will now generate a warning message if the stack is made executable. Similarly it will warn if the output binary contains a segment with all three of the read, write and execute permission bits set. These warnings are intended to help developers identify programs which might be vulnerable to attack via these executable memory regions. The warnings are enabled by default but can be disabled via a command line option. It is also possible to build a linker with the warnings disabled, should that be necessary. * The ELF linker now supports a --package-metadata option that allows embedding a JSON payload in accordance to the Package Metadata specification. * In linker scripts it is now possible to use TYPE= in an output section description to set the section type value. * The objdump program now supports coloured/colored syntax highlighting of its disassembler output for some architectures. (Currently: AVR, RiscV, s390, x86, x86_64). * The nm program now supports a --no-weak/-W option to make it ignore weak symbols. * The readelf and objdump programs now support a -wE option to prevent them from attempting to access debuginfod servers when following links. * The objcopy program's --weaken, --weaken-symbol, and --weaken-symbols options now works with unique symbols as well. - Update to 2.38: * elfedit: Add --output-abiversion option to update ABIVERSION. * Add support for the LoongArch instruction set. * Tools which display symbols or strings (readelf, strings, nm, objdump) have a new command line option which controls how unicode characters are handled. By default they are treated as normal for the tool. Using --unicode=locale will display them according to the current locale. Using --unicode=hex will display them as hex byte values, whilst --unicode=escape will display them as escape sequences. In addition using --unicode=highlight will display them as unicode escape sequences highlighted in red (if supported by the output device). * readelf -r dumps RELR relative relocations now. * Support for efi-app-aarch64, efi-rtdrv-aarch64 and efi-bsdrv-aarch64 has been added to objcopy in order to enable UEFI development using binutils. * ar: Add --thin for creating thin archives. -T is a deprecated alias without diagnostics. In many ar implementations -T has a different meaning, as specified by X/Open System Interface. * Add support for AArch64 system registers that were missing in previous releases. * Add support for the LoongArch instruction set. * Add a command-line option, -muse-unaligned-vector-move, for x86 target to encode aligned vector move as unaligned vector move. * Add support for Cortex-R52+ for Arm. * Add support for Cortex-A510, Cortex-A710, Cortex-X2 for AArch64. * Add support for Cortex-A710 for Arm. * Add support for Scalable Matrix Extension (SME) for AArch64. * The --multibyte-handling=[allow|warn|warn-sym-only] option tells the assembler what to when it encoutners multibyte characters in the input. The default is to allow them. Setting the option to 'warn' will generate a warning message whenever any multibyte character is encountered. Using the option to 'warn-sym-only' will make the assembler generate a warning whenever a symbol is defined containing multibyte characters. (References to undefined symbols will not generate warnings). * Outputs of .ds.x directive and .tfloat directive with hex input from x86 assembler have been reduced from 12 bytes to 10 bytes to match the output of .tfloat directive. * Add support for 'armv8.8-a', 'armv9-a', 'armv9.1-a', 'armv9.2-a' and 'armv9.3-a' for -march in AArch64 GAS. * Add support for 'armv8.7-a', 'armv8.8-a', 'armv9-a', 'armv9.1-a', 'armv9.2-a' and 'armv9.3-a' for -march in Arm GAS. * Add support for Intel AVX512_FP16 instructions. * Add -z pack-relative-relocs/-z no pack-relative-relocs to x86 ELF linker to pack relative relocations in the DT_RELR section. * Add support for the LoongArch architecture. * Add -z indirect-extern-access/-z noindirect-extern-access to x86 ELF linker to control canonical function pointers and copy relocation. * Add --max-cache-size=SIZE to set the the maximum cache size to SIZE bytes. - Explicitly enable --enable-warn-execstack=yes and --enable-warn-rwx-segments=yes. - Add gprofng subpackage. - Include recognition of 'z16' name for 'arch14' on s390. (bsc#1198237). - Add back fix for bsc#1191473, which got lost in the update to 2.38. - Install symlinks for all target specific tools on arm-eabi-none (bsc#1185712). - Enable PRU architecture for AM335x CPU (Beagle Bone Black board) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4153-1 Released: Mon Nov 21 14:34:09 2022 Summary: Security update for krb5 Type: security Severity: important References: 1205126,CVE-2022-42898 This update for krb5 fixes the following issues: - CVE-2022-42898: Fixed integer overflow in PAC parsing (bsc#1205126). The following package changes have been done: - libeconf0-0.4.6+git20220427.3016f4e-150400.3.3.1 updated - krb5-1.19.2-150400.3.3.1 updated - libctf-nobfd0-2.39-150100.7.40.1 updated - libctf0-2.39-150100.7.40.1 updated - binutils-2.39-150100.7.40.1 updated - container:sles15-image-15.0.0-27.14.18 updated From sle-updates at lists.suse.com Wed Nov 23 09:25:14 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 23 Nov 2022 10:25:14 +0100 (CET) Subject: SUSE-CU-2022:3096-1: Security update of bci/golang Message-ID: <20221123092514.241E6F3CC@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3096-1 Container Tags : bci/golang:1.19 , bci/golang:1.19-18.38 , bci/golang:latest Container Release : 18.38 Severity : important Type : security References : 1142579 1185597 1185712 1188374 1191473 1193929 1194783 1197592 1198165 1198237 1202816 1202966 1202967 1202969 1205126 CVE-2019-1010204 CVE-2021-3530 CVE-2021-3648 CVE-2021-3826 CVE-2021-45078 CVE-2021-46195 CVE-2022-27943 CVE-2022-38126 CVE-2022-38127 CVE-2022-38533 CVE-2022-42898 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4135-1 Released: Mon Nov 21 00:13:40 2022 Summary: Recommended update for libeconf Type: recommended Severity: moderate References: 1198165 This update for libeconf fixes the following issues: - Update to version 0.4.6+git - econftool: Parsing error: Reporting file and line nr. --delimeters=spaces accepting all kind of spaces for delimiter. - libeconf: Parse files correctly on space characters (1198165) - Update to version 0.4.5+git - econftool: New call 'syntax' for checking the configuration files only. Returns an error string with line number if error. New options '--comment' and '--delimeters' ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4146-1 Released: Mon Nov 21 09:56:12 2022 Summary: Security update for binutils Type: security Severity: moderate References: 1142579,1185597,1185712,1188374,1191473,1193929,1194783,1197592,1198237,1202816,1202966,1202967,1202969,CVE-2019-1010204,CVE-2021-3530,CVE-2021-3648,CVE-2021-3826,CVE-2021-45078,CVE-2021-46195,CVE-2022-27943,CVE-2022-38126,CVE-2022-38127,CVE-2022-38533 This update for binutils fixes the following issues: The following security bugs were fixed: - CVE-2019-1010204: Fixed out-of-bounds read in elfcpp/elfcpp_file.h (bsc#1142579). - CVE-2021-3530: Fixed stack-based buffer overflow in demangle_path() in rust-demangle.c (bsc#1185597). - CVE-2021-3648: Fixed infinite loop while demangling rust symbols (bsc#1188374). - CVE-2021-3826: Fixed heap/stack buffer overflow in the dlang_lname function in d-demangle.c (bsc#1202969). - CVE-2021-45078: Fixed out-of-bounds write in stab_xcoff_builtin_type() in stabs.c (bsc#1193929). - CVE-2021-46195: Fixed uncontrolled recursion in libiberty/rust-demangle.c (bsc#1194783). - CVE-2022-27943: Fixed stack exhaustion in demangle_const in (bsc#1197592). - CVE-2022-38126: Fixed assertion fail in the display_debug_names() function in binutils/dwarf.c (bsc#1202966). - CVE-2022-38127: Fixed NULL pointer dereference in the read_and_display_attr_value() function in binutils/dwarf.c (bsc#1202967). - CVE-2022-38533: Fixed heap out-of-bounds read in bfd_getl32 (bsc#1202816). The following non-security bugs were fixed: - SLE toolchain update of binutils, update to 2.39 from 2.37. - Update to 2.39: * The ELF linker will now generate a warning message if the stack is made executable. Similarly it will warn if the output binary contains a segment with all three of the read, write and execute permission bits set. These warnings are intended to help developers identify programs which might be vulnerable to attack via these executable memory regions. The warnings are enabled by default but can be disabled via a command line option. It is also possible to build a linker with the warnings disabled, should that be necessary. * The ELF linker now supports a --package-metadata option that allows embedding a JSON payload in accordance to the Package Metadata specification. * In linker scripts it is now possible to use TYPE= in an output section description to set the section type value. * The objdump program now supports coloured/colored syntax highlighting of its disassembler output for some architectures. (Currently: AVR, RiscV, s390, x86, x86_64). * The nm program now supports a --no-weak/-W option to make it ignore weak symbols. * The readelf and objdump programs now support a -wE option to prevent them from attempting to access debuginfod servers when following links. * The objcopy program's --weaken, --weaken-symbol, and --weaken-symbols options now works with unique symbols as well. - Update to 2.38: * elfedit: Add --output-abiversion option to update ABIVERSION. * Add support for the LoongArch instruction set. * Tools which display symbols or strings (readelf, strings, nm, objdump) have a new command line option which controls how unicode characters are handled. By default they are treated as normal for the tool. Using --unicode=locale will display them according to the current locale. Using --unicode=hex will display them as hex byte values, whilst --unicode=escape will display them as escape sequences. In addition using --unicode=highlight will display them as unicode escape sequences highlighted in red (if supported by the output device). * readelf -r dumps RELR relative relocations now. * Support for efi-app-aarch64, efi-rtdrv-aarch64 and efi-bsdrv-aarch64 has been added to objcopy in order to enable UEFI development using binutils. * ar: Add --thin for creating thin archives. -T is a deprecated alias without diagnostics. In many ar implementations -T has a different meaning, as specified by X/Open System Interface. * Add support for AArch64 system registers that were missing in previous releases. * Add support for the LoongArch instruction set. * Add a command-line option, -muse-unaligned-vector-move, for x86 target to encode aligned vector move as unaligned vector move. * Add support for Cortex-R52+ for Arm. * Add support for Cortex-A510, Cortex-A710, Cortex-X2 for AArch64. * Add support for Cortex-A710 for Arm. * Add support for Scalable Matrix Extension (SME) for AArch64. * The --multibyte-handling=[allow|warn|warn-sym-only] option tells the assembler what to when it encoutners multibyte characters in the input. The default is to allow them. Setting the option to 'warn' will generate a warning message whenever any multibyte character is encountered. Using the option to 'warn-sym-only' will make the assembler generate a warning whenever a symbol is defined containing multibyte characters. (References to undefined symbols will not generate warnings). * Outputs of .ds.x directive and .tfloat directive with hex input from x86 assembler have been reduced from 12 bytes to 10 bytes to match the output of .tfloat directive. * Add support for 'armv8.8-a', 'armv9-a', 'armv9.1-a', 'armv9.2-a' and 'armv9.3-a' for -march in AArch64 GAS. * Add support for 'armv8.7-a', 'armv8.8-a', 'armv9-a', 'armv9.1-a', 'armv9.2-a' and 'armv9.3-a' for -march in Arm GAS. * Add support for Intel AVX512_FP16 instructions. * Add -z pack-relative-relocs/-z no pack-relative-relocs to x86 ELF linker to pack relative relocations in the DT_RELR section. * Add support for the LoongArch architecture. * Add -z indirect-extern-access/-z noindirect-extern-access to x86 ELF linker to control canonical function pointers and copy relocation. * Add --max-cache-size=SIZE to set the the maximum cache size to SIZE bytes. - Explicitly enable --enable-warn-execstack=yes and --enable-warn-rwx-segments=yes. - Add gprofng subpackage. - Include recognition of 'z16' name for 'arch14' on s390. (bsc#1198237). - Add back fix for bsc#1191473, which got lost in the update to 2.38. - Install symlinks for all target specific tools on arm-eabi-none (bsc#1185712). - Enable PRU architecture for AM335x CPU (Beagle Bone Black board) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4153-1 Released: Mon Nov 21 14:34:09 2022 Summary: Security update for krb5 Type: security Severity: important References: 1205126,CVE-2022-42898 This update for krb5 fixes the following issues: - CVE-2022-42898: Fixed integer overflow in PAC parsing (bsc#1205126). The following package changes have been done: - libeconf0-0.4.6+git20220427.3016f4e-150400.3.3.1 updated - krb5-1.19.2-150400.3.3.1 updated - libctf-nobfd0-2.39-150100.7.40.1 updated - libctf0-2.39-150100.7.40.1 updated - binutils-2.39-150100.7.40.1 updated - container:sles15-image-15.0.0-27.14.18 updated From sle-updates at lists.suse.com Wed Nov 23 09:27:06 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 23 Nov 2022 10:27:06 +0100 (CET) Subject: SUSE-CU-2022:3097-1: Security update of bci/bci-init Message-ID: <20221123092706.3A680F3CC@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-init ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3097-1 Container Tags : bci/bci-init:15.4 , bci/bci-init:15.4.24.39 , bci/bci-init:latest Container Release : 24.39 Severity : important Type : security References : 1177460 1198165 1199944 1202324 1204649 1205126 1205156 CVE-2022-1664 CVE-2022-42898 ----------------------------------------------------------------- The container bci/bci-init was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4066-1 Released: Fri Nov 18 10:43:00 2022 Summary: Recommended update for timezone Type: recommended Severity: important References: 1177460,1202324,1204649,1205156 This update for timezone fixes the following issues: Update timezone version from 2022a to 2022f (bsc#1177460, bsc#1204649, bsc#1205156): - Mexico will no longer observe DST except near the US border - Chihuahua moves to year-round -06 on 2022-10-30 - Fiji no longer observes DST - In vanguard form, GMT is now a Zone and Etc/GMT a link - zic now supports links to links, and vanguard form uses this - Simplify four Ontario zones - Fix a Y2438 bug when reading TZif data - Enable 64-bit time_t on 32-bit glibc platforms - Omit large-file support when no longer needed - Jordan and Syria switch from +02/+03 with DST to year-round +03 - Palestine transitions are now Saturdays at 02:00 - Simplify three Ukraine zones into one - Improve tzselect on intercontinental Zones - Chile's DST is delayed by a week in September 2022 (bsc#1202324) - Iran no longer observes DST after 2022 - Rename Europe/Kiev to Europe/Kyiv - New `zic -R` command option - Vanguard form now uses %z ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4081-1 Released: Fri Nov 18 15:40:46 2022 Summary: Security update for dpkg Type: security Severity: low References: 1199944,CVE-2022-1664 This update for dpkg fixes the following issues: - CVE-2022-1664: Fixed a directory traversal vulnerability in Dpkg::Source::Archive (bsc#1199944). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4135-1 Released: Mon Nov 21 00:13:40 2022 Summary: Recommended update for libeconf Type: recommended Severity: moderate References: 1198165 This update for libeconf fixes the following issues: - Update to version 0.4.6+git - econftool: Parsing error: Reporting file and line nr. --delimeters=spaces accepting all kind of spaces for delimiter. - libeconf: Parse files correctly on space characters (1198165) - Update to version 0.4.5+git - econftool: New call 'syntax' for checking the configuration files only. Returns an error string with line number if error. New options '--comment' and '--delimeters' ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4153-1 Released: Mon Nov 21 14:34:09 2022 Summary: Security update for krb5 Type: security Severity: important References: 1205126,CVE-2022-42898 This update for krb5 fixes the following issues: - CVE-2022-42898: Fixed integer overflow in PAC parsing (bsc#1205126). The following package changes have been done: - libeconf0-0.4.6+git20220427.3016f4e-150400.3.3.1 updated - krb5-1.19.2-150400.3.3.1 updated - timezone-2022f-150000.75.15.1 updated - update-alternatives-1.19.0.4-150000.4.4.1 updated - container:sles15-image-15.0.0-27.14.18 updated From sle-updates at lists.suse.com Wed Nov 23 09:28:17 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 23 Nov 2022 10:28:17 +0100 (CET) Subject: SUSE-CU-2022:3098-1: Security update of bci/nodejs Message-ID: <20221123092817.2F348F3CC@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3098-1 Container Tags : bci/node:16 , bci/node:16-11.36 , bci/node:latest , bci/nodejs:16 , bci/nodejs:16-11.36 , bci/nodejs:latest Container Release : 11.36 Severity : important Type : security References : 1198165 1205126 CVE-2022-42898 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4135-1 Released: Mon Nov 21 00:13:40 2022 Summary: Recommended update for libeconf Type: recommended Severity: moderate References: 1198165 This update for libeconf fixes the following issues: - Update to version 0.4.6+git - econftool: Parsing error: Reporting file and line nr. --delimeters=spaces accepting all kind of spaces for delimiter. - libeconf: Parse files correctly on space characters (1198165) - Update to version 0.4.5+git - econftool: New call 'syntax' for checking the configuration files only. Returns an error string with line number if error. New options '--comment' and '--delimeters' ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4153-1 Released: Mon Nov 21 14:34:09 2022 Summary: Security update for krb5 Type: security Severity: important References: 1205126,CVE-2022-42898 This update for krb5 fixes the following issues: - CVE-2022-42898: Fixed integer overflow in PAC parsing (bsc#1205126). The following package changes have been done: - libeconf0-0.4.6+git20220427.3016f4e-150400.3.3.1 updated - krb5-1.19.2-150400.3.3.1 updated - container:sles15-image-15.0.0-27.14.18 updated From sle-updates at lists.suse.com Wed Nov 23 09:31:44 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 23 Nov 2022 10:31:44 +0100 (CET) Subject: SUSE-CU-2022:3099-1: Security update of bci/openjdk-devel Message-ID: <20221123093144.6549FF3CC@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3099-1 Container Tags : bci/openjdk-devel:11 , bci/openjdk-devel:11-36.80 , bci/openjdk-devel:latest Container Release : 36.80 Severity : important Type : security References : 1177460 1198165 1199944 1202324 1203476 1204468 1204471 1204472 1204473 1204475 1204480 1204523 1204649 1205126 1205156 CVE-2022-1664 CVE-2022-21618 CVE-2022-21619 CVE-2022-21624 CVE-2022-21626 CVE-2022-21628 CVE-2022-39399 CVE-2022-42898 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4066-1 Released: Fri Nov 18 10:43:00 2022 Summary: Recommended update for timezone Type: recommended Severity: important References: 1177460,1202324,1204649,1205156 This update for timezone fixes the following issues: Update timezone version from 2022a to 2022f (bsc#1177460, bsc#1204649, bsc#1205156): - Mexico will no longer observe DST except near the US border - Chihuahua moves to year-round -06 on 2022-10-30 - Fiji no longer observes DST - In vanguard form, GMT is now a Zone and Etc/GMT a link - zic now supports links to links, and vanguard form uses this - Simplify four Ontario zones - Fix a Y2438 bug when reading TZif data - Enable 64-bit time_t on 32-bit glibc platforms - Omit large-file support when no longer needed - Jordan and Syria switch from +02/+03 with DST to year-round +03 - Palestine transitions are now Saturdays at 02:00 - Simplify three Ukraine zones into one - Improve tzselect on intercontinental Zones - Chile's DST is delayed by a week in September 2022 (bsc#1202324) - Iran no longer observes DST after 2022 - Rename Europe/Kiev to Europe/Kyiv - New `zic -R` command option - Vanguard form now uses %z ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4076-1 Released: Fri Nov 18 15:00:38 2022 Summary: Recommended update for jsoup Type: recommended Severity: moderate References: This update for jsoup fixes the following issues: - Fix typo in the ant *-build.xml file that caused errors while building eclipse. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4078-1 Released: Fri Nov 18 15:34:17 2022 Summary: Security update for java-11-openjdk Type: security Severity: moderate References: 1203476,1204468,1204471,1204472,1204473,1204475,1204480,1204523,CVE-2022-21618,CVE-2022-21619,CVE-2022-21624,CVE-2022-21626,CVE-2022-21628,CVE-2022-39399 This update for java-11-openjdk fixes the following issues: - Update to jdk-11.0.17+8 (October 2022 CPU) - CVE-2022-39399: Improve HTTP/2 client usage(bsc#1204480) - CVE-2022-21628: Better HttpServer service (bsc#1204472) - CVE-2022-21624: Enhance icon presentations (bsc#1204475) - CVE-2022-21619: Improve NTLM support (bsc#1204473) - CVE-2022-21626: Key X509 usages (bsc#1204471) - CVE-2022-21618: Wider MultiByte (bsc#1204468) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4081-1 Released: Fri Nov 18 15:40:46 2022 Summary: Security update for dpkg Type: security Severity: low References: 1199944,CVE-2022-1664 This update for dpkg fixes the following issues: - CVE-2022-1664: Fixed a directory traversal vulnerability in Dpkg::Source::Archive (bsc#1199944). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4135-1 Released: Mon Nov 21 00:13:40 2022 Summary: Recommended update for libeconf Type: recommended Severity: moderate References: 1198165 This update for libeconf fixes the following issues: - Update to version 0.4.6+git - econftool: Parsing error: Reporting file and line nr. --delimeters=spaces accepting all kind of spaces for delimiter. - libeconf: Parse files correctly on space characters (1198165) - Update to version 0.4.5+git - econftool: New call 'syntax' for checking the configuration files only. Returns an error string with line number if error. New options '--comment' and '--delimeters' ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4153-1 Released: Mon Nov 21 14:34:09 2022 Summary: Security update for krb5 Type: security Severity: important References: 1205126,CVE-2022-42898 This update for krb5 fixes the following issues: - CVE-2022-42898: Fixed integer overflow in PAC parsing (bsc#1205126). The following package changes have been done: - libeconf0-0.4.6+git20220427.3016f4e-150400.3.3.1 updated - krb5-1.19.2-150400.3.3.1 updated - timezone-2022f-150000.75.15.1 updated - update-alternatives-1.19.0.4-150000.4.4.1 updated - java-11-openjdk-headless-11.0.17.0-150000.3.86.2 updated - java-11-openjdk-11.0.17.0-150000.3.86.2 updated - java-11-openjdk-devel-11.0.17.0-150000.3.86.2 updated - jsoup-1.15.3-150200.3.9.1 updated - container:bci-openjdk-11-15.4-32.38 updated From sle-updates at lists.suse.com Wed Nov 23 09:34:51 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 23 Nov 2022 10:34:51 +0100 (CET) Subject: SUSE-CU-2022:3100-1: Security update of bci/openjdk Message-ID: <20221123093451.CD264F3CC@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3100-1 Container Tags : bci/openjdk:11 , bci/openjdk:11-32.38 , bci/openjdk:latest Container Release : 32.38 Severity : important Type : security References : 1198165 1205126 CVE-2022-42898 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4135-1 Released: Mon Nov 21 00:13:40 2022 Summary: Recommended update for libeconf Type: recommended Severity: moderate References: 1198165 This update for libeconf fixes the following issues: - Update to version 0.4.6+git - econftool: Parsing error: Reporting file and line nr. --delimeters=spaces accepting all kind of spaces for delimiter. - libeconf: Parse files correctly on space characters (1198165) - Update to version 0.4.5+git - econftool: New call 'syntax' for checking the configuration files only. Returns an error string with line number if error. New options '--comment' and '--delimeters' ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4153-1 Released: Mon Nov 21 14:34:09 2022 Summary: Security update for krb5 Type: security Severity: important References: 1205126,CVE-2022-42898 This update for krb5 fixes the following issues: - CVE-2022-42898: Fixed integer overflow in PAC parsing (bsc#1205126). The following package changes have been done: - libeconf0-0.4.6+git20220427.3016f4e-150400.3.3.1 updated - krb5-1.19.2-150400.3.3.1 updated - container:sles15-image-15.0.0-27.14.18 updated From sle-updates at lists.suse.com Wed Nov 23 09:37:37 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 23 Nov 2022 10:37:37 +0100 (CET) Subject: SUSE-CU-2022:3101-1: Security update of suse/pcp Message-ID: <20221123093737.6547AF3CC@maintenance.suse.de> SUSE Container Update Advisory: suse/pcp ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3101-1 Container Tags : suse/pcp:5 , suse/pcp:5.2 , suse/pcp:5.2.2 , suse/pcp:5.2.2-11.82 , suse/pcp:latest Container Release : 11.82 Severity : important Type : security References : 1198165 1205126 CVE-2022-42898 ----------------------------------------------------------------- The container suse/pcp was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4135-1 Released: Mon Nov 21 00:13:40 2022 Summary: Recommended update for libeconf Type: recommended Severity: moderate References: 1198165 This update for libeconf fixes the following issues: - Update to version 0.4.6+git - econftool: Parsing error: Reporting file and line nr. --delimeters=spaces accepting all kind of spaces for delimiter. - libeconf: Parse files correctly on space characters (1198165) - Update to version 0.4.5+git - econftool: New call 'syntax' for checking the configuration files only. Returns an error string with line number if error. New options '--comment' and '--delimeters' ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4153-1 Released: Mon Nov 21 14:34:09 2022 Summary: Security update for krb5 Type: security Severity: important References: 1205126,CVE-2022-42898 This update for krb5 fixes the following issues: - CVE-2022-42898: Fixed integer overflow in PAC parsing (bsc#1205126). The following package changes have been done: - libeconf0-0.4.6+git20220427.3016f4e-150400.3.3.1 updated - krb5-1.19.2-150400.3.3.1 updated - container:bci-bci-init-15.4-15.4-24.39 updated From sle-updates at lists.suse.com Wed Nov 23 09:39:17 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 23 Nov 2022 10:39:17 +0100 (CET) Subject: SUSE-CU-2022:3102-1: Security update of bci/python Message-ID: <20221123093917.0CA85F3CC@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3102-1 Container Tags : bci/python:3 , bci/python:3.10 , bci/python:3.10-7.35 , bci/python:latest Container Release : 7.35 Severity : important Type : security References : 1198165 1205126 CVE-2022-42898 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4135-1 Released: Mon Nov 21 00:13:40 2022 Summary: Recommended update for libeconf Type: recommended Severity: moderate References: 1198165 This update for libeconf fixes the following issues: - Update to version 0.4.6+git - econftool: Parsing error: Reporting file and line nr. --delimeters=spaces accepting all kind of spaces for delimiter. - libeconf: Parse files correctly on space characters (1198165) - Update to version 0.4.5+git - econftool: New call 'syntax' for checking the configuration files only. Returns an error string with line number if error. New options '--comment' and '--delimeters' ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4153-1 Released: Mon Nov 21 14:34:09 2022 Summary: Security update for krb5 Type: security Severity: important References: 1205126,CVE-2022-42898 This update for krb5 fixes the following issues: - CVE-2022-42898: Fixed integer overflow in PAC parsing (bsc#1205126). The following package changes have been done: - libeconf0-0.4.6+git20220427.3016f4e-150400.3.3.1 updated - krb5-1.19.2-150400.3.3.1 updated - container:sles15-image-15.0.0-27.14.18 updated From sle-updates at lists.suse.com Wed Nov 23 09:41:10 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 23 Nov 2022 10:41:10 +0100 (CET) Subject: SUSE-CU-2022:3103-1: Security update of bci/python Message-ID: <20221123094110.33227F3CC@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3103-1 Container Tags : bci/python:3 , bci/python:3.6 , bci/python:3.6-30.35 Container Release : 30.35 Severity : important Type : security References : 1198165 1205126 CVE-2022-42898 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4135-1 Released: Mon Nov 21 00:13:40 2022 Summary: Recommended update for libeconf Type: recommended Severity: moderate References: 1198165 This update for libeconf fixes the following issues: - Update to version 0.4.6+git - econftool: Parsing error: Reporting file and line nr. --delimeters=spaces accepting all kind of spaces for delimiter. - libeconf: Parse files correctly on space characters (1198165) - Update to version 0.4.5+git - econftool: New call 'syntax' for checking the configuration files only. Returns an error string with line number if error. New options '--comment' and '--delimeters' ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4153-1 Released: Mon Nov 21 14:34:09 2022 Summary: Security update for krb5 Type: security Severity: important References: 1205126,CVE-2022-42898 This update for krb5 fixes the following issues: - CVE-2022-42898: Fixed integer overflow in PAC parsing (bsc#1205126). The following package changes have been done: - libeconf0-0.4.6+git20220427.3016f4e-150400.3.3.1 updated - krb5-1.19.2-150400.3.3.1 updated - container:sles15-image-15.0.0-27.14.18 updated From sle-updates at lists.suse.com Wed Nov 23 09:44:22 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 23 Nov 2022 10:44:22 +0100 (CET) Subject: SUSE-CU-2022:3104-1: Security update of bci/ruby Message-ID: <20221123094422.98003F3CC@maintenance.suse.de> SUSE Container Update Advisory: bci/ruby ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3104-1 Container Tags : bci/ruby:2 , bci/ruby:2.5 , bci/ruby:2.5-31.32 , bci/ruby:latest Container Release : 31.32 Severity : important Type : security References : 1142579 1185597 1185712 1188374 1191473 1193929 1194783 1197592 1198165 1198237 1202816 1202966 1202967 1202969 1205126 CVE-2019-1010204 CVE-2021-3530 CVE-2021-3648 CVE-2021-3826 CVE-2021-45078 CVE-2021-46195 CVE-2022-27943 CVE-2022-38126 CVE-2022-38127 CVE-2022-38533 CVE-2022-42898 ----------------------------------------------------------------- The container bci/ruby was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4135-1 Released: Mon Nov 21 00:13:40 2022 Summary: Recommended update for libeconf Type: recommended Severity: moderate References: 1198165 This update for libeconf fixes the following issues: - Update to version 0.4.6+git - econftool: Parsing error: Reporting file and line nr. --delimeters=spaces accepting all kind of spaces for delimiter. - libeconf: Parse files correctly on space characters (1198165) - Update to version 0.4.5+git - econftool: New call 'syntax' for checking the configuration files only. Returns an error string with line number if error. New options '--comment' and '--delimeters' ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4146-1 Released: Mon Nov 21 09:56:12 2022 Summary: Security update for binutils Type: security Severity: moderate References: 1142579,1185597,1185712,1188374,1191473,1193929,1194783,1197592,1198237,1202816,1202966,1202967,1202969,CVE-2019-1010204,CVE-2021-3530,CVE-2021-3648,CVE-2021-3826,CVE-2021-45078,CVE-2021-46195,CVE-2022-27943,CVE-2022-38126,CVE-2022-38127,CVE-2022-38533 This update for binutils fixes the following issues: The following security bugs were fixed: - CVE-2019-1010204: Fixed out-of-bounds read in elfcpp/elfcpp_file.h (bsc#1142579). - CVE-2021-3530: Fixed stack-based buffer overflow in demangle_path() in rust-demangle.c (bsc#1185597). - CVE-2021-3648: Fixed infinite loop while demangling rust symbols (bsc#1188374). - CVE-2021-3826: Fixed heap/stack buffer overflow in the dlang_lname function in d-demangle.c (bsc#1202969). - CVE-2021-45078: Fixed out-of-bounds write in stab_xcoff_builtin_type() in stabs.c (bsc#1193929). - CVE-2021-46195: Fixed uncontrolled recursion in libiberty/rust-demangle.c (bsc#1194783). - CVE-2022-27943: Fixed stack exhaustion in demangle_const in (bsc#1197592). - CVE-2022-38126: Fixed assertion fail in the display_debug_names() function in binutils/dwarf.c (bsc#1202966). - CVE-2022-38127: Fixed NULL pointer dereference in the read_and_display_attr_value() function in binutils/dwarf.c (bsc#1202967). - CVE-2022-38533: Fixed heap out-of-bounds read in bfd_getl32 (bsc#1202816). The following non-security bugs were fixed: - SLE toolchain update of binutils, update to 2.39 from 2.37. - Update to 2.39: * The ELF linker will now generate a warning message if the stack is made executable. Similarly it will warn if the output binary contains a segment with all three of the read, write and execute permission bits set. These warnings are intended to help developers identify programs which might be vulnerable to attack via these executable memory regions. The warnings are enabled by default but can be disabled via a command line option. It is also possible to build a linker with the warnings disabled, should that be necessary. * The ELF linker now supports a --package-metadata option that allows embedding a JSON payload in accordance to the Package Metadata specification. * In linker scripts it is now possible to use TYPE= in an output section description to set the section type value. * The objdump program now supports coloured/colored syntax highlighting of its disassembler output for some architectures. (Currently: AVR, RiscV, s390, x86, x86_64). * The nm program now supports a --no-weak/-W option to make it ignore weak symbols. * The readelf and objdump programs now support a -wE option to prevent them from attempting to access debuginfod servers when following links. * The objcopy program's --weaken, --weaken-symbol, and --weaken-symbols options now works with unique symbols as well. - Update to 2.38: * elfedit: Add --output-abiversion option to update ABIVERSION. * Add support for the LoongArch instruction set. * Tools which display symbols or strings (readelf, strings, nm, objdump) have a new command line option which controls how unicode characters are handled. By default they are treated as normal for the tool. Using --unicode=locale will display them according to the current locale. Using --unicode=hex will display them as hex byte values, whilst --unicode=escape will display them as escape sequences. In addition using --unicode=highlight will display them as unicode escape sequences highlighted in red (if supported by the output device). * readelf -r dumps RELR relative relocations now. * Support for efi-app-aarch64, efi-rtdrv-aarch64 and efi-bsdrv-aarch64 has been added to objcopy in order to enable UEFI development using binutils. * ar: Add --thin for creating thin archives. -T is a deprecated alias without diagnostics. In many ar implementations -T has a different meaning, as specified by X/Open System Interface. * Add support for AArch64 system registers that were missing in previous releases. * Add support for the LoongArch instruction set. * Add a command-line option, -muse-unaligned-vector-move, for x86 target to encode aligned vector move as unaligned vector move. * Add support for Cortex-R52+ for Arm. * Add support for Cortex-A510, Cortex-A710, Cortex-X2 for AArch64. * Add support for Cortex-A710 for Arm. * Add support for Scalable Matrix Extension (SME) for AArch64. * The --multibyte-handling=[allow|warn|warn-sym-only] option tells the assembler what to when it encoutners multibyte characters in the input. The default is to allow them. Setting the option to 'warn' will generate a warning message whenever any multibyte character is encountered. Using the option to 'warn-sym-only' will make the assembler generate a warning whenever a symbol is defined containing multibyte characters. (References to undefined symbols will not generate warnings). * Outputs of .ds.x directive and .tfloat directive with hex input from x86 assembler have been reduced from 12 bytes to 10 bytes to match the output of .tfloat directive. * Add support for 'armv8.8-a', 'armv9-a', 'armv9.1-a', 'armv9.2-a' and 'armv9.3-a' for -march in AArch64 GAS. * Add support for 'armv8.7-a', 'armv8.8-a', 'armv9-a', 'armv9.1-a', 'armv9.2-a' and 'armv9.3-a' for -march in Arm GAS. * Add support for Intel AVX512_FP16 instructions. * Add -z pack-relative-relocs/-z no pack-relative-relocs to x86 ELF linker to pack relative relocations in the DT_RELR section. * Add support for the LoongArch architecture. * Add -z indirect-extern-access/-z noindirect-extern-access to x86 ELF linker to control canonical function pointers and copy relocation. * Add --max-cache-size=SIZE to set the the maximum cache size to SIZE bytes. - Explicitly enable --enable-warn-execstack=yes and --enable-warn-rwx-segments=yes. - Add gprofng subpackage. - Include recognition of 'z16' name for 'arch14' on s390. (bsc#1198237). - Add back fix for bsc#1191473, which got lost in the update to 2.38. - Install symlinks for all target specific tools on arm-eabi-none (bsc#1185712). - Enable PRU architecture for AM335x CPU (Beagle Bone Black board) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4153-1 Released: Mon Nov 21 14:34:09 2022 Summary: Security update for krb5 Type: security Severity: important References: 1205126,CVE-2022-42898 This update for krb5 fixes the following issues: - CVE-2022-42898: Fixed integer overflow in PAC parsing (bsc#1205126). The following package changes have been done: - libeconf0-0.4.6+git20220427.3016f4e-150400.3.3.1 updated - krb5-1.19.2-150400.3.3.1 updated - libctf-nobfd0-2.39-150100.7.40.1 updated - libctf0-2.39-150100.7.40.1 updated - binutils-2.39-150100.7.40.1 updated - container:sles15-image-15.0.0-27.14.18 updated From sle-updates at lists.suse.com Wed Nov 23 09:46:14 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 23 Nov 2022 10:46:14 +0100 (CET) Subject: SUSE-CU-2022:3105-1: Security update of bci/rust Message-ID: <20221123094614.59FB8F3E2@maintenance.suse.de> SUSE Container Update Advisory: bci/rust ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3105-1 Container Tags : bci/rust:1.60 , bci/rust:1.60-6.39 Container Release : 6.39 Severity : important Type : security References : 1142579 1185597 1185712 1188374 1191473 1193929 1194783 1197592 1198165 1198237 1202816 1202966 1202967 1202969 1205126 CVE-2019-1010204 CVE-2021-3530 CVE-2021-3648 CVE-2021-3826 CVE-2021-45078 CVE-2021-46195 CVE-2022-27943 CVE-2022-38126 CVE-2022-38127 CVE-2022-38533 CVE-2022-42898 ----------------------------------------------------------------- The container bci/rust was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4135-1 Released: Mon Nov 21 00:13:40 2022 Summary: Recommended update for libeconf Type: recommended Severity: moderate References: 1198165 This update for libeconf fixes the following issues: - Update to version 0.4.6+git - econftool: Parsing error: Reporting file and line nr. --delimeters=spaces accepting all kind of spaces for delimiter. - libeconf: Parse files correctly on space characters (1198165) - Update to version 0.4.5+git - econftool: New call 'syntax' for checking the configuration files only. Returns an error string with line number if error. New options '--comment' and '--delimeters' ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4146-1 Released: Mon Nov 21 09:56:12 2022 Summary: Security update for binutils Type: security Severity: moderate References: 1142579,1185597,1185712,1188374,1191473,1193929,1194783,1197592,1198237,1202816,1202966,1202967,1202969,CVE-2019-1010204,CVE-2021-3530,CVE-2021-3648,CVE-2021-3826,CVE-2021-45078,CVE-2021-46195,CVE-2022-27943,CVE-2022-38126,CVE-2022-38127,CVE-2022-38533 This update for binutils fixes the following issues: The following security bugs were fixed: - CVE-2019-1010204: Fixed out-of-bounds read in elfcpp/elfcpp_file.h (bsc#1142579). - CVE-2021-3530: Fixed stack-based buffer overflow in demangle_path() in rust-demangle.c (bsc#1185597). - CVE-2021-3648: Fixed infinite loop while demangling rust symbols (bsc#1188374). - CVE-2021-3826: Fixed heap/stack buffer overflow in the dlang_lname function in d-demangle.c (bsc#1202969). - CVE-2021-45078: Fixed out-of-bounds write in stab_xcoff_builtin_type() in stabs.c (bsc#1193929). - CVE-2021-46195: Fixed uncontrolled recursion in libiberty/rust-demangle.c (bsc#1194783). - CVE-2022-27943: Fixed stack exhaustion in demangle_const in (bsc#1197592). - CVE-2022-38126: Fixed assertion fail in the display_debug_names() function in binutils/dwarf.c (bsc#1202966). - CVE-2022-38127: Fixed NULL pointer dereference in the read_and_display_attr_value() function in binutils/dwarf.c (bsc#1202967). - CVE-2022-38533: Fixed heap out-of-bounds read in bfd_getl32 (bsc#1202816). The following non-security bugs were fixed: - SLE toolchain update of binutils, update to 2.39 from 2.37. - Update to 2.39: * The ELF linker will now generate a warning message if the stack is made executable. Similarly it will warn if the output binary contains a segment with all three of the read, write and execute permission bits set. These warnings are intended to help developers identify programs which might be vulnerable to attack via these executable memory regions. The warnings are enabled by default but can be disabled via a command line option. It is also possible to build a linker with the warnings disabled, should that be necessary. * The ELF linker now supports a --package-metadata option that allows embedding a JSON payload in accordance to the Package Metadata specification. * In linker scripts it is now possible to use TYPE= in an output section description to set the section type value. * The objdump program now supports coloured/colored syntax highlighting of its disassembler output for some architectures. (Currently: AVR, RiscV, s390, x86, x86_64). * The nm program now supports a --no-weak/-W option to make it ignore weak symbols. * The readelf and objdump programs now support a -wE option to prevent them from attempting to access debuginfod servers when following links. * The objcopy program's --weaken, --weaken-symbol, and --weaken-symbols options now works with unique symbols as well. - Update to 2.38: * elfedit: Add --output-abiversion option to update ABIVERSION. * Add support for the LoongArch instruction set. * Tools which display symbols or strings (readelf, strings, nm, objdump) have a new command line option which controls how unicode characters are handled. By default they are treated as normal for the tool. Using --unicode=locale will display them according to the current locale. Using --unicode=hex will display them as hex byte values, whilst --unicode=escape will display them as escape sequences. In addition using --unicode=highlight will display them as unicode escape sequences highlighted in red (if supported by the output device). * readelf -r dumps RELR relative relocations now. * Support for efi-app-aarch64, efi-rtdrv-aarch64 and efi-bsdrv-aarch64 has been added to objcopy in order to enable UEFI development using binutils. * ar: Add --thin for creating thin archives. -T is a deprecated alias without diagnostics. In many ar implementations -T has a different meaning, as specified by X/Open System Interface. * Add support for AArch64 system registers that were missing in previous releases. * Add support for the LoongArch instruction set. * Add a command-line option, -muse-unaligned-vector-move, for x86 target to encode aligned vector move as unaligned vector move. * Add support for Cortex-R52+ for Arm. * Add support for Cortex-A510, Cortex-A710, Cortex-X2 for AArch64. * Add support for Cortex-A710 for Arm. * Add support for Scalable Matrix Extension (SME) for AArch64. * The --multibyte-handling=[allow|warn|warn-sym-only] option tells the assembler what to when it encoutners multibyte characters in the input. The default is to allow them. Setting the option to 'warn' will generate a warning message whenever any multibyte character is encountered. Using the option to 'warn-sym-only' will make the assembler generate a warning whenever a symbol is defined containing multibyte characters. (References to undefined symbols will not generate warnings). * Outputs of .ds.x directive and .tfloat directive with hex input from x86 assembler have been reduced from 12 bytes to 10 bytes to match the output of .tfloat directive. * Add support for 'armv8.8-a', 'armv9-a', 'armv9.1-a', 'armv9.2-a' and 'armv9.3-a' for -march in AArch64 GAS. * Add support for 'armv8.7-a', 'armv8.8-a', 'armv9-a', 'armv9.1-a', 'armv9.2-a' and 'armv9.3-a' for -march in Arm GAS. * Add support for Intel AVX512_FP16 instructions. * Add -z pack-relative-relocs/-z no pack-relative-relocs to x86 ELF linker to pack relative relocations in the DT_RELR section. * Add support for the LoongArch architecture. * Add -z indirect-extern-access/-z noindirect-extern-access to x86 ELF linker to control canonical function pointers and copy relocation. * Add --max-cache-size=SIZE to set the the maximum cache size to SIZE bytes. - Explicitly enable --enable-warn-execstack=yes and --enable-warn-rwx-segments=yes. - Add gprofng subpackage. - Include recognition of 'z16' name for 'arch14' on s390. (bsc#1198237). - Add back fix for bsc#1191473, which got lost in the update to 2.38. - Install symlinks for all target specific tools on arm-eabi-none (bsc#1185712). - Enable PRU architecture for AM335x CPU (Beagle Bone Black board) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4153-1 Released: Mon Nov 21 14:34:09 2022 Summary: Security update for krb5 Type: security Severity: important References: 1205126,CVE-2022-42898 This update for krb5 fixes the following issues: - CVE-2022-42898: Fixed integer overflow in PAC parsing (bsc#1205126). The following package changes have been done: - libeconf0-0.4.6+git20220427.3016f4e-150400.3.3.1 updated - krb5-1.19.2-150400.3.3.1 updated - libctf-nobfd0-2.39-150100.7.40.1 updated - libctf0-2.39-150100.7.40.1 updated - binutils-2.39-150100.7.40.1 updated - container:sles15-image-15.0.0-27.14.18 updated From sle-updates at lists.suse.com Wed Nov 23 09:47:00 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 23 Nov 2022 10:47:00 +0100 (CET) Subject: SUSE-CU-2022:3106-1: Security update of bci/rust Message-ID: <20221123094700.C13F6F3E2@maintenance.suse.de> SUSE Container Update Advisory: bci/rust ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3106-1 Container Tags : bci/rust:1.63 , bci/rust:1.63-4.15 Container Release : 4.15 Severity : important Type : security References : 1142579 1185597 1185712 1188374 1191473 1193929 1194783 1197592 1198165 1198237 1202816 1202966 1202967 1202969 1205126 CVE-2019-1010204 CVE-2021-3530 CVE-2021-3648 CVE-2021-3826 CVE-2021-45078 CVE-2021-46195 CVE-2022-27943 CVE-2022-38126 CVE-2022-38127 CVE-2022-38533 CVE-2022-42898 ----------------------------------------------------------------- The container bci/rust was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4135-1 Released: Mon Nov 21 00:13:40 2022 Summary: Recommended update for libeconf Type: recommended Severity: moderate References: 1198165 This update for libeconf fixes the following issues: - Update to version 0.4.6+git - econftool: Parsing error: Reporting file and line nr. --delimeters=spaces accepting all kind of spaces for delimiter. - libeconf: Parse files correctly on space characters (1198165) - Update to version 0.4.5+git - econftool: New call 'syntax' for checking the configuration files only. Returns an error string with line number if error. New options '--comment' and '--delimeters' ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4146-1 Released: Mon Nov 21 09:56:12 2022 Summary: Security update for binutils Type: security Severity: moderate References: 1142579,1185597,1185712,1188374,1191473,1193929,1194783,1197592,1198237,1202816,1202966,1202967,1202969,CVE-2019-1010204,CVE-2021-3530,CVE-2021-3648,CVE-2021-3826,CVE-2021-45078,CVE-2021-46195,CVE-2022-27943,CVE-2022-38126,CVE-2022-38127,CVE-2022-38533 This update for binutils fixes the following issues: The following security bugs were fixed: - CVE-2019-1010204: Fixed out-of-bounds read in elfcpp/elfcpp_file.h (bsc#1142579). - CVE-2021-3530: Fixed stack-based buffer overflow in demangle_path() in rust-demangle.c (bsc#1185597). - CVE-2021-3648: Fixed infinite loop while demangling rust symbols (bsc#1188374). - CVE-2021-3826: Fixed heap/stack buffer overflow in the dlang_lname function in d-demangle.c (bsc#1202969). - CVE-2021-45078: Fixed out-of-bounds write in stab_xcoff_builtin_type() in stabs.c (bsc#1193929). - CVE-2021-46195: Fixed uncontrolled recursion in libiberty/rust-demangle.c (bsc#1194783). - CVE-2022-27943: Fixed stack exhaustion in demangle_const in (bsc#1197592). - CVE-2022-38126: Fixed assertion fail in the display_debug_names() function in binutils/dwarf.c (bsc#1202966). - CVE-2022-38127: Fixed NULL pointer dereference in the read_and_display_attr_value() function in binutils/dwarf.c (bsc#1202967). - CVE-2022-38533: Fixed heap out-of-bounds read in bfd_getl32 (bsc#1202816). The following non-security bugs were fixed: - SLE toolchain update of binutils, update to 2.39 from 2.37. - Update to 2.39: * The ELF linker will now generate a warning message if the stack is made executable. Similarly it will warn if the output binary contains a segment with all three of the read, write and execute permission bits set. These warnings are intended to help developers identify programs which might be vulnerable to attack via these executable memory regions. The warnings are enabled by default but can be disabled via a command line option. It is also possible to build a linker with the warnings disabled, should that be necessary. * The ELF linker now supports a --package-metadata option that allows embedding a JSON payload in accordance to the Package Metadata specification. * In linker scripts it is now possible to use TYPE= in an output section description to set the section type value. * The objdump program now supports coloured/colored syntax highlighting of its disassembler output for some architectures. (Currently: AVR, RiscV, s390, x86, x86_64). * The nm program now supports a --no-weak/-W option to make it ignore weak symbols. * The readelf and objdump programs now support a -wE option to prevent them from attempting to access debuginfod servers when following links. * The objcopy program's --weaken, --weaken-symbol, and --weaken-symbols options now works with unique symbols as well. - Update to 2.38: * elfedit: Add --output-abiversion option to update ABIVERSION. * Add support for the LoongArch instruction set. * Tools which display symbols or strings (readelf, strings, nm, objdump) have a new command line option which controls how unicode characters are handled. By default they are treated as normal for the tool. Using --unicode=locale will display them according to the current locale. Using --unicode=hex will display them as hex byte values, whilst --unicode=escape will display them as escape sequences. In addition using --unicode=highlight will display them as unicode escape sequences highlighted in red (if supported by the output device). * readelf -r dumps RELR relative relocations now. * Support for efi-app-aarch64, efi-rtdrv-aarch64 and efi-bsdrv-aarch64 has been added to objcopy in order to enable UEFI development using binutils. * ar: Add --thin for creating thin archives. -T is a deprecated alias without diagnostics. In many ar implementations -T has a different meaning, as specified by X/Open System Interface. * Add support for AArch64 system registers that were missing in previous releases. * Add support for the LoongArch instruction set. * Add a command-line option, -muse-unaligned-vector-move, for x86 target to encode aligned vector move as unaligned vector move. * Add support for Cortex-R52+ for Arm. * Add support for Cortex-A510, Cortex-A710, Cortex-X2 for AArch64. * Add support for Cortex-A710 for Arm. * Add support for Scalable Matrix Extension (SME) for AArch64. * The --multibyte-handling=[allow|warn|warn-sym-only] option tells the assembler what to when it encoutners multibyte characters in the input. The default is to allow them. Setting the option to 'warn' will generate a warning message whenever any multibyte character is encountered. Using the option to 'warn-sym-only' will make the assembler generate a warning whenever a symbol is defined containing multibyte characters. (References to undefined symbols will not generate warnings). * Outputs of .ds.x directive and .tfloat directive with hex input from x86 assembler have been reduced from 12 bytes to 10 bytes to match the output of .tfloat directive. * Add support for 'armv8.8-a', 'armv9-a', 'armv9.1-a', 'armv9.2-a' and 'armv9.3-a' for -march in AArch64 GAS. * Add support for 'armv8.7-a', 'armv8.8-a', 'armv9-a', 'armv9.1-a', 'armv9.2-a' and 'armv9.3-a' for -march in Arm GAS. * Add support for Intel AVX512_FP16 instructions. * Add -z pack-relative-relocs/-z no pack-relative-relocs to x86 ELF linker to pack relative relocations in the DT_RELR section. * Add support for the LoongArch architecture. * Add -z indirect-extern-access/-z noindirect-extern-access to x86 ELF linker to control canonical function pointers and copy relocation. * Add --max-cache-size=SIZE to set the the maximum cache size to SIZE bytes. - Explicitly enable --enable-warn-execstack=yes and --enable-warn-rwx-segments=yes. - Add gprofng subpackage. - Include recognition of 'z16' name for 'arch14' on s390. (bsc#1198237). - Add back fix for bsc#1191473, which got lost in the update to 2.38. - Install symlinks for all target specific tools on arm-eabi-none (bsc#1185712). - Enable PRU architecture for AM335x CPU (Beagle Bone Black board) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4153-1 Released: Mon Nov 21 14:34:09 2022 Summary: Security update for krb5 Type: security Severity: important References: 1205126,CVE-2022-42898 This update for krb5 fixes the following issues: - CVE-2022-42898: Fixed integer overflow in PAC parsing (bsc#1205126). The following package changes have been done: - libeconf0-0.4.6+git20220427.3016f4e-150400.3.3.1 updated - krb5-1.19.2-150400.3.3.1 updated - libctf-nobfd0-2.39-150100.7.40.1 updated - libctf0-2.39-150100.7.40.1 updated - binutils-2.39-150100.7.40.1 updated - container:sles15-image-15.0.0-27.14.18 updated From sle-updates at lists.suse.com Wed Nov 23 09:47:16 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 23 Nov 2022 10:47:16 +0100 (CET) Subject: SUSE-CU-2022:3107-1: Security update of bci/rust Message-ID: <20221123094716.96F70F3E2@maintenance.suse.de> SUSE Container Update Advisory: bci/rust ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3107-1 Container Tags : bci/rust:1.64 , bci/rust:1.64-2.15 , bci/rust:latest Container Release : 2.15 Severity : important Type : security References : 1142579 1185597 1185712 1188374 1191473 1193929 1194783 1197592 1198165 1198237 1202816 1202966 1202967 1202969 1205126 CVE-2019-1010204 CVE-2021-3530 CVE-2021-3648 CVE-2021-3826 CVE-2021-45078 CVE-2021-46195 CVE-2022-27943 CVE-2022-38126 CVE-2022-38127 CVE-2022-38533 CVE-2022-42898 ----------------------------------------------------------------- The container bci/rust was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4135-1 Released: Mon Nov 21 00:13:40 2022 Summary: Recommended update for libeconf Type: recommended Severity: moderate References: 1198165 This update for libeconf fixes the following issues: - Update to version 0.4.6+git - econftool: Parsing error: Reporting file and line nr. --delimeters=spaces accepting all kind of spaces for delimiter. - libeconf: Parse files correctly on space characters (1198165) - Update to version 0.4.5+git - econftool: New call 'syntax' for checking the configuration files only. Returns an error string with line number if error. New options '--comment' and '--delimeters' ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4146-1 Released: Mon Nov 21 09:56:12 2022 Summary: Security update for binutils Type: security Severity: moderate References: 1142579,1185597,1185712,1188374,1191473,1193929,1194783,1197592,1198237,1202816,1202966,1202967,1202969,CVE-2019-1010204,CVE-2021-3530,CVE-2021-3648,CVE-2021-3826,CVE-2021-45078,CVE-2021-46195,CVE-2022-27943,CVE-2022-38126,CVE-2022-38127,CVE-2022-38533 This update for binutils fixes the following issues: The following security bugs were fixed: - CVE-2019-1010204: Fixed out-of-bounds read in elfcpp/elfcpp_file.h (bsc#1142579). - CVE-2021-3530: Fixed stack-based buffer overflow in demangle_path() in rust-demangle.c (bsc#1185597). - CVE-2021-3648: Fixed infinite loop while demangling rust symbols (bsc#1188374). - CVE-2021-3826: Fixed heap/stack buffer overflow in the dlang_lname function in d-demangle.c (bsc#1202969). - CVE-2021-45078: Fixed out-of-bounds write in stab_xcoff_builtin_type() in stabs.c (bsc#1193929). - CVE-2021-46195: Fixed uncontrolled recursion in libiberty/rust-demangle.c (bsc#1194783). - CVE-2022-27943: Fixed stack exhaustion in demangle_const in (bsc#1197592). - CVE-2022-38126: Fixed assertion fail in the display_debug_names() function in binutils/dwarf.c (bsc#1202966). - CVE-2022-38127: Fixed NULL pointer dereference in the read_and_display_attr_value() function in binutils/dwarf.c (bsc#1202967). - CVE-2022-38533: Fixed heap out-of-bounds read in bfd_getl32 (bsc#1202816). The following non-security bugs were fixed: - SLE toolchain update of binutils, update to 2.39 from 2.37. - Update to 2.39: * The ELF linker will now generate a warning message if the stack is made executable. Similarly it will warn if the output binary contains a segment with all three of the read, write and execute permission bits set. These warnings are intended to help developers identify programs which might be vulnerable to attack via these executable memory regions. The warnings are enabled by default but can be disabled via a command line option. It is also possible to build a linker with the warnings disabled, should that be necessary. * The ELF linker now supports a --package-metadata option that allows embedding a JSON payload in accordance to the Package Metadata specification. * In linker scripts it is now possible to use TYPE= in an output section description to set the section type value. * The objdump program now supports coloured/colored syntax highlighting of its disassembler output for some architectures. (Currently: AVR, RiscV, s390, x86, x86_64). * The nm program now supports a --no-weak/-W option to make it ignore weak symbols. * The readelf and objdump programs now support a -wE option to prevent them from attempting to access debuginfod servers when following links. * The objcopy program's --weaken, --weaken-symbol, and --weaken-symbols options now works with unique symbols as well. - Update to 2.38: * elfedit: Add --output-abiversion option to update ABIVERSION. * Add support for the LoongArch instruction set. * Tools which display symbols or strings (readelf, strings, nm, objdump) have a new command line option which controls how unicode characters are handled. By default they are treated as normal for the tool. Using --unicode=locale will display them according to the current locale. Using --unicode=hex will display them as hex byte values, whilst --unicode=escape will display them as escape sequences. In addition using --unicode=highlight will display them as unicode escape sequences highlighted in red (if supported by the output device). * readelf -r dumps RELR relative relocations now. * Support for efi-app-aarch64, efi-rtdrv-aarch64 and efi-bsdrv-aarch64 has been added to objcopy in order to enable UEFI development using binutils. * ar: Add --thin for creating thin archives. -T is a deprecated alias without diagnostics. In many ar implementations -T has a different meaning, as specified by X/Open System Interface. * Add support for AArch64 system registers that were missing in previous releases. * Add support for the LoongArch instruction set. * Add a command-line option, -muse-unaligned-vector-move, for x86 target to encode aligned vector move as unaligned vector move. * Add support for Cortex-R52+ for Arm. * Add support for Cortex-A510, Cortex-A710, Cortex-X2 for AArch64. * Add support for Cortex-A710 for Arm. * Add support for Scalable Matrix Extension (SME) for AArch64. * The --multibyte-handling=[allow|warn|warn-sym-only] option tells the assembler what to when it encoutners multibyte characters in the input. The default is to allow them. Setting the option to 'warn' will generate a warning message whenever any multibyte character is encountered. Using the option to 'warn-sym-only' will make the assembler generate a warning whenever a symbol is defined containing multibyte characters. (References to undefined symbols will not generate warnings). * Outputs of .ds.x directive and .tfloat directive with hex input from x86 assembler have been reduced from 12 bytes to 10 bytes to match the output of .tfloat directive. * Add support for 'armv8.8-a', 'armv9-a', 'armv9.1-a', 'armv9.2-a' and 'armv9.3-a' for -march in AArch64 GAS. * Add support for 'armv8.7-a', 'armv8.8-a', 'armv9-a', 'armv9.1-a', 'armv9.2-a' and 'armv9.3-a' for -march in Arm GAS. * Add support for Intel AVX512_FP16 instructions. * Add -z pack-relative-relocs/-z no pack-relative-relocs to x86 ELF linker to pack relative relocations in the DT_RELR section. * Add support for the LoongArch architecture. * Add -z indirect-extern-access/-z noindirect-extern-access to x86 ELF linker to control canonical function pointers and copy relocation. * Add --max-cache-size=SIZE to set the the maximum cache size to SIZE bytes. - Explicitly enable --enable-warn-execstack=yes and --enable-warn-rwx-segments=yes. - Add gprofng subpackage. - Include recognition of 'z16' name for 'arch14' on s390. (bsc#1198237). - Add back fix for bsc#1191473, which got lost in the update to 2.38. - Install symlinks for all target specific tools on arm-eabi-none (bsc#1185712). - Enable PRU architecture for AM335x CPU (Beagle Bone Black board) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4153-1 Released: Mon Nov 21 14:34:09 2022 Summary: Security update for krb5 Type: security Severity: important References: 1205126,CVE-2022-42898 This update for krb5 fixes the following issues: - CVE-2022-42898: Fixed integer overflow in PAC parsing (bsc#1205126). The following package changes have been done: - libeconf0-0.4.6+git20220427.3016f4e-150400.3.3.1 updated - krb5-1.19.2-150400.3.3.1 updated - libctf-nobfd0-2.39-150100.7.40.1 updated - libctf0-2.39-150100.7.40.1 updated - binutils-2.39-150100.7.40.1 updated - container:sles15-image-15.0.0-27.14.18 updated From sle-updates at lists.suse.com Wed Nov 23 09:49:04 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 23 Nov 2022 10:49:04 +0100 (CET) Subject: SUSE-CU-2022:3108-1: Security update of suse/sle15 Message-ID: <20221123094904.253C9F3CC@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3108-1 Container Tags : bci/bci-base:15.4 , bci/bci-base:15.4.27.14.18 , suse/sle15:15.4 , suse/sle15:15.4.27.14.18 Container Release : 27.14.18 Severity : important Type : security References : 1205126 CVE-2022-42898 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4153-1 Released: Mon Nov 21 14:34:09 2022 Summary: Security update for krb5 Type: security Severity: important References: 1205126,CVE-2022-42898 This update for krb5 fixes the following issues: - CVE-2022-42898: Fixed integer overflow in PAC parsing (bsc#1205126). The following package changes have been done: - krb5-1.19.2-150400.3.3.1 updated From sle-updates at lists.suse.com Wed Nov 23 14:20:37 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 23 Nov 2022 15:20:37 +0100 (CET) Subject: SUSE-RU-2022:4190-1: moderate: Recommended update for libica Message-ID: <20221123142037.4C4A2F3E2@maintenance.suse.de> SUSE Recommended Update: Recommended update for libica ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:4190-1 Rating: moderate References: #1204620 Affected Products: SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for libica fixes the following issues: - When running on a system that does not have a CCA card, libica must not send an ECC request to a crypto accelerator card. (bsc#1204620) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-4190=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-4190=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (s390x): libica-debugsource-3.5.0-3.3.1 libica-devel-3.5.0-3.3.1 libica-devel-static-3.5.0-3.3.1 - SUSE Linux Enterprise Server 12-SP5 (s390x): libica-debugsource-3.5.0-3.3.1 libica-tools-3.5.0-3.3.1 libica-tools-debuginfo-3.5.0-3.3.1 libica3-3.5.0-3.3.1 libica3-32bit-3.5.0-3.3.1 libica3-debuginfo-3.5.0-3.3.1 libica3-debuginfo-32bit-3.5.0-3.3.1 References: https://bugzilla.suse.com/1204620 From sle-updates at lists.suse.com Wed Nov 23 14:21:10 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 23 Nov 2022 15:21:10 +0100 (CET) Subject: SUSE-SU-2022:4191-1: important: Security update for containerized-data-importer Message-ID: <20221123142110.55415F3E2@maintenance.suse.de> SUSE Security Update: Security update for containerized-data-importer ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:4191-1 Rating: important References: Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Micro 5.3 SUSE Linux Enterprise Module for Containers 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 openSUSE Leap Micro 5.3 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update rebuilds the current containeried data importer images against current base images, to fix security issues. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap Micro 5.3: zypper in -t patch openSUSE-Leap-Micro-5.3-2022-4191=1 - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-4191=1 - SUSE Linux Enterprise Module for Containers 15-SP4: zypper in -t patch SUSE-SLE-Module-Containers-15-SP4-2022-4191=1 - SUSE Linux Enterprise Micro 5.3: zypper in -t patch SUSE-SLE-Micro-5.3-2022-4191=1 Package List: - openSUSE Leap Micro 5.3 (x86_64): containerized-data-importer-manifests-1.51.0-150400.4.7.1 - openSUSE Leap 15.4 (x86_64): containerized-data-importer-api-1.51.0-150400.4.7.1 containerized-data-importer-api-debuginfo-1.51.0-150400.4.7.1 containerized-data-importer-cloner-1.51.0-150400.4.7.1 containerized-data-importer-cloner-debuginfo-1.51.0-150400.4.7.1 containerized-data-importer-controller-1.51.0-150400.4.7.1 containerized-data-importer-controller-debuginfo-1.51.0-150400.4.7.1 containerized-data-importer-importer-1.51.0-150400.4.7.1 containerized-data-importer-importer-debuginfo-1.51.0-150400.4.7.1 containerized-data-importer-manifests-1.51.0-150400.4.7.1 containerized-data-importer-operator-1.51.0-150400.4.7.1 containerized-data-importer-operator-debuginfo-1.51.0-150400.4.7.1 containerized-data-importer-uploadproxy-1.51.0-150400.4.7.1 containerized-data-importer-uploadproxy-debuginfo-1.51.0-150400.4.7.1 containerized-data-importer-uploadserver-1.51.0-150400.4.7.1 containerized-data-importer-uploadserver-debuginfo-1.51.0-150400.4.7.1 obs-service-cdi_containers_meta-1.51.0-150400.4.7.1 - SUSE Linux Enterprise Module for Containers 15-SP4 (x86_64): containerized-data-importer-manifests-1.51.0-150400.4.7.1 - SUSE Linux Enterprise Micro 5.3 (x86_64): containerized-data-importer-manifests-1.51.0-150400.4.7.1 References: From sle-updates at lists.suse.com Wed Nov 23 14:22:14 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 23 Nov 2022 15:22:14 +0100 (CET) Subject: SUSE-SU-2022:4192-1: important: Security update for nginx Message-ID: <20221123142214.85378F3E2@maintenance.suse.de> SUSE Security Update: Security update for nginx ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:4192-1 Rating: important References: #1187685 Cross-References: CVE-2021-3618 CVSS scores: CVE-2021-3618 (NVD) : 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N CVE-2021-3618 (SUSE): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N Affected Products: SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server for SAP 15 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for nginx fixes the following issues: - CVE-2021-3618: Fixed the ALPACA attack limiting the number of errors after which the connection is closed (bsc#1187685). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-4192=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2022-4192=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-4192=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-4192=1 Package List: - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): nginx-1.16.1-150000.3.18.1 nginx-debuginfo-1.16.1-150000.3.18.1 nginx-debugsource-1.16.1-150000.3.18.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): nginx-1.16.1-150000.3.18.1 nginx-debuginfo-1.16.1-150000.3.18.1 nginx-debugsource-1.16.1-150000.3.18.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): nginx-1.16.1-150000.3.18.1 nginx-debuginfo-1.16.1-150000.3.18.1 nginx-debugsource-1.16.1-150000.3.18.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): nginx-1.16.1-150000.3.18.1 nginx-debuginfo-1.16.1-150000.3.18.1 nginx-debugsource-1.16.1-150000.3.18.1 References: https://www.suse.com/security/cve/CVE-2021-3618.html https://bugzilla.suse.com/1187685 From sle-updates at lists.suse.com Wed Nov 23 14:22:59 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 23 Nov 2022 15:22:59 +0100 (CET) Subject: SUSE-SU-2022:4194-1: important: Security update for ffmpeg-4 Message-ID: <20221123142259.A578CF3E2@maintenance.suse.de> SUSE Security Update: Security update for ffmpeg-4 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:4194-1 Rating: important References: #1205388 Cross-References: CVE-2022-3964 CVSS scores: CVE-2022-3964 (NVD) : 8.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H CVE-2022-3964 (SUSE): 7.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Desktop Applications 15-SP4 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Linux Enterprise Workstation Extension 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for ffmpeg-4 fixes the following issues: - CVE-2022-3964: Fixed out of bounds read in update_block_in_prev_frame() (bsc#1205388). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-4194=1 - SUSE Linux Enterprise Workstation Extension 15-SP4: zypper in -t patch SUSE-SLE-Product-WE-15-SP4-2022-4194=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2022-4194=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP4: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP4-2022-4194=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): ffmpeg-4-4.4-150400.3.5.1 ffmpeg-4-debuginfo-4.4-150400.3.5.1 ffmpeg-4-debugsource-4.4-150400.3.5.1 ffmpeg-4-libavcodec-devel-4.4-150400.3.5.1 ffmpeg-4-libavdevice-devel-4.4-150400.3.5.1 ffmpeg-4-libavfilter-devel-4.4-150400.3.5.1 ffmpeg-4-libavformat-devel-4.4-150400.3.5.1 ffmpeg-4-libavresample-devel-4.4-150400.3.5.1 ffmpeg-4-libavutil-devel-4.4-150400.3.5.1 ffmpeg-4-libpostproc-devel-4.4-150400.3.5.1 ffmpeg-4-libswresample-devel-4.4-150400.3.5.1 ffmpeg-4-libswscale-devel-4.4-150400.3.5.1 ffmpeg-4-private-devel-4.4-150400.3.5.1 libavcodec58_134-4.4-150400.3.5.1 libavcodec58_134-debuginfo-4.4-150400.3.5.1 libavdevice58_13-4.4-150400.3.5.1 libavdevice58_13-debuginfo-4.4-150400.3.5.1 libavfilter7_110-4.4-150400.3.5.1 libavfilter7_110-debuginfo-4.4-150400.3.5.1 libavformat58_76-4.4-150400.3.5.1 libavformat58_76-debuginfo-4.4-150400.3.5.1 libavresample4_0-4.4-150400.3.5.1 libavresample4_0-debuginfo-4.4-150400.3.5.1 libavutil56_70-4.4-150400.3.5.1 libavutil56_70-debuginfo-4.4-150400.3.5.1 libpostproc55_9-4.4-150400.3.5.1 libpostproc55_9-debuginfo-4.4-150400.3.5.1 libswresample3_9-4.4-150400.3.5.1 libswresample3_9-debuginfo-4.4-150400.3.5.1 libswscale5_9-4.4-150400.3.5.1 libswscale5_9-debuginfo-4.4-150400.3.5.1 - openSUSE Leap 15.4 (x86_64): libavcodec58_134-32bit-4.4-150400.3.5.1 libavcodec58_134-32bit-debuginfo-4.4-150400.3.5.1 libavdevice58_13-32bit-4.4-150400.3.5.1 libavdevice58_13-32bit-debuginfo-4.4-150400.3.5.1 libavfilter7_110-32bit-4.4-150400.3.5.1 libavfilter7_110-32bit-debuginfo-4.4-150400.3.5.1 libavformat58_76-32bit-4.4-150400.3.5.1 libavformat58_76-32bit-debuginfo-4.4-150400.3.5.1 libavresample4_0-32bit-4.4-150400.3.5.1 libavresample4_0-32bit-debuginfo-4.4-150400.3.5.1 libavutil56_70-32bit-4.4-150400.3.5.1 libavutil56_70-32bit-debuginfo-4.4-150400.3.5.1 libpostproc55_9-32bit-4.4-150400.3.5.1 libpostproc55_9-32bit-debuginfo-4.4-150400.3.5.1 libswresample3_9-32bit-4.4-150400.3.5.1 libswresample3_9-32bit-debuginfo-4.4-150400.3.5.1 libswscale5_9-32bit-4.4-150400.3.5.1 libswscale5_9-32bit-debuginfo-4.4-150400.3.5.1 - SUSE Linux Enterprise Workstation Extension 15-SP4 (x86_64): ffmpeg-4-debuginfo-4.4-150400.3.5.1 ffmpeg-4-debugsource-4.4-150400.3.5.1 libavformat58_76-4.4-150400.3.5.1 libavformat58_76-debuginfo-4.4-150400.3.5.1 libswscale5_9-4.4-150400.3.5.1 libswscale5_9-debuginfo-4.4-150400.3.5.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 (aarch64 ppc64le s390x x86_64): ffmpeg-4-debuginfo-4.4-150400.3.5.1 ffmpeg-4-debugsource-4.4-150400.3.5.1 libavformat58_76-4.4-150400.3.5.1 libavformat58_76-debuginfo-4.4-150400.3.5.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP4 (aarch64 ppc64le s390x x86_64): ffmpeg-4-debuginfo-4.4-150400.3.5.1 ffmpeg-4-debugsource-4.4-150400.3.5.1 libavcodec58_134-4.4-150400.3.5.1 libavcodec58_134-debuginfo-4.4-150400.3.5.1 libavutil56_70-4.4-150400.3.5.1 libavutil56_70-debuginfo-4.4-150400.3.5.1 libswresample3_9-4.4-150400.3.5.1 libswresample3_9-debuginfo-4.4-150400.3.5.1 References: https://www.suse.com/security/cve/CVE-2022-3964.html https://bugzilla.suse.com/1205388 From sle-updates at lists.suse.com Wed Nov 23 14:24:26 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 23 Nov 2022 15:24:26 +0100 (CET) Subject: SUSE-SU-2022:4193-1: important: Security update for tomcat Message-ID: <20221123142426.7DA1AF3E2@maintenance.suse.de> SUSE Security Update: Security update for tomcat ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:4193-1 Rating: important References: #1204918 Cross-References: CVE-2022-42252 CVSS scores: CVE-2022-42252 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVE-2022-42252 (SUSE): 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H Affected Products: SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Server 12-SP3-BCL ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for tomcat fixes the following issues: - CVE-2022-42252: Fixed a request smuggling (bsc#1204918). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2022-4193=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2022-4193=1 Package List: - SUSE Linux Enterprise Server 12-SP3-BCL (noarch): tomcat-8.0.53-29.57.1 tomcat-admin-webapps-8.0.53-29.57.1 tomcat-docs-webapp-8.0.53-29.57.1 tomcat-el-3_0-api-8.0.53-29.57.1 tomcat-javadoc-8.0.53-29.57.1 tomcat-jsp-2_3-api-8.0.53-29.57.1 tomcat-lib-8.0.53-29.57.1 tomcat-servlet-3_1-api-8.0.53-29.57.1 tomcat-webapps-8.0.53-29.57.1 - SUSE Linux Enterprise Server 12-SP2-BCL (noarch): tomcat-8.0.53-29.57.1 tomcat-admin-webapps-8.0.53-29.57.1 tomcat-docs-webapp-8.0.53-29.57.1 tomcat-el-3_0-api-8.0.53-29.57.1 tomcat-javadoc-8.0.53-29.57.1 tomcat-jsp-2_3-api-8.0.53-29.57.1 tomcat-lib-8.0.53-29.57.1 tomcat-servlet-3_1-api-8.0.53-29.57.1 tomcat-webapps-8.0.53-29.57.1 References: https://www.suse.com/security/cve/CVE-2022-42252.html https://bugzilla.suse.com/1204918 From sle-updates at lists.suse.com Wed Nov 23 14:25:06 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 23 Nov 2022 15:25:06 +0100 (CET) Subject: SUSE-RU-2022:4189-1: moderate: Recommended update for abseil-cpp Message-ID: <20221123142506.97DF1F3E2@maintenance.suse.de> SUSE Recommended Update: Recommended update for abseil-cpp ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:4189-1 Rating: moderate References: #1203378 #1203379 Affected Products: SUSE Enterprise Storage 7.1 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Linux Enterprise Workstation Extension 15-SP3 SUSE Linux Enterprise Workstation Extension 15-SP4 SUSE Manager Proxy 4.2 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.2 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.2 SUSE Manager Server 4.3 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for abseil-cpp fixes the following issues: - Adjust headers ABI info to fix linker error when using new compilers (bsc#1203378) - Do not make programs compiled with abseil require new-ish CPUs (bsc#1203379) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-4189=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-4189=1 - SUSE Linux Enterprise Workstation Extension 15-SP4: zypper in -t patch SUSE-SLE-Product-WE-15-SP4-2022-4189=1 - SUSE Linux Enterprise Workstation Extension 15-SP3: zypper in -t patch SUSE-SLE-Product-WE-15-SP3-2022-4189=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2022-4189=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP3-2022-4189=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): abseil-cpp-20211102.0-150300.7.6.1 abseil-cpp-debuginfo-20211102.0-150300.7.6.1 abseil-cpp-debugsource-20211102.0-150300.7.6.1 abseil-cpp-devel-20211102.0-150300.7.6.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): abseil-cpp-20211102.0-150300.7.6.1 abseil-cpp-debuginfo-20211102.0-150300.7.6.1 abseil-cpp-debugsource-20211102.0-150300.7.6.1 abseil-cpp-devel-20211102.0-150300.7.6.1 - SUSE Linux Enterprise Workstation Extension 15-SP4 (x86_64): abseil-cpp-20211102.0-150300.7.6.1 abseil-cpp-debuginfo-20211102.0-150300.7.6.1 abseil-cpp-debugsource-20211102.0-150300.7.6.1 abseil-cpp-devel-20211102.0-150300.7.6.1 - SUSE Linux Enterprise Workstation Extension 15-SP3 (x86_64): abseil-cpp-20211102.0-150300.7.6.1 abseil-cpp-debuginfo-20211102.0-150300.7.6.1 abseil-cpp-debugsource-20211102.0-150300.7.6.1 abseil-cpp-devel-20211102.0-150300.7.6.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 (aarch64 ppc64le s390x): abseil-cpp-20211102.0-150300.7.6.1 abseil-cpp-debuginfo-20211102.0-150300.7.6.1 abseil-cpp-debugsource-20211102.0-150300.7.6.1 abseil-cpp-devel-20211102.0-150300.7.6.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (aarch64 ppc64le s390x): abseil-cpp-20211102.0-150300.7.6.1 abseil-cpp-debuginfo-20211102.0-150300.7.6.1 abseil-cpp-debugsource-20211102.0-150300.7.6.1 abseil-cpp-devel-20211102.0-150300.7.6.1 References: https://bugzilla.suse.com/1203378 https://bugzilla.suse.com/1203379 From sle-updates at lists.suse.com Wed Nov 23 17:21:42 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 23 Nov 2022 18:21:42 +0100 (CET) Subject: SUSE-RU-2022:4198-1: moderate: Recommended update for rpm Message-ID: <20221123172142.6EA9FF3E2@maintenance.suse.de> SUSE Recommended Update: Recommended update for rpm ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:4198-1 Rating: moderate References: #1202750 Affected Products: SUSE Enterprise Storage 7.1 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Micro 5.3 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Module for Development Tools 15-SP3 SUSE Linux Enterprise Module for Development Tools 15-SP4 SUSE Linux Enterprise Module for Public Cloud 15-SP3 SUSE Linux Enterprise Module for Public Cloud 15-SP4 SUSE Linux Enterprise Module for Python2 15-SP3 SUSE Linux Enterprise Module for SUSE Manager Proxy 4.2 SUSE Linux Enterprise Module for SUSE Manager Proxy 4.3 SUSE Linux Enterprise Module for SUSE Manager Server 4.2 SUSE Linux Enterprise Module for SUSE Manager Server 4.3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.2 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.2 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.2 SUSE Manager Server 4.3 openSUSE Leap 15.3 openSUSE Leap 15.4 openSUSE Leap Micro 5.2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for rpm fixes the following issues: - Strip critical bit in signature subpackage parsing - No longer deadlock DNF after pubkey import (bsc#1202750) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap Micro 5.2: zypper in -t patch openSUSE-Leap-Micro-5.2-2022-4198=1 - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-4198=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-4198=1 - SUSE Linux Enterprise Module for SUSE Manager Server 4.3: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.3-2022-4198=1 - SUSE Linux Enterprise Module for SUSE Manager Server 4.2: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.2-2022-4198=1 - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.3: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Proxy-4.3-2022-4198=1 - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.2: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Proxy-4.2-2022-4198=1 - SUSE Linux Enterprise Module for Python2 15-SP3: zypper in -t patch SUSE-SLE-Module-Python2-15-SP3-2022-4198=1 - SUSE Linux Enterprise Module for Public Cloud 15-SP4: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP4-2022-4198=1 - SUSE Linux Enterprise Module for Public Cloud 15-SP3: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP3-2022-4198=1 - SUSE Linux Enterprise Module for Development Tools 15-SP4: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2022-4198=1 - SUSE Linux Enterprise Module for Development Tools 15-SP3: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2022-4198=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-4198=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-4198=1 - SUSE Linux Enterprise Micro 5.3: zypper in -t patch SUSE-SLE-Micro-5.3-2022-4198=1 - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-4198=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-4198=1 Package List: - openSUSE Leap Micro 5.2 (aarch64 x86_64): python-rpm-debugsource-4.14.3-150300.52.1 python3-rpm-4.14.3-150300.52.1 python3-rpm-debuginfo-4.14.3-150300.52.1 rpm-4.14.3-150300.52.1 rpm-debuginfo-4.14.3-150300.52.1 rpm-debugsource-4.14.3-150300.52.1 rpm-ndb-4.14.3-150300.52.1 rpm-ndb-debuginfo-4.14.3-150300.52.1 rpm-ndb-debugsource-4.14.3-150300.52.1 - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): python-rpm-debugsource-4.14.3-150300.52.1 python3-rpm-4.14.3-150300.52.1 python3-rpm-debuginfo-4.14.3-150300.52.1 rpm-4.14.3-150300.52.1 rpm-build-4.14.3-150300.52.1 rpm-build-debuginfo-4.14.3-150300.52.1 rpm-debuginfo-4.14.3-150300.52.1 rpm-debugsource-4.14.3-150300.52.1 rpm-devel-4.14.3-150300.52.1 rpm-ndb-4.14.3-150300.52.1 rpm-ndb-debuginfo-4.14.3-150300.52.1 rpm-ndb-debugsource-4.14.3-150300.52.1 - openSUSE Leap 15.4 (x86_64): rpm-32bit-4.14.3-150300.52.1 rpm-32bit-debuginfo-4.14.3-150300.52.1 rpm-ndb-32bit-4.14.3-150300.52.1 rpm-ndb-32bit-debuginfo-4.14.3-150300.52.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): python-rpm-debugsource-4.14.3-150300.52.1 python2-rpm-4.14.3-150300.52.1 python2-rpm-debuginfo-4.14.3-150300.52.1 python3-rpm-4.14.3-150300.52.1 python3-rpm-debuginfo-4.14.3-150300.52.1 rpm-4.14.3-150300.52.1 rpm-build-4.14.3-150300.52.1 rpm-build-debuginfo-4.14.3-150300.52.1 rpm-debuginfo-4.14.3-150300.52.1 rpm-debugsource-4.14.3-150300.52.1 rpm-devel-4.14.3-150300.52.1 rpm-ndb-4.14.3-150300.52.1 rpm-ndb-debuginfo-4.14.3-150300.52.1 rpm-ndb-debugsource-4.14.3-150300.52.1 - openSUSE Leap 15.3 (x86_64): rpm-32bit-4.14.3-150300.52.1 rpm-32bit-debuginfo-4.14.3-150300.52.1 rpm-ndb-32bit-4.14.3-150300.52.1 rpm-ndb-32bit-debuginfo-4.14.3-150300.52.1 - SUSE Linux Enterprise Module for SUSE Manager Server 4.3 (aarch64 ppc64le s390x x86_64): rpm-build-4.14.3-150300.52.1 rpm-build-debuginfo-4.14.3-150300.52.1 rpm-debuginfo-4.14.3-150300.52.1 rpm-debugsource-4.14.3-150300.52.1 - SUSE Linux Enterprise Module for SUSE Manager Server 4.2 (aarch64 ppc64le s390x x86_64): rpm-build-4.14.3-150300.52.1 rpm-build-debuginfo-4.14.3-150300.52.1 rpm-debuginfo-4.14.3-150300.52.1 rpm-debugsource-4.14.3-150300.52.1 - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.3 (aarch64 ppc64le s390x x86_64): rpm-build-4.14.3-150300.52.1 rpm-build-debuginfo-4.14.3-150300.52.1 rpm-debuginfo-4.14.3-150300.52.1 rpm-debugsource-4.14.3-150300.52.1 - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.2 (aarch64 ppc64le s390x x86_64): rpm-build-4.14.3-150300.52.1 rpm-build-debuginfo-4.14.3-150300.52.1 rpm-debuginfo-4.14.3-150300.52.1 rpm-debugsource-4.14.3-150300.52.1 - SUSE Linux Enterprise Module for Python2 15-SP3 (aarch64 ppc64le s390x x86_64): python-rpm-debugsource-4.14.3-150300.52.1 python2-rpm-4.14.3-150300.52.1 python2-rpm-debuginfo-4.14.3-150300.52.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP4 (aarch64 ppc64le s390x x86_64): rpm-ndb-4.14.3-150300.52.1 rpm-ndb-debuginfo-4.14.3-150300.52.1 rpm-ndb-debugsource-4.14.3-150300.52.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP3 (aarch64 ppc64le s390x x86_64): rpm-ndb-4.14.3-150300.52.1 rpm-ndb-debuginfo-4.14.3-150300.52.1 rpm-ndb-debugsource-4.14.3-150300.52.1 - SUSE Linux Enterprise Module for Development Tools 15-SP4 (aarch64 ppc64le s390x x86_64): rpm-build-4.14.3-150300.52.1 rpm-build-debuginfo-4.14.3-150300.52.1 rpm-debuginfo-4.14.3-150300.52.1 rpm-debugsource-4.14.3-150300.52.1 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 ppc64le s390x x86_64): rpm-build-4.14.3-150300.52.1 rpm-build-debuginfo-4.14.3-150300.52.1 rpm-debuginfo-4.14.3-150300.52.1 rpm-debugsource-4.14.3-150300.52.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): python-rpm-debugsource-4.14.3-150300.52.1 python3-rpm-4.14.3-150300.52.1 python3-rpm-debuginfo-4.14.3-150300.52.1 rpm-4.14.3-150300.52.1 rpm-debuginfo-4.14.3-150300.52.1 rpm-debugsource-4.14.3-150300.52.1 rpm-devel-4.14.3-150300.52.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (x86_64): rpm-32bit-4.14.3-150300.52.1 rpm-32bit-debuginfo-4.14.3-150300.52.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): python-rpm-debugsource-4.14.3-150300.52.1 python3-rpm-4.14.3-150300.52.1 python3-rpm-debuginfo-4.14.3-150300.52.1 rpm-4.14.3-150300.52.1 rpm-debuginfo-4.14.3-150300.52.1 rpm-debugsource-4.14.3-150300.52.1 rpm-devel-4.14.3-150300.52.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (x86_64): rpm-32bit-4.14.3-150300.52.1 rpm-32bit-debuginfo-4.14.3-150300.52.1 - SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64): python-rpm-debugsource-4.14.3-150300.52.1 python3-rpm-4.14.3-150300.52.1 python3-rpm-debuginfo-4.14.3-150300.52.1 rpm-4.14.3-150300.52.1 rpm-debuginfo-4.14.3-150300.52.1 rpm-debugsource-4.14.3-150300.52.1 rpm-ndb-4.14.3-150300.52.1 rpm-ndb-debuginfo-4.14.3-150300.52.1 rpm-ndb-debugsource-4.14.3-150300.52.1 - SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64): python-rpm-debugsource-4.14.3-150300.52.1 python3-rpm-4.14.3-150300.52.1 python3-rpm-debuginfo-4.14.3-150300.52.1 rpm-4.14.3-150300.52.1 rpm-debuginfo-4.14.3-150300.52.1 rpm-debugsource-4.14.3-150300.52.1 rpm-ndb-4.14.3-150300.52.1 rpm-ndb-debuginfo-4.14.3-150300.52.1 rpm-ndb-debugsource-4.14.3-150300.52.1 - SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64): python-rpm-debugsource-4.14.3-150300.52.1 python3-rpm-4.14.3-150300.52.1 python3-rpm-debuginfo-4.14.3-150300.52.1 rpm-4.14.3-150300.52.1 rpm-debuginfo-4.14.3-150300.52.1 rpm-debugsource-4.14.3-150300.52.1 References: https://bugzilla.suse.com/1202750 From sle-updates at lists.suse.com Wed Nov 23 17:23:05 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 23 Nov 2022 18:23:05 +0100 (CET) Subject: SUSE-SU-2022:4196-1: moderate: Security update for opensc Message-ID: <20221123172305.20FD8F3E2@maintenance.suse.de> SUSE Security Update: Security update for opensc ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:4196-1 Rating: moderate References: #1122756 Cross-References: CVE-2019-6502 CVSS scores: CVE-2019-6502 (NVD) : 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2019-6502 (SUSE): 4 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Affected Products: SUSE Enterprise Storage 7.1 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 openSUSE Leap Micro 5.2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for opensc fixes the following issues: - CVE-2019-6502: Fixed memory leak in sc_context_create in ctx.c (bsc#1122756). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap Micro 5.2: zypper in -t patch openSUSE-Leap-Micro-5.2-2022-4196=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-4196=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-4196=1 - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-4196=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-4196=1 Package List: - openSUSE Leap Micro 5.2 (aarch64 x86_64): opensc-0.19.0-150100.3.19.1 opensc-debuginfo-0.19.0-150100.3.19.1 opensc-debugsource-0.19.0-150100.3.19.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): opensc-0.19.0-150100.3.19.1 opensc-debuginfo-0.19.0-150100.3.19.1 opensc-debugsource-0.19.0-150100.3.19.1 - openSUSE Leap 15.3 (x86_64): opensc-32bit-0.19.0-150100.3.19.1 opensc-32bit-debuginfo-0.19.0-150100.3.19.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): opensc-0.19.0-150100.3.19.1 opensc-debuginfo-0.19.0-150100.3.19.1 opensc-debugsource-0.19.0-150100.3.19.1 - SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64): opensc-0.19.0-150100.3.19.1 opensc-debuginfo-0.19.0-150100.3.19.1 opensc-debugsource-0.19.0-150100.3.19.1 - SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64): opensc-0.19.0-150100.3.19.1 opensc-debuginfo-0.19.0-150100.3.19.1 opensc-debugsource-0.19.0-150100.3.19.1 References: https://www.suse.com/security/cve/CVE-2019-6502.html https://bugzilla.suse.com/1122756 From sle-updates at lists.suse.com Wed Nov 23 17:24:09 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 23 Nov 2022 18:24:09 +0100 (CET) Subject: SUSE-RU-2022:4199-1: moderate: Recommended update for rpm Message-ID: <20221123172409.147ABF3E2@maintenance.suse.de> SUSE Recommended Update: Recommended update for rpm ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:4199-1 Rating: moderate References: #1202750 Affected Products: SUSE Enterprise Storage 7 SUSE Linux Enterprise High Performance Computing 15-SP2 SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise Module for Public Cloud 15-SP2 SUSE Linux Enterprise Module for SUSE Manager Proxy 4.1 SUSE Linux Enterprise Module for SUSE Manager Server 4.1 SUSE Linux Enterprise Server 15-SP2 SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP2 SUSE Manager Proxy 4.1 SUSE Manager Retail Branch Server 4.1 SUSE Manager Server 4.1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for rpm fixes the following issues: - Strip critical bit in signature subpackage parsing - No longer deadlock DNF after pubkey import (bsc#1202750) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-4199=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-4199=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-4199=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-4199=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-4199=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-4199=1 - SUSE Linux Enterprise Module for SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.1-2022-4199=1 - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Proxy-4.1-2022-4199=1 - SUSE Linux Enterprise Module for Public Cloud 15-SP2: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP2-2022-4199=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-4199=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-4199=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-4199=1 Package List: - SUSE Manager Server 4.1 (ppc64le s390x x86_64): python-rpm-debugsource-4.14.1-150200.22.13.1 python2-rpm-4.14.1-150200.22.13.1 python2-rpm-debuginfo-4.14.1-150200.22.13.1 python3-rpm-4.14.1-150200.22.13.1 python3-rpm-debuginfo-4.14.1-150200.22.13.1 rpm-4.14.1-150200.22.13.1 rpm-build-4.14.1-150200.22.13.1 rpm-build-debuginfo-4.14.1-150200.22.13.1 rpm-debuginfo-4.14.1-150200.22.13.1 rpm-debugsource-4.14.1-150200.22.13.1 rpm-devel-4.14.1-150200.22.13.1 - SUSE Manager Server 4.1 (x86_64): rpm-32bit-4.14.1-150200.22.13.1 rpm-32bit-debuginfo-4.14.1-150200.22.13.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): python-rpm-debugsource-4.14.1-150200.22.13.1 python2-rpm-4.14.1-150200.22.13.1 python2-rpm-debuginfo-4.14.1-150200.22.13.1 python3-rpm-4.14.1-150200.22.13.1 python3-rpm-debuginfo-4.14.1-150200.22.13.1 rpm-32bit-4.14.1-150200.22.13.1 rpm-32bit-debuginfo-4.14.1-150200.22.13.1 rpm-4.14.1-150200.22.13.1 rpm-build-4.14.1-150200.22.13.1 rpm-build-debuginfo-4.14.1-150200.22.13.1 rpm-debuginfo-4.14.1-150200.22.13.1 rpm-debugsource-4.14.1-150200.22.13.1 rpm-devel-4.14.1-150200.22.13.1 - SUSE Manager Proxy 4.1 (x86_64): python-rpm-debugsource-4.14.1-150200.22.13.1 python2-rpm-4.14.1-150200.22.13.1 python2-rpm-debuginfo-4.14.1-150200.22.13.1 python3-rpm-4.14.1-150200.22.13.1 python3-rpm-debuginfo-4.14.1-150200.22.13.1 rpm-32bit-4.14.1-150200.22.13.1 rpm-32bit-debuginfo-4.14.1-150200.22.13.1 rpm-4.14.1-150200.22.13.1 rpm-build-4.14.1-150200.22.13.1 rpm-build-debuginfo-4.14.1-150200.22.13.1 rpm-debuginfo-4.14.1-150200.22.13.1 rpm-debugsource-4.14.1-150200.22.13.1 rpm-devel-4.14.1-150200.22.13.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): python-rpm-debugsource-4.14.1-150200.22.13.1 python2-rpm-4.14.1-150200.22.13.1 python2-rpm-debuginfo-4.14.1-150200.22.13.1 python3-rpm-4.14.1-150200.22.13.1 python3-rpm-debuginfo-4.14.1-150200.22.13.1 rpm-4.14.1-150200.22.13.1 rpm-build-4.14.1-150200.22.13.1 rpm-build-debuginfo-4.14.1-150200.22.13.1 rpm-debuginfo-4.14.1-150200.22.13.1 rpm-debugsource-4.14.1-150200.22.13.1 rpm-devel-4.14.1-150200.22.13.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (x86_64): rpm-32bit-4.14.1-150200.22.13.1 rpm-32bit-debuginfo-4.14.1-150200.22.13.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): python-rpm-debugsource-4.14.1-150200.22.13.1 python2-rpm-4.14.1-150200.22.13.1 python2-rpm-debuginfo-4.14.1-150200.22.13.1 python3-rpm-4.14.1-150200.22.13.1 python3-rpm-debuginfo-4.14.1-150200.22.13.1 rpm-4.14.1-150200.22.13.1 rpm-build-4.14.1-150200.22.13.1 rpm-build-debuginfo-4.14.1-150200.22.13.1 rpm-debuginfo-4.14.1-150200.22.13.1 rpm-debugsource-4.14.1-150200.22.13.1 rpm-devel-4.14.1-150200.22.13.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (x86_64): rpm-32bit-4.14.1-150200.22.13.1 rpm-32bit-debuginfo-4.14.1-150200.22.13.1 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): python-rpm-debugsource-4.14.1-150200.22.13.1 python3-rpm-4.14.1-150200.22.13.1 python3-rpm-debuginfo-4.14.1-150200.22.13.1 rpm-32bit-4.14.1-150200.22.13.1 rpm-32bit-debuginfo-4.14.1-150200.22.13.1 rpm-4.14.1-150200.22.13.1 rpm-build-4.14.1-150200.22.13.1 rpm-build-debuginfo-4.14.1-150200.22.13.1 rpm-debuginfo-4.14.1-150200.22.13.1 rpm-debugsource-4.14.1-150200.22.13.1 rpm-devel-4.14.1-150200.22.13.1 - SUSE Linux Enterprise Module for SUSE Manager Server 4.1 (aarch64 ppc64le s390x x86_64): rpm-build-4.14.1-150200.22.13.1 rpm-build-debuginfo-4.14.1-150200.22.13.1 rpm-debuginfo-4.14.1-150200.22.13.1 rpm-debugsource-4.14.1-150200.22.13.1 - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.1 (aarch64 ppc64le s390x x86_64): rpm-build-4.14.1-150200.22.13.1 rpm-build-debuginfo-4.14.1-150200.22.13.1 rpm-debuginfo-4.14.1-150200.22.13.1 rpm-debugsource-4.14.1-150200.22.13.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP2 (aarch64 ppc64le s390x x86_64): rpm-ndb-4.14.1-150200.22.13.1 rpm-ndb-debuginfo-4.14.1-150200.22.13.1 rpm-ndb-debugsource-4.14.1-150200.22.13.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): python-rpm-debugsource-4.14.1-150200.22.13.1 python2-rpm-4.14.1-150200.22.13.1 python2-rpm-debuginfo-4.14.1-150200.22.13.1 python3-rpm-4.14.1-150200.22.13.1 python3-rpm-debuginfo-4.14.1-150200.22.13.1 rpm-4.14.1-150200.22.13.1 rpm-build-4.14.1-150200.22.13.1 rpm-build-debuginfo-4.14.1-150200.22.13.1 rpm-debuginfo-4.14.1-150200.22.13.1 rpm-debugsource-4.14.1-150200.22.13.1 rpm-devel-4.14.1-150200.22.13.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (x86_64): rpm-32bit-4.14.1-150200.22.13.1 rpm-32bit-debuginfo-4.14.1-150200.22.13.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): python-rpm-debugsource-4.14.1-150200.22.13.1 python2-rpm-4.14.1-150200.22.13.1 python2-rpm-debuginfo-4.14.1-150200.22.13.1 python3-rpm-4.14.1-150200.22.13.1 python3-rpm-debuginfo-4.14.1-150200.22.13.1 rpm-4.14.1-150200.22.13.1 rpm-build-4.14.1-150200.22.13.1 rpm-build-debuginfo-4.14.1-150200.22.13.1 rpm-debuginfo-4.14.1-150200.22.13.1 rpm-debugsource-4.14.1-150200.22.13.1 rpm-devel-4.14.1-150200.22.13.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (x86_64): rpm-32bit-4.14.1-150200.22.13.1 rpm-32bit-debuginfo-4.14.1-150200.22.13.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): python-rpm-debugsource-4.14.1-150200.22.13.1 python2-rpm-4.14.1-150200.22.13.1 python2-rpm-debuginfo-4.14.1-150200.22.13.1 python3-rpm-4.14.1-150200.22.13.1 python3-rpm-debuginfo-4.14.1-150200.22.13.1 rpm-4.14.1-150200.22.13.1 rpm-build-4.14.1-150200.22.13.1 rpm-build-debuginfo-4.14.1-150200.22.13.1 rpm-debuginfo-4.14.1-150200.22.13.1 rpm-debugsource-4.14.1-150200.22.13.1 rpm-devel-4.14.1-150200.22.13.1 - SUSE Enterprise Storage 7 (x86_64): rpm-32bit-4.14.1-150200.22.13.1 rpm-32bit-debuginfo-4.14.1-150200.22.13.1 References: https://bugzilla.suse.com/1202750 From sle-updates at lists.suse.com Wed Nov 23 17:25:12 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 23 Nov 2022 18:25:12 +0100 (CET) Subject: SUSE-RU-2022:4200-1: Recommended update for perl-DBD-SQLite Message-ID: <20221123172512.5CCD8F3E2@maintenance.suse.de> SUSE Recommended Update: Recommended update for perl-DBD-SQLite ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:4200-1 Rating: low References: #1203742 Affected Products: SUSE Enterprise Storage 7.1 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.2 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.2 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.2 SUSE Manager Server 4.3 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for perl-DBD-SQLite fixes the following issues: - Fixed a failing test when comparing lowercase data (bsc#1203742) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-4200=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-4200=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-4200=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-4200=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): perl-DBD-SQLite-1.66-150300.3.6.1 perl-DBD-SQLite-debuginfo-1.66-150300.3.6.1 perl-DBD-SQLite-debugsource-1.66-150300.3.6.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): perl-DBD-SQLite-1.66-150300.3.6.1 perl-DBD-SQLite-debuginfo-1.66-150300.3.6.1 perl-DBD-SQLite-debugsource-1.66-150300.3.6.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): perl-DBD-SQLite-1.66-150300.3.6.1 perl-DBD-SQLite-debuginfo-1.66-150300.3.6.1 perl-DBD-SQLite-debugsource-1.66-150300.3.6.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): perl-DBD-SQLite-1.66-150300.3.6.1 perl-DBD-SQLite-debuginfo-1.66-150300.3.6.1 perl-DBD-SQLite-debugsource-1.66-150300.3.6.1 References: https://bugzilla.suse.com/1203742 From sle-updates at lists.suse.com Wed Nov 23 17:26:27 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 23 Nov 2022 18:26:27 +0100 (CET) Subject: SUSE-SU-2022:4197-1: moderate: Security update for strongswan Message-ID: <20221123172627.76327F3E2@maintenance.suse.de> SUSE Security Update: Security update for strongswan ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:4197-1 Rating: moderate References: #1203556 SLE-20151 Cross-References: CVE-2022-40617 CVSS scores: CVE-2022-40617 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-40617 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Linux Enterprise Workstation Extension 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes one vulnerability, contains one feature is now available. Description: This update for strongswan fixes the following issues: Security issues fixed: - CVE-2022-40617: Fixed that using untrusted URIs for revocation checking could lead to denial of service (bsc#1203556) Feature changes: - Enable Marvell plugin (jsc#SLE-20151) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-4197=1 - SUSE Linux Enterprise Workstation Extension 15-SP4: zypper in -t patch SUSE-SLE-Product-WE-15-SP4-2022-4197=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2022-4197=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-4197=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): strongswan-5.8.2-150400.19.3.3 strongswan-debuginfo-5.8.2-150400.19.3.3 strongswan-debugsource-5.8.2-150400.19.3.3 strongswan-hmac-5.8.2-150400.19.3.3 strongswan-ipsec-5.8.2-150400.19.3.3 strongswan-ipsec-debuginfo-5.8.2-150400.19.3.3 strongswan-libs0-5.8.2-150400.19.3.3 strongswan-libs0-debuginfo-5.8.2-150400.19.3.3 strongswan-mysql-5.8.2-150400.19.3.3 strongswan-mysql-debuginfo-5.8.2-150400.19.3.3 strongswan-nm-5.8.2-150400.19.3.3 strongswan-nm-debuginfo-5.8.2-150400.19.3.3 strongswan-sqlite-5.8.2-150400.19.3.3 strongswan-sqlite-debuginfo-5.8.2-150400.19.3.3 - openSUSE Leap 15.4 (noarch): strongswan-doc-5.8.2-150400.19.3.3 - SUSE Linux Enterprise Workstation Extension 15-SP4 (x86_64): strongswan-debuginfo-5.8.2-150400.19.3.3 strongswan-debugsource-5.8.2-150400.19.3.3 strongswan-nm-5.8.2-150400.19.3.3 strongswan-nm-debuginfo-5.8.2-150400.19.3.3 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 (aarch64 ppc64le s390x x86_64): strongswan-debuginfo-5.8.2-150400.19.3.3 strongswan-debugsource-5.8.2-150400.19.3.3 strongswan-nm-5.8.2-150400.19.3.3 strongswan-nm-debuginfo-5.8.2-150400.19.3.3 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): strongswan-5.8.2-150400.19.3.3 strongswan-debuginfo-5.8.2-150400.19.3.3 strongswan-debugsource-5.8.2-150400.19.3.3 strongswan-hmac-5.8.2-150400.19.3.3 strongswan-ipsec-5.8.2-150400.19.3.3 strongswan-ipsec-debuginfo-5.8.2-150400.19.3.3 strongswan-libs0-5.8.2-150400.19.3.3 strongswan-libs0-debuginfo-5.8.2-150400.19.3.3 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (noarch): strongswan-doc-5.8.2-150400.19.3.3 References: https://www.suse.com/security/cve/CVE-2022-40617.html https://bugzilla.suse.com/1203556 From sle-updates at lists.suse.com Wed Nov 23 20:19:48 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 23 Nov 2022 21:19:48 +0100 (CET) Subject: SUSE-SU-2022:4209-1: Security update for libarchive Message-ID: <20221123201948.0CDEFF3E2@maintenance.suse.de> SUSE Security Update: Security update for libarchive ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:4209-1 Rating: low References: #1205629 Cross-References: CVE-2022-36227 CVSS scores: CVE-2022-36227 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Micro 5.3 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Module for Development Tools 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 openSUSE Leap Micro 5.3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for libarchive fixes the following issues: - CVE-2022-36227: Fixed potential NULL pointer dereference in __archive_write_allocate_filter() (bsc#1205629). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap Micro 5.3: zypper in -t patch openSUSE-Leap-Micro-5.3-2022-4209=1 - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-4209=1 - SUSE Linux Enterprise Module for Development Tools 15-SP4: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2022-4209=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-4209=1 - SUSE Linux Enterprise Micro 5.3: zypper in -t patch SUSE-SLE-Micro-5.3-2022-4209=1 Package List: - openSUSE Leap Micro 5.3 (aarch64 x86_64): libarchive-debugsource-3.5.1-150400.3.12.1 libarchive13-3.5.1-150400.3.12.1 libarchive13-debuginfo-3.5.1-150400.3.12.1 - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): bsdtar-3.5.1-150400.3.12.1 bsdtar-debuginfo-3.5.1-150400.3.12.1 libarchive-debugsource-3.5.1-150400.3.12.1 libarchive-devel-3.5.1-150400.3.12.1 libarchive13-3.5.1-150400.3.12.1 libarchive13-debuginfo-3.5.1-150400.3.12.1 - openSUSE Leap 15.4 (x86_64): libarchive13-32bit-3.5.1-150400.3.12.1 libarchive13-32bit-debuginfo-3.5.1-150400.3.12.1 - SUSE Linux Enterprise Module for Development Tools 15-SP4 (aarch64 ppc64le s390x x86_64): bsdtar-3.5.1-150400.3.12.1 bsdtar-debuginfo-3.5.1-150400.3.12.1 libarchive-debugsource-3.5.1-150400.3.12.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): libarchive-debugsource-3.5.1-150400.3.12.1 libarchive-devel-3.5.1-150400.3.12.1 libarchive13-3.5.1-150400.3.12.1 libarchive13-debuginfo-3.5.1-150400.3.12.1 - SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64): libarchive-debugsource-3.5.1-150400.3.12.1 libarchive13-3.5.1-150400.3.12.1 libarchive13-debuginfo-3.5.1-150400.3.12.1 References: https://www.suse.com/security/cve/CVE-2022-36227.html https://bugzilla.suse.com/1205629 From sle-updates at lists.suse.com Wed Nov 23 20:20:42 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 23 Nov 2022 21:20:42 +0100 (CET) Subject: SUSE-SU-2022:4207-1: important: Security update for webkit2gtk3 Message-ID: <20221123202042.31AE7F3E2@maintenance.suse.de> SUSE Security Update: Security update for webkit2gtk3 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:4207-1 Rating: important References: #1205120 #1205121 #1205122 #1205123 #1205124 Cross-References: CVE-2022-32888 CVE-2022-32923 CVE-2022-42799 CVE-2022-42823 CVE-2022-42824 CVSS scores: CVE-2022-32888 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-32888 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-32923 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N CVE-2022-32923 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N CVE-2022-42799 (NVD) : 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVE-2022-42799 (SUSE): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVE-2022-42823 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-42823 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-42824 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N CVE-2022-42824 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Module for Desktop Applications 15-SP4 SUSE Linux Enterprise Module for Development Tools 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes 5 vulnerabilities is now available. Description: Security fixes: - CVE-2022-32888: Fixed possible arbitrary code execution via maliciously crafted web content (bsc#1205121). - CVE-2022-32923: Fixed possible information leak via maliciously crafted web content (bsc#1205122). - CVE-2022-42799: Fixed user interface spoofing when visiting a malicious website (bsc#1205123). - CVE-2022-42823: Fixed possible arbitrary code execution via maliciously crafted web content (bsc#1205120). - CVE-2022-42824: Fixed possible sensitive user information leak via maliciously crafted web content (bsc#1205124). Update to version 2.38.2: - Fix scrolling issues in some sites having fixed background. - Fix prolonged buffering during progressive live playback. - Fix the build with accessibility disabled. - Fix several crashes and rendering issues. Update to version 2.38.1: - Make xdg-dbus-proxy work if host session bus address is an abstract socket. - Use a single xdg-dbus-proxy process when sandbox is enabled. - Fix high resolution video playback due to unimplemented changeType operation. - Ensure GSubprocess uses posix_spawn() again and inherit file descriptors. - Fix player stucking in buffering (paused) state for progressive streaming. - Do not try to preconnect on link click when link preconnect setting is disabled. - Fix close status code returned when the client closes a WebSocket in some cases. - Fix media player duration calculation. - Fix several crashes and rendering issues. Update to version 2.38.0: - New media controls UI style. - Add new API to set WebView's Content-Security-Policy for web extensions support. - Make it possible to use the remote inspector from other browsers using WEBKIT_INSPECTOR_HTTP_SERVER env var. - MediaSession is enabled by default, allowing remote media control using MPRIS. - Add support for PDF documents using PDF.js. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-4207=1 - SUSE Linux Enterprise Module for Development Tools 15-SP4: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2022-4207=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP4: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP4-2022-4207=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-4207=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): libjavascriptcoregtk-4_0-18-2.38.2-150400.4.22.1 libjavascriptcoregtk-4_0-18-debuginfo-2.38.2-150400.4.22.1 libjavascriptcoregtk-4_1-0-2.38.2-150400.4.22.1 libjavascriptcoregtk-4_1-0-debuginfo-2.38.2-150400.4.22.1 libjavascriptcoregtk-5_0-0-2.38.2-150400.4.22.1 libjavascriptcoregtk-5_0-0-debuginfo-2.38.2-150400.4.22.1 libwebkit2gtk-4_0-37-2.38.2-150400.4.22.1 libwebkit2gtk-4_0-37-debuginfo-2.38.2-150400.4.22.1 libwebkit2gtk-4_1-0-2.38.2-150400.4.22.1 libwebkit2gtk-4_1-0-debuginfo-2.38.2-150400.4.22.1 libwebkit2gtk-5_0-0-2.38.2-150400.4.22.1 libwebkit2gtk-5_0-0-debuginfo-2.38.2-150400.4.22.1 typelib-1_0-JavaScriptCore-4_0-2.38.2-150400.4.22.1 typelib-1_0-JavaScriptCore-4_1-2.38.2-150400.4.22.1 typelib-1_0-JavaScriptCore-5_0-2.38.2-150400.4.22.1 typelib-1_0-WebKit2-4_0-2.38.2-150400.4.22.1 typelib-1_0-WebKit2-4_1-2.38.2-150400.4.22.1 typelib-1_0-WebKit2-5_0-2.38.2-150400.4.22.1 typelib-1_0-WebKit2WebExtension-4_0-2.38.2-150400.4.22.1 typelib-1_0-WebKit2WebExtension-4_1-2.38.2-150400.4.22.1 typelib-1_0-WebKit2WebExtension-5_0-2.38.2-150400.4.22.1 webkit-jsc-4-2.38.2-150400.4.22.1 webkit-jsc-4-debuginfo-2.38.2-150400.4.22.1 webkit-jsc-4.1-2.38.2-150400.4.22.1 webkit-jsc-4.1-debuginfo-2.38.2-150400.4.22.1 webkit-jsc-5.0-2.38.2-150400.4.22.1 webkit-jsc-5.0-debuginfo-2.38.2-150400.4.22.1 webkit2gtk-4_0-injected-bundles-2.38.2-150400.4.22.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.38.2-150400.4.22.1 webkit2gtk-4_1-injected-bundles-2.38.2-150400.4.22.1 webkit2gtk-4_1-injected-bundles-debuginfo-2.38.2-150400.4.22.1 webkit2gtk-5_0-injected-bundles-2.38.2-150400.4.22.1 webkit2gtk-5_0-injected-bundles-debuginfo-2.38.2-150400.4.22.1 webkit2gtk3-debugsource-2.38.2-150400.4.22.1 webkit2gtk3-devel-2.38.2-150400.4.22.1 webkit2gtk3-minibrowser-2.38.2-150400.4.22.1 webkit2gtk3-minibrowser-debuginfo-2.38.2-150400.4.22.1 webkit2gtk3-soup2-debugsource-2.38.2-150400.4.22.1 webkit2gtk3-soup2-devel-2.38.2-150400.4.22.1 webkit2gtk3-soup2-minibrowser-2.38.2-150400.4.22.1 webkit2gtk3-soup2-minibrowser-debuginfo-2.38.2-150400.4.22.1 webkit2gtk4-debugsource-2.38.2-150400.4.22.1 webkit2gtk4-devel-2.38.2-150400.4.22.1 webkit2gtk4-minibrowser-2.38.2-150400.4.22.1 webkit2gtk4-minibrowser-debuginfo-2.38.2-150400.4.22.1 - openSUSE Leap 15.4 (x86_64): libjavascriptcoregtk-4_0-18-32bit-2.38.2-150400.4.22.1 libjavascriptcoregtk-4_0-18-32bit-debuginfo-2.38.2-150400.4.22.1 libjavascriptcoregtk-4_1-0-32bit-2.38.2-150400.4.22.1 libjavascriptcoregtk-4_1-0-32bit-debuginfo-2.38.2-150400.4.22.1 libwebkit2gtk-4_0-37-32bit-2.38.2-150400.4.22.1 libwebkit2gtk-4_0-37-32bit-debuginfo-2.38.2-150400.4.22.1 libwebkit2gtk-4_1-0-32bit-2.38.2-150400.4.22.1 libwebkit2gtk-4_1-0-32bit-debuginfo-2.38.2-150400.4.22.1 - openSUSE Leap 15.4 (noarch): WebKit2GTK-4.0-lang-2.38.2-150400.4.22.1 WebKit2GTK-4.1-lang-2.38.2-150400.4.22.1 WebKit2GTK-5.0-lang-2.38.2-150400.4.22.1 - SUSE Linux Enterprise Module for Development Tools 15-SP4 (aarch64 ppc64le s390x x86_64): libjavascriptcoregtk-5_0-0-2.38.2-150400.4.22.1 libjavascriptcoregtk-5_0-0-debuginfo-2.38.2-150400.4.22.1 libwebkit2gtk-5_0-0-2.38.2-150400.4.22.1 libwebkit2gtk-5_0-0-debuginfo-2.38.2-150400.4.22.1 typelib-1_0-JavaScriptCore-5_0-2.38.2-150400.4.22.1 typelib-1_0-WebKit2-5_0-2.38.2-150400.4.22.1 webkit2gtk-5_0-injected-bundles-2.38.2-150400.4.22.1 webkit2gtk-5_0-injected-bundles-debuginfo-2.38.2-150400.4.22.1 webkit2gtk4-debugsource-2.38.2-150400.4.22.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP4 (aarch64 ppc64le s390x x86_64): libjavascriptcoregtk-4_1-0-2.38.2-150400.4.22.1 libjavascriptcoregtk-4_1-0-debuginfo-2.38.2-150400.4.22.1 libwebkit2gtk-4_1-0-2.38.2-150400.4.22.1 libwebkit2gtk-4_1-0-debuginfo-2.38.2-150400.4.22.1 typelib-1_0-JavaScriptCore-4_1-2.38.2-150400.4.22.1 typelib-1_0-WebKit2-4_1-2.38.2-150400.4.22.1 typelib-1_0-WebKit2WebExtension-4_1-2.38.2-150400.4.22.1 webkit2gtk-4_1-injected-bundles-2.38.2-150400.4.22.1 webkit2gtk-4_1-injected-bundles-debuginfo-2.38.2-150400.4.22.1 webkit2gtk3-debugsource-2.38.2-150400.4.22.1 webkit2gtk3-devel-2.38.2-150400.4.22.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): libjavascriptcoregtk-4_0-18-2.38.2-150400.4.22.1 libjavascriptcoregtk-4_0-18-debuginfo-2.38.2-150400.4.22.1 libwebkit2gtk-4_0-37-2.38.2-150400.4.22.1 libwebkit2gtk-4_0-37-debuginfo-2.38.2-150400.4.22.1 typelib-1_0-JavaScriptCore-4_0-2.38.2-150400.4.22.1 typelib-1_0-WebKit2-4_0-2.38.2-150400.4.22.1 typelib-1_0-WebKit2WebExtension-4_0-2.38.2-150400.4.22.1 webkit2gtk-4_0-injected-bundles-2.38.2-150400.4.22.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.38.2-150400.4.22.1 webkit2gtk3-soup2-debugsource-2.38.2-150400.4.22.1 webkit2gtk3-soup2-devel-2.38.2-150400.4.22.1 References: https://www.suse.com/security/cve/CVE-2022-32888.html https://www.suse.com/security/cve/CVE-2022-32923.html https://www.suse.com/security/cve/CVE-2022-42799.html https://www.suse.com/security/cve/CVE-2022-42823.html https://www.suse.com/security/cve/CVE-2022-42824.html https://bugzilla.suse.com/1205120 https://bugzilla.suse.com/1205121 https://bugzilla.suse.com/1205122 https://bugzilla.suse.com/1205123 https://bugzilla.suse.com/1205124 From sle-updates at lists.suse.com Wed Nov 23 20:21:53 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 23 Nov 2022 21:21:53 +0100 (CET) Subject: SUSE-SU-2022:4206-1: important: Security update for pixman Message-ID: <20221123202153.4F519F3E2@maintenance.suse.de> SUSE Security Update: Security update for pixman ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:4206-1 Rating: important References: #1205033 Cross-References: CVE-2022-44638 CVSS scores: CVE-2022-44638 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-44638 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Micro 5.3 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Module for Desktop Applications 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 openSUSE Leap Micro 5.3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for pixman fixes the following issues: - CVE-2022-44638: Fixed an integer overflow in pixman_sample_floor_y leading to heap out-of-bounds write (bsc#1205033). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap Micro 5.3: zypper in -t patch openSUSE-Leap-Micro-5.3-2022-4206=1 - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-4206=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP4: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP4-2022-4206=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-4206=1 - SUSE Linux Enterprise Micro 5.3: zypper in -t patch SUSE-SLE-Micro-5.3-2022-4206=1 Package List: - openSUSE Leap Micro 5.3 (aarch64 x86_64): libpixman-1-0-0.40.0-150400.3.3.1 libpixman-1-0-debuginfo-0.40.0-150400.3.3.1 pixman-debugsource-0.40.0-150400.3.3.1 - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): libpixman-1-0-0.40.0-150400.3.3.1 libpixman-1-0-debuginfo-0.40.0-150400.3.3.1 libpixman-1-0-devel-0.40.0-150400.3.3.1 pixman-debugsource-0.40.0-150400.3.3.1 - openSUSE Leap 15.4 (x86_64): libpixman-1-0-32bit-0.40.0-150400.3.3.1 libpixman-1-0-32bit-debuginfo-0.40.0-150400.3.3.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP4 (x86_64): libpixman-1-0-32bit-0.40.0-150400.3.3.1 libpixman-1-0-32bit-debuginfo-0.40.0-150400.3.3.1 pixman-debugsource-0.40.0-150400.3.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): libpixman-1-0-0.40.0-150400.3.3.1 libpixman-1-0-debuginfo-0.40.0-150400.3.3.1 libpixman-1-0-devel-0.40.0-150400.3.3.1 pixman-debugsource-0.40.0-150400.3.3.1 - SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64): libpixman-1-0-0.40.0-150400.3.3.1 libpixman-1-0-debuginfo-0.40.0-150400.3.3.1 pixman-debugsource-0.40.0-150400.3.3.1 References: https://www.suse.com/security/cve/CVE-2022-44638.html https://bugzilla.suse.com/1205033 From sle-updates at lists.suse.com Wed Nov 23 20:22:46 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 23 Nov 2022 21:22:46 +0100 (CET) Subject: SUSE-SU-2022:4205-1: moderate: Security update for net-snmp Message-ID: <20221123202246.45602F3E2@maintenance.suse.de> SUSE Security Update: Security update for net-snmp ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:4205-1 Rating: moderate References: #1201103 SLE-11203 Cross-References: CVE-2022-24805 CVE-2022-24806 CVE-2022-24807 CVE-2022-24808 CVE-2022-24809 CVE-2022-24810 Affected Products: SUSE Enterprise Storage 7.1 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.2 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.2 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.2 SUSE Manager Server 4.3 openSUSE Leap 15.3 openSUSE Leap 15.4 openSUSE Leap 15.5 ______________________________________________________________________________ An update that fixes 6 vulnerabilities, contains one feature is now available. Description: This update for net-snmp fixes the following issues: Updated to version 5.9.3 (bsc#1201103, jsc#SLE-11203): - CVE-2022-24805: Fixed a buffer overflow in the handling of the INDEX of NET-SNMP-VACM-MIB that can cause an out-of-bounds memory access. - CVE-2022-24809: Fixed a malformed OID in a GET-NEXT to the nsVacmAccessTable that can cause a NULL pointer dereference. - CVE-2022-24806: Fixed an improper Input Validation when SETing malformed OIDs in master agent and subagent simultaneously. - CVE-2022-24807: Fixed a malformed OID in a SET request to SNMP-VIEW-BASED-ACM-MIB::vacmAccessTable can cause an out-of-bounds memory access. - CVE-2022-24808: Fixed a malformed OID in a SET request to NET-SNMP-AGENT-MIB::nsLogTable can cause a NULL pointer dereference. - CVE-2022-24810: Fixed a malformed OID in a SET to the nsVacmAccessTable can cause a NULL pointer dereference. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.5: zypper in -t patch openSUSE-SLE-15.5-2022-4205=1 - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-4205=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-4205=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2022-4205=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP3-2022-4205=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-4205=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-4205=1 Package List: - openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64): net-snmp-5.9.3-150300.15.3.1 net-snmp-debuginfo-5.9.3-150300.15.3.1 net-snmp-debugsource-5.9.3-150300.15.3.1 net-snmp-devel-5.9.3-150300.15.3.1 perl-SNMP-5.9.3-150300.15.3.1 perl-SNMP-debuginfo-5.9.3-150300.15.3.1 python3-net-snmp-5.9.3-150300.15.3.1 python3-net-snmp-debuginfo-5.9.3-150300.15.3.1 snmp-mibs-5.9.3-150300.15.3.1 - openSUSE Leap 15.5 (x86_64): net-snmp-devel-32bit-5.9.3-150300.15.3.1 - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): libsnmp40-5.9.3-150300.15.3.1 libsnmp40-debuginfo-5.9.3-150300.15.3.1 net-snmp-5.9.3-150300.15.3.1 net-snmp-debuginfo-5.9.3-150300.15.3.1 net-snmp-debugsource-5.9.3-150300.15.3.1 net-snmp-devel-5.9.3-150300.15.3.1 perl-SNMP-5.9.3-150300.15.3.1 perl-SNMP-debuginfo-5.9.3-150300.15.3.1 python3-net-snmp-5.9.3-150300.15.3.1 python3-net-snmp-debuginfo-5.9.3-150300.15.3.1 snmp-mibs-5.9.3-150300.15.3.1 - openSUSE Leap 15.4 (x86_64): libsnmp40-32bit-5.9.3-150300.15.3.1 libsnmp40-32bit-debuginfo-5.9.3-150300.15.3.1 net-snmp-devel-32bit-5.9.3-150300.15.3.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): libsnmp40-5.9.3-150300.15.3.1 libsnmp40-debuginfo-5.9.3-150300.15.3.1 net-snmp-5.9.3-150300.15.3.1 net-snmp-debuginfo-5.9.3-150300.15.3.1 net-snmp-debugsource-5.9.3-150300.15.3.1 net-snmp-devel-5.9.3-150300.15.3.1 perl-SNMP-5.9.3-150300.15.3.1 perl-SNMP-debuginfo-5.9.3-150300.15.3.1 python2-net-snmp-5.9.3-150300.15.3.1 python2-net-snmp-debuginfo-5.9.3-150300.15.3.1 python3-net-snmp-5.9.3-150300.15.3.1 python3-net-snmp-debuginfo-5.9.3-150300.15.3.1 snmp-mibs-5.9.3-150300.15.3.1 - openSUSE Leap 15.3 (x86_64): libsnmp40-32bit-5.9.3-150300.15.3.1 libsnmp40-32bit-debuginfo-5.9.3-150300.15.3.1 net-snmp-devel-32bit-5.9.3-150300.15.3.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 (x86_64): net-snmp-debugsource-5.9.3-150300.15.3.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (x86_64): libsnmp40-32bit-5.9.3-150300.15.3.1 libsnmp40-32bit-debuginfo-5.9.3-150300.15.3.1 net-snmp-debugsource-5.9.3-150300.15.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): libsnmp40-5.9.3-150300.15.3.1 libsnmp40-debuginfo-5.9.3-150300.15.3.1 net-snmp-5.9.3-150300.15.3.1 net-snmp-debuginfo-5.9.3-150300.15.3.1 net-snmp-debugsource-5.9.3-150300.15.3.1 net-snmp-devel-5.9.3-150300.15.3.1 perl-SNMP-5.9.3-150300.15.3.1 perl-SNMP-debuginfo-5.9.3-150300.15.3.1 snmp-mibs-5.9.3-150300.15.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): libsnmp40-5.9.3-150300.15.3.1 libsnmp40-debuginfo-5.9.3-150300.15.3.1 net-snmp-5.9.3-150300.15.3.1 net-snmp-debuginfo-5.9.3-150300.15.3.1 net-snmp-debugsource-5.9.3-150300.15.3.1 net-snmp-devel-5.9.3-150300.15.3.1 perl-SNMP-5.9.3-150300.15.3.1 perl-SNMP-debuginfo-5.9.3-150300.15.3.1 snmp-mibs-5.9.3-150300.15.3.1 References: https://www.suse.com/security/cve/CVE-2022-24805.html https://www.suse.com/security/cve/CVE-2022-24806.html https://www.suse.com/security/cve/CVE-2022-24807.html https://www.suse.com/security/cve/CVE-2022-24808.html https://www.suse.com/security/cve/CVE-2022-24809.html https://www.suse.com/security/cve/CVE-2022-24810.html https://bugzilla.suse.com/1201103 From sle-updates at lists.suse.com Wed Nov 23 20:23:35 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 23 Nov 2022 21:23:35 +0100 (CET) Subject: SUSE-SU-2022:4204-1: moderate: Security update for keylime Message-ID: <20221123202335.451A2F3E2@maintenance.suse.de> SUSE Security Update: Security update for keylime ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:4204-1 Rating: moderate References: #1204782 Cross-References: CVE-2022-3500 CVSS scores: CVE-2022-3500 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for keylime fixes the following issues: - CVE-2022-3500: Fixed vulnerability where a node seems as attested when in reality it is not properly attested (bsc#1204782). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-4204=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-4204=1 Package List: - openSUSE Leap 15.4 (noarch): keylime-agent-6.3.2-150400.4.14.1 keylime-config-6.3.2-150400.4.14.1 keylime-firewalld-6.3.2-150400.4.14.1 keylime-registrar-6.3.2-150400.4.14.1 keylime-tpm_cert_store-6.3.2-150400.4.14.1 keylime-verifier-6.3.2-150400.4.14.1 python3-keylime-6.3.2-150400.4.14.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (noarch): keylime-agent-6.3.2-150400.4.14.1 keylime-config-6.3.2-150400.4.14.1 keylime-firewalld-6.3.2-150400.4.14.1 keylime-logrotate-6.3.2-150400.4.14.1 keylime-registrar-6.3.2-150400.4.14.1 keylime-tpm_cert_store-6.3.2-150400.4.14.1 keylime-verifier-6.3.2-150400.4.14.1 python3-keylime-6.3.2-150400.4.14.1 References: https://www.suse.com/security/cve/CVE-2022-3500.html https://bugzilla.suse.com/1204782 From sle-updates at lists.suse.com Wed Nov 23 20:24:15 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 23 Nov 2022 21:24:15 +0100 (CET) Subject: SUSE-SU-2022:4201-1: important: Security update for nginx Message-ID: <20221123202415.3EDABF3E2@maintenance.suse.de> SUSE Security Update: Security update for nginx ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:4201-1 Rating: important References: #1187685 Cross-References: CVE-2021-3618 CVSS scores: CVE-2021-3618 (NVD) : 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N CVE-2021-3618 (SUSE): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N Affected Products: SUSE Enterprise Storage 7.1 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Module for Server Applications 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for nginx fixes the following issues: - CVE-2021-3618: Fixed the ALPACA attack limiting the number of errors after which the connection is closed (bsc#1187685). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-4201=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-4201=1 - SUSE Linux Enterprise Module for Server Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP3-2022-4201=1 Package List: - openSUSE Leap 15.4 (noarch): vim-plugin-nginx-1.19.8-150300.3.9.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): nginx-1.19.8-150300.3.9.1 nginx-debuginfo-1.19.8-150300.3.9.1 nginx-debugsource-1.19.8-150300.3.9.1 - openSUSE Leap 15.3 (noarch): nginx-source-1.19.8-150300.3.9.1 vim-plugin-nginx-1.19.8-150300.3.9.1 - SUSE Linux Enterprise Module for Server Applications 15-SP3 (aarch64 ppc64le s390x x86_64): nginx-1.19.8-150300.3.9.1 nginx-debuginfo-1.19.8-150300.3.9.1 nginx-debugsource-1.19.8-150300.3.9.1 - SUSE Linux Enterprise Module for Server Applications 15-SP3 (noarch): nginx-source-1.19.8-150300.3.9.1 References: https://www.suse.com/security/cve/CVE-2021-3618.html https://bugzilla.suse.com/1187685 From sle-updates at lists.suse.com Wed Nov 23 20:25:32 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 23 Nov 2022 21:25:32 +0100 (CET) Subject: SUSE-SU-2022:4202-1: Security update for libarchive Message-ID: <20221123202532.010E1F3E2@maintenance.suse.de> SUSE Security Update: Security update for libarchive ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:4202-1 Rating: low References: #1205629 Cross-References: CVE-2022-36227 CVSS scores: CVE-2022-36227 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L Affected Products: SUSE Enterprise Storage 7.1 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Development Tools 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for libarchive fixes the following issues: - CVE-2022-36227: Fixed potential NULL pointer dereference in __archive_write_allocate_filter() (bsc#1205629). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-4202=1 - SUSE Linux Enterprise Module for Development Tools 15-SP3: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2022-4202=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-4202=1 Package List: - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): bsdtar-3.4.2-150200.4.15.1 bsdtar-debuginfo-3.4.2-150200.4.15.1 libarchive-debugsource-3.4.2-150200.4.15.1 libarchive-devel-3.4.2-150200.4.15.1 libarchive13-3.4.2-150200.4.15.1 libarchive13-debuginfo-3.4.2-150200.4.15.1 - openSUSE Leap 15.3 (x86_64): libarchive13-32bit-3.4.2-150200.4.15.1 libarchive13-32bit-debuginfo-3.4.2-150200.4.15.1 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 ppc64le s390x x86_64): bsdtar-3.4.2-150200.4.15.1 bsdtar-debuginfo-3.4.2-150200.4.15.1 libarchive-debugsource-3.4.2-150200.4.15.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): libarchive-debugsource-3.4.2-150200.4.15.1 libarchive-devel-3.4.2-150200.4.15.1 libarchive13-3.4.2-150200.4.15.1 libarchive13-debuginfo-3.4.2-150200.4.15.1 References: https://www.suse.com/security/cve/CVE-2022-36227.html https://bugzilla.suse.com/1205629 From sle-updates at lists.suse.com Wed Nov 23 20:26:20 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 23 Nov 2022 21:26:20 +0100 (CET) Subject: SUSE-SU-2022:4208-1: important: Security update for exiv2-0_26 Message-ID: <20221123202620.9DF52F3E2@maintenance.suse.de> SUSE Security Update: Security update for exiv2-0_26 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:4208-1 Rating: important References: #1050257 #1095070 #1110282 #1119559 #1119560 #1119562 #1142677 #1142678 #1153577 #1186231 #1189337 Cross-References: CVE-2017-11591 CVE-2018-11531 CVE-2018-17581 CVE-2018-20097 CVE-2018-20098 CVE-2018-20099 CVE-2019-13109 CVE-2019-13110 CVE-2019-17402 CVE-2021-29473 CVE-2021-32815 CVSS scores: CVE-2017-11591 (NVD) : 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2017-11591 (SUSE): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2018-11531 (NVD) : 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2018-11531 (SUSE): 5.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L CVE-2018-17581 (NVD) : 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2018-17581 (SUSE): 3.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2018-20097 (NVD) : 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2018-20097 (SUSE): 4 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2018-20098 (NVD) : 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2018-20098 (SUSE): 4 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2018-20099 (NVD) : 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2018-20099 (SUSE): 4 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2019-13109 (NVD) : 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2019-13109 (SUSE): 4.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2019-13110 (NVD) : 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2019-13110 (SUSE): 4.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2019-17402 (SUSE): 3.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2021-29473 (NVD) : 2.5 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2021-29473 (SUSE): 4.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2021-32815 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2021-32815 (SUSE): 3.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Desktop Applications 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes 11 vulnerabilities is now available. Description: This update for exiv2-0_26 fixes the following issues: - CVE-2019-17402: Fixed improper validation of the total size to the offset and size leads to a crash in Exiv2::getULong in types.cpp (bsc#1153577). - CVE-2018-20098: Fixed a heap-based buffer over-read in Exiv2::Jp2Image::encodeJp2Header (bsc#1119560). - CVE-2018-17581: Fixed an excessive stack consumption CiffDirectory:readDirectory() at crwimage_int.cpp (bsc#1110282). - CVE-2018-20099: exiv2: infinite loop in Exiv2::Jp2Image::encodeJp2Header (bsc#1119559). - CVE-2018-20097: Fixed SEGV in Exiv2::Internal::TiffParserWorker::findPrimaryGroupsu (bsc#1119562). - CVE-2017-11591: Fixed a floating point exception in Exiv2::ValueType (bsc#1050257). - CVE-2018-11531: Fixed a heap-based buffer overflow in getData in preview.cpp (bsc#1095070). - CVE-2021-32815: Fixed a deny-of-service due to assertion failure in crwimage_int.cpp (bsc#1189337). - CVE-2021-29473: Fixed out-of-bounds read in Exiv2::Jp2Image:doWriteMetadata (bsc#1186231). - CVE-2019-13109: Fixed a denial of service in PngImage:readMetadata (bsc#1142677). - CVE-2019-13110: Fixed an integer-overflow and out-of-bounds read in CiffDirectory:readDirectory leads to denail of service (bsc#1142678). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-4208=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP4: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP4-2022-4208=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): libexiv2-26-0.26-150400.9.21.1 libexiv2-26-debuginfo-0.26-150400.9.21.1 - openSUSE Leap 15.4 (x86_64): libexiv2-26-32bit-0.26-150400.9.21.1 libexiv2-26-32bit-debuginfo-0.26-150400.9.21.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP4 (aarch64 ppc64le s390x x86_64): libexiv2-26-0.26-150400.9.21.1 libexiv2-26-debuginfo-0.26-150400.9.21.1 References: https://www.suse.com/security/cve/CVE-2017-11591.html https://www.suse.com/security/cve/CVE-2018-11531.html https://www.suse.com/security/cve/CVE-2018-17581.html https://www.suse.com/security/cve/CVE-2018-20097.html https://www.suse.com/security/cve/CVE-2018-20098.html https://www.suse.com/security/cve/CVE-2018-20099.html https://www.suse.com/security/cve/CVE-2019-13109.html https://www.suse.com/security/cve/CVE-2019-13110.html https://www.suse.com/security/cve/CVE-2019-17402.html https://www.suse.com/security/cve/CVE-2021-29473.html https://www.suse.com/security/cve/CVE-2021-32815.html https://bugzilla.suse.com/1050257 https://bugzilla.suse.com/1095070 https://bugzilla.suse.com/1110282 https://bugzilla.suse.com/1119559 https://bugzilla.suse.com/1119560 https://bugzilla.suse.com/1119562 https://bugzilla.suse.com/1142677 https://bugzilla.suse.com/1142678 https://bugzilla.suse.com/1153577 https://bugzilla.suse.com/1186231 https://bugzilla.suse.com/1189337 From sle-updates at lists.suse.com Thu Nov 24 09:26:14 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 24 Nov 2022 10:26:14 +0100 (CET) Subject: SUSE-CU-2022:3111-1: Security update of suse/sle15 Message-ID: <20221124092614.A6A91F3CC@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3111-1 Container Tags : suse/sle15:15.0 , suse/sle15:15.0.4.22.646 Container Release : 4.22.646 Severity : important Type : security References : 1189929 1205126 CVE-2021-37750 CVE-2022-42898 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4154-1 Released: Mon Nov 21 14:34:53 2022 Summary: Security update for krb5 Type: security Severity: important References: 1189929,1205126,CVE-2021-37750,CVE-2022-42898 This update for krb5 fixes the following issues: - CVE-2021-37750: Fixed KDC null pointer dereference via a FAST inner body that lacks a server field (bsc#1189929). - CVE-2022-42898: Fixed integer overflow in PAC parsing (bsc#1205126). The following package changes have been done: - krb5-1.15.2-150000.6.17.1 updated From sle-updates at lists.suse.com Thu Nov 24 09:44:47 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 24 Nov 2022 10:44:47 +0100 (CET) Subject: SUSE-CU-2022:3112-1: Security update of suse/sle15 Message-ID: <20221124094447.3BF6DF3E2@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3112-1 Container Tags : suse/sle15:15.1 , suse/sle15:15.1.6.2.709 Container Release : 6.2.709 Severity : important Type : security References : 1205126 CVE-2022-42898 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4155-1 Released: Mon Nov 21 14:36:17 2022 Summary: Security update for krb5 Type: security Severity: important References: 1205126,CVE-2022-42898 This update for krb5 fixes the following issues: - CVE-2022-42898: Fixed integer overflow in PAC parsing (bsc#1205126). The following package changes have been done: - krb5-1.16.3-150100.3.27.1 updated From sle-updates at lists.suse.com Thu Nov 24 09:58:19 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 24 Nov 2022 10:58:19 +0100 (CET) Subject: SUSE-CU-2022:3113-1: Security update of suse/sle15 Message-ID: <20221124095819.8BA45F3CC@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3113-1 Container Tags : suse/sle15:15.2 , suse/sle15:15.2.9.5.231 Container Release : 9.5.231 Severity : important Type : security References : 1205126 CVE-2022-42898 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4155-1 Released: Mon Nov 21 14:36:17 2022 Summary: Security update for krb5 Type: security Severity: important References: 1205126,CVE-2022-42898 This update for krb5 fixes the following issues: - CVE-2022-42898: Fixed integer overflow in PAC parsing (bsc#1205126). The following package changes have been done: - krb5-1.16.3-150100.3.27.1 updated From sle-updates at lists.suse.com Thu Nov 24 09:58:26 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 24 Nov 2022 10:58:26 +0100 (CET) Subject: SUSE-CU-2022:3114-1: Recommended update of suse/sle15 Message-ID: <20221124095826.97EB4F3CC@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3114-1 Container Tags : suse/sle15:15.2 , suse/sle15:15.2.9.5.232 Container Release : 9.5.232 Severity : moderate Type : recommended References : 1202750 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4199-1 Released: Wed Nov 23 13:17:17 2022 Summary: Recommended update for rpm Type: recommended Severity: moderate References: 1202750 This update for rpm fixes the following issues: - Strip critical bit in signature subpackage parsing - No longer deadlock DNF after pubkey import (bsc#1202750) The following package changes have been done: - rpm-4.14.1-150200.22.13.1 updated From sle-updates at lists.suse.com Thu Nov 24 10:05:03 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 24 Nov 2022 11:05:03 +0100 (CET) Subject: SUSE-CU-2022:3115-1: Recommended update of bci/bci-init Message-ID: <20221124100503.C3C22F3E2@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-init ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3115-1 Container Tags : bci/bci-init:15.3 , bci/bci-init:15.3.21.64 Container Release : 21.64 Severity : moderate Type : recommended References : 1202750 ----------------------------------------------------------------- The container bci/bci-init was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4198-1 Released: Wed Nov 23 13:15:04 2022 Summary: Recommended update for rpm Type: recommended Severity: moderate References: 1202750 This update for rpm fixes the following issues: - Strip critical bit in signature subpackage parsing - No longer deadlock DNF after pubkey import (bsc#1202750) The following package changes have been done: - rpm-ndb-4.14.3-150300.52.1 updated From sle-updates at lists.suse.com Thu Nov 24 10:07:26 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 24 Nov 2022 11:07:26 +0100 (CET) Subject: SUSE-CU-2022:3116-1: Recommended update of bci/bci-minimal Message-ID: <20221124100726.AA02CF3E2@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-minimal ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3116-1 Container Tags : bci/bci-minimal:15.3 , bci/bci-minimal:15.3.32.56 Container Release : 32.56 Severity : moderate Type : recommended References : 1202750 ----------------------------------------------------------------- The container bci/bci-minimal was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4198-1 Released: Wed Nov 23 13:15:04 2022 Summary: Recommended update for rpm Type: recommended Severity: moderate References: 1202750 This update for rpm fixes the following issues: - Strip critical bit in signature subpackage parsing - No longer deadlock DNF after pubkey import (bsc#1202750) The following package changes have been done: - rpm-ndb-4.14.3-150300.52.1 updated - container:micro-image-15.3.0-22.25 updated From sle-updates at lists.suse.com Thu Nov 24 10:13:42 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 24 Nov 2022 11:13:42 +0100 (CET) Subject: SUSE-CU-2022:3117-1: Recommended update of bci/nodejs Message-ID: <20221124101342.59AFEF3E2@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3117-1 Container Tags : bci/node:12 , bci/node:12-17.77 , bci/nodejs:12 , bci/nodejs:12-17.77 Container Release : 17.77 Severity : moderate Type : recommended References : 1202750 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4198-1 Released: Wed Nov 23 13:15:04 2022 Summary: Recommended update for rpm Type: recommended Severity: moderate References: 1202750 This update for rpm fixes the following issues: - Strip critical bit in signature subpackage parsing - No longer deadlock DNF after pubkey import (bsc#1202750) The following package changes have been done: - rpm-ndb-4.14.3-150300.52.1 updated - container:sles15-image-15.0.0-17.20.74 updated From sle-updates at lists.suse.com Thu Nov 24 10:19:51 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 24 Nov 2022 11:19:51 +0100 (CET) Subject: SUSE-CU-2022:3118-1: Recommended update of bci/python Message-ID: <20221124101951.967C3F3E2@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3118-1 Container Tags : bci/python:3 , bci/python:3.9 , bci/python:3.9-20.45 Container Release : 20.45 Severity : moderate Type : recommended References : 1202750 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4198-1 Released: Wed Nov 23 13:15:04 2022 Summary: Recommended update for rpm Type: recommended Severity: moderate References: 1202750 This update for rpm fixes the following issues: - Strip critical bit in signature subpackage parsing - No longer deadlock DNF after pubkey import (bsc#1202750) The following package changes have been done: - rpm-ndb-4.14.3-150300.52.1 updated - container:sles15-image-15.0.0-17.20.75 updated From sle-updates at lists.suse.com Thu Nov 24 10:29:01 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 24 Nov 2022 11:29:01 +0100 (CET) Subject: SUSE-CU-2022:3120-1: Recommended update of suse/sle15 Message-ID: <20221124102901.9707CF3E2@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3120-1 Container Tags : bci/bci-base:15.3 , bci/bci-base:15.3.17.20.75 , suse/sle15:15.3 , suse/sle15:15.3.17.20.75 Container Release : 17.20.75 Severity : moderate Type : recommended References : 1202750 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4198-1 Released: Wed Nov 23 13:15:04 2022 Summary: Recommended update for rpm Type: recommended Severity: moderate References: 1202750 This update for rpm fixes the following issues: - Strip critical bit in signature subpackage parsing - No longer deadlock DNF after pubkey import (bsc#1202750) The following package changes have been done: - rpm-ndb-4.14.3-150300.52.1 updated From sle-updates at lists.suse.com Thu Nov 24 10:30:45 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 24 Nov 2022 11:30:45 +0100 (CET) Subject: SUSE-CU-2022:3121-1: Recommended update of suse/389-ds Message-ID: <20221124103045.9ECBCF3E2@maintenance.suse.de> SUSE Container Update Advisory: suse/389-ds ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3121-1 Container Tags : suse/389-ds:2.0 , suse/389-ds:2.0-17.53 , suse/389-ds:latest Container Release : 17.53 Severity : moderate Type : recommended References : 1202750 ----------------------------------------------------------------- The container suse/389-ds was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4198-1 Released: Wed Nov 23 13:15:04 2022 Summary: Recommended update for rpm Type: recommended Severity: moderate References: 1202750 This update for rpm fixes the following issues: - Strip critical bit in signature subpackage parsing - No longer deadlock DNF after pubkey import (bsc#1202750) The following package changes have been done: - rpm-ndb-4.14.3-150300.52.1 updated - container:sles15-image-15.0.0-27.14.19 updated From sle-updates at lists.suse.com Thu Nov 24 10:32:21 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 24 Nov 2022 11:32:21 +0100 (CET) Subject: SUSE-CU-2022:3122-1: Recommended update of bci/dotnet-aspnet Message-ID: <20221124103221.87835F3E2@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-aspnet ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3122-1 Container Tags : bci/dotnet-aspnet:3.1 , bci/dotnet-aspnet:3.1-42.39 , bci/dotnet-aspnet:3.1.30 , bci/dotnet-aspnet:3.1.30-42.39 Container Release : 42.39 Severity : moderate Type : recommended References : 1202750 ----------------------------------------------------------------- The container bci/dotnet-aspnet was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4198-1 Released: Wed Nov 23 13:15:04 2022 Summary: Recommended update for rpm Type: recommended Severity: moderate References: 1202750 This update for rpm fixes the following issues: - Strip critical bit in signature subpackage parsing - No longer deadlock DNF after pubkey import (bsc#1202750) The following package changes have been done: - rpm-ndb-4.14.3-150300.52.1 updated - container:sles15-image-15.0.0-27.14.19 updated From sle-updates at lists.suse.com Thu Nov 24 10:34:00 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 24 Nov 2022 11:34:00 +0100 (CET) Subject: SUSE-CU-2022:3123-1: Recommended update of bci/dotnet-aspnet Message-ID: <20221124103400.387C9F3E2@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-aspnet ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3123-1 Container Tags : bci/dotnet-aspnet:6.0 , bci/dotnet-aspnet:6.0-22.54 , bci/dotnet-aspnet:6.0.9 , bci/dotnet-aspnet:6.0.9-22.54 Container Release : 22.54 Severity : moderate Type : recommended References : 1202750 ----------------------------------------------------------------- The container bci/dotnet-aspnet was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4198-1 Released: Wed Nov 23 13:15:04 2022 Summary: Recommended update for rpm Type: recommended Severity: moderate References: 1202750 This update for rpm fixes the following issues: - Strip critical bit in signature subpackage parsing - No longer deadlock DNF after pubkey import (bsc#1202750) The following package changes have been done: - rpm-ndb-4.14.3-150300.52.1 updated - container:sles15-image-15.0.0-27.14.19 updated From sle-updates at lists.suse.com Thu Nov 24 10:35:51 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 24 Nov 2022 11:35:51 +0100 (CET) Subject: SUSE-CU-2022:3125-1: Recommended update of bci/dotnet-sdk Message-ID: <20221124103551.29968F3E2@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-sdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3125-1 Container Tags : bci/dotnet-sdk:3.1 , bci/dotnet-sdk:3.1-47.37 , bci/dotnet-sdk:3.1.30 , bci/dotnet-sdk:3.1.30-47.37 Container Release : 47.37 Severity : moderate Type : recommended References : 1202750 ----------------------------------------------------------------- The container bci/dotnet-sdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4198-1 Released: Wed Nov 23 13:15:04 2022 Summary: Recommended update for rpm Type: recommended Severity: moderate References: 1202750 This update for rpm fixes the following issues: - Strip critical bit in signature subpackage parsing - No longer deadlock DNF after pubkey import (bsc#1202750) The following package changes have been done: - rpm-ndb-4.14.3-150300.52.1 updated - container:sles15-image-15.0.0-27.14.19 updated From sle-updates at lists.suse.com Thu Nov 24 10:37:23 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 24 Nov 2022 11:37:23 +0100 (CET) Subject: SUSE-CU-2022:3126-1: Recommended update of bci/dotnet-sdk Message-ID: <20221124103723.0AD79F3E2@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-sdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3126-1 Container Tags : bci/dotnet-sdk:5.0 , bci/dotnet-sdk:5.0-35.53 , bci/dotnet-sdk:5.0.17 , bci/dotnet-sdk:5.0.17-35.53 Container Release : 35.53 Severity : moderate Type : recommended References : 1202750 ----------------------------------------------------------------- The container bci/dotnet-sdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4198-1 Released: Wed Nov 23 13:15:04 2022 Summary: Recommended update for rpm Type: recommended Severity: moderate References: 1202750 This update for rpm fixes the following issues: - Strip critical bit in signature subpackage parsing - No longer deadlock DNF after pubkey import (bsc#1202750) The following package changes have been done: - rpm-ndb-4.14.3-150300.52.1 updated - container:sles15-image-15.0.0-27.14.19 updated From sle-updates at lists.suse.com Thu Nov 24 10:39:15 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 24 Nov 2022 11:39:15 +0100 (CET) Subject: SUSE-CU-2022:3127-1: Recommended update of bci/dotnet-sdk Message-ID: <20221124103915.963D1F3E2@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-sdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3127-1 Container Tags : bci/dotnet-sdk:6.0 , bci/dotnet-sdk:6.0-25.1 , bci/dotnet-sdk:6.0.11 , bci/dotnet-sdk:6.0.11-25.1 Container Release : 25.1 Severity : moderate Type : recommended References : 1202750 ----------------------------------------------------------------- The container bci/dotnet-sdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4198-1 Released: Wed Nov 23 13:15:04 2022 Summary: Recommended update for rpm Type: recommended Severity: moderate References: 1202750 This update for rpm fixes the following issues: - Strip critical bit in signature subpackage parsing - No longer deadlock DNF after pubkey import (bsc#1202750) The following package changes have been done: - rpm-ndb-4.14.3-150300.52.1 updated - container:sles15-image-15.0.0-27.14.19 updated From sle-updates at lists.suse.com Thu Nov 24 10:40:51 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 24 Nov 2022 11:40:51 +0100 (CET) Subject: SUSE-CU-2022:3128-1: Recommended update of bci/dotnet-runtime Message-ID: <20221124104051.E1498F3E2@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-runtime ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3128-1 Container Tags : bci/dotnet-runtime:3.1 , bci/dotnet-runtime:3.1-49.1 , bci/dotnet-runtime:3.1.31 , bci/dotnet-runtime:3.1.31-49.1 Container Release : 49.1 Severity : moderate Type : recommended References : 1202750 ----------------------------------------------------------------- The container bci/dotnet-runtime was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4198-1 Released: Wed Nov 23 13:15:04 2022 Summary: Recommended update for rpm Type: recommended Severity: moderate References: 1202750 This update for rpm fixes the following issues: - Strip critical bit in signature subpackage parsing - No longer deadlock DNF after pubkey import (bsc#1202750) The following package changes have been done: - rpm-ndb-4.14.3-150300.52.1 updated - container:sles15-image-15.0.0-27.14.19 updated From sle-updates at lists.suse.com Thu Nov 24 10:42:26 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 24 Nov 2022 11:42:26 +0100 (CET) Subject: SUSE-CU-2022:3129-1: Recommended update of bci/dotnet-runtime Message-ID: <20221124104226.54566F3E2@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-runtime ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3129-1 Container Tags : bci/dotnet-runtime:5.0 , bci/dotnet-runtime:5.0-34.53 , bci/dotnet-runtime:5.0.17 , bci/dotnet-runtime:5.0.17-34.53 Container Release : 34.53 Severity : moderate Type : recommended References : 1202750 ----------------------------------------------------------------- The container bci/dotnet-runtime was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4198-1 Released: Wed Nov 23 13:15:04 2022 Summary: Recommended update for rpm Type: recommended Severity: moderate References: 1202750 This update for rpm fixes the following issues: - Strip critical bit in signature subpackage parsing - No longer deadlock DNF after pubkey import (bsc#1202750) The following package changes have been done: - rpm-ndb-4.14.3-150300.52.1 updated - container:sles15-image-15.0.0-27.14.19 updated From sle-updates at lists.suse.com Thu Nov 24 10:43:54 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 24 Nov 2022 11:43:54 +0100 (CET) Subject: SUSE-CU-2022:3130-1: Recommended update of bci/dotnet-runtime Message-ID: <20221124104354.97BE5F3E2@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-runtime ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3130-1 Container Tags : bci/dotnet-runtime:6.0 , bci/dotnet-runtime:6.0-22.1 , bci/dotnet-runtime:6.0.11 , bci/dotnet-runtime:6.0.11-22.1 Container Release : 22.1 Severity : moderate Type : recommended References : 1202750 ----------------------------------------------------------------- The container bci/dotnet-runtime was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4198-1 Released: Wed Nov 23 13:15:04 2022 Summary: Recommended update for rpm Type: recommended Severity: moderate References: 1202750 This update for rpm fixes the following issues: - Strip critical bit in signature subpackage parsing - No longer deadlock DNF after pubkey import (bsc#1202750) The following package changes have been done: - rpm-ndb-4.14.3-150300.52.1 updated - container:sles15-image-15.0.0-27.14.19 updated From sle-updates at lists.suse.com Thu Nov 24 10:46:33 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 24 Nov 2022 11:46:33 +0100 (CET) Subject: SUSE-CU-2022:3131-1: Security update of bci/golang Message-ID: <20221124104633.A0459F3E2@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3131-1 Container Tags : bci/golang:1.16 , bci/golang:1.16-30.93 Container Release : 30.93 Severity : important Type : security References : 1142579 1185597 1185712 1188374 1191473 1193929 1194783 1197592 1198165 1198237 1202816 1202966 1202967 1202969 1205126 CVE-2019-1010204 CVE-2021-3530 CVE-2021-3648 CVE-2021-3826 CVE-2021-45078 CVE-2021-46195 CVE-2022-27943 CVE-2022-38126 CVE-2022-38127 CVE-2022-38533 CVE-2022-42898 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4135-1 Released: Mon Nov 21 00:13:40 2022 Summary: Recommended update for libeconf Type: recommended Severity: moderate References: 1198165 This update for libeconf fixes the following issues: - Update to version 0.4.6+git - econftool: Parsing error: Reporting file and line nr. --delimeters=spaces accepting all kind of spaces for delimiter. - libeconf: Parse files correctly on space characters (1198165) - Update to version 0.4.5+git - econftool: New call 'syntax' for checking the configuration files only. Returns an error string with line number if error. New options '--comment' and '--delimeters' ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4146-1 Released: Mon Nov 21 09:56:12 2022 Summary: Security update for binutils Type: security Severity: moderate References: 1142579,1185597,1185712,1188374,1191473,1193929,1194783,1197592,1198237,1202816,1202966,1202967,1202969,CVE-2019-1010204,CVE-2021-3530,CVE-2021-3648,CVE-2021-3826,CVE-2021-45078,CVE-2021-46195,CVE-2022-27943,CVE-2022-38126,CVE-2022-38127,CVE-2022-38533 This update for binutils fixes the following issues: The following security bugs were fixed: - CVE-2019-1010204: Fixed out-of-bounds read in elfcpp/elfcpp_file.h (bsc#1142579). - CVE-2021-3530: Fixed stack-based buffer overflow in demangle_path() in rust-demangle.c (bsc#1185597). - CVE-2021-3648: Fixed infinite loop while demangling rust symbols (bsc#1188374). - CVE-2021-3826: Fixed heap/stack buffer overflow in the dlang_lname function in d-demangle.c (bsc#1202969). - CVE-2021-45078: Fixed out-of-bounds write in stab_xcoff_builtin_type() in stabs.c (bsc#1193929). - CVE-2021-46195: Fixed uncontrolled recursion in libiberty/rust-demangle.c (bsc#1194783). - CVE-2022-27943: Fixed stack exhaustion in demangle_const in (bsc#1197592). - CVE-2022-38126: Fixed assertion fail in the display_debug_names() function in binutils/dwarf.c (bsc#1202966). - CVE-2022-38127: Fixed NULL pointer dereference in the read_and_display_attr_value() function in binutils/dwarf.c (bsc#1202967). - CVE-2022-38533: Fixed heap out-of-bounds read in bfd_getl32 (bsc#1202816). The following non-security bugs were fixed: - SLE toolchain update of binutils, update to 2.39 from 2.37. - Update to 2.39: * The ELF linker will now generate a warning message if the stack is made executable. Similarly it will warn if the output binary contains a segment with all three of the read, write and execute permission bits set. These warnings are intended to help developers identify programs which might be vulnerable to attack via these executable memory regions. The warnings are enabled by default but can be disabled via a command line option. It is also possible to build a linker with the warnings disabled, should that be necessary. * The ELF linker now supports a --package-metadata option that allows embedding a JSON payload in accordance to the Package Metadata specification. * In linker scripts it is now possible to use TYPE= in an output section description to set the section type value. * The objdump program now supports coloured/colored syntax highlighting of its disassembler output for some architectures. (Currently: AVR, RiscV, s390, x86, x86_64). * The nm program now supports a --no-weak/-W option to make it ignore weak symbols. * The readelf and objdump programs now support a -wE option to prevent them from attempting to access debuginfod servers when following links. * The objcopy program's --weaken, --weaken-symbol, and --weaken-symbols options now works with unique symbols as well. - Update to 2.38: * elfedit: Add --output-abiversion option to update ABIVERSION. * Add support for the LoongArch instruction set. * Tools which display symbols or strings (readelf, strings, nm, objdump) have a new command line option which controls how unicode characters are handled. By default they are treated as normal for the tool. Using --unicode=locale will display them according to the current locale. Using --unicode=hex will display them as hex byte values, whilst --unicode=escape will display them as escape sequences. In addition using --unicode=highlight will display them as unicode escape sequences highlighted in red (if supported by the output device). * readelf -r dumps RELR relative relocations now. * Support for efi-app-aarch64, efi-rtdrv-aarch64 and efi-bsdrv-aarch64 has been added to objcopy in order to enable UEFI development using binutils. * ar: Add --thin for creating thin archives. -T is a deprecated alias without diagnostics. In many ar implementations -T has a different meaning, as specified by X/Open System Interface. * Add support for AArch64 system registers that were missing in previous releases. * Add support for the LoongArch instruction set. * Add a command-line option, -muse-unaligned-vector-move, for x86 target to encode aligned vector move as unaligned vector move. * Add support for Cortex-R52+ for Arm. * Add support for Cortex-A510, Cortex-A710, Cortex-X2 for AArch64. * Add support for Cortex-A710 for Arm. * Add support for Scalable Matrix Extension (SME) for AArch64. * The --multibyte-handling=[allow|warn|warn-sym-only] option tells the assembler what to when it encoutners multibyte characters in the input. The default is to allow them. Setting the option to 'warn' will generate a warning message whenever any multibyte character is encountered. Using the option to 'warn-sym-only' will make the assembler generate a warning whenever a symbol is defined containing multibyte characters. (References to undefined symbols will not generate warnings). * Outputs of .ds.x directive and .tfloat directive with hex input from x86 assembler have been reduced from 12 bytes to 10 bytes to match the output of .tfloat directive. * Add support for 'armv8.8-a', 'armv9-a', 'armv9.1-a', 'armv9.2-a' and 'armv9.3-a' for -march in AArch64 GAS. * Add support for 'armv8.7-a', 'armv8.8-a', 'armv9-a', 'armv9.1-a', 'armv9.2-a' and 'armv9.3-a' for -march in Arm GAS. * Add support for Intel AVX512_FP16 instructions. * Add -z pack-relative-relocs/-z no pack-relative-relocs to x86 ELF linker to pack relative relocations in the DT_RELR section. * Add support for the LoongArch architecture. * Add -z indirect-extern-access/-z noindirect-extern-access to x86 ELF linker to control canonical function pointers and copy relocation. * Add --max-cache-size=SIZE to set the the maximum cache size to SIZE bytes. - Explicitly enable --enable-warn-execstack=yes and --enable-warn-rwx-segments=yes. - Add gprofng subpackage. - Include recognition of 'z16' name for 'arch14' on s390. (bsc#1198237). - Add back fix for bsc#1191473, which got lost in the update to 2.38. - Install symlinks for all target specific tools on arm-eabi-none (bsc#1185712). - Enable PRU architecture for AM335x CPU (Beagle Bone Black board) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4153-1 Released: Mon Nov 21 14:34:09 2022 Summary: Security update for krb5 Type: security Severity: important References: 1205126,CVE-2022-42898 This update for krb5 fixes the following issues: - CVE-2022-42898: Fixed integer overflow in PAC parsing (bsc#1205126). The following package changes have been done: - libeconf0-0.4.6+git20220427.3016f4e-150400.3.3.1 updated - krb5-1.19.2-150400.3.3.1 updated - libctf-nobfd0-2.39-150100.7.40.1 updated - libctf0-2.39-150100.7.40.1 updated - binutils-2.39-150100.7.40.1 updated - container:sles15-image-15.0.0-27.14.18 updated From sle-updates at lists.suse.com Thu Nov 24 10:46:38 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 24 Nov 2022 11:46:38 +0100 (CET) Subject: SUSE-CU-2022:3132-1: Recommended update of bci/golang Message-ID: <20221124104638.35DFCF3E2@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3132-1 Container Tags : bci/golang:1.16 , bci/golang:1.16-30.95 Container Release : 30.95 Severity : moderate Type : recommended References : 1202750 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4198-1 Released: Wed Nov 23 13:15:04 2022 Summary: Recommended update for rpm Type: recommended Severity: moderate References: 1202750 This update for rpm fixes the following issues: - Strip critical bit in signature subpackage parsing - No longer deadlock DNF after pubkey import (bsc#1202750) The following package changes have been done: - rpm-ndb-4.14.3-150300.52.1 updated - container:sles15-image-15.0.0-27.14.19 updated From sle-updates at lists.suse.com Thu Nov 24 10:49:22 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 24 Nov 2022 11:49:22 +0100 (CET) Subject: SUSE-CU-2022:3133-1: Recommended update of bci/golang Message-ID: <20221124104922.70C1AF3E2@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3133-1 Container Tags : bci/golang:1.17 , bci/golang:1.17-29.96 Container Release : 29.96 Severity : moderate Type : recommended References : 1202750 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4198-1 Released: Wed Nov 23 13:15:04 2022 Summary: Recommended update for rpm Type: recommended Severity: moderate References: 1202750 This update for rpm fixes the following issues: - Strip critical bit in signature subpackage parsing - No longer deadlock DNF after pubkey import (bsc#1202750) The following package changes have been done: - rpm-ndb-4.14.3-150300.52.1 updated - container:sles15-image-15.0.0-27.14.19 updated From sle-updates at lists.suse.com Thu Nov 24 20:19:47 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 24 Nov 2022 21:19:47 +0100 (CET) Subject: SUSE-SU-2022:4214-1: Security update for libdb-4_8 Message-ID: <20221124201947.A91C5F3E2@maintenance.suse.de> SUSE Security Update: Security update for libdb-4_8 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:4214-1 Rating: low References: #1174414 Cross-References: CVE-2019-2708 CVSS scores: CVE-2019-2708 (NVD) : 3.3 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L CVE-2019-2708 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L Affected Products: SUSE Enterprise Storage 7.1 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Micro 5.3 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.2 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.2 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.2 SUSE Manager Server 4.3 openSUSE Leap 15.3 openSUSE Leap 15.4 openSUSE Leap Micro 5.2 openSUSE Leap Micro 5.3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for libdb-4_8 fixes the following issues: - CVE-2019-2708: Fixed partial DoS due to data store execution (bsc#1174414). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap Micro 5.3: zypper in -t patch openSUSE-Leap-Micro-5.3-2022-4214=1 - openSUSE Leap Micro 5.2: zypper in -t patch openSUSE-Leap-Micro-5.2-2022-4214=1 - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-4214=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-4214=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-4214=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-4214=1 - SUSE Linux Enterprise Micro 5.3: zypper in -t patch SUSE-SLE-Micro-5.3-2022-4214=1 - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-4214=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-4214=1 Package List: - openSUSE Leap Micro 5.3 (aarch64 x86_64): db48-utils-4.8.30-150000.7.6.1 db48-utils-debuginfo-4.8.30-150000.7.6.1 libdb-4_8-4.8.30-150000.7.6.1 libdb-4_8-debuginfo-4.8.30-150000.7.6.1 libdb-4_8-debugsource-4.8.30-150000.7.6.1 - openSUSE Leap Micro 5.2 (aarch64 x86_64): db48-utils-4.8.30-150000.7.6.1 db48-utils-debuginfo-4.8.30-150000.7.6.1 libdb-4_8-4.8.30-150000.7.6.1 libdb-4_8-debuginfo-4.8.30-150000.7.6.1 libdb-4_8-debugsource-4.8.30-150000.7.6.1 - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): db48-utils-4.8.30-150000.7.6.1 db48-utils-debuginfo-4.8.30-150000.7.6.1 libdb-4_8-4.8.30-150000.7.6.1 libdb-4_8-debuginfo-4.8.30-150000.7.6.1 libdb-4_8-debugsource-4.8.30-150000.7.6.1 libdb-4_8-devel-4.8.30-150000.7.6.1 libdb_java-4_8-4.8.30-150000.7.6.1 libdb_java-4_8-debuginfo-4.8.30-150000.7.6.1 libdb_java-4_8-debugsource-4.8.30-150000.7.6.1 libdb_java-4_8-devel-4.8.30-150000.7.6.1 - openSUSE Leap 15.4 (x86_64): libdb-4_8-32bit-4.8.30-150000.7.6.1 libdb-4_8-32bit-debuginfo-4.8.30-150000.7.6.1 libdb-4_8-devel-32bit-4.8.30-150000.7.6.1 - openSUSE Leap 15.4 (noarch): db48-doc-4.8.30-150000.7.6.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): db48-utils-4.8.30-150000.7.6.1 db48-utils-debuginfo-4.8.30-150000.7.6.1 libdb-4_8-4.8.30-150000.7.6.1 libdb-4_8-debuginfo-4.8.30-150000.7.6.1 libdb-4_8-debugsource-4.8.30-150000.7.6.1 libdb-4_8-devel-4.8.30-150000.7.6.1 libdb_java-4_8-4.8.30-150000.7.6.1 libdb_java-4_8-debuginfo-4.8.30-150000.7.6.1 libdb_java-4_8-debugsource-4.8.30-150000.7.6.1 libdb_java-4_8-devel-4.8.30-150000.7.6.1 - openSUSE Leap 15.3 (x86_64): libdb-4_8-32bit-4.8.30-150000.7.6.1 libdb-4_8-32bit-debuginfo-4.8.30-150000.7.6.1 libdb-4_8-devel-32bit-4.8.30-150000.7.6.1 - openSUSE Leap 15.3 (noarch): db48-doc-4.8.30-150000.7.6.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): db48-utils-4.8.30-150000.7.6.1 db48-utils-debuginfo-4.8.30-150000.7.6.1 libdb-4_8-4.8.30-150000.7.6.1 libdb-4_8-debuginfo-4.8.30-150000.7.6.1 libdb-4_8-debugsource-4.8.30-150000.7.6.1 libdb-4_8-devel-4.8.30-150000.7.6.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (x86_64): libdb-4_8-32bit-4.8.30-150000.7.6.1 libdb-4_8-32bit-debuginfo-4.8.30-150000.7.6.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): db48-utils-4.8.30-150000.7.6.1 db48-utils-debuginfo-4.8.30-150000.7.6.1 libdb-4_8-4.8.30-150000.7.6.1 libdb-4_8-debuginfo-4.8.30-150000.7.6.1 libdb-4_8-debugsource-4.8.30-150000.7.6.1 libdb-4_8-devel-4.8.30-150000.7.6.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (x86_64): libdb-4_8-32bit-4.8.30-150000.7.6.1 libdb-4_8-32bit-debuginfo-4.8.30-150000.7.6.1 - SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64): db48-utils-4.8.30-150000.7.6.1 db48-utils-debuginfo-4.8.30-150000.7.6.1 libdb-4_8-4.8.30-150000.7.6.1 libdb-4_8-debuginfo-4.8.30-150000.7.6.1 libdb-4_8-debugsource-4.8.30-150000.7.6.1 - SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64): db48-utils-4.8.30-150000.7.6.1 db48-utils-debuginfo-4.8.30-150000.7.6.1 libdb-4_8-4.8.30-150000.7.6.1 libdb-4_8-debuginfo-4.8.30-150000.7.6.1 libdb-4_8-debugsource-4.8.30-150000.7.6.1 - SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64): db48-utils-4.8.30-150000.7.6.1 db48-utils-debuginfo-4.8.30-150000.7.6.1 libdb-4_8-4.8.30-150000.7.6.1 libdb-4_8-debuginfo-4.8.30-150000.7.6.1 libdb-4_8-debugsource-4.8.30-150000.7.6.1 References: https://www.suse.com/security/cve/CVE-2019-2708.html https://bugzilla.suse.com/1174414 From sle-updates at lists.suse.com Thu Nov 24 20:20:46 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 24 Nov 2022 21:20:46 +0100 (CET) Subject: SUSE-RU-2022:4212-1: moderate: Recommended update for openssl-1_1 Message-ID: <20221124202046.6C82EF3E2@maintenance.suse.de> SUSE Recommended Update: Recommended update for openssl-1_1 ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:4212-1 Rating: moderate References: #1190651 Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Micro 5.3 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 openSUSE Leap Micro 5.3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for openssl-1_1 fixes the following issues: - FIPS: Mark PBKDF2 with key shorter than 112 bits as non-approved (bsc#1190651) - FIPS: Consider RSA siggen/sigver with PKCS1 padding also approved (bsc#1190651) - FIPS: Return the correct indicator for a given EC group order bits (bsc#1190651) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap Micro 5.3: zypper in -t patch openSUSE-Leap-Micro-5.3-2022-4212=1 - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-4212=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-4212=1 - SUSE Linux Enterprise Micro 5.3: zypper in -t patch SUSE-SLE-Micro-5.3-2022-4212=1 Package List: - openSUSE Leap Micro 5.3 (aarch64 x86_64): libopenssl-1_1-devel-1.1.1l-150400.7.16.1 libopenssl1_1-1.1.1l-150400.7.16.1 libopenssl1_1-debuginfo-1.1.1l-150400.7.16.1 libopenssl1_1-hmac-1.1.1l-150400.7.16.1 openssl-1_1-1.1.1l-150400.7.16.1 openssl-1_1-debuginfo-1.1.1l-150400.7.16.1 openssl-1_1-debugsource-1.1.1l-150400.7.16.1 - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): libopenssl-1_1-devel-1.1.1l-150400.7.16.1 libopenssl1_1-1.1.1l-150400.7.16.1 libopenssl1_1-debuginfo-1.1.1l-150400.7.16.1 libopenssl1_1-hmac-1.1.1l-150400.7.16.1 openssl-1_1-1.1.1l-150400.7.16.1 openssl-1_1-debuginfo-1.1.1l-150400.7.16.1 openssl-1_1-debugsource-1.1.1l-150400.7.16.1 - openSUSE Leap 15.4 (noarch): openssl-1_1-doc-1.1.1l-150400.7.16.1 - openSUSE Leap 15.4 (x86_64): libopenssl-1_1-devel-32bit-1.1.1l-150400.7.16.1 libopenssl1_1-32bit-1.1.1l-150400.7.16.1 libopenssl1_1-32bit-debuginfo-1.1.1l-150400.7.16.1 libopenssl1_1-hmac-32bit-1.1.1l-150400.7.16.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): libopenssl-1_1-devel-1.1.1l-150400.7.16.1 libopenssl1_1-1.1.1l-150400.7.16.1 libopenssl1_1-debuginfo-1.1.1l-150400.7.16.1 libopenssl1_1-hmac-1.1.1l-150400.7.16.1 openssl-1_1-1.1.1l-150400.7.16.1 openssl-1_1-debuginfo-1.1.1l-150400.7.16.1 openssl-1_1-debugsource-1.1.1l-150400.7.16.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (x86_64): libopenssl-1_1-devel-32bit-1.1.1l-150400.7.16.1 libopenssl1_1-32bit-1.1.1l-150400.7.16.1 libopenssl1_1-32bit-debuginfo-1.1.1l-150400.7.16.1 libopenssl1_1-hmac-32bit-1.1.1l-150400.7.16.1 - SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64): libopenssl-1_1-devel-1.1.1l-150400.7.16.1 libopenssl1_1-1.1.1l-150400.7.16.1 libopenssl1_1-debuginfo-1.1.1l-150400.7.16.1 libopenssl1_1-hmac-1.1.1l-150400.7.16.1 openssl-1_1-1.1.1l-150400.7.16.1 openssl-1_1-debuginfo-1.1.1l-150400.7.16.1 openssl-1_1-debugsource-1.1.1l-150400.7.16.1 References: https://bugzilla.suse.com/1190651 From sle-updates at lists.suse.com Thu Nov 24 20:21:36 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 24 Nov 2022 21:21:36 +0100 (CET) Subject: SUSE-RU-2022:4213-1: moderate: Recommended update for libnvidia-container, nvidia-container-toolkit Message-ID: <20221124202136.705D5F3E2@maintenance.suse.de> SUSE Recommended Update: Recommended update for libnvidia-container, nvidia-container-toolkit ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:4213-1 Rating: moderate References: SLE-18750 Affected Products: SUSE Enterprise Storage 7.1 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Containers 15-SP3 SUSE Linux Enterprise Module for Containers 15-SP4 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.2 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.2 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.2 SUSE Manager Server 4.3 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has 0 recommended fixes and contains one feature can now be installed. Description: This update for libnvidia-container, nvidia-container-toolkit fixes the following issues: Both nvidia-container-toolkit and libnvidia-container were updated to version 1.11.0 (jsc#SLE-18750): 1.11.0: - Added support for injection of GPUDirect Storage and MOFED devices into containerized environments. 1.10.0: - Improving support for Tegra-based systems 1.9.0: - Added multi-arch support for the container-toolkit images. - Enhancements for use on Tegra-systems and some notable bugfixes. 1.8.1: - This release is a bugfix release that fixes issues around cgroups found in NVIDIA Container Toolkit 1.8.0. 1.8.0: - It adds cgroupv2 support to the NVIDIA Container Toolkit and removes packaging support for Amazonlinux1. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-4213=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-4213=1 - SUSE Linux Enterprise Module for Containers 15-SP4: zypper in -t patch SUSE-SLE-Module-Containers-15-SP4-2022-4213=1 - SUSE Linux Enterprise Module for Containers 15-SP3: zypper in -t patch SUSE-SLE-Module-Containers-15-SP3-2022-4213=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): nvidia-container-toolkit-1.11.0-150200.5.6.1 - openSUSE Leap 15.4 (aarch64 ppc64le x86_64): libnvidia-container-debuginfo-1.11.0-150200.5.6.1 libnvidia-container-debugsource-1.11.0-150200.5.6.1 libnvidia-container-devel-1.11.0-150200.5.6.1 libnvidia-container-static-1.11.0-150200.5.6.1 libnvidia-container-tools-1.11.0-150200.5.6.1 libnvidia-container-tools-debuginfo-1.11.0-150200.5.6.1 libnvidia-container1-1.11.0-150200.5.6.1 libnvidia-container1-debuginfo-1.11.0-150200.5.6.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): nvidia-container-toolkit-1.11.0-150200.5.6.1 - openSUSE Leap 15.3 (aarch64 ppc64le x86_64): libnvidia-container-debuginfo-1.11.0-150200.5.6.1 libnvidia-container-debugsource-1.11.0-150200.5.6.1 libnvidia-container-devel-1.11.0-150200.5.6.1 libnvidia-container-static-1.11.0-150200.5.6.1 libnvidia-container-tools-1.11.0-150200.5.6.1 libnvidia-container-tools-debuginfo-1.11.0-150200.5.6.1 libnvidia-container1-1.11.0-150200.5.6.1 libnvidia-container1-debuginfo-1.11.0-150200.5.6.1 - SUSE Linux Enterprise Module for Containers 15-SP4 (aarch64 ppc64le x86_64): libnvidia-container-debuginfo-1.11.0-150200.5.6.1 libnvidia-container-debugsource-1.11.0-150200.5.6.1 libnvidia-container-devel-1.11.0-150200.5.6.1 libnvidia-container-static-1.11.0-150200.5.6.1 libnvidia-container-tools-1.11.0-150200.5.6.1 libnvidia-container-tools-debuginfo-1.11.0-150200.5.6.1 libnvidia-container1-1.11.0-150200.5.6.1 libnvidia-container1-debuginfo-1.11.0-150200.5.6.1 nvidia-container-toolkit-1.11.0-150200.5.6.1 - SUSE Linux Enterprise Module for Containers 15-SP3 (aarch64 ppc64le x86_64): libnvidia-container-debuginfo-1.11.0-150200.5.6.1 libnvidia-container-debugsource-1.11.0-150200.5.6.1 libnvidia-container-devel-1.11.0-150200.5.6.1 libnvidia-container-static-1.11.0-150200.5.6.1 libnvidia-container-tools-1.11.0-150200.5.6.1 libnvidia-container-tools-debuginfo-1.11.0-150200.5.6.1 libnvidia-container1-1.11.0-150200.5.6.1 libnvidia-container1-debuginfo-1.11.0-150200.5.6.1 nvidia-container-toolkit-1.11.0-150200.5.6.1 References: From sle-updates at lists.suse.com Thu Nov 24 20:22:21 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 24 Nov 2022 21:22:21 +0100 (CET) Subject: SUSE-SU-2022:4215-1: important: Security update for erlang Message-ID: <20221124202221.37B84F3E2@maintenance.suse.de> SUSE Security Update: Security update for erlang ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:4215-1 Rating: important References: #1205318 Cross-References: CVE-2022-37026 CVSS scores: CVE-2022-37026 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-37026 (SUSE): 9.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L Affected Products: SUSE Enterprise Storage 7.1 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Server Applications 15-SP3 SUSE Linux Enterprise Module for Server Applications 15-SP4 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.2 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.2 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.2 SUSE Manager Server 4.3 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for erlang fixes the following issues: - CVE-2022-37026: fixed a client authorization bypass vulnerability for SSL, TLS, and DTLS in Erlang/OTP. [bsc#1205318] Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-4215=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-4215=1 - SUSE Linux Enterprise Module for Server Applications 15-SP4: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP4-2022-4215=1 - SUSE Linux Enterprise Module for Server Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP3-2022-4215=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): erlang-22.3-150300.3.3.1 erlang-debugger-22.3-150300.3.3.1 erlang-debugger-src-22.3-150300.3.3.1 erlang-debuginfo-22.3-150300.3.3.1 erlang-debugsource-22.3-150300.3.3.1 erlang-dialyzer-22.3-150300.3.3.1 erlang-dialyzer-debuginfo-22.3-150300.3.3.1 erlang-dialyzer-src-22.3-150300.3.3.1 erlang-diameter-22.3-150300.3.3.1 erlang-diameter-src-22.3-150300.3.3.1 erlang-doc-22.3-150300.3.3.1 erlang-epmd-22.3-150300.3.3.1 erlang-epmd-debuginfo-22.3-150300.3.3.1 erlang-et-22.3-150300.3.3.1 erlang-et-src-22.3-150300.3.3.1 erlang-jinterface-22.3-150300.3.3.1 erlang-jinterface-src-22.3-150300.3.3.1 erlang-observer-22.3-150300.3.3.1 erlang-observer-src-22.3-150300.3.3.1 erlang-reltool-22.3-150300.3.3.1 erlang-reltool-src-22.3-150300.3.3.1 erlang-src-22.3-150300.3.3.1 erlang-wx-22.3-150300.3.3.1 erlang-wx-debuginfo-22.3-150300.3.3.1 erlang-wx-src-22.3-150300.3.3.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): erlang-22.3-150300.3.3.1 erlang-debugger-22.3-150300.3.3.1 erlang-debugger-src-22.3-150300.3.3.1 erlang-debuginfo-22.3-150300.3.3.1 erlang-debugsource-22.3-150300.3.3.1 erlang-dialyzer-22.3-150300.3.3.1 erlang-dialyzer-debuginfo-22.3-150300.3.3.1 erlang-dialyzer-src-22.3-150300.3.3.1 erlang-diameter-22.3-150300.3.3.1 erlang-diameter-src-22.3-150300.3.3.1 erlang-doc-22.3-150300.3.3.1 erlang-epmd-22.3-150300.3.3.1 erlang-epmd-debuginfo-22.3-150300.3.3.1 erlang-et-22.3-150300.3.3.1 erlang-et-src-22.3-150300.3.3.1 erlang-jinterface-22.3-150300.3.3.1 erlang-jinterface-src-22.3-150300.3.3.1 erlang-observer-22.3-150300.3.3.1 erlang-observer-src-22.3-150300.3.3.1 erlang-reltool-22.3-150300.3.3.1 erlang-reltool-src-22.3-150300.3.3.1 erlang-src-22.3-150300.3.3.1 erlang-wx-22.3-150300.3.3.1 erlang-wx-debuginfo-22.3-150300.3.3.1 erlang-wx-src-22.3-150300.3.3.1 - SUSE Linux Enterprise Module for Server Applications 15-SP4 (aarch64 ppc64le s390x x86_64): erlang-22.3-150300.3.3.1 erlang-debuginfo-22.3-150300.3.3.1 erlang-debugsource-22.3-150300.3.3.1 erlang-epmd-22.3-150300.3.3.1 erlang-epmd-debuginfo-22.3-150300.3.3.1 - SUSE Linux Enterprise Module for Server Applications 15-SP3 (aarch64 ppc64le s390x x86_64): erlang-22.3-150300.3.3.1 erlang-debuginfo-22.3-150300.3.3.1 erlang-debugsource-22.3-150300.3.3.1 erlang-epmd-22.3-150300.3.3.1 erlang-epmd-debuginfo-22.3-150300.3.3.1 References: https://www.suse.com/security/cve/CVE-2022-37026.html https://bugzilla.suse.com/1205318 From sle-updates at lists.suse.com Fri Nov 25 08:31:53 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 25 Nov 2022 09:31:53 +0100 (CET) Subject: SUSE-CU-2022:3135-1: Security update of suse/389-ds Message-ID: <20221125083153.951FEF3CC@maintenance.suse.de> SUSE Container Update Advisory: suse/389-ds ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3135-1 Container Tags : suse/389-ds:2.0 , suse/389-ds:2.0-17.55 , suse/389-ds:latest Container Release : 17.55 Severity : moderate Type : security References : 1174414 1190651 CVE-2019-2708 ----------------------------------------------------------------- The container suse/389-ds was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4212-1 Released: Thu Nov 24 15:53:48 2022 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1190651 This update for openssl-1_1 fixes the following issues: - FIPS: Mark PBKDF2 with key shorter than 112 bits as non-approved (bsc#1190651) - FIPS: Consider RSA siggen/sigver with PKCS1 padding also approved (bsc#1190651) - FIPS: Return the correct indicator for a given EC group order bits (bsc#1190651) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4214-1 Released: Thu Nov 24 16:17:31 2022 Summary: Security update for libdb-4_8 Type: security Severity: low References: 1174414,CVE-2019-2708 This update for libdb-4_8 fixes the following issues: - CVE-2019-2708: Fixed partial DoS due to data store execution (bsc#1174414). The following package changes have been done: - libopenssl1_1-1.1.1l-150400.7.16.1 updated - libopenssl1_1-hmac-1.1.1l-150400.7.16.1 updated - openssl-1_1-1.1.1l-150400.7.16.1 updated - libdb-4_8-4.8.30-150000.7.6.1 updated - db48-utils-4.8.30-150000.7.6.1 updated - container:sles15-image-15.0.0-27.14.20 updated From sle-updates at lists.suse.com Fri Nov 25 08:34:12 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 25 Nov 2022 09:34:12 +0100 (CET) Subject: SUSE-CU-2022:3136-1: Recommended update of bci/dotnet-aspnet Message-ID: <20221125083412.8FC8BF3CC@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-aspnet ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3136-1 Container Tags : bci/dotnet-aspnet:3.1 , bci/dotnet-aspnet:3.1-42.40 , bci/dotnet-aspnet:3.1.30 , bci/dotnet-aspnet:3.1.30-42.40 Container Release : 42.40 Severity : moderate Type : recommended References : 1190651 ----------------------------------------------------------------- The container bci/dotnet-aspnet was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4212-1 Released: Thu Nov 24 15:53:48 2022 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1190651 This update for openssl-1_1 fixes the following issues: - FIPS: Mark PBKDF2 with key shorter than 112 bits as non-approved (bsc#1190651) - FIPS: Consider RSA siggen/sigver with PKCS1 padding also approved (bsc#1190651) - FIPS: Return the correct indicator for a given EC group order bits (bsc#1190651) The following package changes have been done: - libopenssl1_1-1.1.1l-150400.7.16.1 updated - libopenssl1_1-hmac-1.1.1l-150400.7.16.1 updated - container:sles15-image-15.0.0-27.14.20 updated From sle-updates at lists.suse.com Fri Nov 25 08:36:24 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 25 Nov 2022 09:36:24 +0100 (CET) Subject: SUSE-CU-2022:3137-1: Recommended update of bci/dotnet-aspnet Message-ID: <20221125083624.DAAAEF3CC@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-aspnet ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3137-1 Container Tags : bci/dotnet-aspnet:5.0 , bci/dotnet-aspnet:5.0-27.55 , bci/dotnet-aspnet:5.0.17 , bci/dotnet-aspnet:5.0.17-27.55 Container Release : 27.55 Severity : moderate Type : recommended References : 1190651 1202750 ----------------------------------------------------------------- The container bci/dotnet-aspnet was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4198-1 Released: Wed Nov 23 13:15:04 2022 Summary: Recommended update for rpm Type: recommended Severity: moderate References: 1202750 This update for rpm fixes the following issues: - Strip critical bit in signature subpackage parsing - No longer deadlock DNF after pubkey import (bsc#1202750) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4212-1 Released: Thu Nov 24 15:53:48 2022 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1190651 This update for openssl-1_1 fixes the following issues: - FIPS: Mark PBKDF2 with key shorter than 112 bits as non-approved (bsc#1190651) - FIPS: Consider RSA siggen/sigver with PKCS1 padding also approved (bsc#1190651) - FIPS: Return the correct indicator for a given EC group order bits (bsc#1190651) The following package changes have been done: - libopenssl1_1-1.1.1l-150400.7.16.1 updated - libopenssl1_1-hmac-1.1.1l-150400.7.16.1 updated - rpm-ndb-4.14.3-150300.52.1 updated - container:sles15-image-15.0.0-27.14.20 updated From sle-updates at lists.suse.com Fri Nov 25 08:38:57 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 25 Nov 2022 09:38:57 +0100 (CET) Subject: SUSE-CU-2022:3138-1: Recommended update of bci/dotnet-aspnet Message-ID: <20221125083857.0927EF3CC@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-aspnet ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3138-1 Container Tags : bci/dotnet-aspnet:6.0 , bci/dotnet-aspnet:6.0-22.55 , bci/dotnet-aspnet:6.0.9 , bci/dotnet-aspnet:6.0.9-22.55 Container Release : 22.55 Severity : moderate Type : recommended References : 1190651 ----------------------------------------------------------------- The container bci/dotnet-aspnet was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4212-1 Released: Thu Nov 24 15:53:48 2022 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1190651 This update for openssl-1_1 fixes the following issues: - FIPS: Mark PBKDF2 with key shorter than 112 bits as non-approved (bsc#1190651) - FIPS: Consider RSA siggen/sigver with PKCS1 padding also approved (bsc#1190651) - FIPS: Return the correct indicator for a given EC group order bits (bsc#1190651) The following package changes have been done: - libopenssl1_1-1.1.1l-150400.7.16.1 updated - libopenssl1_1-hmac-1.1.1l-150400.7.16.1 updated - container:sles15-image-15.0.0-27.14.20 updated From sle-updates at lists.suse.com Fri Nov 25 08:39:09 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 25 Nov 2022 09:39:09 +0100 (CET) Subject: SUSE-CU-2022:3139-1: Recommended update of suse/registry Message-ID: <20221125083909.B3635F3CC@maintenance.suse.de> SUSE Container Update Advisory: suse/registry ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3139-1 Container Tags : suse/registry:2.8 , suse/registry:2.8-4.2 , suse/registry:latest Container Release : 4.2 Severity : moderate Type : recommended References : 1190651 ----------------------------------------------------------------- The container suse/registry was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4212-1 Released: Thu Nov 24 15:53:48 2022 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1190651 This update for openssl-1_1 fixes the following issues: - FIPS: Mark PBKDF2 with key shorter than 112 bits as non-approved (bsc#1190651) - FIPS: Consider RSA siggen/sigver with PKCS1 padding also approved (bsc#1190651) - FIPS: Return the correct indicator for a given EC group order bits (bsc#1190651) The following package changes have been done: - libopenssl1_1-1.1.1l-150400.7.16.1 updated - openssl-1_1-1.1.1l-150400.7.16.1 updated From sle-updates at lists.suse.com Fri Nov 25 08:41:46 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 25 Nov 2022 09:41:46 +0100 (CET) Subject: SUSE-CU-2022:3140-1: Recommended update of bci/dotnet-sdk Message-ID: <20221125084146.CACFBF3CC@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-sdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3140-1 Container Tags : bci/dotnet-sdk:6.0 , bci/dotnet-sdk:6.0-25.2 , bci/dotnet-sdk:6.0.11 , bci/dotnet-sdk:6.0.11-25.2 Container Release : 25.2 Severity : moderate Type : recommended References : 1190651 ----------------------------------------------------------------- The container bci/dotnet-sdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4212-1 Released: Thu Nov 24 15:53:48 2022 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1190651 This update for openssl-1_1 fixes the following issues: - FIPS: Mark PBKDF2 with key shorter than 112 bits as non-approved (bsc#1190651) - FIPS: Consider RSA siggen/sigver with PKCS1 padding also approved (bsc#1190651) - FIPS: Return the correct indicator for a given EC group order bits (bsc#1190651) The following package changes have been done: - libopenssl1_1-1.1.1l-150400.7.16.1 updated - libopenssl1_1-hmac-1.1.1l-150400.7.16.1 updated - container:sles15-image-15.0.0-27.14.20 updated From sle-updates at lists.suse.com Fri Nov 25 08:43:58 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 25 Nov 2022 09:43:58 +0100 (CET) Subject: SUSE-CU-2022:3141-1: Recommended update of bci/dotnet-runtime Message-ID: <20221125084358.C543EF3CC@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-runtime ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3141-1 Container Tags : bci/dotnet-runtime:3.1 , bci/dotnet-runtime:3.1-49.2 , bci/dotnet-runtime:3.1.31 , bci/dotnet-runtime:3.1.31-49.2 Container Release : 49.2 Severity : moderate Type : recommended References : 1190651 ----------------------------------------------------------------- The container bci/dotnet-runtime was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4212-1 Released: Thu Nov 24 15:53:48 2022 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1190651 This update for openssl-1_1 fixes the following issues: - FIPS: Mark PBKDF2 with key shorter than 112 bits as non-approved (bsc#1190651) - FIPS: Consider RSA siggen/sigver with PKCS1 padding also approved (bsc#1190651) - FIPS: Return the correct indicator for a given EC group order bits (bsc#1190651) The following package changes have been done: - libopenssl1_1-1.1.1l-150400.7.16.1 updated - libopenssl1_1-hmac-1.1.1l-150400.7.16.1 updated - container:sles15-image-15.0.0-27.14.20 updated From sle-updates at lists.suse.com Fri Nov 25 08:46:03 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 25 Nov 2022 09:46:03 +0100 (CET) Subject: SUSE-CU-2022:3142-1: Recommended update of bci/dotnet-runtime Message-ID: <20221125084603.4C20DF3CC@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-runtime ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3142-1 Container Tags : bci/dotnet-runtime:5.0 , bci/dotnet-runtime:5.0-34.54 , bci/dotnet-runtime:5.0.17 , bci/dotnet-runtime:5.0.17-34.54 Container Release : 34.54 Severity : moderate Type : recommended References : 1190651 ----------------------------------------------------------------- The container bci/dotnet-runtime was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4212-1 Released: Thu Nov 24 15:53:48 2022 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1190651 This update for openssl-1_1 fixes the following issues: - FIPS: Mark PBKDF2 with key shorter than 112 bits as non-approved (bsc#1190651) - FIPS: Consider RSA siggen/sigver with PKCS1 padding also approved (bsc#1190651) - FIPS: Return the correct indicator for a given EC group order bits (bsc#1190651) The following package changes have been done: - libopenssl1_1-1.1.1l-150400.7.16.1 updated - libopenssl1_1-hmac-1.1.1l-150400.7.16.1 updated - container:sles15-image-15.0.0-27.14.20 updated From sle-updates at lists.suse.com Fri Nov 25 08:47:52 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 25 Nov 2022 09:47:52 +0100 (CET) Subject: SUSE-CU-2022:3143-1: Recommended update of bci/dotnet-runtime Message-ID: <20221125084752.B5D3DF3CC@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-runtime ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3143-1 Container Tags : bci/dotnet-runtime:6.0 , bci/dotnet-runtime:6.0-22.2 , bci/dotnet-runtime:6.0.11 , bci/dotnet-runtime:6.0.11-22.2 Container Release : 22.2 Severity : moderate Type : recommended References : 1190651 ----------------------------------------------------------------- The container bci/dotnet-runtime was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4212-1 Released: Thu Nov 24 15:53:48 2022 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1190651 This update for openssl-1_1 fixes the following issues: - FIPS: Mark PBKDF2 with key shorter than 112 bits as non-approved (bsc#1190651) - FIPS: Consider RSA siggen/sigver with PKCS1 padding also approved (bsc#1190651) - FIPS: Return the correct indicator for a given EC group order bits (bsc#1190651) The following package changes have been done: - libopenssl1_1-1.1.1l-150400.7.16.1 updated - libopenssl1_1-hmac-1.1.1l-150400.7.16.1 updated - container:sles15-image-15.0.0-27.14.20 updated From sle-updates at lists.suse.com Fri Nov 25 08:50:57 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 25 Nov 2022 09:50:57 +0100 (CET) Subject: SUSE-CU-2022:3144-1: Recommended update of bci/golang Message-ID: <20221125085057.84EB0F3CC@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3144-1 Container Tags : bci/golang:1.16 , bci/golang:1.16-30.97 Container Release : 30.97 Severity : moderate Type : recommended References : 1190651 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4212-1 Released: Thu Nov 24 15:53:48 2022 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1190651 This update for openssl-1_1 fixes the following issues: - FIPS: Mark PBKDF2 with key shorter than 112 bits as non-approved (bsc#1190651) - FIPS: Consider RSA siggen/sigver with PKCS1 padding also approved (bsc#1190651) - FIPS: Return the correct indicator for a given EC group order bits (bsc#1190651) The following package changes have been done: - libopenssl1_1-1.1.1l-150400.7.16.1 updated - libopenssl1_1-hmac-1.1.1l-150400.7.16.1 updated - container:sles15-image-15.0.0-27.14.20 updated From sle-updates at lists.suse.com Fri Nov 25 08:53:57 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 25 Nov 2022 09:53:57 +0100 (CET) Subject: SUSE-CU-2022:3133-1: Recommended update of bci/golang Message-ID: <20221125085357.23EE0F3CC@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3133-1 Container Tags : bci/golang:1.17 , bci/golang:1.17-29.96 Container Release : 29.96 Severity : moderate Type : recommended References : 1202750 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4198-1 Released: Wed Nov 23 13:15:04 2022 Summary: Recommended update for rpm Type: recommended Severity: moderate References: 1202750 This update for rpm fixes the following issues: - Strip critical bit in signature subpackage parsing - No longer deadlock DNF after pubkey import (bsc#1202750) The following package changes have been done: - rpm-ndb-4.14.3-150300.52.1 updated - container:sles15-image-15.0.0-27.14.19 updated From sle-updates at lists.suse.com Fri Nov 25 08:56:37 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 25 Nov 2022 09:56:37 +0100 (CET) Subject: SUSE-CU-2022:3145-1: Security update of bci/golang Message-ID: <20221125085637.5DCFEF3CC@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3145-1 Container Tags : bci/golang:1.18 , bci/golang:1.18-18.40 Container Release : 18.40 Severity : important Type : security References : 1142579 1177460 1185597 1185712 1188374 1191473 1193929 1194783 1197592 1198165 1198237 1199944 1202324 1202816 1202966 1202967 1202969 1204649 1205126 1205156 CVE-2019-1010204 CVE-2021-3530 CVE-2021-3648 CVE-2021-3826 CVE-2021-45078 CVE-2021-46195 CVE-2022-1664 CVE-2022-27943 CVE-2022-38126 CVE-2022-38127 CVE-2022-38533 CVE-2022-42898 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4066-1 Released: Fri Nov 18 10:43:00 2022 Summary: Recommended update for timezone Type: recommended Severity: important References: 1177460,1202324,1204649,1205156 This update for timezone fixes the following issues: Update timezone version from 2022a to 2022f (bsc#1177460, bsc#1204649, bsc#1205156): - Mexico will no longer observe DST except near the US border - Chihuahua moves to year-round -06 on 2022-10-30 - Fiji no longer observes DST - In vanguard form, GMT is now a Zone and Etc/GMT a link - zic now supports links to links, and vanguard form uses this - Simplify four Ontario zones - Fix a Y2438 bug when reading TZif data - Enable 64-bit time_t on 32-bit glibc platforms - Omit large-file support when no longer needed - Jordan and Syria switch from +02/+03 with DST to year-round +03 - Palestine transitions are now Saturdays at 02:00 - Simplify three Ukraine zones into one - Improve tzselect on intercontinental Zones - Chile's DST is delayed by a week in September 2022 (bsc#1202324) - Iran no longer observes DST after 2022 - Rename Europe/Kiev to Europe/Kyiv - New `zic -R` command option - Vanguard form now uses %z ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4081-1 Released: Fri Nov 18 15:40:46 2022 Summary: Security update for dpkg Type: security Severity: low References: 1199944,CVE-2022-1664 This update for dpkg fixes the following issues: - CVE-2022-1664: Fixed a directory traversal vulnerability in Dpkg::Source::Archive (bsc#1199944). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4135-1 Released: Mon Nov 21 00:13:40 2022 Summary: Recommended update for libeconf Type: recommended Severity: moderate References: 1198165 This update for libeconf fixes the following issues: - Update to version 0.4.6+git - econftool: Parsing error: Reporting file and line nr. --delimeters=spaces accepting all kind of spaces for delimiter. - libeconf: Parse files correctly on space characters (1198165) - Update to version 0.4.5+git - econftool: New call 'syntax' for checking the configuration files only. Returns an error string with line number if error. New options '--comment' and '--delimeters' ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4146-1 Released: Mon Nov 21 09:56:12 2022 Summary: Security update for binutils Type: security Severity: moderate References: 1142579,1185597,1185712,1188374,1191473,1193929,1194783,1197592,1198237,1202816,1202966,1202967,1202969,CVE-2019-1010204,CVE-2021-3530,CVE-2021-3648,CVE-2021-3826,CVE-2021-45078,CVE-2021-46195,CVE-2022-27943,CVE-2022-38126,CVE-2022-38127,CVE-2022-38533 This update for binutils fixes the following issues: The following security bugs were fixed: - CVE-2019-1010204: Fixed out-of-bounds read in elfcpp/elfcpp_file.h (bsc#1142579). - CVE-2021-3530: Fixed stack-based buffer overflow in demangle_path() in rust-demangle.c (bsc#1185597). - CVE-2021-3648: Fixed infinite loop while demangling rust symbols (bsc#1188374). - CVE-2021-3826: Fixed heap/stack buffer overflow in the dlang_lname function in d-demangle.c (bsc#1202969). - CVE-2021-45078: Fixed out-of-bounds write in stab_xcoff_builtin_type() in stabs.c (bsc#1193929). - CVE-2021-46195: Fixed uncontrolled recursion in libiberty/rust-demangle.c (bsc#1194783). - CVE-2022-27943: Fixed stack exhaustion in demangle_const in (bsc#1197592). - CVE-2022-38126: Fixed assertion fail in the display_debug_names() function in binutils/dwarf.c (bsc#1202966). - CVE-2022-38127: Fixed NULL pointer dereference in the read_and_display_attr_value() function in binutils/dwarf.c (bsc#1202967). - CVE-2022-38533: Fixed heap out-of-bounds read in bfd_getl32 (bsc#1202816). The following non-security bugs were fixed: - SLE toolchain update of binutils, update to 2.39 from 2.37. - Update to 2.39: * The ELF linker will now generate a warning message if the stack is made executable. Similarly it will warn if the output binary contains a segment with all three of the read, write and execute permission bits set. These warnings are intended to help developers identify programs which might be vulnerable to attack via these executable memory regions. The warnings are enabled by default but can be disabled via a command line option. It is also possible to build a linker with the warnings disabled, should that be necessary. * The ELF linker now supports a --package-metadata option that allows embedding a JSON payload in accordance to the Package Metadata specification. * In linker scripts it is now possible to use TYPE= in an output section description to set the section type value. * The objdump program now supports coloured/colored syntax highlighting of its disassembler output for some architectures. (Currently: AVR, RiscV, s390, x86, x86_64). * The nm program now supports a --no-weak/-W option to make it ignore weak symbols. * The readelf and objdump programs now support a -wE option to prevent them from attempting to access debuginfod servers when following links. * The objcopy program's --weaken, --weaken-symbol, and --weaken-symbols options now works with unique symbols as well. - Update to 2.38: * elfedit: Add --output-abiversion option to update ABIVERSION. * Add support for the LoongArch instruction set. * Tools which display symbols or strings (readelf, strings, nm, objdump) have a new command line option which controls how unicode characters are handled. By default they are treated as normal for the tool. Using --unicode=locale will display them according to the current locale. Using --unicode=hex will display them as hex byte values, whilst --unicode=escape will display them as escape sequences. In addition using --unicode=highlight will display them as unicode escape sequences highlighted in red (if supported by the output device). * readelf -r dumps RELR relative relocations now. * Support for efi-app-aarch64, efi-rtdrv-aarch64 and efi-bsdrv-aarch64 has been added to objcopy in order to enable UEFI development using binutils. * ar: Add --thin for creating thin archives. -T is a deprecated alias without diagnostics. In many ar implementations -T has a different meaning, as specified by X/Open System Interface. * Add support for AArch64 system registers that were missing in previous releases. * Add support for the LoongArch instruction set. * Add a command-line option, -muse-unaligned-vector-move, for x86 target to encode aligned vector move as unaligned vector move. * Add support for Cortex-R52+ for Arm. * Add support for Cortex-A510, Cortex-A710, Cortex-X2 for AArch64. * Add support for Cortex-A710 for Arm. * Add support for Scalable Matrix Extension (SME) for AArch64. * The --multibyte-handling=[allow|warn|warn-sym-only] option tells the assembler what to when it encoutners multibyte characters in the input. The default is to allow them. Setting the option to 'warn' will generate a warning message whenever any multibyte character is encountered. Using the option to 'warn-sym-only' will make the assembler generate a warning whenever a symbol is defined containing multibyte characters. (References to undefined symbols will not generate warnings). * Outputs of .ds.x directive and .tfloat directive with hex input from x86 assembler have been reduced from 12 bytes to 10 bytes to match the output of .tfloat directive. * Add support for 'armv8.8-a', 'armv9-a', 'armv9.1-a', 'armv9.2-a' and 'armv9.3-a' for -march in AArch64 GAS. * Add support for 'armv8.7-a', 'armv8.8-a', 'armv9-a', 'armv9.1-a', 'armv9.2-a' and 'armv9.3-a' for -march in Arm GAS. * Add support for Intel AVX512_FP16 instructions. * Add -z pack-relative-relocs/-z no pack-relative-relocs to x86 ELF linker to pack relative relocations in the DT_RELR section. * Add support for the LoongArch architecture. * Add -z indirect-extern-access/-z noindirect-extern-access to x86 ELF linker to control canonical function pointers and copy relocation. * Add --max-cache-size=SIZE to set the the maximum cache size to SIZE bytes. - Explicitly enable --enable-warn-execstack=yes and --enable-warn-rwx-segments=yes. - Add gprofng subpackage. - Include recognition of 'z16' name for 'arch14' on s390. (bsc#1198237). - Add back fix for bsc#1191473, which got lost in the update to 2.38. - Install symlinks for all target specific tools on arm-eabi-none (bsc#1185712). - Enable PRU architecture for AM335x CPU (Beagle Bone Black board) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4153-1 Released: Mon Nov 21 14:34:09 2022 Summary: Security update for krb5 Type: security Severity: important References: 1205126,CVE-2022-42898 This update for krb5 fixes the following issues: - CVE-2022-42898: Fixed integer overflow in PAC parsing (bsc#1205126). The following package changes have been done: - libeconf0-0.4.6+git20220427.3016f4e-150400.3.3.1 updated - krb5-1.19.2-150400.3.3.1 updated - timezone-2022f-150000.75.15.1 updated - libctf-nobfd0-2.39-150100.7.40.1 updated - update-alternatives-1.19.0.4-150000.4.4.1 updated - libctf0-2.39-150100.7.40.1 updated - binutils-2.39-150100.7.40.1 updated - container:sles15-image-15.0.0-27.14.18 updated From sle-updates at lists.suse.com Fri Nov 25 08:56:42 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 25 Nov 2022 09:56:42 +0100 (CET) Subject: SUSE-CU-2022:3146-1: Recommended update of bci/golang Message-ID: <20221125085642.6F899F3CC@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3146-1 Container Tags : bci/golang:1.18 , bci/golang:1.18-18.42 Container Release : 18.42 Severity : moderate Type : recommended References : 1202750 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4198-1 Released: Wed Nov 23 13:15:04 2022 Summary: Recommended update for rpm Type: recommended Severity: moderate References: 1202750 This update for rpm fixes the following issues: - Strip critical bit in signature subpackage parsing - No longer deadlock DNF after pubkey import (bsc#1202750) The following package changes have been done: - rpm-ndb-4.14.3-150300.52.1 updated - container:sles15-image-15.0.0-27.14.19 updated From sle-updates at lists.suse.com Fri Nov 25 08:56:50 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 25 Nov 2022 09:56:50 +0100 (CET) Subject: SUSE-CU-2022:3147-1: Recommended update of bci/golang Message-ID: <20221125085650.3BA0BF3CC@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3147-1 Container Tags : bci/golang:1.18 , bci/golang:1.18-18.43 Container Release : 18.43 Severity : moderate Type : recommended References : 1190651 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4212-1 Released: Thu Nov 24 15:53:48 2022 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1190651 This update for openssl-1_1 fixes the following issues: - FIPS: Mark PBKDF2 with key shorter than 112 bits as non-approved (bsc#1190651) - FIPS: Consider RSA siggen/sigver with PKCS1 padding also approved (bsc#1190651) - FIPS: Return the correct indicator for a given EC group order bits (bsc#1190651) The following package changes have been done: - libopenssl1_1-1.1.1l-150400.7.16.1 updated - libopenssl1_1-hmac-1.1.1l-150400.7.16.1 updated - container:sles15-image-15.0.0-27.14.20 updated From sle-updates at lists.suse.com Fri Nov 25 08:58:44 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 25 Nov 2022 09:58:44 +0100 (CET) Subject: SUSE-CU-2022:3148-1: Recommended update of bci/bci-init Message-ID: <20221125085844.E5C68F3CC@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-init ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3148-1 Container Tags : bci/bci-init:15.4 , bci/bci-init:15.4.24.41 , bci/bci-init:latest Container Release : 24.41 Severity : moderate Type : recommended References : 1202750 ----------------------------------------------------------------- The container bci/bci-init was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4198-1 Released: Wed Nov 23 13:15:04 2022 Summary: Recommended update for rpm Type: recommended Severity: moderate References: 1202750 This update for rpm fixes the following issues: - Strip critical bit in signature subpackage parsing - No longer deadlock DNF after pubkey import (bsc#1202750) The following package changes have been done: - rpm-ndb-4.14.3-150300.52.1 updated - container:sles15-image-15.0.0-27.14.19 updated From sle-updates at lists.suse.com Fri Nov 25 08:58:50 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 25 Nov 2022 09:58:50 +0100 (CET) Subject: SUSE-CU-2022:3149-1: Recommended update of bci/bci-init Message-ID: <20221125085850.99751F3CC@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-init ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3149-1 Container Tags : bci/bci-init:15.4 , bci/bci-init:15.4.24.42 , bci/bci-init:latest Container Release : 24.42 Severity : moderate Type : recommended References : 1190651 ----------------------------------------------------------------- The container bci/bci-init was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4212-1 Released: Thu Nov 24 15:53:48 2022 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1190651 This update for openssl-1_1 fixes the following issues: - FIPS: Mark PBKDF2 with key shorter than 112 bits as non-approved (bsc#1190651) - FIPS: Consider RSA siggen/sigver with PKCS1 padding also approved (bsc#1190651) - FIPS: Return the correct indicator for a given EC group order bits (bsc#1190651) The following package changes have been done: - libopenssl1_1-1.1.1l-150400.7.16.1 updated - libopenssl1_1-hmac-1.1.1l-150400.7.16.1 updated - container:sles15-image-15.0.0-27.14.20 updated From sle-updates at lists.suse.com Fri Nov 25 08:59:15 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 25 Nov 2022 09:59:15 +0100 (CET) Subject: SUSE-CU-2022:3150-1: Recommended update of bci/bci-minimal Message-ID: <20221125085915.C0833F3CC@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-minimal ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3150-1 Container Tags : bci/bci-minimal:15.4 , bci/bci-minimal:15.4.16.4 , bci/bci-minimal:latest Container Release : 16.4 Severity : moderate Type : recommended References : 1202750 ----------------------------------------------------------------- The container bci/bci-minimal was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4198-1 Released: Wed Nov 23 13:15:04 2022 Summary: Recommended update for rpm Type: recommended Severity: moderate References: 1202750 This update for rpm fixes the following issues: - Strip critical bit in signature subpackage parsing - No longer deadlock DNF after pubkey import (bsc#1202750) The following package changes have been done: - rpm-ndb-4.14.3-150300.52.1 updated From sle-updates at lists.suse.com Fri Nov 25 09:01:09 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 25 Nov 2022 10:01:09 +0100 (CET) Subject: SUSE-CU-2022:3151-1: Security update of bci/nodejs Message-ID: <20221125090109.6D2E5F3E2@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3151-1 Container Tags : bci/node:14 , bci/node:14-35.36 , bci/nodejs:14 , bci/nodejs:14-35.36 Container Release : 35.36 Severity : important Type : security References : 1198165 1205126 CVE-2022-42898 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4135-1 Released: Mon Nov 21 00:13:40 2022 Summary: Recommended update for libeconf Type: recommended Severity: moderate References: 1198165 This update for libeconf fixes the following issues: - Update to version 0.4.6+git - econftool: Parsing error: Reporting file and line nr. --delimeters=spaces accepting all kind of spaces for delimiter. - libeconf: Parse files correctly on space characters (1198165) - Update to version 0.4.5+git - econftool: New call 'syntax' for checking the configuration files only. Returns an error string with line number if error. New options '--comment' and '--delimeters' ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4153-1 Released: Mon Nov 21 14:34:09 2022 Summary: Security update for krb5 Type: security Severity: important References: 1205126,CVE-2022-42898 This update for krb5 fixes the following issues: - CVE-2022-42898: Fixed integer overflow in PAC parsing (bsc#1205126). The following package changes have been done: - libeconf0-0.4.6+git20220427.3016f4e-150400.3.3.1 updated - krb5-1.19.2-150400.3.3.1 updated - container:sles15-image-15.0.0-27.14.18 updated From sle-updates at lists.suse.com Fri Nov 25 09:01:13 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 25 Nov 2022 10:01:13 +0100 (CET) Subject: SUSE-CU-2022:3152-1: Recommended update of bci/nodejs Message-ID: <20221125090113.6464CF3E2@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3152-1 Container Tags : bci/node:14 , bci/node:14-35.38 , bci/nodejs:14 , bci/nodejs:14-35.38 Container Release : 35.38 Severity : moderate Type : recommended References : 1202750 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4198-1 Released: Wed Nov 23 13:15:04 2022 Summary: Recommended update for rpm Type: recommended Severity: moderate References: 1202750 This update for rpm fixes the following issues: - Strip critical bit in signature subpackage parsing - No longer deadlock DNF after pubkey import (bsc#1202750) The following package changes have been done: - rpm-ndb-4.14.3-150300.52.1 updated - container:sles15-image-15.0.0-27.14.19 updated From sle-updates at lists.suse.com Fri Nov 25 09:01:19 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 25 Nov 2022 10:01:19 +0100 (CET) Subject: SUSE-CU-2022:3153-1: Recommended update of bci/nodejs Message-ID: <20221125090119.9DB36F3E2@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3153-1 Container Tags : bci/node:14 , bci/node:14-35.39 , bci/nodejs:14 , bci/nodejs:14-35.39 Container Release : 35.39 Severity : moderate Type : recommended References : 1190651 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4212-1 Released: Thu Nov 24 15:53:48 2022 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1190651 This update for openssl-1_1 fixes the following issues: - FIPS: Mark PBKDF2 with key shorter than 112 bits as non-approved (bsc#1190651) - FIPS: Consider RSA siggen/sigver with PKCS1 padding also approved (bsc#1190651) - FIPS: Return the correct indicator for a given EC group order bits (bsc#1190651) The following package changes have been done: - libopenssl1_1-1.1.1l-150400.7.16.1 updated - libopenssl1_1-hmac-1.1.1l-150400.7.16.1 updated - container:sles15-image-15.0.0-27.14.20 updated From sle-updates at lists.suse.com Fri Nov 25 09:02:36 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 25 Nov 2022 10:02:36 +0100 (CET) Subject: SUSE-CU-2022:3154-1: Recommended update of bci/nodejs Message-ID: <20221125090236.1E890F3CC@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3154-1 Container Tags : bci/node:16 , bci/node:16-11.38 , bci/node:latest , bci/nodejs:16 , bci/nodejs:16-11.38 , bci/nodejs:latest Container Release : 11.38 Severity : moderate Type : recommended References : 1202750 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4198-1 Released: Wed Nov 23 13:15:04 2022 Summary: Recommended update for rpm Type: recommended Severity: moderate References: 1202750 This update for rpm fixes the following issues: - Strip critical bit in signature subpackage parsing - No longer deadlock DNF after pubkey import (bsc#1202750) The following package changes have been done: - rpm-ndb-4.14.3-150300.52.1 updated - container:sles15-image-15.0.0-27.14.19 updated From sle-updates at lists.suse.com Fri Nov 25 11:20:03 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 25 Nov 2022 12:20:03 +0100 (CET) Subject: SUSE-RU-2022:4217-1: moderate: Recommended update for wget Message-ID: <20221125112003.72E6CF3E2@maintenance.suse.de> SUSE Recommended Update: Recommended update for wget ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:4217-1 Rating: moderate References: #1204720 Affected Products: SUSE Enterprise Storage 7.1 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.2 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.2 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.2 SUSE Manager Server 4.3 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for wget fixes the following issues: - Truncate long file names to prevent wget failures (bsc#1204720) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-4217=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-4217=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-4217=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-4217=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): wget-1.20.3-150000.3.15.1 wget-debuginfo-1.20.3-150000.3.15.1 wget-debugsource-1.20.3-150000.3.15.1 - openSUSE Leap 15.4 (noarch): wget-lang-1.20.3-150000.3.15.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): wget-1.20.3-150000.3.15.1 wget-debuginfo-1.20.3-150000.3.15.1 wget-debugsource-1.20.3-150000.3.15.1 - openSUSE Leap 15.3 (noarch): wget-lang-1.20.3-150000.3.15.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): wget-1.20.3-150000.3.15.1 wget-debuginfo-1.20.3-150000.3.15.1 wget-debugsource-1.20.3-150000.3.15.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): wget-1.20.3-150000.3.15.1 wget-debuginfo-1.20.3-150000.3.15.1 wget-debugsource-1.20.3-150000.3.15.1 References: https://bugzilla.suse.com/1204720 From sle-updates at lists.suse.com Fri Nov 25 14:20:20 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 25 Nov 2022 15:20:20 +0100 (CET) Subject: SUSE-SU-2022:4218-1: important: Security update for grub2 Message-ID: <20221125142020.4BDBAF3E2@maintenance.suse.de> SUSE Security Update: Security update for grub2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:4218-1 Rating: important References: #1205178 #1205182 Cross-References: CVE-2022-2601 CVE-2022-3775 CVSS scores: CVE-2022-2601 (SUSE): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2022-3775 (SUSE): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Enterprise Storage 7 SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Manager Proxy 4.1 SUSE Manager Retail Branch Server 4.1 SUSE Manager Server 4.1 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for grub2 fixes the following issues: - CVE-2022-2601: Fixed buffer overflow in grub_font_construct_glyph (bsc#1205178). - CVE-2022-3775: Fixed integer underflow in blit_comb() (bsc#1205182). Other: - Bump upstream SBAT generation to 3 Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-4218=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-4218=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-4218=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-4218=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-4218=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-4218=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-4218=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-4218=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-4218=1 Package List: - SUSE Manager Server 4.1 (ppc64le s390x x86_64): grub2-2.04-150200.9.68.1 grub2-debuginfo-2.04-150200.9.68.1 - SUSE Manager Server 4.1 (s390x x86_64): grub2-debugsource-2.04-150200.9.68.1 - SUSE Manager Server 4.1 (noarch): grub2-arm64-efi-2.04-150200.9.68.1 grub2-i386-pc-2.04-150200.9.68.1 grub2-powerpc-ieee1275-2.04-150200.9.68.1 grub2-snapper-plugin-2.04-150200.9.68.1 grub2-systemd-sleep-plugin-2.04-150200.9.68.1 grub2-x86_64-efi-2.04-150200.9.68.1 grub2-x86_64-xen-2.04-150200.9.68.1 - SUSE Manager Server 4.1 (s390x): grub2-s390x-emu-2.04-150200.9.68.1 - SUSE Manager Retail Branch Server 4.1 (noarch): grub2-arm64-efi-2.04-150200.9.68.1 grub2-i386-pc-2.04-150200.9.68.1 grub2-snapper-plugin-2.04-150200.9.68.1 grub2-systemd-sleep-plugin-2.04-150200.9.68.1 grub2-x86_64-efi-2.04-150200.9.68.1 grub2-x86_64-xen-2.04-150200.9.68.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): grub2-2.04-150200.9.68.1 grub2-debuginfo-2.04-150200.9.68.1 grub2-debugsource-2.04-150200.9.68.1 - SUSE Manager Proxy 4.1 (x86_64): grub2-2.04-150200.9.68.1 grub2-debuginfo-2.04-150200.9.68.1 grub2-debugsource-2.04-150200.9.68.1 - SUSE Manager Proxy 4.1 (noarch): grub2-arm64-efi-2.04-150200.9.68.1 grub2-i386-pc-2.04-150200.9.68.1 grub2-snapper-plugin-2.04-150200.9.68.1 grub2-systemd-sleep-plugin-2.04-150200.9.68.1 grub2-x86_64-efi-2.04-150200.9.68.1 grub2-x86_64-xen-2.04-150200.9.68.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): grub2-2.04-150200.9.68.1 grub2-debuginfo-2.04-150200.9.68.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (x86_64): grub2-debugsource-2.04-150200.9.68.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (noarch): grub2-arm64-efi-2.04-150200.9.68.1 grub2-i386-pc-2.04-150200.9.68.1 grub2-powerpc-ieee1275-2.04-150200.9.68.1 grub2-snapper-plugin-2.04-150200.9.68.1 grub2-systemd-sleep-plugin-2.04-150200.9.68.1 grub2-x86_64-efi-2.04-150200.9.68.1 grub2-x86_64-xen-2.04-150200.9.68.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): grub2-2.04-150200.9.68.1 grub2-debuginfo-2.04-150200.9.68.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 s390x x86_64): grub2-debugsource-2.04-150200.9.68.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (noarch): grub2-arm64-efi-2.04-150200.9.68.1 grub2-i386-pc-2.04-150200.9.68.1 grub2-powerpc-ieee1275-2.04-150200.9.68.1 grub2-snapper-plugin-2.04-150200.9.68.1 grub2-systemd-sleep-plugin-2.04-150200.9.68.1 grub2-x86_64-efi-2.04-150200.9.68.1 grub2-x86_64-xen-2.04-150200.9.68.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (s390x): grub2-s390x-emu-2.04-150200.9.68.1 - SUSE Linux Enterprise Server 15-SP2-BCL (noarch): grub2-arm64-efi-2.04-150200.9.68.1 grub2-i386-pc-2.04-150200.9.68.1 grub2-snapper-plugin-2.04-150200.9.68.1 grub2-systemd-sleep-plugin-2.04-150200.9.68.1 grub2-x86_64-efi-2.04-150200.9.68.1 grub2-x86_64-xen-2.04-150200.9.68.1 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): grub2-2.04-150200.9.68.1 grub2-debuginfo-2.04-150200.9.68.1 grub2-debugsource-2.04-150200.9.68.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): grub2-2.04-150200.9.68.1 grub2-debuginfo-2.04-150200.9.68.1 grub2-debugsource-2.04-150200.9.68.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (noarch): grub2-arm64-efi-2.04-150200.9.68.1 grub2-i386-pc-2.04-150200.9.68.1 grub2-snapper-plugin-2.04-150200.9.68.1 grub2-systemd-sleep-plugin-2.04-150200.9.68.1 grub2-x86_64-efi-2.04-150200.9.68.1 grub2-x86_64-xen-2.04-150200.9.68.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): grub2-2.04-150200.9.68.1 grub2-debuginfo-2.04-150200.9.68.1 grub2-debugsource-2.04-150200.9.68.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (noarch): grub2-arm64-efi-2.04-150200.9.68.1 grub2-i386-pc-2.04-150200.9.68.1 grub2-snapper-plugin-2.04-150200.9.68.1 grub2-systemd-sleep-plugin-2.04-150200.9.68.1 grub2-x86_64-efi-2.04-150200.9.68.1 grub2-x86_64-xen-2.04-150200.9.68.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): grub2-2.04-150200.9.68.1 grub2-debuginfo-2.04-150200.9.68.1 grub2-debugsource-2.04-150200.9.68.1 - SUSE Enterprise Storage 7 (noarch): grub2-arm64-efi-2.04-150200.9.68.1 grub2-i386-pc-2.04-150200.9.68.1 grub2-snapper-plugin-2.04-150200.9.68.1 grub2-systemd-sleep-plugin-2.04-150200.9.68.1 grub2-x86_64-efi-2.04-150200.9.68.1 grub2-x86_64-xen-2.04-150200.9.68.1 References: https://www.suse.com/security/cve/CVE-2022-2601.html https://www.suse.com/security/cve/CVE-2022-3775.html https://bugzilla.suse.com/1205178 https://bugzilla.suse.com/1205182 From sle-updates at lists.suse.com Fri Nov 25 14:21:15 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 25 Nov 2022 15:21:15 +0100 (CET) Subject: SUSE-RU-2022:4220-1: moderate: Recommended update for lttng-modules Message-ID: <20221125142115.80DEEF3E2@maintenance.suse.de> SUSE Recommended Update: Recommended update for lttng-modules ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:4220-1 Rating: moderate References: #1203753 Affected Products: SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for lttng-modules fixes the following issues: - Use 'vmalloc_sync_mappings' on SUSE Linux Enterprise 12 Service Pack 5 (bsc#1203753) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-4220=1 Package List: - SUSE Linux Enterprise Server 12-SP5 (x86_64): lttng-modules-2.10.9-8.14.1 lttng-modules-debugsource-2.10.9-8.14.1 lttng-modules-kmp-default-2.10.9_k4.12.14_122.136-8.14.1 lttng-modules-kmp-default-debuginfo-2.10.9_k4.12.14_122.136-8.14.1 References: https://bugzilla.suse.com/1203753 From sle-updates at lists.suse.com Fri Nov 25 14:21:56 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 25 Nov 2022 15:21:56 +0100 (CET) Subject: SUSE-SU-2022:4221-1: important: Security update for tomcat Message-ID: <20221125142156.D281EF3E2@maintenance.suse.de> SUSE Security Update: Security update for tomcat ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:4221-1 Rating: important References: #1203868 #1204918 Cross-References: CVE-2021-43980 CVE-2022-42252 CVSS scores: CVE-2021-43980 (NVD) : 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N CVE-2021-43980 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2022-42252 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVE-2022-42252 (SUSE): 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H Affected Products: SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server for SAP 15 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for tomcat fixes the following issues: - CVE-2021-43980: Improve the recycling of Processor objects to make it more robust. (bsc#1203868) - CVE-2022-42252: Fixed a request smuggling (bsc#1204918). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-4221=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2022-4221=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-4221=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-4221=1 Package List: - SUSE Linux Enterprise Server for SAP 15 (noarch): tomcat-9.0.36-150000.3.101.2 tomcat-admin-webapps-9.0.36-150000.3.101.2 tomcat-el-3_0-api-9.0.36-150000.3.101.2 tomcat-jsp-2_3-api-9.0.36-150000.3.101.2 tomcat-lib-9.0.36-150000.3.101.2 tomcat-servlet-4_0-api-9.0.36-150000.3.101.2 tomcat-webapps-9.0.36-150000.3.101.2 - SUSE Linux Enterprise Server 15-LTSS (noarch): tomcat-9.0.36-150000.3.101.2 tomcat-admin-webapps-9.0.36-150000.3.101.2 tomcat-el-3_0-api-9.0.36-150000.3.101.2 tomcat-jsp-2_3-api-9.0.36-150000.3.101.2 tomcat-lib-9.0.36-150000.3.101.2 tomcat-servlet-4_0-api-9.0.36-150000.3.101.2 tomcat-webapps-9.0.36-150000.3.101.2 - SUSE Linux Enterprise High Performance Computing 15-LTSS (noarch): tomcat-9.0.36-150000.3.101.2 tomcat-admin-webapps-9.0.36-150000.3.101.2 tomcat-el-3_0-api-9.0.36-150000.3.101.2 tomcat-jsp-2_3-api-9.0.36-150000.3.101.2 tomcat-lib-9.0.36-150000.3.101.2 tomcat-servlet-4_0-api-9.0.36-150000.3.101.2 tomcat-webapps-9.0.36-150000.3.101.2 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (noarch): tomcat-9.0.36-150000.3.101.2 tomcat-admin-webapps-9.0.36-150000.3.101.2 tomcat-el-3_0-api-9.0.36-150000.3.101.2 tomcat-jsp-2_3-api-9.0.36-150000.3.101.2 tomcat-lib-9.0.36-150000.3.101.2 tomcat-servlet-4_0-api-9.0.36-150000.3.101.2 tomcat-webapps-9.0.36-150000.3.101.2 References: https://www.suse.com/security/cve/CVE-2021-43980.html https://www.suse.com/security/cve/CVE-2022-42252.html https://bugzilla.suse.com/1203868 https://bugzilla.suse.com/1204918 From sle-updates at lists.suse.com Fri Nov 25 14:22:55 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 25 Nov 2022 15:22:55 +0100 (CET) Subject: SUSE-SU-2022:4219-1: important: Security update for grub2 Message-ID: <20221125142255.74E99F3E2@maintenance.suse.de> SUSE Security Update: Security update for grub2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:4219-1 Rating: important References: #1205178 #1205182 Cross-References: CVE-2022-2601 CVE-2022-3775 CVSS scores: CVE-2022-2601 (SUSE): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2022-3775 (SUSE): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Enterprise Storage 7.1 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for SUSE Manager Proxy 4.2 SUSE Linux Enterprise Module for Server Applications 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 openSUSE Leap Micro 5.2 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for grub2 fixes the following issues: - CVE-2022-2601: Fixed buffer overflow in grub_font_construct_glyph (bsc#1205178). - CVE-2022-3775: Fixed integer underflow in blit_comb() (bsc#1205182). Other: - Bump upstream SBAT generation to 3 Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap Micro 5.2: zypper in -t patch openSUSE-Leap-Micro-5.2-2022-4219=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-4219=1 - SUSE Linux Enterprise Module for Server Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP3-2022-4219=1 - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.2: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Proxy-4.2-2022-4219=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-4219=1 - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-4219=1 Package List: - openSUSE Leap Micro 5.2 (aarch64 x86_64): grub2-2.04-150300.22.25.1 grub2-debuginfo-2.04-150300.22.25.1 grub2-debugsource-2.04-150300.22.25.1 - openSUSE Leap Micro 5.2 (noarch): grub2-arm64-efi-2.04-150300.22.25.1 grub2-i386-pc-2.04-150300.22.25.1 grub2-snapper-plugin-2.04-150300.22.25.1 grub2-x86_64-efi-2.04-150300.22.25.1 grub2-x86_64-xen-2.04-150300.22.25.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): grub2-2.04-150300.22.25.1 grub2-branding-upstream-2.04-150300.22.25.1 grub2-debuginfo-2.04-150300.22.25.1 - openSUSE Leap 15.3 (aarch64 s390x x86_64): grub2-debugsource-2.04-150300.22.25.1 - openSUSE Leap 15.3 (noarch): grub2-arm64-efi-2.04-150300.22.25.1 grub2-arm64-efi-debug-2.04-150300.22.25.1 grub2-i386-pc-2.04-150300.22.25.1 grub2-i386-pc-debug-2.04-150300.22.25.1 grub2-powerpc-ieee1275-2.04-150300.22.25.1 grub2-powerpc-ieee1275-debug-2.04-150300.22.25.1 grub2-snapper-plugin-2.04-150300.22.25.1 grub2-systemd-sleep-plugin-2.04-150300.22.25.1 grub2-x86_64-efi-2.04-150300.22.25.1 grub2-x86_64-efi-debug-2.04-150300.22.25.1 grub2-x86_64-xen-2.04-150300.22.25.1 - openSUSE Leap 15.3 (s390x): grub2-s390x-emu-2.04-150300.22.25.1 grub2-s390x-emu-debug-2.04-150300.22.25.1 - SUSE Linux Enterprise Module for Server Applications 15-SP3 (noarch): grub2-x86_64-xen-2.04-150300.22.25.1 - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.2 (noarch): grub2-arm64-efi-2.04-150300.22.25.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): grub2-2.04-150300.22.25.1 grub2-debuginfo-2.04-150300.22.25.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 s390x x86_64): grub2-debugsource-2.04-150300.22.25.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch): grub2-arm64-efi-2.04-150300.22.25.1 grub2-i386-pc-2.04-150300.22.25.1 grub2-powerpc-ieee1275-2.04-150300.22.25.1 grub2-snapper-plugin-2.04-150300.22.25.1 grub2-systemd-sleep-plugin-2.04-150300.22.25.1 grub2-x86_64-efi-2.04-150300.22.25.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (s390x): grub2-s390x-emu-2.04-150300.22.25.1 - SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64): grub2-2.04-150300.22.25.1 grub2-debuginfo-2.04-150300.22.25.1 grub2-debugsource-2.04-150300.22.25.1 - SUSE Linux Enterprise Micro 5.2 (noarch): grub2-arm64-efi-2.04-150300.22.25.1 grub2-i386-pc-2.04-150300.22.25.1 grub2-snapper-plugin-2.04-150300.22.25.1 grub2-x86_64-efi-2.04-150300.22.25.1 grub2-x86_64-xen-2.04-150300.22.25.1 - SUSE Linux Enterprise Micro 5.2 (s390x): grub2-s390x-emu-2.04-150300.22.25.1 References: https://www.suse.com/security/cve/CVE-2022-2601.html https://www.suse.com/security/cve/CVE-2022-3775.html https://bugzilla.suse.com/1205178 https://bugzilla.suse.com/1205182 From sle-updates at lists.suse.com Fri Nov 25 17:19:20 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 25 Nov 2022 18:19:20 +0100 (CET) Subject: SUSE-SU-2022:4222-1: important: Security update for erlang Message-ID: <20221125171920.80EABF3E2@maintenance.suse.de> SUSE Security Update: Security update for erlang ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:4222-1 Rating: important References: #1205318 Cross-References: CVE-2022-37026 CVSS scores: CVE-2022-37026 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-37026 (SUSE): 9.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L Affected Products: SUSE Enterprise Storage 7 SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Manager Proxy 4.1 SUSE Manager Retail Branch Server 4.1 SUSE Manager Server 4.1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for erlang fixes the following issues: - CVE-2022-37026: fixed a client authorization bypass vulnerability for SSL, TLS, and DTLS in Erlang/OTP. [bsc#1205318] Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-4222=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-4222=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-4222=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-4222=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-4222=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-4222=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-4222=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-4222=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-4222=1 Package List: - SUSE Manager Server 4.1 (ppc64le s390x x86_64): erlang-22.2.7-150200.3.3.1 erlang-debuginfo-22.2.7-150200.3.3.1 erlang-debugsource-22.2.7-150200.3.3.1 erlang-epmd-22.2.7-150200.3.3.1 erlang-epmd-debuginfo-22.2.7-150200.3.3.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): erlang-22.2.7-150200.3.3.1 erlang-debuginfo-22.2.7-150200.3.3.1 erlang-debugsource-22.2.7-150200.3.3.1 erlang-epmd-22.2.7-150200.3.3.1 erlang-epmd-debuginfo-22.2.7-150200.3.3.1 - SUSE Manager Proxy 4.1 (x86_64): erlang-22.2.7-150200.3.3.1 erlang-debuginfo-22.2.7-150200.3.3.1 erlang-debugsource-22.2.7-150200.3.3.1 erlang-epmd-22.2.7-150200.3.3.1 erlang-epmd-debuginfo-22.2.7-150200.3.3.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): erlang-22.2.7-150200.3.3.1 erlang-debuginfo-22.2.7-150200.3.3.1 erlang-debugsource-22.2.7-150200.3.3.1 erlang-epmd-22.2.7-150200.3.3.1 erlang-epmd-debuginfo-22.2.7-150200.3.3.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): erlang-22.2.7-150200.3.3.1 erlang-debuginfo-22.2.7-150200.3.3.1 erlang-debugsource-22.2.7-150200.3.3.1 erlang-epmd-22.2.7-150200.3.3.1 erlang-epmd-debuginfo-22.2.7-150200.3.3.1 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): erlang-22.2.7-150200.3.3.1 erlang-debuginfo-22.2.7-150200.3.3.1 erlang-debugsource-22.2.7-150200.3.3.1 erlang-epmd-22.2.7-150200.3.3.1 erlang-epmd-debuginfo-22.2.7-150200.3.3.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): erlang-22.2.7-150200.3.3.1 erlang-debuginfo-22.2.7-150200.3.3.1 erlang-debugsource-22.2.7-150200.3.3.1 erlang-epmd-22.2.7-150200.3.3.1 erlang-epmd-debuginfo-22.2.7-150200.3.3.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): erlang-22.2.7-150200.3.3.1 erlang-debuginfo-22.2.7-150200.3.3.1 erlang-debugsource-22.2.7-150200.3.3.1 erlang-epmd-22.2.7-150200.3.3.1 erlang-epmd-debuginfo-22.2.7-150200.3.3.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): erlang-22.2.7-150200.3.3.1 erlang-debuginfo-22.2.7-150200.3.3.1 erlang-debugsource-22.2.7-150200.3.3.1 erlang-epmd-22.2.7-150200.3.3.1 erlang-epmd-debuginfo-22.2.7-150200.3.3.1 References: https://www.suse.com/security/cve/CVE-2022-37026.html https://bugzilla.suse.com/1205318 From sle-updates at lists.suse.com Fri Nov 25 20:20:07 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 25 Nov 2022 21:20:07 +0100 (CET) Subject: SUSE-SU-2022:4224-1: moderate: Security update for freerdp Message-ID: <20221125202007.C3069F3E2@maintenance.suse.de> SUSE Security Update: Security update for freerdp ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:4224-1 Rating: moderate References: #1205563 #1205564 Cross-References: CVE-2022-39318 CVE-2022-39319 CVSS scores: CVE-2022-39318 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-39318 (SUSE): 4.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:H CVE-2022-39319 (NVD) : 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H CVE-2022-39319 (SUSE): 6.1 CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:H Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Linux Enterprise Workstation Extension 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for freerdp fixes the following issues: - CVE-2022-39318: Fixed division by zero in urbdrc (bsc#1205563). - CVE-2022-39319: Fixed missing input buffer length check in urbdrc (bsc#1205564). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-4224=1 - SUSE Linux Enterprise Workstation Extension 15-SP4: zypper in -t patch SUSE-SLE-Product-WE-15-SP4-2022-4224=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2022-4224=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): freerdp-2.4.0-150400.3.12.1 freerdp-debuginfo-2.4.0-150400.3.12.1 freerdp-debugsource-2.4.0-150400.3.12.1 freerdp-devel-2.4.0-150400.3.12.1 freerdp-proxy-2.4.0-150400.3.12.1 freerdp-proxy-debuginfo-2.4.0-150400.3.12.1 freerdp-server-2.4.0-150400.3.12.1 freerdp-server-debuginfo-2.4.0-150400.3.12.1 freerdp-wayland-2.4.0-150400.3.12.1 freerdp-wayland-debuginfo-2.4.0-150400.3.12.1 libfreerdp2-2.4.0-150400.3.12.1 libfreerdp2-debuginfo-2.4.0-150400.3.12.1 libuwac0-0-2.4.0-150400.3.12.1 libuwac0-0-debuginfo-2.4.0-150400.3.12.1 libwinpr2-2.4.0-150400.3.12.1 libwinpr2-debuginfo-2.4.0-150400.3.12.1 uwac0-0-devel-2.4.0-150400.3.12.1 winpr2-devel-2.4.0-150400.3.12.1 - SUSE Linux Enterprise Workstation Extension 15-SP4 (x86_64): freerdp-2.4.0-150400.3.12.1 freerdp-debuginfo-2.4.0-150400.3.12.1 freerdp-debugsource-2.4.0-150400.3.12.1 freerdp-devel-2.4.0-150400.3.12.1 freerdp-proxy-2.4.0-150400.3.12.1 freerdp-proxy-debuginfo-2.4.0-150400.3.12.1 libfreerdp2-2.4.0-150400.3.12.1 libfreerdp2-debuginfo-2.4.0-150400.3.12.1 libwinpr2-2.4.0-150400.3.12.1 libwinpr2-debuginfo-2.4.0-150400.3.12.1 winpr2-devel-2.4.0-150400.3.12.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 (aarch64 ppc64le s390x): freerdp-2.4.0-150400.3.12.1 freerdp-debuginfo-2.4.0-150400.3.12.1 freerdp-debugsource-2.4.0-150400.3.12.1 freerdp-devel-2.4.0-150400.3.12.1 freerdp-proxy-2.4.0-150400.3.12.1 freerdp-proxy-debuginfo-2.4.0-150400.3.12.1 libfreerdp2-2.4.0-150400.3.12.1 libfreerdp2-debuginfo-2.4.0-150400.3.12.1 libwinpr2-2.4.0-150400.3.12.1 libwinpr2-debuginfo-2.4.0-150400.3.12.1 winpr2-devel-2.4.0-150400.3.12.1 References: https://www.suse.com/security/cve/CVE-2022-39318.html https://www.suse.com/security/cve/CVE-2022-39319.html https://bugzilla.suse.com/1205563 https://bugzilla.suse.com/1205564 From sle-updates at lists.suse.com Fri Nov 25 20:20:48 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 25 Nov 2022 21:20:48 +0100 (CET) Subject: SUSE-RU-2022:4225-1: Recommended update for valgrind Message-ID: <20221125202048.96EA7F3E2@maintenance.suse.de> SUSE Recommended Update: Recommended update for valgrind ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:4225-1 Rating: low References: #1204685 Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Development Tools 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for valgrind fixes the following issues: - Fix memory check between RDMA and atomics (bsc#1204685) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-4225=1 - SUSE Linux Enterprise Module for Development Tools 15-SP4: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2022-4225=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): valgrind-3.18.1-150400.3.3.1 valgrind-debuginfo-3.18.1-150400.3.3.1 valgrind-debugsource-3.18.1-150400.3.3.1 valgrind-devel-3.18.1-150400.3.3.1 - openSUSE Leap 15.4 (s390x x86_64): valgrind-32bit-3.18.1-150400.3.3.1 - openSUSE Leap 15.4 (noarch): valgrind-client-headers-3.18.1-150400.3.3.1 - openSUSE Leap 15.4 (x86_64): valgrind-32bit-debuginfo-3.18.1-150400.3.3.1 - SUSE Linux Enterprise Module for Development Tools 15-SP4 (aarch64 ppc64le s390x x86_64): valgrind-3.18.1-150400.3.3.1 valgrind-debuginfo-3.18.1-150400.3.3.1 valgrind-debugsource-3.18.1-150400.3.3.1 valgrind-devel-3.18.1-150400.3.3.1 - SUSE Linux Enterprise Module for Development Tools 15-SP4 (noarch): valgrind-client-headers-3.18.1-150400.3.3.1 References: https://bugzilla.suse.com/1204685 From sle-updates at lists.suse.com Fri Nov 25 20:21:25 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 25 Nov 2022 21:21:25 +0100 (CET) Subject: SUSE-RU-2022:4236-1: moderate: Recommended update for linux-glibc-devel Message-ID: <20221125202125.D7768F3E2@maintenance.suse.de> SUSE Recommended Update: Recommended update for linux-glibc-devel ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:4236-1 Rating: moderate References: PED-813 Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Micro 5.3 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has 0 recommended fixes and contains one feature can now be installed. Description: This update for linux-glibc-devel fixes the following issues: - Add the rest of 1.0 IAA operation definitions to the user header (jsc#PED-813). Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-4236=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-4236=1 - SUSE Linux Enterprise Micro 5.3: zypper in -t patch SUSE-SLE-Micro-5.3-2022-4236=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): linux-glibc-devel-5.14-150400.6.3.1 - openSUSE Leap 15.4 (noarch): cross-aarch64-linux-glibc-devel-5.14-150400.6.3.1 cross-arm-linux-glibc-devel-5.14-150400.6.3.1 cross-hppa-linux-glibc-devel-5.14-150400.6.3.1 cross-i386-linux-glibc-devel-5.14-150400.6.3.1 cross-m68k-linux-glibc-devel-5.14-150400.6.3.1 cross-mips-linux-glibc-devel-5.14-150400.6.3.1 cross-ppc64-linux-glibc-devel-5.14-150400.6.3.1 cross-ppc64le-linux-glibc-devel-5.14-150400.6.3.1 cross-riscv64-linux-glibc-devel-5.14-150400.6.3.1 cross-s390x-linux-glibc-devel-5.14-150400.6.3.1 cross-sparc-linux-glibc-devel-5.14-150400.6.3.1 cross-sparc64-linux-glibc-devel-5.14-150400.6.3.1 cross-x86_64-linux-glibc-devel-5.14-150400.6.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): linux-glibc-devel-5.14-150400.6.3.1 - SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64): linux-glibc-devel-5.14-150400.6.3.1 References: From sle-updates at lists.suse.com Fri Nov 25 20:22:00 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 25 Nov 2022 21:22:00 +0100 (CET) Subject: SUSE-OU-2022:4229-1: Optional update for cmocka Message-ID: <20221125202200.B3FDBF3E2@maintenance.suse.de> SUSE Optional Update: Optional update for cmocka ______________________________________________________________________________ Announcement ID: SUSE-OU-2022:4229-1 Rating: low References: #1204451 Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Development Tools 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has one optional fix can now be installed. Description: This update for cmocka fixes the following issues: - Ship the package also to Server Applications Module (bsc#1204451) Patch Instructions: To install this SUSE Optional Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-4229=1 - SUSE Linux Enterprise Module for Development Tools 15-SP4: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2022-4229=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): cmocka-debugsource-1.1.5-150400.3.2.3 libcmocka-devel-1.1.5-150400.3.2.3 libcmocka-devel-static-1.1.5-150400.3.2.3 libcmocka0-1.1.5-150400.3.2.3 libcmocka0-debuginfo-1.1.5-150400.3.2.3 - openSUSE Leap 15.4 (x86_64): libcmocka-devel-32bit-1.1.5-150400.3.2.3 libcmocka0-32bit-1.1.5-150400.3.2.3 libcmocka0-32bit-debuginfo-1.1.5-150400.3.2.3 - SUSE Linux Enterprise Module for Development Tools 15-SP4 (aarch64 ppc64le s390x x86_64): cmocka-debugsource-1.1.5-150400.3.2.3 libcmocka-devel-1.1.5-150400.3.2.3 libcmocka-devel-static-1.1.5-150400.3.2.3 libcmocka0-1.1.5-150400.3.2.3 libcmocka0-debuginfo-1.1.5-150400.3.2.3 - SUSE Linux Enterprise Module for Development Tools 15-SP4 (x86_64): libcmocka-devel-32bit-1.1.5-150400.3.2.3 libcmocka0-32bit-1.1.5-150400.3.2.3 libcmocka0-32bit-debuginfo-1.1.5-150400.3.2.3 References: https://bugzilla.suse.com/1204451 From sle-updates at lists.suse.com Fri Nov 25 20:22:40 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 25 Nov 2022 21:22:40 +0100 (CET) Subject: SUSE-RU-2022:4234-1: moderate: Recommended update for osc Message-ID: <20221125202240.11B00F3E2@maintenance.suse.de> SUSE Recommended Update: Recommended update for osc ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:4234-1 Rating: moderate References: Affected Products: SUSE Enterprise Storage 7.1 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Development Tools 15-SP3 SUSE Linux Enterprise Module for Development Tools 15-SP4 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.2 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.2 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.2 SUSE Manager Server 4.3 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has 0 recommended fixes can now be installed. Description: This update for osc fixes the following issues: - 0.182.0 - fix build on SLE12 / python 2.7 - SSH auth: Fix getallmatchingheaders() output to correspond with headers.get_all() - send HTTP header Accept: application/xml - git_version: return version from the source code if there's no matching tag - spec file: - Revert to python2 on SLE12 - Recommend openssh for ssh key auth - fix building on distros that are not openSUSE or SLE - build against python3.6 for SLE12 and older - 0.181.0 - fix crash when 'pass' is not set in the config file - add missing attributes to Package when scm_url is set - fix failure to create config in current dir - update list of considered file names for ssh key autodetection - allow users to prefer ssh key over password auth - ssh: recognize gpg keys (yubikey usage) - fix operating on _project meta - revert "interpretation of string literals in messages" that broke unicode handling - fix product build rpm caching - enable md5 revisions in osc log - parseRevisionOption(): raise an exception on invalid revisions - 0.180.0 - warn when trying to commit a prj/pac managed in scm - fix crash on "osc up" for git based package/projects - don't traceback on invalid credentials manager - improve README, rename it to README.md - declare OscHTTPSignatureAuthHandler as a new-style class - remove illegal character in comment Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-4234=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-4234=1 - SUSE Linux Enterprise Module for Development Tools 15-SP4: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2022-4234=1 - SUSE Linux Enterprise Module for Development Tools 15-SP3: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2022-4234=1 Package List: - openSUSE Leap 15.4 (noarch): osc-0.182.0-150100.3.32.1 - openSUSE Leap 15.3 (noarch): osc-0.182.0-150100.3.32.1 - SUSE Linux Enterprise Module for Development Tools 15-SP4 (noarch): osc-0.182.0-150100.3.32.1 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (noarch): osc-0.182.0-150100.3.32.1 References: From sle-updates at lists.suse.com Fri Nov 25 20:23:16 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 25 Nov 2022 21:23:16 +0100 (CET) Subject: SUSE-RU-2022:4231-1: moderate: Recommended update for google-guest-configs Message-ID: <20221125202316.584B8F3E2@maintenance.suse.de> SUSE Recommended Update: Recommended update for google-guest-configs ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:4231-1 Rating: moderate References: #1204068 #1204091 Affected Products: SUSE Linux Enterprise High Performance Computing 12 SUSE Linux Enterprise Module for Public Cloud 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP Applications 12 SUSE Linux Enterprise Server for SAP Applications 12-SP3 SUSE Linux Enterprise Server for SAP Applications 12-SP4 SUSE Linux Enterprise Server for SAP Applications 12-SP5 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for google-guest-configs fixes the following issues: - Add nvme-cli to Requires (bsc#1204068, bsc#1204091) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2022-4231=1 Package List: - SUSE Linux Enterprise Module for Public Cloud 12 (noarch): google-guest-configs-20220211.00-1.20.1 References: https://bugzilla.suse.com/1204068 https://bugzilla.suse.com/1204091 From sle-updates at lists.suse.com Fri Nov 25 20:24:01 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 25 Nov 2022 21:24:01 +0100 (CET) Subject: SUSE-RU-2022:4230-1: moderate: Recommended update for google-guest-configs Message-ID: <20221125202401.6EAFCF3E2@maintenance.suse.de> SUSE Recommended Update: Recommended update for google-guest-configs ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:4230-1 Rating: moderate References: #1204068 #1204091 Affected Products: SUSE Enterprise Storage 6 SUSE Enterprise Storage 7 SUSE Enterprise Storage 7.1 SUSE Linux Enterprise High Performance Computing 15-SP1 SUSE Linux Enterprise High Performance Computing 15-SP2 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Module for Public Cloud 15-SP1 SUSE Linux Enterprise Module for Public Cloud 15-SP2 SUSE Linux Enterprise Module for Public Cloud 15-SP3 SUSE Linux Enterprise Server 15-SP1 SUSE Linux Enterprise Server 15-SP2 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP1 SUSE Linux Enterprise Server for SAP Applications 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Manager Proxy 4.0 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.0 SUSE Manager Retail Branch Server 4.1 SUSE Manager Retail Branch Server 4.2 SUSE Manager Server 4.0 SUSE Manager Server 4.1 SUSE Manager Server 4.2 openSUSE Leap 15.3 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for google-guest-configs fixes the following issues: - Add nvme-cli to Requires (bsc#1204068, bsc#1204091) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-4230=1 - SUSE Linux Enterprise Module for Public Cloud 15-SP3: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP3-2022-4230=1 - SUSE Linux Enterprise Module for Public Cloud 15-SP2: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP2-2022-4230=1 - SUSE Linux Enterprise Module for Public Cloud 15-SP1: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP1-2022-4230=1 Package List: - openSUSE Leap 15.3 (noarch): google-guest-configs-20220211.00-150000.1.22.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP3 (noarch): google-guest-configs-20220211.00-150000.1.22.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP2 (noarch): google-guest-configs-20220211.00-150000.1.22.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP1 (noarch): google-guest-configs-20220211.00-150000.1.22.1 References: https://bugzilla.suse.com/1204068 https://bugzilla.suse.com/1204091 From sle-updates at lists.suse.com Fri Nov 25 20:24:48 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 25 Nov 2022 21:24:48 +0100 (CET) Subject: SUSE-RU-2022:4239-1: Recommended update for plymouth Message-ID: <20221125202448.1C980F3E2@maintenance.suse.de> SUSE Recommended Update: Recommended update for plymouth ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:4239-1 Rating: low References: #1203147 Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for plymouth fixes the following issues: - Remove typo on patch to clear dracut 'command not found' error (bsc#1203147). Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-4239=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-4239=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): libply-boot-client5-0.9.5~git20210406.e554475-150400.3.8.1 libply-boot-client5-debuginfo-0.9.5~git20210406.e554475-150400.3.8.1 libply-splash-core5-0.9.5~git20210406.e554475-150400.3.8.1 libply-splash-core5-debuginfo-0.9.5~git20210406.e554475-150400.3.8.1 libply-splash-graphics5-0.9.5~git20210406.e554475-150400.3.8.1 libply-splash-graphics5-debuginfo-0.9.5~git20210406.e554475-150400.3.8.1 libply5-0.9.5~git20210406.e554475-150400.3.8.1 libply5-debuginfo-0.9.5~git20210406.e554475-150400.3.8.1 plymouth-0.9.5~git20210406.e554475-150400.3.8.1 plymouth-debuginfo-0.9.5~git20210406.e554475-150400.3.8.1 plymouth-debugsource-0.9.5~git20210406.e554475-150400.3.8.1 plymouth-devel-0.9.5~git20210406.e554475-150400.3.8.1 plymouth-plugin-fade-throbber-0.9.5~git20210406.e554475-150400.3.8.1 plymouth-plugin-fade-throbber-debuginfo-0.9.5~git20210406.e554475-150400.3.8.1 plymouth-plugin-label-0.9.5~git20210406.e554475-150400.3.8.1 plymouth-plugin-label-debuginfo-0.9.5~git20210406.e554475-150400.3.8.1 plymouth-plugin-label-ft-0.9.5~git20210406.e554475-150400.3.8.1 plymouth-plugin-label-ft-debuginfo-0.9.5~git20210406.e554475-150400.3.8.1 plymouth-plugin-script-0.9.5~git20210406.e554475-150400.3.8.1 plymouth-plugin-script-debuginfo-0.9.5~git20210406.e554475-150400.3.8.1 plymouth-plugin-space-flares-0.9.5~git20210406.e554475-150400.3.8.1 plymouth-plugin-space-flares-debuginfo-0.9.5~git20210406.e554475-150400.3.8.1 plymouth-plugin-tribar-0.9.5~git20210406.e554475-150400.3.8.1 plymouth-plugin-tribar-debuginfo-0.9.5~git20210406.e554475-150400.3.8.1 plymouth-plugin-two-step-0.9.5~git20210406.e554475-150400.3.8.1 plymouth-plugin-two-step-debuginfo-0.9.5~git20210406.e554475-150400.3.8.1 - openSUSE Leap 15.4 (noarch): plymouth-branding-upstream-0.9.5~git20210406.e554475-150400.3.8.1 plymouth-dracut-0.9.5~git20210406.e554475-150400.3.8.1 plymouth-lang-0.9.5~git20210406.e554475-150400.3.8.1 plymouth-scripts-0.9.5~git20210406.e554475-150400.3.8.1 plymouth-theme-bgrt-0.9.5~git20210406.e554475-150400.3.8.1 plymouth-theme-fade-in-0.9.5~git20210406.e554475-150400.3.8.1 plymouth-theme-script-0.9.5~git20210406.e554475-150400.3.8.1 plymouth-theme-solar-0.9.5~git20210406.e554475-150400.3.8.1 plymouth-theme-spinfinity-0.9.5~git20210406.e554475-150400.3.8.1 plymouth-theme-spinner-0.9.5~git20210406.e554475-150400.3.8.1 plymouth-theme-tribar-0.9.5~git20210406.e554475-150400.3.8.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): libply-boot-client5-0.9.5~git20210406.e554475-150400.3.8.1 libply-boot-client5-debuginfo-0.9.5~git20210406.e554475-150400.3.8.1 libply-splash-core5-0.9.5~git20210406.e554475-150400.3.8.1 libply-splash-core5-debuginfo-0.9.5~git20210406.e554475-150400.3.8.1 libply-splash-graphics5-0.9.5~git20210406.e554475-150400.3.8.1 libply-splash-graphics5-debuginfo-0.9.5~git20210406.e554475-150400.3.8.1 libply5-0.9.5~git20210406.e554475-150400.3.8.1 libply5-debuginfo-0.9.5~git20210406.e554475-150400.3.8.1 plymouth-0.9.5~git20210406.e554475-150400.3.8.1 plymouth-debuginfo-0.9.5~git20210406.e554475-150400.3.8.1 plymouth-debugsource-0.9.5~git20210406.e554475-150400.3.8.1 plymouth-devel-0.9.5~git20210406.e554475-150400.3.8.1 plymouth-plugin-label-0.9.5~git20210406.e554475-150400.3.8.1 plymouth-plugin-label-debuginfo-0.9.5~git20210406.e554475-150400.3.8.1 plymouth-plugin-label-ft-0.9.5~git20210406.e554475-150400.3.8.1 plymouth-plugin-label-ft-debuginfo-0.9.5~git20210406.e554475-150400.3.8.1 plymouth-plugin-script-0.9.5~git20210406.e554475-150400.3.8.1 plymouth-plugin-script-debuginfo-0.9.5~git20210406.e554475-150400.3.8.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (noarch): plymouth-dracut-0.9.5~git20210406.e554475-150400.3.8.1 plymouth-lang-0.9.5~git20210406.e554475-150400.3.8.1 plymouth-scripts-0.9.5~git20210406.e554475-150400.3.8.1 References: https://bugzilla.suse.com/1203147 From sle-updates at lists.suse.com Fri Nov 25 20:25:30 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 25 Nov 2022 21:25:30 +0100 (CET) Subject: SUSE-RU-2022:4235-1: moderate: Recommended update for yast2-users Message-ID: <20221125202530.52E5BF3E2@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2-users ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:4235-1 Rating: moderate References: #1202974 Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Installer 15-SP4 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for yast2-users fixes the following issues: - AutoYaST: Fix creation of home for system users (bsc#1202974) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-4235=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-4235=1 - SUSE Linux Enterprise Installer 15-SP4: zypper in -t patch SUSE-SLE-INSTALLER-15-SP4-2022-4235=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): yast2-users-4.4.12-150400.3.6.1 yast2-users-debuginfo-4.4.12-150400.3.6.1 yast2-users-debugsource-4.4.12-150400.3.6.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): yast2-users-4.4.12-150400.3.6.1 yast2-users-debuginfo-4.4.12-150400.3.6.1 yast2-users-debugsource-4.4.12-150400.3.6.1 - SUSE Linux Enterprise Installer 15-SP4 (aarch64 ppc64le s390x x86_64): yast2-users-4.4.12-150400.3.6.1 References: https://bugzilla.suse.com/1202974 From sle-updates at lists.suse.com Fri Nov 25 20:26:13 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 25 Nov 2022 21:26:13 +0100 (CET) Subject: SUSE-RU-2022:4233-1: Recommended update for publicsuffix Message-ID: <20221125202613.E84E9F3E2@maintenance.suse.de> SUSE Recommended Update: Recommended update for publicsuffix ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:4233-1 Rating: low References: Affected Products: SUSE Enterprise Storage 7.1 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.2 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.2 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.2 SUSE Manager Server 4.3 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has 0 recommended fixes can now be installed. Description: This update for publicsuffix fixes the following issues: - Update to version 20220903 Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-4233=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-4233=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-4233=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-4233=1 Package List: - openSUSE Leap 15.4 (noarch): publicsuffix-20220903-150000.3.12.1 - openSUSE Leap 15.3 (noarch): publicsuffix-20220903-150000.3.12.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (noarch): publicsuffix-20220903-150000.3.12.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch): publicsuffix-20220903-150000.3.12.1 References: From sle-updates at lists.suse.com Fri Nov 25 20:26:56 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 25 Nov 2022 21:26:56 +0100 (CET) Subject: SUSE-RU-2022:4227-1: Recommended update for release-notes-sle-micro Message-ID: <20221125202656.C8516F3E2@maintenance.suse.de> SUSE Recommended Update: Recommended update for release-notes-sle-micro ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:4227-1 Rating: low References: #1204440 Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Availability 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Micro 5.3 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for samba fixes the following issue: - Make samba-tool available in the basesystem (bsc#1204440) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-4227=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-4227=1 - SUSE Linux Enterprise Micro 5.3: zypper in -t patch SUSE-SLE-Micro-5.3-2022-4227=1 - SUSE Linux Enterprise High Availability 15-SP4: zypper in -t patch SUSE-SLE-Product-HA-15-SP4-2022-4227=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): ctdb-4.15.8+git.527.8d0c05d313e-150400.3.16.11 ctdb-debuginfo-4.15.8+git.527.8d0c05d313e-150400.3.16.11 ctdb-pcp-pmda-4.15.8+git.527.8d0c05d313e-150400.3.16.11 ctdb-pcp-pmda-debuginfo-4.15.8+git.527.8d0c05d313e-150400.3.16.11 libsamba-policy-devel-4.15.8+git.527.8d0c05d313e-150400.3.16.11 libsamba-policy-python3-devel-4.15.8+git.527.8d0c05d313e-150400.3.16.11 libsamba-policy0-python3-4.15.8+git.527.8d0c05d313e-150400.3.16.11 libsamba-policy0-python3-debuginfo-4.15.8+git.527.8d0c05d313e-150400.3.16.11 samba-4.15.8+git.527.8d0c05d313e-150400.3.16.11 samba-ad-dc-4.15.8+git.527.8d0c05d313e-150400.3.16.11 samba-ad-dc-debuginfo-4.15.8+git.527.8d0c05d313e-150400.3.16.11 samba-ad-dc-libs-4.15.8+git.527.8d0c05d313e-150400.3.16.11 samba-ad-dc-libs-debuginfo-4.15.8+git.527.8d0c05d313e-150400.3.16.11 samba-client-4.15.8+git.527.8d0c05d313e-150400.3.16.11 samba-client-debuginfo-4.15.8+git.527.8d0c05d313e-150400.3.16.11 samba-client-libs-4.15.8+git.527.8d0c05d313e-150400.3.16.11 samba-client-libs-debuginfo-4.15.8+git.527.8d0c05d313e-150400.3.16.11 samba-debuginfo-4.15.8+git.527.8d0c05d313e-150400.3.16.11 samba-debugsource-4.15.8+git.527.8d0c05d313e-150400.3.16.11 samba-devel-4.15.8+git.527.8d0c05d313e-150400.3.16.11 samba-dsdb-modules-4.15.8+git.527.8d0c05d313e-150400.3.16.11 samba-dsdb-modules-debuginfo-4.15.8+git.527.8d0c05d313e-150400.3.16.11 samba-gpupdate-4.15.8+git.527.8d0c05d313e-150400.3.16.11 samba-ldb-ldap-4.15.8+git.527.8d0c05d313e-150400.3.16.11 samba-ldb-ldap-debuginfo-4.15.8+git.527.8d0c05d313e-150400.3.16.11 samba-libs-4.15.8+git.527.8d0c05d313e-150400.3.16.11 samba-libs-debuginfo-4.15.8+git.527.8d0c05d313e-150400.3.16.11 samba-libs-python3-4.15.8+git.527.8d0c05d313e-150400.3.16.11 samba-libs-python3-debuginfo-4.15.8+git.527.8d0c05d313e-150400.3.16.11 samba-python3-4.15.8+git.527.8d0c05d313e-150400.3.16.11 samba-python3-debuginfo-4.15.8+git.527.8d0c05d313e-150400.3.16.11 samba-test-4.15.8+git.527.8d0c05d313e-150400.3.16.11 samba-test-debuginfo-4.15.8+git.527.8d0c05d313e-150400.3.16.11 samba-tool-4.15.8+git.527.8d0c05d313e-150400.3.16.11 samba-winbind-4.15.8+git.527.8d0c05d313e-150400.3.16.11 samba-winbind-debuginfo-4.15.8+git.527.8d0c05d313e-150400.3.16.11 samba-winbind-libs-4.15.8+git.527.8d0c05d313e-150400.3.16.11 samba-winbind-libs-debuginfo-4.15.8+git.527.8d0c05d313e-150400.3.16.11 - openSUSE Leap 15.4 (aarch64 x86_64): samba-ceph-4.15.8+git.527.8d0c05d313e-150400.3.16.11 samba-ceph-debuginfo-4.15.8+git.527.8d0c05d313e-150400.3.16.11 - openSUSE Leap 15.4 (x86_64): libsamba-policy0-python3-32bit-4.15.8+git.527.8d0c05d313e-150400.3.16.11 libsamba-policy0-python3-32bit-debuginfo-4.15.8+git.527.8d0c05d313e-150400.3.16.11 samba-ad-dc-libs-32bit-4.15.8+git.527.8d0c05d313e-150400.3.16.11 samba-ad-dc-libs-32bit-debuginfo-4.15.8+git.527.8d0c05d313e-150400.3.16.11 samba-client-32bit-4.15.8+git.527.8d0c05d313e-150400.3.16.11 samba-client-32bit-debuginfo-4.15.8+git.527.8d0c05d313e-150400.3.16.11 samba-client-libs-32bit-4.15.8+git.527.8d0c05d313e-150400.3.16.11 samba-client-libs-32bit-debuginfo-4.15.8+git.527.8d0c05d313e-150400.3.16.11 samba-devel-32bit-4.15.8+git.527.8d0c05d313e-150400.3.16.11 samba-libs-32bit-4.15.8+git.527.8d0c05d313e-150400.3.16.11 samba-libs-32bit-debuginfo-4.15.8+git.527.8d0c05d313e-150400.3.16.11 samba-libs-python3-32bit-4.15.8+git.527.8d0c05d313e-150400.3.16.11 samba-libs-python3-32bit-debuginfo-4.15.8+git.527.8d0c05d313e-150400.3.16.11 samba-winbind-libs-32bit-4.15.8+git.527.8d0c05d313e-150400.3.16.11 samba-winbind-libs-32bit-debuginfo-4.15.8+git.527.8d0c05d313e-150400.3.16.11 - openSUSE Leap 15.4 (noarch): samba-doc-4.15.8+git.527.8d0c05d313e-150400.3.16.11 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): libsamba-policy-devel-4.15.8+git.527.8d0c05d313e-150400.3.16.11 libsamba-policy-python3-devel-4.15.8+git.527.8d0c05d313e-150400.3.16.11 libsamba-policy0-python3-4.15.8+git.527.8d0c05d313e-150400.3.16.11 libsamba-policy0-python3-debuginfo-4.15.8+git.527.8d0c05d313e-150400.3.16.11 samba-4.15.8+git.527.8d0c05d313e-150400.3.16.11 samba-ad-dc-libs-4.15.8+git.527.8d0c05d313e-150400.3.16.11 samba-ad-dc-libs-debuginfo-4.15.8+git.527.8d0c05d313e-150400.3.16.11 samba-client-4.15.8+git.527.8d0c05d313e-150400.3.16.11 samba-client-debuginfo-4.15.8+git.527.8d0c05d313e-150400.3.16.11 samba-client-libs-4.15.8+git.527.8d0c05d313e-150400.3.16.11 samba-client-libs-debuginfo-4.15.8+git.527.8d0c05d313e-150400.3.16.11 samba-debuginfo-4.15.8+git.527.8d0c05d313e-150400.3.16.11 samba-debugsource-4.15.8+git.527.8d0c05d313e-150400.3.16.11 samba-devel-4.15.8+git.527.8d0c05d313e-150400.3.16.11 samba-dsdb-modules-4.15.8+git.527.8d0c05d313e-150400.3.16.11 samba-dsdb-modules-debuginfo-4.15.8+git.527.8d0c05d313e-150400.3.16.11 samba-gpupdate-4.15.8+git.527.8d0c05d313e-150400.3.16.11 samba-ldb-ldap-4.15.8+git.527.8d0c05d313e-150400.3.16.11 samba-ldb-ldap-debuginfo-4.15.8+git.527.8d0c05d313e-150400.3.16.11 samba-libs-4.15.8+git.527.8d0c05d313e-150400.3.16.11 samba-libs-debuginfo-4.15.8+git.527.8d0c05d313e-150400.3.16.11 samba-libs-python3-4.15.8+git.527.8d0c05d313e-150400.3.16.11 samba-libs-python3-debuginfo-4.15.8+git.527.8d0c05d313e-150400.3.16.11 samba-python3-4.15.8+git.527.8d0c05d313e-150400.3.16.11 samba-python3-debuginfo-4.15.8+git.527.8d0c05d313e-150400.3.16.11 samba-tool-4.15.8+git.527.8d0c05d313e-150400.3.16.11 samba-winbind-4.15.8+git.527.8d0c05d313e-150400.3.16.11 samba-winbind-debuginfo-4.15.8+git.527.8d0c05d313e-150400.3.16.11 samba-winbind-libs-4.15.8+git.527.8d0c05d313e-150400.3.16.11 samba-winbind-libs-debuginfo-4.15.8+git.527.8d0c05d313e-150400.3.16.11 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 x86_64): samba-ceph-4.15.8+git.527.8d0c05d313e-150400.3.16.11 samba-ceph-debuginfo-4.15.8+git.527.8d0c05d313e-150400.3.16.11 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (x86_64): samba-client-libs-32bit-4.15.8+git.527.8d0c05d313e-150400.3.16.11 samba-client-libs-32bit-debuginfo-4.15.8+git.527.8d0c05d313e-150400.3.16.11 samba-libs-32bit-4.15.8+git.527.8d0c05d313e-150400.3.16.11 samba-libs-32bit-debuginfo-4.15.8+git.527.8d0c05d313e-150400.3.16.11 - SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64): samba-client-libs-4.15.8+git.527.8d0c05d313e-150400.3.16.11 samba-client-libs-debuginfo-4.15.8+git.527.8d0c05d313e-150400.3.16.11 samba-debuginfo-4.15.8+git.527.8d0c05d313e-150400.3.16.11 samba-debugsource-4.15.8+git.527.8d0c05d313e-150400.3.16.11 - SUSE Linux Enterprise High Availability 15-SP4 (aarch64 ppc64le s390x x86_64): ctdb-4.15.8+git.527.8d0c05d313e-150400.3.16.11 ctdb-debuginfo-4.15.8+git.527.8d0c05d313e-150400.3.16.11 samba-debuginfo-4.15.8+git.527.8d0c05d313e-150400.3.16.11 samba-debugsource-4.15.8+git.527.8d0c05d313e-150400.3.16.11 References: https://bugzilla.suse.com/1204440 From sle-updates at lists.suse.com Fri Nov 25 20:27:44 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 25 Nov 2022 21:27:44 +0100 (CET) Subject: SUSE-RU-2022:4237-1: Recommended update for openldap2 Message-ID: <20221125202744.970A7F3E2@maintenance.suse.de> SUSE Recommended Update: Recommended update for openldap2 ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:4237-1 Rating: low References: #1203320 Affected Products: SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for openldap2 fixes the following issues: - Resolve broken symlinks in documentation (bsc#1203320) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-4237=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-4237=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): openldap2-back-perl-2.4.41-22.16.1 openldap2-back-perl-debuginfo-2.4.41-22.16.1 openldap2-debuginfo-2.4.41-22.16.1 openldap2-debugsource-2.4.41-22.16.1 openldap2-devel-2.4.41-22.16.1 openldap2-devel-static-2.4.41-22.16.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): libldap-2_4-2-2.4.41-22.16.1 libldap-2_4-2-debuginfo-2.4.41-22.16.1 openldap2-2.4.41-22.16.1 openldap2-back-meta-2.4.41-22.16.1 openldap2-back-meta-debuginfo-2.4.41-22.16.1 openldap2-client-2.4.41-22.16.1 openldap2-client-debuginfo-2.4.41-22.16.1 openldap2-debuginfo-2.4.41-22.16.1 openldap2-debugsource-2.4.41-22.16.1 openldap2-ppolicy-check-password-1.2-22.16.1 openldap2-ppolicy-check-password-debuginfo-1.2-22.16.1 - SUSE Linux Enterprise Server 12-SP5 (s390x x86_64): libldap-2_4-2-32bit-2.4.41-22.16.1 libldap-2_4-2-debuginfo-32bit-2.4.41-22.16.1 - SUSE Linux Enterprise Server 12-SP5 (noarch): openldap2-doc-2.4.41-22.16.1 References: https://bugzilla.suse.com/1203320 From sle-updates at lists.suse.com Fri Nov 25 20:28:25 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 25 Nov 2022 21:28:25 +0100 (CET) Subject: SUSE-RU-2022:4228-1: moderate: Recommended update for texlive-cjk-latex-extras Message-ID: <20221125202825.1931EF3E2@maintenance.suse.de> SUSE Recommended Update: Recommended update for texlive-cjk-latex-extras ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:4228-1 Rating: moderate References: #1159111 Affected Products: SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for texlive-cjk-latex-extras fixes the following issues: - Replace safe-rm to avoid security risks(bsc#1159111). Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-4228=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (noarch): texlive-cjk-latex-extras-20070515-190.3.1 References: https://bugzilla.suse.com/1159111 From sle-updates at lists.suse.com Fri Nov 25 20:29:02 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 25 Nov 2022 21:29:02 +0100 (CET) Subject: SUSE-RU-2022:4226-1: moderate: Recommended update for suseconnect-ng Message-ID: <20221125202902.AA4E5F3E2@maintenance.suse.de> SUSE Recommended Update: Recommended update for suseconnect-ng ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:4226-1 Rating: moderate References: #1196076 #1198625 #1200803 #1200994 #1203341 #1204821 Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Micro 5.3 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap Micro 5.3 ______________________________________________________________________________ An update that has 6 recommended fixes can now be installed. Description: This update for suseconnect-ng fixes the following issues: - Fix System-Token support in ruby binding (bsc#1203341) - Use system-wide proxy settings (bsc#1200994) - Add timer for SUSEConnect --keepalive (bsc#1196076) - Added support for the System-Token header - Add Keepalive command line option - Print nested zypper errors (bsc#1200803) - Fix migration json error with SMT (bsc#1198625) - Packaging adjustments (bsc#1204821) - Add option to run local scc tests Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap Micro 5.3: zypper in -t patch openSUSE-Leap-Micro-5.3-2022-4226=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-4226=1 - SUSE Linux Enterprise Micro 5.3: zypper in -t patch SUSE-SLE-Micro-5.3-2022-4226=1 Package List: - openSUSE Leap Micro 5.3 (aarch64 x86_64): suseconnect-ng-1.0.0~git0.faee7c196dc1-150400.3.7.3 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): libsuseconnect-1.0.0~git0.faee7c196dc1-150400.3.7.3 suseconnect-ng-1.0.0~git0.faee7c196dc1-150400.3.7.3 suseconnect-ruby-bindings-1.0.0~git0.faee7c196dc1-150400.3.7.3 - SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64): suseconnect-ng-1.0.0~git0.faee7c196dc1-150400.3.7.3 References: https://bugzilla.suse.com/1196076 https://bugzilla.suse.com/1198625 https://bugzilla.suse.com/1200803 https://bugzilla.suse.com/1200994 https://bugzilla.suse.com/1203341 https://bugzilla.suse.com/1204821 From sle-updates at lists.suse.com Fri Nov 25 20:30:03 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 25 Nov 2022 21:30:03 +0100 (CET) Subject: SUSE-RU-2022:4238-1: moderate: Recommended update for rekor Message-ID: <20221125203003.0CA61F3E2@maintenance.suse.de> SUSE Recommended Update: Recommended update for rekor ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:4238-1 Rating: moderate References: SLE-23476 Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has 0 recommended fixes and contains one feature can now be installed. Description: This update for rekor fixes the following issues: - updated to rekor 0.12.0 (jsc#SLE-23476) - enable server build Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-4238=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-4238=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): rekor-0.12.0-150400.4.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): rekor-0.12.0-150400.4.3.1 References: From sle-updates at lists.suse.com Fri Nov 25 20:30:41 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 25 Nov 2022 21:30:41 +0100 (CET) Subject: SUSE-RU-2022:4232-1: Recommended update for llvm11 Message-ID: <20221125203041.29F18F3E2@maintenance.suse.de> SUSE Recommended Update: Recommended update for llvm11 ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:4232-1 Rating: low References: #1189602 Affected Products: SUSE Enterprise Storage 7.1 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.2 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.2 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.2 SUSE Manager Server 4.3 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for llvm11 fixes the following issues: - The LLVM test suite expects specific compressed binary payload but with IBM z HW compression that payload can vary and not match the software implementation, fixes testsuite errors (bsc#1189602) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-4232=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-4232=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-4232=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-4232=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): clang-tools-11.0.1-150300.3.3.1 clang-tools-debuginfo-11.0.1-150300.3.3.1 clang11-11.0.1-150300.3.3.1 clang11-debuginfo-11.0.1-150300.3.3.1 clang11-devel-11.0.1-150300.3.3.1 libLLVM11-11.0.1-150300.3.3.1 libLLVM11-debuginfo-11.0.1-150300.3.3.1 libLTO11-11.0.1-150300.3.3.1 libLTO11-debuginfo-11.0.1-150300.3.3.1 libclang11-11.0.1-150300.3.3.1 libclang11-debuginfo-11.0.1-150300.3.3.1 lld11-11.0.1-150300.3.3.1 lld11-debuginfo-11.0.1-150300.3.3.1 llvm11-11.0.1-150300.3.3.1 llvm11-LTO-devel-11.0.1-150300.3.3.1 llvm11-debuginfo-11.0.1-150300.3.3.1 llvm11-debugsource-11.0.1-150300.3.3.1 llvm11-devel-11.0.1-150300.3.3.1 llvm11-devel-debuginfo-11.0.1-150300.3.3.1 llvm11-gold-11.0.1-150300.3.3.1 llvm11-gold-debuginfo-11.0.1-150300.3.3.1 llvm11-polly-11.0.1-150300.3.3.1 llvm11-polly-debuginfo-11.0.1-150300.3.3.1 llvm11-polly-devel-11.0.1-150300.3.3.1 - openSUSE Leap 15.4 (aarch64 ppc64le x86_64): libomp11-devel-11.0.1-150300.3.3.1 libomp11-devel-debuginfo-11.0.1-150300.3.3.1 - openSUSE Leap 15.4 (aarch64 x86_64): libc++-devel-11.0.1-150300.3.3.1 libc++1-11.0.1-150300.3.3.1 libc++1-debuginfo-11.0.1-150300.3.3.1 libc++abi-devel-11.0.1-150300.3.3.1 libc++abi1-11.0.1-150300.3.3.1 libc++abi1-debuginfo-11.0.1-150300.3.3.1 - openSUSE Leap 15.4 (x86_64): clang11-devel-32bit-11.0.1-150300.3.3.1 libLLVM11-32bit-11.0.1-150300.3.3.1 libLLVM11-32bit-debuginfo-11.0.1-150300.3.3.1 libLTO11-32bit-11.0.1-150300.3.3.1 libLTO11-32bit-debuginfo-11.0.1-150300.3.3.1 libclang11-32bit-11.0.1-150300.3.3.1 libclang11-32bit-debuginfo-11.0.1-150300.3.3.1 liblldb11-11.0.1-150300.3.3.1 liblldb11-debuginfo-11.0.1-150300.3.3.1 lldb11-11.0.1-150300.3.3.1 lldb11-debuginfo-11.0.1-150300.3.3.1 lldb11-devel-11.0.1-150300.3.3.1 llvm11-LTO-devel-32bit-11.0.1-150300.3.3.1 llvm11-devel-32bit-11.0.1-150300.3.3.1 llvm11-devel-32bit-debuginfo-11.0.1-150300.3.3.1 python3-lldb11-11.0.1-150300.3.3.1 - openSUSE Leap 15.4 (noarch): clang11-doc-11.0.1-150300.3.3.1 llvm11-doc-11.0.1-150300.3.3.1 llvm11-opt-viewer-11.0.1-150300.3.3.1 llvm11-vim-plugins-11.0.1-150300.3.3.1 python3-clang-11.0.1-150300.3.3.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): clang-tools-11.0.1-150300.3.3.1 clang-tools-debuginfo-11.0.1-150300.3.3.1 clang11-11.0.1-150300.3.3.1 clang11-debuginfo-11.0.1-150300.3.3.1 clang11-devel-11.0.1-150300.3.3.1 libLLVM11-11.0.1-150300.3.3.1 libLLVM11-debuginfo-11.0.1-150300.3.3.1 libLTO11-11.0.1-150300.3.3.1 libLTO11-debuginfo-11.0.1-150300.3.3.1 libclang11-11.0.1-150300.3.3.1 libclang11-debuginfo-11.0.1-150300.3.3.1 lld11-11.0.1-150300.3.3.1 lld11-debuginfo-11.0.1-150300.3.3.1 llvm11-11.0.1-150300.3.3.1 llvm11-LTO-devel-11.0.1-150300.3.3.1 llvm11-debuginfo-11.0.1-150300.3.3.1 llvm11-debugsource-11.0.1-150300.3.3.1 llvm11-devel-11.0.1-150300.3.3.1 llvm11-devel-debuginfo-11.0.1-150300.3.3.1 llvm11-gold-11.0.1-150300.3.3.1 llvm11-gold-debuginfo-11.0.1-150300.3.3.1 llvm11-polly-11.0.1-150300.3.3.1 llvm11-polly-debuginfo-11.0.1-150300.3.3.1 llvm11-polly-devel-11.0.1-150300.3.3.1 - openSUSE Leap 15.3 (aarch64 ppc64le x86_64): libomp11-devel-11.0.1-150300.3.3.1 libomp11-devel-debuginfo-11.0.1-150300.3.3.1 - openSUSE Leap 15.3 (aarch64 x86_64): libc++-devel-11.0.1-150300.3.3.1 libc++1-11.0.1-150300.3.3.1 libc++1-debuginfo-11.0.1-150300.3.3.1 libc++abi-devel-11.0.1-150300.3.3.1 libc++abi1-11.0.1-150300.3.3.1 libc++abi1-debuginfo-11.0.1-150300.3.3.1 - openSUSE Leap 15.3 (x86_64): clang11-devel-32bit-11.0.1-150300.3.3.1 libLLVM11-32bit-11.0.1-150300.3.3.1 libLLVM11-32bit-debuginfo-11.0.1-150300.3.3.1 libLTO11-32bit-11.0.1-150300.3.3.1 libLTO11-32bit-debuginfo-11.0.1-150300.3.3.1 libclang11-32bit-11.0.1-150300.3.3.1 libclang11-32bit-debuginfo-11.0.1-150300.3.3.1 liblldb11-11.0.1-150300.3.3.1 liblldb11-debuginfo-11.0.1-150300.3.3.1 lldb11-11.0.1-150300.3.3.1 lldb11-debuginfo-11.0.1-150300.3.3.1 lldb11-devel-11.0.1-150300.3.3.1 llvm11-LTO-devel-32bit-11.0.1-150300.3.3.1 llvm11-devel-32bit-11.0.1-150300.3.3.1 llvm11-devel-32bit-debuginfo-11.0.1-150300.3.3.1 python3-lldb11-11.0.1-150300.3.3.1 - openSUSE Leap 15.3 (noarch): clang11-doc-11.0.1-150300.3.3.1 llvm11-doc-11.0.1-150300.3.3.1 llvm11-opt-viewer-11.0.1-150300.3.3.1 llvm11-vim-plugins-11.0.1-150300.3.3.1 python3-clang-11.0.1-150300.3.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): libLLVM11-11.0.1-150300.3.3.1 libLLVM11-debuginfo-11.0.1-150300.3.3.1 llvm11-debuginfo-11.0.1-150300.3.3.1 llvm11-debugsource-11.0.1-150300.3.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (x86_64): libLLVM11-32bit-11.0.1-150300.3.3.1 libLLVM11-32bit-debuginfo-11.0.1-150300.3.3.1 libc++-devel-11.0.1-150300.3.3.1 libc++1-11.0.1-150300.3.3.1 libc++1-debuginfo-11.0.1-150300.3.3.1 libc++abi-devel-11.0.1-150300.3.3.1 libc++abi1-11.0.1-150300.3.3.1 libc++abi1-debuginfo-11.0.1-150300.3.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): libLLVM11-11.0.1-150300.3.3.1 libLLVM11-debuginfo-11.0.1-150300.3.3.1 llvm11-debuginfo-11.0.1-150300.3.3.1 llvm11-debugsource-11.0.1-150300.3.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (x86_64): libLLVM11-32bit-11.0.1-150300.3.3.1 libLLVM11-32bit-debuginfo-11.0.1-150300.3.3.1 libc++-devel-11.0.1-150300.3.3.1 libc++1-11.0.1-150300.3.3.1 libc++1-debuginfo-11.0.1-150300.3.3.1 libc++abi-devel-11.0.1-150300.3.3.1 libc++abi1-11.0.1-150300.3.3.1 libc++abi1-debuginfo-11.0.1-150300.3.3.1 References: https://bugzilla.suse.com/1189602 From sle-updates at lists.suse.com Sat Nov 26 08:30:17 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 26 Nov 2022 09:30:17 +0100 (CET) Subject: SUSE-CU-2022:3155-1: Recommended update of suse/sles12sp4 Message-ID: <20221126083017.255C4F3E2@maintenance.suse.de> SUSE Container Update Advisory: suse/sles12sp4 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3155-1 Container Tags : suse/sles12sp4:26.533 , suse/sles12sp4:latest Container Release : 26.533 Severity : low Type : recommended References : 1203320 ----------------------------------------------------------------- The container suse/sles12sp4 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4237-1 Released: Fri Nov 25 18:20:52 2022 Summary: Recommended update for openldap2 Type: recommended Severity: low References: 1203320 This update for openldap2 fixes the following issues: - Resolve broken symlinks in documentation (bsc#1203320) The following package changes have been done: - base-container-licenses-3.0-1.328 updated - container-suseconnect-2.0.0-1.212 updated - libldap-2_4-2-2.4.41-22.16.1 updated From sle-updates at lists.suse.com Sat Nov 26 08:37:40 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 26 Nov 2022 09:37:40 +0100 (CET) Subject: SUSE-CU-2022:3156-1: Recommended update of suse/sles12sp5 Message-ID: <20221126083740.105C7F3E2@maintenance.suse.de> SUSE Container Update Advisory: suse/sles12sp5 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3156-1 Container Tags : suse/sles12sp5:6.5.404 , suse/sles12sp5:latest Container Release : 6.5.404 Severity : low Type : recommended References : 1203320 ----------------------------------------------------------------- The container suse/sles12sp5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4237-1 Released: Fri Nov 25 18:20:52 2022 Summary: Recommended update for openldap2 Type: recommended Severity: low References: 1203320 This update for openldap2 fixes the following issues: - Resolve broken symlinks in documentation (bsc#1203320) The following package changes have been done: - libldap-2_4-2-2.4.41-22.16.1 updated From sle-updates at lists.suse.com Sat Nov 26 08:50:47 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 26 Nov 2022 09:50:47 +0100 (CET) Subject: SUSE-CU-2022:3161-1: Recommended update of bci/dotnet-sdk Message-ID: <20221126085047.5A0F3F3E2@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-sdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3161-1 Container Tags : bci/dotnet-sdk:3.1 , bci/dotnet-sdk:3.1-47.38 , bci/dotnet-sdk:3.1.30 , bci/dotnet-sdk:3.1.30-47.38 Container Release : 47.38 Severity : moderate Type : recommended References : 1190651 ----------------------------------------------------------------- The container bci/dotnet-sdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4212-1 Released: Thu Nov 24 15:53:48 2022 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1190651 This update for openssl-1_1 fixes the following issues: - FIPS: Mark PBKDF2 with key shorter than 112 bits as non-approved (bsc#1190651) - FIPS: Consider RSA siggen/sigver with PKCS1 padding also approved (bsc#1190651) - FIPS: Return the correct indicator for a given EC group order bits (bsc#1190651) The following package changes have been done: - libopenssl1_1-1.1.1l-150400.7.16.1 updated - libopenssl1_1-hmac-1.1.1l-150400.7.16.1 updated - container:sles15-image-15.0.0-27.14.20 updated From sle-updates at lists.suse.com Sat Nov 26 08:52:38 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 26 Nov 2022 09:52:38 +0100 (CET) Subject: SUSE-CU-2022:3163-1: Recommended update of bci/dotnet-sdk Message-ID: <20221126085238.10A1BF3E2@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-sdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3163-1 Container Tags : bci/dotnet-sdk:5.0 , bci/dotnet-sdk:5.0-35.54 , bci/dotnet-sdk:5.0.17 , bci/dotnet-sdk:5.0.17-35.54 Container Release : 35.54 Severity : moderate Type : recommended References : 1190651 ----------------------------------------------------------------- The container bci/dotnet-sdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4212-1 Released: Thu Nov 24 15:53:48 2022 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1190651 This update for openssl-1_1 fixes the following issues: - FIPS: Mark PBKDF2 with key shorter than 112 bits as non-approved (bsc#1190651) - FIPS: Consider RSA siggen/sigver with PKCS1 padding also approved (bsc#1190651) - FIPS: Return the correct indicator for a given EC group order bits (bsc#1190651) The following package changes have been done: - libopenssl1_1-1.1.1l-150400.7.16.1 updated - libopenssl1_1-hmac-1.1.1l-150400.7.16.1 updated - container:sles15-image-15.0.0-27.14.20 updated From sle-updates at lists.suse.com Sat Nov 26 08:59:16 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 26 Nov 2022 09:59:16 +0100 (CET) Subject: SUSE-CU-2022:3167-1: Recommended update of bci/golang Message-ID: <20221126085916.D9B87F3E2@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3167-1 Container Tags : bci/golang:1.16 , bci/golang:1.16-30.98 Container Release : 30.98 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4236-1 Released: Fri Nov 25 18:20:32 2022 Summary: Recommended update for linux-glibc-devel Type: recommended Severity: moderate References: This update for linux-glibc-devel fixes the following issues: - Add the rest of 1.0 IAA operation definitions to the user header (jsc#PED-813). The following package changes have been done: - linux-glibc-devel-5.14-150400.6.3.1 updated From sle-updates at lists.suse.com Sat Nov 26 09:02:16 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 26 Nov 2022 10:02:16 +0100 (CET) Subject: SUSE-CU-2022:3168-1: Recommended update of bci/golang Message-ID: <20221126090216.DF592F3E2@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3168-1 Container Tags : bci/golang:1.17 , bci/golang:1.17-29.98 Container Release : 29.98 Severity : moderate Type : recommended References : 1190651 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4212-1 Released: Thu Nov 24 15:53:48 2022 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1190651 This update for openssl-1_1 fixes the following issues: - FIPS: Mark PBKDF2 with key shorter than 112 bits as non-approved (bsc#1190651) - FIPS: Consider RSA siggen/sigver with PKCS1 padding also approved (bsc#1190651) - FIPS: Return the correct indicator for a given EC group order bits (bsc#1190651) The following package changes have been done: - libopenssl1_1-1.1.1l-150400.7.16.1 updated - libopenssl1_1-hmac-1.1.1l-150400.7.16.1 updated - container:sles15-image-15.0.0-27.14.20 updated From sle-updates at lists.suse.com Sat Nov 26 09:04:25 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 26 Nov 2022 10:04:25 +0100 (CET) Subject: SUSE-CU-2022:3169-1: Recommended update of bci/golang Message-ID: <20221126090425.92CD1F3E2@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3169-1 Container Tags : bci/golang:1.18 , bci/golang:1.18-18.44 Container Release : 18.44 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4236-1 Released: Fri Nov 25 18:20:32 2022 Summary: Recommended update for linux-glibc-devel Type: recommended Severity: moderate References: This update for linux-glibc-devel fixes the following issues: - Add the rest of 1.0 IAA operation definitions to the user header (jsc#PED-813). The following package changes have been done: - linux-glibc-devel-5.14-150400.6.3.1 updated From sle-updates at lists.suse.com Sat Nov 26 09:05:28 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 26 Nov 2022 10:05:28 +0100 (CET) Subject: SUSE-CU-2022:3154-1: Recommended update of bci/nodejs Message-ID: <20221126090528.DD33DF3E2@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3154-1 Container Tags : bci/node:16 , bci/node:16-11.38 , bci/node:latest , bci/nodejs:16 , bci/nodejs:16-11.38 , bci/nodejs:latest Container Release : 11.38 Severity : moderate Type : recommended References : 1202750 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4198-1 Released: Wed Nov 23 13:15:04 2022 Summary: Recommended update for rpm Type: recommended Severity: moderate References: 1202750 This update for rpm fixes the following issues: - Strip critical bit in signature subpackage parsing - No longer deadlock DNF after pubkey import (bsc#1202750) The following package changes have been done: - rpm-ndb-4.14.3-150300.52.1 updated - container:sles15-image-15.0.0-27.14.19 updated From sle-updates at lists.suse.com Sat Nov 26 09:05:31 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 26 Nov 2022 10:05:31 +0100 (CET) Subject: SUSE-CU-2022:3170-1: Recommended update of bci/nodejs Message-ID: <20221126090531.C9BBBF3E2@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3170-1 Container Tags : bci/node:16 , bci/node:16-11.39 , bci/node:latest , bci/nodejs:16 , bci/nodejs:16-11.39 , bci/nodejs:latest Container Release : 11.39 Severity : moderate Type : recommended References : 1190651 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4212-1 Released: Thu Nov 24 15:53:48 2022 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1190651 This update for openssl-1_1 fixes the following issues: - FIPS: Mark PBKDF2 with key shorter than 112 bits as non-approved (bsc#1190651) - FIPS: Consider RSA siggen/sigver with PKCS1 padding also approved (bsc#1190651) - FIPS: Return the correct indicator for a given EC group order bits (bsc#1190651) The following package changes have been done: - libopenssl1_1-1.1.1l-150400.7.16.1 updated - libopenssl1_1-hmac-1.1.1l-150400.7.16.1 updated - container:sles15-image-15.0.0-27.14.20 updated From sle-updates at lists.suse.com Sat Nov 26 09:08:26 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 26 Nov 2022 10:08:26 +0100 (CET) Subject: SUSE-CU-2022:3171-1: Recommended update of bci/openjdk-devel Message-ID: <20221126090826.62B41F3E2@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3171-1 Container Tags : bci/openjdk-devel:11 , bci/openjdk-devel:11-36.84 , bci/openjdk-devel:latest Container Release : 36.84 Severity : moderate Type : recommended References : 1202750 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4198-1 Released: Wed Nov 23 13:15:04 2022 Summary: Recommended update for rpm Type: recommended Severity: moderate References: 1202750 This update for rpm fixes the following issues: - Strip critical bit in signature subpackage parsing - No longer deadlock DNF after pubkey import (bsc#1202750) The following package changes have been done: - rpm-ndb-4.14.3-150300.52.1 updated - container:bci-openjdk-11-15.4-32.40 updated From sle-updates at lists.suse.com Sat Nov 26 09:08:30 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 26 Nov 2022 10:08:30 +0100 (CET) Subject: SUSE-CU-2022:3172-1: Recommended update of bci/openjdk-devel Message-ID: <20221126090830.D9C10F3E2@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3172-1 Container Tags : bci/openjdk-devel:11 , bci/openjdk-devel:11-36.86 , bci/openjdk-devel:latest Container Release : 36.86 Severity : moderate Type : recommended References : 1190651 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4212-1 Released: Thu Nov 24 15:53:48 2022 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1190651 This update for openssl-1_1 fixes the following issues: - FIPS: Mark PBKDF2 with key shorter than 112 bits as non-approved (bsc#1190651) - FIPS: Consider RSA siggen/sigver with PKCS1 padding also approved (bsc#1190651) - FIPS: Return the correct indicator for a given EC group order bits (bsc#1190651) The following package changes have been done: - libopenssl1_1-1.1.1l-150400.7.16.1 updated - libopenssl1_1-hmac-1.1.1l-150400.7.16.1 updated - openssl-1_1-1.1.1l-150400.7.16.1 updated - container:bci-openjdk-11-15.4-32.41 updated From sle-updates at lists.suse.com Sat Nov 26 09:08:35 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 26 Nov 2022 10:08:35 +0100 (CET) Subject: SUSE-CU-2022:3173-1: Recommended update of bci/openjdk-devel Message-ID: <20221126090835.2F64FF3E2@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3173-1 Container Tags : bci/openjdk-devel:11 , bci/openjdk-devel:11-36.88 , bci/openjdk-devel:latest Container Release : 36.88 Severity : low Type : recommended References : ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4233-1 Released: Fri Nov 25 18:19:33 2022 Summary: Recommended update for publicsuffix Type: recommended Severity: low References: This update for publicsuffix fixes the following issues: - Update to version 20220903 The following package changes have been done: - publicsuffix-20220903-150000.3.12.1 updated - container:bci-openjdk-11-15.4-32.42 updated From sle-updates at lists.suse.com Sat Nov 26 09:11:01 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 26 Nov 2022 10:11:01 +0100 (CET) Subject: SUSE-CU-2022:3174-1: Recommended update of bci/openjdk Message-ID: <20221126091101.B32D3F3E2@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3174-1 Container Tags : bci/openjdk:11 , bci/openjdk:11-32.40 , bci/openjdk:latest Container Release : 32.40 Severity : moderate Type : recommended References : 1202750 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4198-1 Released: Wed Nov 23 13:15:04 2022 Summary: Recommended update for rpm Type: recommended Severity: moderate References: 1202750 This update for rpm fixes the following issues: - Strip critical bit in signature subpackage parsing - No longer deadlock DNF after pubkey import (bsc#1202750) The following package changes have been done: - rpm-ndb-4.14.3-150300.52.1 updated - container:sles15-image-15.0.0-27.14.19 updated From sle-updates at lists.suse.com Sat Nov 26 09:11:06 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 26 Nov 2022 10:11:06 +0100 (CET) Subject: SUSE-CU-2022:3175-1: Recommended update of bci/openjdk Message-ID: <20221126091106.07C9DF3E2@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3175-1 Container Tags : bci/openjdk:11 , bci/openjdk:11-32.41 , bci/openjdk:latest Container Release : 32.41 Severity : moderate Type : recommended References : 1190651 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4212-1 Released: Thu Nov 24 15:53:48 2022 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1190651 This update for openssl-1_1 fixes the following issues: - FIPS: Mark PBKDF2 with key shorter than 112 bits as non-approved (bsc#1190651) - FIPS: Consider RSA siggen/sigver with PKCS1 padding also approved (bsc#1190651) - FIPS: Return the correct indicator for a given EC group order bits (bsc#1190651) The following package changes have been done: - libopenssl1_1-1.1.1l-150400.7.16.1 updated - libopenssl1_1-hmac-1.1.1l-150400.7.16.1 updated - openssl-1_1-1.1.1l-150400.7.16.1 updated - container:sles15-image-15.0.0-27.14.20 updated From sle-updates at lists.suse.com Sat Nov 26 09:13:26 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 26 Nov 2022 10:13:26 +0100 (CET) Subject: SUSE-CU-2022:3176-1: Recommended update of suse/pcp Message-ID: <20221126091326.25F54F3E2@maintenance.suse.de> SUSE Container Update Advisory: suse/pcp ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3176-1 Container Tags : suse/pcp:5 , suse/pcp:5.2 , suse/pcp:5.2.2 , suse/pcp:5.2.2-11.84 , suse/pcp:latest Container Release : 11.84 Severity : moderate Type : recommended References : 1202750 ----------------------------------------------------------------- The container suse/pcp was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4198-1 Released: Wed Nov 23 13:15:04 2022 Summary: Recommended update for rpm Type: recommended Severity: moderate References: 1202750 This update for rpm fixes the following issues: - Strip critical bit in signature subpackage parsing - No longer deadlock DNF after pubkey import (bsc#1202750) The following package changes have been done: - rpm-ndb-4.14.3-150300.52.1 updated - container:bci-bci-init-15.4-15.4-24.41 updated From sle-updates at lists.suse.com Sat Nov 26 09:13:29 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 26 Nov 2022 10:13:29 +0100 (CET) Subject: SUSE-CU-2022:3177-1: Recommended update of suse/pcp Message-ID: <20221126091329.27144F3E2@maintenance.suse.de> SUSE Container Update Advisory: suse/pcp ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3177-1 Container Tags : suse/pcp:5 , suse/pcp:5.2 , suse/pcp:5.2.2 , suse/pcp:5.2.2-11.86 , suse/pcp:latest Container Release : 11.86 Severity : moderate Type : recommended References : 1190651 ----------------------------------------------------------------- The container suse/pcp was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4212-1 Released: Thu Nov 24 15:53:48 2022 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1190651 This update for openssl-1_1 fixes the following issues: - FIPS: Mark PBKDF2 with key shorter than 112 bits as non-approved (bsc#1190651) - FIPS: Consider RSA siggen/sigver with PKCS1 padding also approved (bsc#1190651) - FIPS: Return the correct indicator for a given EC group order bits (bsc#1190651) The following package changes have been done: - libopenssl1_1-1.1.1l-150400.7.16.1 updated - libopenssl1_1-hmac-1.1.1l-150400.7.16.1 updated - container:bci-bci-init-15.4-15.4-24.42 updated From sle-updates at lists.suse.com Sat Nov 26 09:14:50 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 26 Nov 2022 10:14:50 +0100 (CET) Subject: SUSE-CU-2022:3179-1: Recommended update of bci/python Message-ID: <20221126091450.E0584F3E2@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3179-1 Container Tags : bci/python:3 , bci/python:3.10 , bci/python:3.10-8.2 , bci/python:latest Container Release : 8.2 Severity : moderate Type : recommended References : 1202750 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4198-1 Released: Wed Nov 23 13:15:04 2022 Summary: Recommended update for rpm Type: recommended Severity: moderate References: 1202750 This update for rpm fixes the following issues: - Strip critical bit in signature subpackage parsing - No longer deadlock DNF after pubkey import (bsc#1202750) The following package changes have been done: - rpm-ndb-4.14.3-150300.52.1 updated - pkg-config-0.29.2-1.436 added - python310-devel-3.10.8-150400.4.15.1 added - container:sles15-image-15.0.0-27.14.19 updated - libsqlite3-0-3.39.3-150000.3.17.1 removed - python310-3.10.8-150400.4.15.1 removed From sle-updates at lists.suse.com Sat Nov 26 09:14:53 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 26 Nov 2022 10:14:53 +0100 (CET) Subject: SUSE-CU-2022:3180-1: Recommended update of bci/python Message-ID: <20221126091453.CF328F3E2@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3180-1 Container Tags : bci/python:3 , bci/python:3.10 , bci/python:3.10-8.3 , bci/python:latest Container Release : 8.3 Severity : moderate Type : recommended References : 1190651 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4212-1 Released: Thu Nov 24 15:53:48 2022 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1190651 This update for openssl-1_1 fixes the following issues: - FIPS: Mark PBKDF2 with key shorter than 112 bits as non-approved (bsc#1190651) - FIPS: Consider RSA siggen/sigver with PKCS1 padding also approved (bsc#1190651) - FIPS: Return the correct indicator for a given EC group order bits (bsc#1190651) The following package changes have been done: - libopenssl1_1-1.1.1l-150400.7.16.1 updated - libopenssl1_1-hmac-1.1.1l-150400.7.16.1 updated - openssl-1_1-1.1.1l-150400.7.16.1 updated - container:sles15-image-15.0.0-27.14.20 updated From sle-updates at lists.suse.com Sat Nov 26 09:16:26 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 26 Nov 2022 10:16:26 +0100 (CET) Subject: SUSE-CU-2022:3181-1: Recommended update of bci/python Message-ID: <20221126091626.72745F3E2@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3181-1 Container Tags : bci/python:3 , bci/python:3.6 , bci/python:3.6-31.2 Container Release : 31.2 Severity : moderate Type : recommended References : 1202750 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4198-1 Released: Wed Nov 23 13:15:04 2022 Summary: Recommended update for rpm Type: recommended Severity: moderate References: 1202750 This update for rpm fixes the following issues: - Strip critical bit in signature subpackage parsing - No longer deadlock DNF after pubkey import (bsc#1202750) The following package changes have been done: - rpm-ndb-4.14.3-150300.52.1 updated - pkg-config-0.29.2-1.436 added - python3-devel-3.6.15-150300.10.30.1 added - container:sles15-image-15.0.0-27.14.19 updated - libsqlite3-0-3.39.3-150000.3.17.1 removed - python3-3.6.15-150300.10.30.1 removed From sle-updates at lists.suse.com Sat Nov 26 09:16:29 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 26 Nov 2022 10:16:29 +0100 (CET) Subject: SUSE-CU-2022:3182-1: Recommended update of bci/python Message-ID: <20221126091629.465BEF3E2@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3182-1 Container Tags : bci/python:3 , bci/python:3.6 , bci/python:3.6-31.3 Container Release : 31.3 Severity : moderate Type : recommended References : 1190651 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4212-1 Released: Thu Nov 24 15:53:48 2022 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1190651 This update for openssl-1_1 fixes the following issues: - FIPS: Mark PBKDF2 with key shorter than 112 bits as non-approved (bsc#1190651) - FIPS: Consider RSA siggen/sigver with PKCS1 padding also approved (bsc#1190651) - FIPS: Return the correct indicator for a given EC group order bits (bsc#1190651) The following package changes have been done: - libopenssl1_1-1.1.1l-150400.7.16.1 updated - libopenssl1_1-hmac-1.1.1l-150400.7.16.1 updated - openssl-1_1-1.1.1l-150400.7.16.1 updated - container:sles15-image-15.0.0-27.14.20 updated From sle-updates at lists.suse.com Sat Nov 26 09:19:11 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 26 Nov 2022 10:19:11 +0100 (CET) Subject: SUSE-CU-2022:3183-1: Recommended update of bci/ruby Message-ID: <20221126091911.754F4F3E2@maintenance.suse.de> SUSE Container Update Advisory: bci/ruby ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3183-1 Container Tags : bci/ruby:2 , bci/ruby:2.5 , bci/ruby:2.5-31.34 , bci/ruby:latest Container Release : 31.34 Severity : moderate Type : recommended References : 1202750 ----------------------------------------------------------------- The container bci/ruby was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4198-1 Released: Wed Nov 23 13:15:04 2022 Summary: Recommended update for rpm Type: recommended Severity: moderate References: 1202750 This update for rpm fixes the following issues: - Strip critical bit in signature subpackage parsing - No longer deadlock DNF after pubkey import (bsc#1202750) The following package changes have been done: - rpm-ndb-4.14.3-150300.52.1 updated - container:sles15-image-15.0.0-27.14.19 updated From sle-updates at lists.suse.com Sun Nov 27 08:23:23 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 27 Nov 2022 09:23:23 +0100 (CET) Subject: SUSE-CU-2022:3183-1: Recommended update of bci/ruby Message-ID: <20221127082323.D48CCF3E2@maintenance.suse.de> SUSE Container Update Advisory: bci/ruby ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3183-1 Container Tags : bci/ruby:2 , bci/ruby:2.5 , bci/ruby:2.5-31.34 , bci/ruby:latest Container Release : 31.34 Severity : moderate Type : recommended References : 1202750 ----------------------------------------------------------------- The container bci/ruby was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4198-1 Released: Wed Nov 23 13:15:04 2022 Summary: Recommended update for rpm Type: recommended Severity: moderate References: 1202750 This update for rpm fixes the following issues: - Strip critical bit in signature subpackage parsing - No longer deadlock DNF after pubkey import (bsc#1202750) The following package changes have been done: - rpm-ndb-4.14.3-150300.52.1 updated - container:sles15-image-15.0.0-27.14.19 updated From sle-updates at lists.suse.com Sun Nov 27 08:23:30 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 27 Nov 2022 09:23:30 +0100 (CET) Subject: SUSE-CU-2022:3184-1: Recommended update of bci/ruby Message-ID: <20221127082330.2F9FFF3E2@maintenance.suse.de> SUSE Container Update Advisory: bci/ruby ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3184-1 Container Tags : bci/ruby:2 , bci/ruby:2.5 , bci/ruby:2.5-31.35 , bci/ruby:latest Container Release : 31.35 Severity : moderate Type : recommended References : 1190651 ----------------------------------------------------------------- The container bci/ruby was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4212-1 Released: Thu Nov 24 15:53:48 2022 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1190651 This update for openssl-1_1 fixes the following issues: - FIPS: Mark PBKDF2 with key shorter than 112 bits as non-approved (bsc#1190651) - FIPS: Consider RSA siggen/sigver with PKCS1 padding also approved (bsc#1190651) - FIPS: Return the correct indicator for a given EC group order bits (bsc#1190651) The following package changes have been done: - libopenssl1_1-1.1.1l-150400.7.16.1 updated - libopenssl1_1-hmac-1.1.1l-150400.7.16.1 updated - container:sles15-image-15.0.0-27.14.20 updated From sle-updates at lists.suse.com Sun Nov 27 08:23:36 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 27 Nov 2022 09:23:36 +0100 (CET) Subject: SUSE-CU-2022:3185-1: Recommended update of bci/ruby Message-ID: <20221127082336.C9B73F3E2@maintenance.suse.de> SUSE Container Update Advisory: bci/ruby ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3185-1 Container Tags : bci/ruby:2 , bci/ruby:2.5 , bci/ruby:2.5-31.36 , bci/ruby:latest Container Release : 31.36 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container bci/ruby was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4236-1 Released: Fri Nov 25 18:20:32 2022 Summary: Recommended update for linux-glibc-devel Type: recommended Severity: moderate References: This update for linux-glibc-devel fixes the following issues: - Add the rest of 1.0 IAA operation definitions to the user header (jsc#PED-813). The following package changes have been done: - linux-glibc-devel-5.14-150400.6.3.1 updated From sle-updates at lists.suse.com Sun Nov 27 08:25:38 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 27 Nov 2022 09:25:38 +0100 (CET) Subject: SUSE-CU-2022:3186-1: Security update of bci/rust Message-ID: <20221127082538.A411AF3E2@maintenance.suse.de> SUSE Container Update Advisory: bci/rust ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3186-1 Container Tags : bci/rust:1.59 , bci/rust:1.59-9.101 Container Release : 9.101 Severity : important Type : security References : 1142579 1185597 1185712 1188374 1191473 1193929 1194783 1197592 1198165 1198237 1202750 1202816 1202966 1202967 1202969 1205126 CVE-2019-1010204 CVE-2021-3530 CVE-2021-3648 CVE-2021-3826 CVE-2021-45078 CVE-2021-46195 CVE-2022-27943 CVE-2022-38126 CVE-2022-38127 CVE-2022-38533 CVE-2022-42898 ----------------------------------------------------------------- The container bci/rust was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4135-1 Released: Mon Nov 21 00:13:40 2022 Summary: Recommended update for libeconf Type: recommended Severity: moderate References: 1198165 This update for libeconf fixes the following issues: - Update to version 0.4.6+git - econftool: Parsing error: Reporting file and line nr. --delimeters=spaces accepting all kind of spaces for delimiter. - libeconf: Parse files correctly on space characters (1198165) - Update to version 0.4.5+git - econftool: New call 'syntax' for checking the configuration files only. Returns an error string with line number if error. New options '--comment' and '--delimeters' ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4146-1 Released: Mon Nov 21 09:56:12 2022 Summary: Security update for binutils Type: security Severity: moderate References: 1142579,1185597,1185712,1188374,1191473,1193929,1194783,1197592,1198237,1202816,1202966,1202967,1202969,CVE-2019-1010204,CVE-2021-3530,CVE-2021-3648,CVE-2021-3826,CVE-2021-45078,CVE-2021-46195,CVE-2022-27943,CVE-2022-38126,CVE-2022-38127,CVE-2022-38533 This update for binutils fixes the following issues: The following security bugs were fixed: - CVE-2019-1010204: Fixed out-of-bounds read in elfcpp/elfcpp_file.h (bsc#1142579). - CVE-2021-3530: Fixed stack-based buffer overflow in demangle_path() in rust-demangle.c (bsc#1185597). - CVE-2021-3648: Fixed infinite loop while demangling rust symbols (bsc#1188374). - CVE-2021-3826: Fixed heap/stack buffer overflow in the dlang_lname function in d-demangle.c (bsc#1202969). - CVE-2021-45078: Fixed out-of-bounds write in stab_xcoff_builtin_type() in stabs.c (bsc#1193929). - CVE-2021-46195: Fixed uncontrolled recursion in libiberty/rust-demangle.c (bsc#1194783). - CVE-2022-27943: Fixed stack exhaustion in demangle_const in (bsc#1197592). - CVE-2022-38126: Fixed assertion fail in the display_debug_names() function in binutils/dwarf.c (bsc#1202966). - CVE-2022-38127: Fixed NULL pointer dereference in the read_and_display_attr_value() function in binutils/dwarf.c (bsc#1202967). - CVE-2022-38533: Fixed heap out-of-bounds read in bfd_getl32 (bsc#1202816). The following non-security bugs were fixed: - SLE toolchain update of binutils, update to 2.39 from 2.37. - Update to 2.39: * The ELF linker will now generate a warning message if the stack is made executable. Similarly it will warn if the output binary contains a segment with all three of the read, write and execute permission bits set. These warnings are intended to help developers identify programs which might be vulnerable to attack via these executable memory regions. The warnings are enabled by default but can be disabled via a command line option. It is also possible to build a linker with the warnings disabled, should that be necessary. * The ELF linker now supports a --package-metadata option that allows embedding a JSON payload in accordance to the Package Metadata specification. * In linker scripts it is now possible to use TYPE= in an output section description to set the section type value. * The objdump program now supports coloured/colored syntax highlighting of its disassembler output for some architectures. (Currently: AVR, RiscV, s390, x86, x86_64). * The nm program now supports a --no-weak/-W option to make it ignore weak symbols. * The readelf and objdump programs now support a -wE option to prevent them from attempting to access debuginfod servers when following links. * The objcopy program's --weaken, --weaken-symbol, and --weaken-symbols options now works with unique symbols as well. - Update to 2.38: * elfedit: Add --output-abiversion option to update ABIVERSION. * Add support for the LoongArch instruction set. * Tools which display symbols or strings (readelf, strings, nm, objdump) have a new command line option which controls how unicode characters are handled. By default they are treated as normal for the tool. Using --unicode=locale will display them according to the current locale. Using --unicode=hex will display them as hex byte values, whilst --unicode=escape will display them as escape sequences. In addition using --unicode=highlight will display them as unicode escape sequences highlighted in red (if supported by the output device). * readelf -r dumps RELR relative relocations now. * Support for efi-app-aarch64, efi-rtdrv-aarch64 and efi-bsdrv-aarch64 has been added to objcopy in order to enable UEFI development using binutils. * ar: Add --thin for creating thin archives. -T is a deprecated alias without diagnostics. In many ar implementations -T has a different meaning, as specified by X/Open System Interface. * Add support for AArch64 system registers that were missing in previous releases. * Add support for the LoongArch instruction set. * Add a command-line option, -muse-unaligned-vector-move, for x86 target to encode aligned vector move as unaligned vector move. * Add support for Cortex-R52+ for Arm. * Add support for Cortex-A510, Cortex-A710, Cortex-X2 for AArch64. * Add support for Cortex-A710 for Arm. * Add support for Scalable Matrix Extension (SME) for AArch64. * The --multibyte-handling=[allow|warn|warn-sym-only] option tells the assembler what to when it encoutners multibyte characters in the input. The default is to allow them. Setting the option to 'warn' will generate a warning message whenever any multibyte character is encountered. Using the option to 'warn-sym-only' will make the assembler generate a warning whenever a symbol is defined containing multibyte characters. (References to undefined symbols will not generate warnings). * Outputs of .ds.x directive and .tfloat directive with hex input from x86 assembler have been reduced from 12 bytes to 10 bytes to match the output of .tfloat directive. * Add support for 'armv8.8-a', 'armv9-a', 'armv9.1-a', 'armv9.2-a' and 'armv9.3-a' for -march in AArch64 GAS. * Add support for 'armv8.7-a', 'armv8.8-a', 'armv9-a', 'armv9.1-a', 'armv9.2-a' and 'armv9.3-a' for -march in Arm GAS. * Add support for Intel AVX512_FP16 instructions. * Add -z pack-relative-relocs/-z no pack-relative-relocs to x86 ELF linker to pack relative relocations in the DT_RELR section. * Add support for the LoongArch architecture. * Add -z indirect-extern-access/-z noindirect-extern-access to x86 ELF linker to control canonical function pointers and copy relocation. * Add --max-cache-size=SIZE to set the the maximum cache size to SIZE bytes. - Explicitly enable --enable-warn-execstack=yes and --enable-warn-rwx-segments=yes. - Add gprofng subpackage. - Include recognition of 'z16' name for 'arch14' on s390. (bsc#1198237). - Add back fix for bsc#1191473, which got lost in the update to 2.38. - Install symlinks for all target specific tools on arm-eabi-none (bsc#1185712). - Enable PRU architecture for AM335x CPU (Beagle Bone Black board) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4153-1 Released: Mon Nov 21 14:34:09 2022 Summary: Security update for krb5 Type: security Severity: important References: 1205126,CVE-2022-42898 This update for krb5 fixes the following issues: - CVE-2022-42898: Fixed integer overflow in PAC parsing (bsc#1205126). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4198-1 Released: Wed Nov 23 13:15:04 2022 Summary: Recommended update for rpm Type: recommended Severity: moderate References: 1202750 This update for rpm fixes the following issues: - Strip critical bit in signature subpackage parsing - No longer deadlock DNF after pubkey import (bsc#1202750) The following package changes have been done: - libeconf0-0.4.6+git20220427.3016f4e-150400.3.3.1 updated - krb5-1.19.2-150400.3.3.1 updated - rpm-ndb-4.14.3-150300.52.1 updated - libctf-nobfd0-2.39-150100.7.40.1 updated - libctf0-2.39-150100.7.40.1 updated - binutils-2.39-150100.7.40.1 updated - container:sles15-image-15.0.0-27.14.19 updated From sle-updates at lists.suse.com Sun Nov 27 08:25:43 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 27 Nov 2022 09:25:43 +0100 (CET) Subject: SUSE-CU-2022:3187-1: Recommended update of bci/rust Message-ID: <20221127082543.8EAAAF3E2@maintenance.suse.de> SUSE Container Update Advisory: bci/rust ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3187-1 Container Tags : bci/rust:1.59 , bci/rust:1.59-9.102 Container Release : 9.102 Severity : moderate Type : recommended References : 1190651 ----------------------------------------------------------------- The container bci/rust was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4212-1 Released: Thu Nov 24 15:53:48 2022 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1190651 This update for openssl-1_1 fixes the following issues: - FIPS: Mark PBKDF2 with key shorter than 112 bits as non-approved (bsc#1190651) - FIPS: Consider RSA siggen/sigver with PKCS1 padding also approved (bsc#1190651) - FIPS: Return the correct indicator for a given EC group order bits (bsc#1190651) The following package changes have been done: - libopenssl1_1-1.1.1l-150400.7.16.1 updated - libopenssl1_1-hmac-1.1.1l-150400.7.16.1 updated - container:sles15-image-15.0.0-27.14.20 updated From sle-updates at lists.suse.com Sun Nov 27 08:25:48 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 27 Nov 2022 09:25:48 +0100 (CET) Subject: SUSE-CU-2022:3188-1: Recommended update of bci/rust Message-ID: <20221127082548.968F7F3E2@maintenance.suse.de> SUSE Container Update Advisory: bci/rust ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3188-1 Container Tags : bci/rust:1.59 , bci/rust:1.59-9.103 Container Release : 9.103 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container bci/rust was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4236-1 Released: Fri Nov 25 18:20:32 2022 Summary: Recommended update for linux-glibc-devel Type: recommended Severity: moderate References: This update for linux-glibc-devel fixes the following issues: - Add the rest of 1.0 IAA operation definitions to the user header (jsc#PED-813). The following package changes have been done: - linux-glibc-devel-5.14-150400.6.3.1 updated From sle-updates at lists.suse.com Sun Nov 27 08:27:47 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 27 Nov 2022 09:27:47 +0100 (CET) Subject: SUSE-CU-2022:3189-1: Recommended update of bci/rust Message-ID: <20221127082747.40C69F3E2@maintenance.suse.de> SUSE Container Update Advisory: bci/rust ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3189-1 Container Tags : bci/rust:1.60 , bci/rust:1.60-6.41 Container Release : 6.41 Severity : moderate Type : recommended References : 1202750 ----------------------------------------------------------------- The container bci/rust was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4198-1 Released: Wed Nov 23 13:15:04 2022 Summary: Recommended update for rpm Type: recommended Severity: moderate References: 1202750 This update for rpm fixes the following issues: - Strip critical bit in signature subpackage parsing - No longer deadlock DNF after pubkey import (bsc#1202750) The following package changes have been done: - rpm-ndb-4.14.3-150300.52.1 updated - container:sles15-image-15.0.0-27.14.19 updated From sle-updates at lists.suse.com Sun Nov 27 08:27:52 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 27 Nov 2022 09:27:52 +0100 (CET) Subject: SUSE-CU-2022:3190-1: Recommended update of bci/rust Message-ID: <20221127082752.A15D7F3E2@maintenance.suse.de> SUSE Container Update Advisory: bci/rust ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3190-1 Container Tags : bci/rust:1.60 , bci/rust:1.60-6.42 Container Release : 6.42 Severity : moderate Type : recommended References : 1190651 ----------------------------------------------------------------- The container bci/rust was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4212-1 Released: Thu Nov 24 15:53:48 2022 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1190651 This update for openssl-1_1 fixes the following issues: - FIPS: Mark PBKDF2 with key shorter than 112 bits as non-approved (bsc#1190651) - FIPS: Consider RSA siggen/sigver with PKCS1 padding also approved (bsc#1190651) - FIPS: Return the correct indicator for a given EC group order bits (bsc#1190651) The following package changes have been done: - libopenssl1_1-1.1.1l-150400.7.16.1 updated - libopenssl1_1-hmac-1.1.1l-150400.7.16.1 updated - container:sles15-image-15.0.0-27.14.20 updated From sle-updates at lists.suse.com Sun Nov 27 08:29:23 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 27 Nov 2022 09:29:23 +0100 (CET) Subject: SUSE-CU-2022:3191-1: Security update of bci/rust Message-ID: <20221127082923.342BBF3E2@maintenance.suse.de> SUSE Container Update Advisory: bci/rust ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3191-1 Container Tags : bci/rust:1.61 , bci/rust:1.61-9.2 Container Release : 9.2 Severity : important Type : security References : 1142579 1185597 1185712 1188374 1190651 1191473 1193929 1194783 1197592 1198165 1198237 1202750 1202816 1202966 1202967 1202969 1205126 CVE-2019-1010204 CVE-2021-3530 CVE-2021-3648 CVE-2021-3826 CVE-2021-45078 CVE-2021-46195 CVE-2022-27943 CVE-2022-38126 CVE-2022-38127 CVE-2022-38533 CVE-2022-42898 ----------------------------------------------------------------- The container bci/rust was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4135-1 Released: Mon Nov 21 00:13:40 2022 Summary: Recommended update for libeconf Type: recommended Severity: moderate References: 1198165 This update for libeconf fixes the following issues: - Update to version 0.4.6+git - econftool: Parsing error: Reporting file and line nr. --delimeters=spaces accepting all kind of spaces for delimiter. - libeconf: Parse files correctly on space characters (1198165) - Update to version 0.4.5+git - econftool: New call 'syntax' for checking the configuration files only. Returns an error string with line number if error. New options '--comment' and '--delimeters' ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4146-1 Released: Mon Nov 21 09:56:12 2022 Summary: Security update for binutils Type: security Severity: moderate References: 1142579,1185597,1185712,1188374,1191473,1193929,1194783,1197592,1198237,1202816,1202966,1202967,1202969,CVE-2019-1010204,CVE-2021-3530,CVE-2021-3648,CVE-2021-3826,CVE-2021-45078,CVE-2021-46195,CVE-2022-27943,CVE-2022-38126,CVE-2022-38127,CVE-2022-38533 This update for binutils fixes the following issues: The following security bugs were fixed: - CVE-2019-1010204: Fixed out-of-bounds read in elfcpp/elfcpp_file.h (bsc#1142579). - CVE-2021-3530: Fixed stack-based buffer overflow in demangle_path() in rust-demangle.c (bsc#1185597). - CVE-2021-3648: Fixed infinite loop while demangling rust symbols (bsc#1188374). - CVE-2021-3826: Fixed heap/stack buffer overflow in the dlang_lname function in d-demangle.c (bsc#1202969). - CVE-2021-45078: Fixed out-of-bounds write in stab_xcoff_builtin_type() in stabs.c (bsc#1193929). - CVE-2021-46195: Fixed uncontrolled recursion in libiberty/rust-demangle.c (bsc#1194783). - CVE-2022-27943: Fixed stack exhaustion in demangle_const in (bsc#1197592). - CVE-2022-38126: Fixed assertion fail in the display_debug_names() function in binutils/dwarf.c (bsc#1202966). - CVE-2022-38127: Fixed NULL pointer dereference in the read_and_display_attr_value() function in binutils/dwarf.c (bsc#1202967). - CVE-2022-38533: Fixed heap out-of-bounds read in bfd_getl32 (bsc#1202816). The following non-security bugs were fixed: - SLE toolchain update of binutils, update to 2.39 from 2.37. - Update to 2.39: * The ELF linker will now generate a warning message if the stack is made executable. Similarly it will warn if the output binary contains a segment with all three of the read, write and execute permission bits set. These warnings are intended to help developers identify programs which might be vulnerable to attack via these executable memory regions. The warnings are enabled by default but can be disabled via a command line option. It is also possible to build a linker with the warnings disabled, should that be necessary. * The ELF linker now supports a --package-metadata option that allows embedding a JSON payload in accordance to the Package Metadata specification. * In linker scripts it is now possible to use TYPE= in an output section description to set the section type value. * The objdump program now supports coloured/colored syntax highlighting of its disassembler output for some architectures. (Currently: AVR, RiscV, s390, x86, x86_64). * The nm program now supports a --no-weak/-W option to make it ignore weak symbols. * The readelf and objdump programs now support a -wE option to prevent them from attempting to access debuginfod servers when following links. * The objcopy program's --weaken, --weaken-symbol, and --weaken-symbols options now works with unique symbols as well. - Update to 2.38: * elfedit: Add --output-abiversion option to update ABIVERSION. * Add support for the LoongArch instruction set. * Tools which display symbols or strings (readelf, strings, nm, objdump) have a new command line option which controls how unicode characters are handled. By default they are treated as normal for the tool. Using --unicode=locale will display them according to the current locale. Using --unicode=hex will display them as hex byte values, whilst --unicode=escape will display them as escape sequences. In addition using --unicode=highlight will display them as unicode escape sequences highlighted in red (if supported by the output device). * readelf -r dumps RELR relative relocations now. * Support for efi-app-aarch64, efi-rtdrv-aarch64 and efi-bsdrv-aarch64 has been added to objcopy in order to enable UEFI development using binutils. * ar: Add --thin for creating thin archives. -T is a deprecated alias without diagnostics. In many ar implementations -T has a different meaning, as specified by X/Open System Interface. * Add support for AArch64 system registers that were missing in previous releases. * Add support for the LoongArch instruction set. * Add a command-line option, -muse-unaligned-vector-move, for x86 target to encode aligned vector move as unaligned vector move. * Add support for Cortex-R52+ for Arm. * Add support for Cortex-A510, Cortex-A710, Cortex-X2 for AArch64. * Add support for Cortex-A710 for Arm. * Add support for Scalable Matrix Extension (SME) for AArch64. * The --multibyte-handling=[allow|warn|warn-sym-only] option tells the assembler what to when it encoutners multibyte characters in the input. The default is to allow them. Setting the option to 'warn' will generate a warning message whenever any multibyte character is encountered. Using the option to 'warn-sym-only' will make the assembler generate a warning whenever a symbol is defined containing multibyte characters. (References to undefined symbols will not generate warnings). * Outputs of .ds.x directive and .tfloat directive with hex input from x86 assembler have been reduced from 12 bytes to 10 bytes to match the output of .tfloat directive. * Add support for 'armv8.8-a', 'armv9-a', 'armv9.1-a', 'armv9.2-a' and 'armv9.3-a' for -march in AArch64 GAS. * Add support for 'armv8.7-a', 'armv8.8-a', 'armv9-a', 'armv9.1-a', 'armv9.2-a' and 'armv9.3-a' for -march in Arm GAS. * Add support for Intel AVX512_FP16 instructions. * Add -z pack-relative-relocs/-z no pack-relative-relocs to x86 ELF linker to pack relative relocations in the DT_RELR section. * Add support for the LoongArch architecture. * Add -z indirect-extern-access/-z noindirect-extern-access to x86 ELF linker to control canonical function pointers and copy relocation. * Add --max-cache-size=SIZE to set the the maximum cache size to SIZE bytes. - Explicitly enable --enable-warn-execstack=yes and --enable-warn-rwx-segments=yes. - Add gprofng subpackage. - Include recognition of 'z16' name for 'arch14' on s390. (bsc#1198237). - Add back fix for bsc#1191473, which got lost in the update to 2.38. - Install symlinks for all target specific tools on arm-eabi-none (bsc#1185712). - Enable PRU architecture for AM335x CPU (Beagle Bone Black board) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4153-1 Released: Mon Nov 21 14:34:09 2022 Summary: Security update for krb5 Type: security Severity: important References: 1205126,CVE-2022-42898 This update for krb5 fixes the following issues: - CVE-2022-42898: Fixed integer overflow in PAC parsing (bsc#1205126). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4198-1 Released: Wed Nov 23 13:15:04 2022 Summary: Recommended update for rpm Type: recommended Severity: moderate References: 1202750 This update for rpm fixes the following issues: - Strip critical bit in signature subpackage parsing - No longer deadlock DNF after pubkey import (bsc#1202750) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4212-1 Released: Thu Nov 24 15:53:48 2022 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1190651 This update for openssl-1_1 fixes the following issues: - FIPS: Mark PBKDF2 with key shorter than 112 bits as non-approved (bsc#1190651) - FIPS: Consider RSA siggen/sigver with PKCS1 padding also approved (bsc#1190651) - FIPS: Return the correct indicator for a given EC group order bits (bsc#1190651) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4236-1 Released: Fri Nov 25 18:20:32 2022 Summary: Recommended update for linux-glibc-devel Type: recommended Severity: moderate References: This update for linux-glibc-devel fixes the following issues: - Add the rest of 1.0 IAA operation definitions to the user header (jsc#PED-813). The following package changes have been done: - libeconf0-0.4.6+git20220427.3016f4e-150400.3.3.1 updated - libopenssl1_1-1.1.1l-150400.7.16.1 updated - libopenssl1_1-hmac-1.1.1l-150400.7.16.1 updated - krb5-1.19.2-150400.3.3.1 updated - rpm-ndb-4.14.3-150300.52.1 updated - libctf-nobfd0-2.39-150100.7.40.1 updated - linux-glibc-devel-5.14-150400.6.3.1 updated - libctf0-2.39-150100.7.40.1 updated - binutils-2.39-150100.7.40.1 updated - container:sles15-image-15.0.0-27.14.20 updated From sle-updates at lists.suse.com Sun Nov 27 08:30:48 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 27 Nov 2022 09:30:48 +0100 (CET) Subject: SUSE-CU-2022:3192-1: Security update of bci/rust Message-ID: <20221127083048.57447F3E2@maintenance.suse.de> SUSE Container Update Advisory: bci/rust ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3192-1 Container Tags : bci/rust:1.62 , bci/rust:1.62-5.2 Container Release : 5.2 Severity : important Type : security References : 1142579 1177460 1185597 1185712 1188374 1191473 1193929 1194783 1197592 1198165 1198237 1199944 1201959 1202324 1202750 1202816 1202966 1202967 1202969 1203652 1204179 1204211 1204649 1204968 1205126 1205156 CVE-2019-1010204 CVE-2021-3530 CVE-2021-3648 CVE-2021-3826 CVE-2021-45078 CVE-2021-46195 CVE-2022-1664 CVE-2022-27943 CVE-2022-38126 CVE-2022-38127 CVE-2022-3821 CVE-2022-38533 CVE-2022-42898 ----------------------------------------------------------------- The container bci/rust was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3961-1 Released: Mon Nov 14 07:33:50 2022 Summary: Recommended update for zlib Type: recommended Severity: important References: 1203652 This update for zlib fixes the following issues: - Fix updating strm.adler with inflate() if DFLTCC is used (bsc#1203652) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3974-1 Released: Mon Nov 14 15:39:20 2022 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1201959,1204211 This update for util-linux fixes the following issues: - Fix file conflict during upgrade (bsc#1204211) - libuuid improvements (bsc#1201959, PED-1150): libuuid: Fix range when parsing UUIDs. Improve cache handling for short running applications-increment the cache size over runtime. Implement continuous clock handling for time based UUIDs. Check clock value from clock file to provide seamless libuuid. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3999-1 Released: Tue Nov 15 17:08:04 2022 Summary: Security update for systemd Type: security Severity: moderate References: 1204179,1204968,CVE-2022-3821 This update for systemd fixes the following issues: - CVE-2022-3821: Fixed buffer overrun in format_timespan() function (bsc#1204968). - Import commit 0cd50eedcc0692c1f907b24424215f8db7d3b428 * 0469b9f2bc pstore: do not try to load all known pstore modules * ad05f54439 pstore: Run after modules are loaded * ccad817445 core: Add trigger limit for path units * 281d818fe3 core/mount: also add default before dependency for automount mount units * ffe5b4afa8 logind: fix crash in logind on user-specified message string - Document udev naming scheme (bsc#1204179) - Make 'sle15-sp3' net naming scheme still available for backward compatibility reason ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4066-1 Released: Fri Nov 18 10:43:00 2022 Summary: Recommended update for timezone Type: recommended Severity: important References: 1177460,1202324,1204649,1205156 This update for timezone fixes the following issues: Update timezone version from 2022a to 2022f (bsc#1177460, bsc#1204649, bsc#1205156): - Mexico will no longer observe DST except near the US border - Chihuahua moves to year-round -06 on 2022-10-30 - Fiji no longer observes DST - In vanguard form, GMT is now a Zone and Etc/GMT a link - zic now supports links to links, and vanguard form uses this - Simplify four Ontario zones - Fix a Y2438 bug when reading TZif data - Enable 64-bit time_t on 32-bit glibc platforms - Omit large-file support when no longer needed - Jordan and Syria switch from +02/+03 with DST to year-round +03 - Palestine transitions are now Saturdays at 02:00 - Simplify three Ukraine zones into one - Improve tzselect on intercontinental Zones - Chile's DST is delayed by a week in September 2022 (bsc#1202324) - Iran no longer observes DST after 2022 - Rename Europe/Kiev to Europe/Kyiv - New `zic -R` command option - Vanguard form now uses %z ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4081-1 Released: Fri Nov 18 15:40:46 2022 Summary: Security update for dpkg Type: security Severity: low References: 1199944,CVE-2022-1664 This update for dpkg fixes the following issues: - CVE-2022-1664: Fixed a directory traversal vulnerability in Dpkg::Source::Archive (bsc#1199944). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4135-1 Released: Mon Nov 21 00:13:40 2022 Summary: Recommended update for libeconf Type: recommended Severity: moderate References: 1198165 This update for libeconf fixes the following issues: - Update to version 0.4.6+git - econftool: Parsing error: Reporting file and line nr. --delimeters=spaces accepting all kind of spaces for delimiter. - libeconf: Parse files correctly on space characters (1198165) - Update to version 0.4.5+git - econftool: New call 'syntax' for checking the configuration files only. Returns an error string with line number if error. New options '--comment' and '--delimeters' ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4146-1 Released: Mon Nov 21 09:56:12 2022 Summary: Security update for binutils Type: security Severity: moderate References: 1142579,1185597,1185712,1188374,1191473,1193929,1194783,1197592,1198237,1202816,1202966,1202967,1202969,CVE-2019-1010204,CVE-2021-3530,CVE-2021-3648,CVE-2021-3826,CVE-2021-45078,CVE-2021-46195,CVE-2022-27943,CVE-2022-38126,CVE-2022-38127,CVE-2022-38533 This update for binutils fixes the following issues: The following security bugs were fixed: - CVE-2019-1010204: Fixed out-of-bounds read in elfcpp/elfcpp_file.h (bsc#1142579). - CVE-2021-3530: Fixed stack-based buffer overflow in demangle_path() in rust-demangle.c (bsc#1185597). - CVE-2021-3648: Fixed infinite loop while demangling rust symbols (bsc#1188374). - CVE-2021-3826: Fixed heap/stack buffer overflow in the dlang_lname function in d-demangle.c (bsc#1202969). - CVE-2021-45078: Fixed out-of-bounds write in stab_xcoff_builtin_type() in stabs.c (bsc#1193929). - CVE-2021-46195: Fixed uncontrolled recursion in libiberty/rust-demangle.c (bsc#1194783). - CVE-2022-27943: Fixed stack exhaustion in demangle_const in (bsc#1197592). - CVE-2022-38126: Fixed assertion fail in the display_debug_names() function in binutils/dwarf.c (bsc#1202966). - CVE-2022-38127: Fixed NULL pointer dereference in the read_and_display_attr_value() function in binutils/dwarf.c (bsc#1202967). - CVE-2022-38533: Fixed heap out-of-bounds read in bfd_getl32 (bsc#1202816). The following non-security bugs were fixed: - SLE toolchain update of binutils, update to 2.39 from 2.37. - Update to 2.39: * The ELF linker will now generate a warning message if the stack is made executable. Similarly it will warn if the output binary contains a segment with all three of the read, write and execute permission bits set. These warnings are intended to help developers identify programs which might be vulnerable to attack via these executable memory regions. The warnings are enabled by default but can be disabled via a command line option. It is also possible to build a linker with the warnings disabled, should that be necessary. * The ELF linker now supports a --package-metadata option that allows embedding a JSON payload in accordance to the Package Metadata specification. * In linker scripts it is now possible to use TYPE= in an output section description to set the section type value. * The objdump program now supports coloured/colored syntax highlighting of its disassembler output for some architectures. (Currently: AVR, RiscV, s390, x86, x86_64). * The nm program now supports a --no-weak/-W option to make it ignore weak symbols. * The readelf and objdump programs now support a -wE option to prevent them from attempting to access debuginfod servers when following links. * The objcopy program's --weaken, --weaken-symbol, and --weaken-symbols options now works with unique symbols as well. - Update to 2.38: * elfedit: Add --output-abiversion option to update ABIVERSION. * Add support for the LoongArch instruction set. * Tools which display symbols or strings (readelf, strings, nm, objdump) have a new command line option which controls how unicode characters are handled. By default they are treated as normal for the tool. Using --unicode=locale will display them according to the current locale. Using --unicode=hex will display them as hex byte values, whilst --unicode=escape will display them as escape sequences. In addition using --unicode=highlight will display them as unicode escape sequences highlighted in red (if supported by the output device). * readelf -r dumps RELR relative relocations now. * Support for efi-app-aarch64, efi-rtdrv-aarch64 and efi-bsdrv-aarch64 has been added to objcopy in order to enable UEFI development using binutils. * ar: Add --thin for creating thin archives. -T is a deprecated alias without diagnostics. In many ar implementations -T has a different meaning, as specified by X/Open System Interface. * Add support for AArch64 system registers that were missing in previous releases. * Add support for the LoongArch instruction set. * Add a command-line option, -muse-unaligned-vector-move, for x86 target to encode aligned vector move as unaligned vector move. * Add support for Cortex-R52+ for Arm. * Add support for Cortex-A510, Cortex-A710, Cortex-X2 for AArch64. * Add support for Cortex-A710 for Arm. * Add support for Scalable Matrix Extension (SME) for AArch64. * The --multibyte-handling=[allow|warn|warn-sym-only] option tells the assembler what to when it encoutners multibyte characters in the input. The default is to allow them. Setting the option to 'warn' will generate a warning message whenever any multibyte character is encountered. Using the option to 'warn-sym-only' will make the assembler generate a warning whenever a symbol is defined containing multibyte characters. (References to undefined symbols will not generate warnings). * Outputs of .ds.x directive and .tfloat directive with hex input from x86 assembler have been reduced from 12 bytes to 10 bytes to match the output of .tfloat directive. * Add support for 'armv8.8-a', 'armv9-a', 'armv9.1-a', 'armv9.2-a' and 'armv9.3-a' for -march in AArch64 GAS. * Add support for 'armv8.7-a', 'armv8.8-a', 'armv9-a', 'armv9.1-a', 'armv9.2-a' and 'armv9.3-a' for -march in Arm GAS. * Add support for Intel AVX512_FP16 instructions. * Add -z pack-relative-relocs/-z no pack-relative-relocs to x86 ELF linker to pack relative relocations in the DT_RELR section. * Add support for the LoongArch architecture. * Add -z indirect-extern-access/-z noindirect-extern-access to x86 ELF linker to control canonical function pointers and copy relocation. * Add --max-cache-size=SIZE to set the the maximum cache size to SIZE bytes. - Explicitly enable --enable-warn-execstack=yes and --enable-warn-rwx-segments=yes. - Add gprofng subpackage. - Include recognition of 'z16' name for 'arch14' on s390. (bsc#1198237). - Add back fix for bsc#1191473, which got lost in the update to 2.38. - Install symlinks for all target specific tools on arm-eabi-none (bsc#1185712). - Enable PRU architecture for AM335x CPU (Beagle Bone Black board) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4153-1 Released: Mon Nov 21 14:34:09 2022 Summary: Security update for krb5 Type: security Severity: important References: 1205126,CVE-2022-42898 This update for krb5 fixes the following issues: - CVE-2022-42898: Fixed integer overflow in PAC parsing (bsc#1205126). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4198-1 Released: Wed Nov 23 13:15:04 2022 Summary: Recommended update for rpm Type: recommended Severity: moderate References: 1202750 This update for rpm fixes the following issues: - Strip critical bit in signature subpackage parsing - No longer deadlock DNF after pubkey import (bsc#1202750) The following package changes have been done: - libuuid1-2.37.2-150400.8.8.1 updated - libsmartcols1-2.37.2-150400.8.8.1 updated - libeconf0-0.4.6+git20220427.3016f4e-150400.3.3.1 updated - libblkid1-2.37.2-150400.8.8.1 updated - libfdisk1-2.37.2-150400.8.8.1 updated - libz1-1.2.11-150000.3.36.1 updated - libsystemd0-249.12-150400.8.13.1 updated - libmount1-2.37.2-150400.8.8.1 updated - krb5-1.19.2-150400.3.3.1 updated - rpm-ndb-4.14.3-150300.52.1 updated - util-linux-2.37.2-150400.8.8.1 updated - timezone-2022f-150000.75.15.1 updated - libctf-nobfd0-2.39-150100.7.40.1 updated - update-alternatives-1.19.0.4-150000.4.4.1 updated - libctf0-2.39-150100.7.40.1 updated - binutils-2.39-150100.7.40.1 updated - container:sles15-image-15.0.0-27.14.19 updated From sle-updates at lists.suse.com Sun Nov 27 08:30:53 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 27 Nov 2022 09:30:53 +0100 (CET) Subject: SUSE-CU-2022:3193-1: Recommended update of bci/rust Message-ID: <20221127083053.0A3E3F3E2@maintenance.suse.de> SUSE Container Update Advisory: bci/rust ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3193-1 Container Tags : bci/rust:1.62 , bci/rust:1.62-5.3 Container Release : 5.3 Severity : moderate Type : recommended References : 1190651 ----------------------------------------------------------------- The container bci/rust was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4212-1 Released: Thu Nov 24 15:53:48 2022 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1190651 This update for openssl-1_1 fixes the following issues: - FIPS: Mark PBKDF2 with key shorter than 112 bits as non-approved (bsc#1190651) - FIPS: Consider RSA siggen/sigver with PKCS1 padding also approved (bsc#1190651) - FIPS: Return the correct indicator for a given EC group order bits (bsc#1190651) The following package changes have been done: - libopenssl1_1-1.1.1l-150400.7.16.1 updated - libopenssl1_1-hmac-1.1.1l-150400.7.16.1 updated - container:sles15-image-15.0.0-27.14.20 updated From sle-updates at lists.suse.com Sun Nov 27 08:31:42 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 27 Nov 2022 09:31:42 +0100 (CET) Subject: SUSE-CU-2022:3194-1: Recommended update of bci/rust Message-ID: <20221127083142.934C5F3E2@maintenance.suse.de> SUSE Container Update Advisory: bci/rust ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3194-1 Container Tags : bci/rust:1.63 , bci/rust:1.63-4.17 Container Release : 4.17 Severity : moderate Type : recommended References : 1202750 ----------------------------------------------------------------- The container bci/rust was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4198-1 Released: Wed Nov 23 13:15:04 2022 Summary: Recommended update for rpm Type: recommended Severity: moderate References: 1202750 This update for rpm fixes the following issues: - Strip critical bit in signature subpackage parsing - No longer deadlock DNF after pubkey import (bsc#1202750) The following package changes have been done: - rpm-ndb-4.14.3-150300.52.1 updated - container:sles15-image-15.0.0-27.14.19 updated From sle-updates at lists.suse.com Sun Nov 27 08:31:47 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 27 Nov 2022 09:31:47 +0100 (CET) Subject: SUSE-CU-2022:3195-1: Recommended update of bci/rust Message-ID: <20221127083147.DC6C1F3E2@maintenance.suse.de> SUSE Container Update Advisory: bci/rust ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3195-1 Container Tags : bci/rust:1.63 , bci/rust:1.63-4.18 Container Release : 4.18 Severity : moderate Type : recommended References : 1190651 ----------------------------------------------------------------- The container bci/rust was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4212-1 Released: Thu Nov 24 15:53:48 2022 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1190651 This update for openssl-1_1 fixes the following issues: - FIPS: Mark PBKDF2 with key shorter than 112 bits as non-approved (bsc#1190651) - FIPS: Consider RSA siggen/sigver with PKCS1 padding also approved (bsc#1190651) - FIPS: Return the correct indicator for a given EC group order bits (bsc#1190651) The following package changes have been done: - libopenssl1_1-1.1.1l-150400.7.16.1 updated - libopenssl1_1-hmac-1.1.1l-150400.7.16.1 updated - container:sles15-image-15.0.0-27.14.20 updated From sle-updates at lists.suse.com Sun Nov 27 08:31:52 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 27 Nov 2022 09:31:52 +0100 (CET) Subject: SUSE-CU-2022:3196-1: Recommended update of bci/rust Message-ID: <20221127083152.CEC9CF3E2@maintenance.suse.de> SUSE Container Update Advisory: bci/rust ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3196-1 Container Tags : bci/rust:1.63 , bci/rust:1.63-4.19 Container Release : 4.19 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container bci/rust was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4236-1 Released: Fri Nov 25 18:20:32 2022 Summary: Recommended update for linux-glibc-devel Type: recommended Severity: moderate References: This update for linux-glibc-devel fixes the following issues: - Add the rest of 1.0 IAA operation definitions to the user header (jsc#PED-813). The following package changes have been done: - linux-glibc-devel-5.14-150400.6.3.1 updated From sle-updates at lists.suse.com Sun Nov 27 08:32:14 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 27 Nov 2022 09:32:14 +0100 (CET) Subject: SUSE-CU-2022:3197-1: Recommended update of bci/rust Message-ID: <20221127083214.35A23F3E2@maintenance.suse.de> SUSE Container Update Advisory: bci/rust ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3197-1 Container Tags : bci/rust:1.64 , bci/rust:1.64-3.2 Container Release : 3.2 Severity : moderate Type : recommended References : 1202750 ----------------------------------------------------------------- The container bci/rust was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4198-1 Released: Wed Nov 23 13:15:04 2022 Summary: Recommended update for rpm Type: recommended Severity: moderate References: 1202750 This update for rpm fixes the following issues: - Strip critical bit in signature subpackage parsing - No longer deadlock DNF after pubkey import (bsc#1202750) The following package changes have been done: - rpm-ndb-4.14.3-150300.52.1 updated - container:sles15-image-15.0.0-27.14.19 updated From sle-updates at lists.suse.com Sun Nov 27 08:32:18 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 27 Nov 2022 09:32:18 +0100 (CET) Subject: SUSE-CU-2022:3198-1: Recommended update of bci/rust Message-ID: <20221127083218.94467F3E2@maintenance.suse.de> SUSE Container Update Advisory: bci/rust ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3198-1 Container Tags : bci/rust:1.64 , bci/rust:1.64-3.3 Container Release : 3.3 Severity : moderate Type : recommended References : 1190651 ----------------------------------------------------------------- The container bci/rust was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4212-1 Released: Thu Nov 24 15:53:48 2022 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1190651 This update for openssl-1_1 fixes the following issues: - FIPS: Mark PBKDF2 with key shorter than 112 bits as non-approved (bsc#1190651) - FIPS: Consider RSA siggen/sigver with PKCS1 padding also approved (bsc#1190651) - FIPS: Return the correct indicator for a given EC group order bits (bsc#1190651) The following package changes have been done: - libopenssl1_1-1.1.1l-150400.7.16.1 updated - libopenssl1_1-hmac-1.1.1l-150400.7.16.1 updated - container:sles15-image-15.0.0-27.14.20 updated From sle-updates at lists.suse.com Sun Nov 27 08:32:23 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 27 Nov 2022 09:32:23 +0100 (CET) Subject: SUSE-CU-2022:3199-1: Recommended update of bci/rust Message-ID: <20221127083223.1EEA3F3E2@maintenance.suse.de> SUSE Container Update Advisory: bci/rust ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3199-1 Container Tags : bci/rust:1.64 , bci/rust:1.64-3.4 Container Release : 3.4 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container bci/rust was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4236-1 Released: Fri Nov 25 18:20:32 2022 Summary: Recommended update for linux-glibc-devel Type: recommended Severity: moderate References: This update for linux-glibc-devel fixes the following issues: - Add the rest of 1.0 IAA operation definitions to the user header (jsc#PED-813). The following package changes have been done: - linux-glibc-devel-5.14-150400.6.3.1 updated From sle-updates at lists.suse.com Sun Nov 27 08:34:13 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 27 Nov 2022 09:34:13 +0100 (CET) Subject: SUSE-CU-2022:3200-1: Recommended update of suse/sle15 Message-ID: <20221127083413.35E29F3E2@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3200-1 Container Tags : bci/bci-base:15.4 , bci/bci-base:15.4.27.14.20 , suse/sle15:15.4 , suse/sle15:15.4.27.14.20 Container Release : 27.14.20 Severity : moderate Type : recommended References : 1190651 1202750 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4198-1 Released: Wed Nov 23 13:15:04 2022 Summary: Recommended update for rpm Type: recommended Severity: moderate References: 1202750 This update for rpm fixes the following issues: - Strip critical bit in signature subpackage parsing - No longer deadlock DNF after pubkey import (bsc#1202750) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4212-1 Released: Thu Nov 24 15:53:48 2022 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1190651 This update for openssl-1_1 fixes the following issues: - FIPS: Mark PBKDF2 with key shorter than 112 bits as non-approved (bsc#1190651) - FIPS: Consider RSA siggen/sigver with PKCS1 padding also approved (bsc#1190651) - FIPS: Return the correct indicator for a given EC group order bits (bsc#1190651) The following package changes have been done: - libopenssl1_1-hmac-1.1.1l-150400.7.16.1 updated - libopenssl1_1-1.1.1l-150400.7.16.1 updated - openssl-1_1-1.1.1l-150400.7.16.1 updated - rpm-ndb-4.14.3-150300.52.1 updated From sle-updates at lists.suse.com Mon Nov 28 08:23:11 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 28 Nov 2022 09:23:11 +0100 (CET) Subject: SUSE-CU-2022:3203-1: Recommended update of bci/rust Message-ID: <20221128082311.6157FF3E2@maintenance.suse.de> SUSE Container Update Advisory: bci/rust ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3203-1 Container Tags : bci/rust:1.60 , bci/rust:1.60-6.43 Container Release : 6.43 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container bci/rust was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4236-1 Released: Fri Nov 25 18:20:32 2022 Summary: Recommended update for linux-glibc-devel Type: recommended Severity: moderate References: This update for linux-glibc-devel fixes the following issues: - Add the rest of 1.0 IAA operation definitions to the user header (jsc#PED-813). The following package changes have been done: - linux-glibc-devel-5.14-150400.6.3.1 updated From sle-updates at lists.suse.com Mon Nov 28 11:20:51 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 28 Nov 2022 12:20:51 +0100 (CET) Subject: SUSE-SU-2022:4240-1: important: Security update for sudo Message-ID: <20221128112051.8C07CF3E2@maintenance.suse.de> SUSE Security Update: Security update for sudo ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:4240-1 Rating: important References: #1197998 #1203201 #1204986 Cross-References: CVE-2022-43995 CVSS scores: CVE-2022-43995 (NVD) : 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H CVE-2022-43995 (SUSE): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H Affected Products: SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server for SAP 12-SP4 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 9 ______________________________________________________________________________ An update that solves one vulnerability and has two fixes is now available. Description: This update for sudo fixes the following issues: Security fixes: - CVE-2022-43995: Fixed a potential heap-based buffer over-read when entering a password of seven characters or fewer and using the crypt() password backend (bsc#1204986). Other: - Make sure SIGCHLD is not ignored when sudo is executed; fixes race condition (bsc#1203201). - Change sudo-ldap schema from ASCII to UTF8 (bsc#1197998). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2022-4240=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2022-4240=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2022-4240=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2022-4240=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2022-4240=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): sudo-1.8.20p2-3.33.1 sudo-debuginfo-1.8.20p2-3.33.1 sudo-debugsource-1.8.20p2-3.33.1 - SUSE OpenStack Cloud 9 (x86_64): sudo-1.8.20p2-3.33.1 sudo-debuginfo-1.8.20p2-3.33.1 sudo-debugsource-1.8.20p2-3.33.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): sudo-1.8.20p2-3.33.1 sudo-debuginfo-1.8.20p2-3.33.1 sudo-debugsource-1.8.20p2-3.33.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): sudo-1.8.20p2-3.33.1 sudo-debuginfo-1.8.20p2-3.33.1 sudo-debugsource-1.8.20p2-3.33.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): sudo-1.8.20p2-3.33.1 sudo-debuginfo-1.8.20p2-3.33.1 sudo-debugsource-1.8.20p2-3.33.1 References: https://www.suse.com/security/cve/CVE-2022-43995.html https://bugzilla.suse.com/1197998 https://bugzilla.suse.com/1203201 https://bugzilla.suse.com/1204986 From sle-updates at lists.suse.com Mon Nov 28 14:21:51 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 28 Nov 2022 15:21:51 +0100 (CET) Subject: SUSE-SU-2022:4248-1: important: Security update for tiff Message-ID: <20221128142151.0ABD2F3E2@maintenance.suse.de> SUSE Security Update: Security update for tiff ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:4248-1 Rating: important References: #1204641 #1204643 #1204644 #1204645 #1205392 Cross-References: CVE-2022-3597 CVE-2022-3599 CVE-2022-3626 CVE-2022-3627 CVE-2022-3970 CVSS scores: CVE-2022-3597 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2022-3597 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2022-3599 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2022-3599 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2022-3626 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2022-3626 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2022-3627 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2022-3627 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2022-3970 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-3970 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 9 ______________________________________________________________________________ An update that fixes 5 vulnerabilities is now available. Description: This update for tiff fixes the following issues: - CVE-2022-3597: Fixed out-of-bounds write in _TIFFmemcpy in libtiff/tif_unix.c (bnc#1204641). - CVE-2022-3599: Fixed out-of-bounds read in writeSingleSection in tools/tiffcrop.c (bnc#1204643). - CVE-2022-3626: Fixed out-of-bounds write in _TIFFmemset in libtiff/tif_unix.c (bnc#1204644) - CVE-2022-3627: Fixed out-of-bounds write in _TIFFmemcpy in libtiff/tif_unix.c (bnc#1204645). - CVE-2022-3970: Fixed unsigned integer overflow in TIFFReadRGBATileExt() (bnc#1205392). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2022-4248=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2022-4248=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-4248=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2022-4248=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-4248=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2022-4248=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2022-4248=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2022-4248=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): libtiff5-32bit-4.0.9-44.59.1 libtiff5-4.0.9-44.59.1 libtiff5-debuginfo-32bit-4.0.9-44.59.1 libtiff5-debuginfo-4.0.9-44.59.1 tiff-4.0.9-44.59.1 tiff-debuginfo-4.0.9-44.59.1 tiff-debugsource-4.0.9-44.59.1 - SUSE OpenStack Cloud 9 (x86_64): libtiff5-32bit-4.0.9-44.59.1 libtiff5-4.0.9-44.59.1 libtiff5-debuginfo-32bit-4.0.9-44.59.1 libtiff5-debuginfo-4.0.9-44.59.1 tiff-4.0.9-44.59.1 tiff-debuginfo-4.0.9-44.59.1 tiff-debugsource-4.0.9-44.59.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): libtiff-devel-4.0.9-44.59.1 tiff-debuginfo-4.0.9-44.59.1 tiff-debugsource-4.0.9-44.59.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): libtiff5-4.0.9-44.59.1 libtiff5-debuginfo-4.0.9-44.59.1 tiff-4.0.9-44.59.1 tiff-debuginfo-4.0.9-44.59.1 tiff-debugsource-4.0.9-44.59.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (x86_64): libtiff5-32bit-4.0.9-44.59.1 libtiff5-debuginfo-32bit-4.0.9-44.59.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): libtiff5-4.0.9-44.59.1 libtiff5-debuginfo-4.0.9-44.59.1 tiff-4.0.9-44.59.1 tiff-debuginfo-4.0.9-44.59.1 tiff-debugsource-4.0.9-44.59.1 - SUSE Linux Enterprise Server 12-SP5 (s390x x86_64): libtiff5-32bit-4.0.9-44.59.1 libtiff5-debuginfo-32bit-4.0.9-44.59.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): libtiff5-4.0.9-44.59.1 libtiff5-debuginfo-4.0.9-44.59.1 tiff-4.0.9-44.59.1 tiff-debuginfo-4.0.9-44.59.1 tiff-debugsource-4.0.9-44.59.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (s390x x86_64): libtiff5-32bit-4.0.9-44.59.1 libtiff5-debuginfo-32bit-4.0.9-44.59.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): libtiff5-32bit-4.0.9-44.59.1 libtiff5-4.0.9-44.59.1 libtiff5-debuginfo-32bit-4.0.9-44.59.1 libtiff5-debuginfo-4.0.9-44.59.1 tiff-4.0.9-44.59.1 tiff-debuginfo-4.0.9-44.59.1 tiff-debugsource-4.0.9-44.59.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): libtiff5-32bit-4.0.9-44.59.1 libtiff5-4.0.9-44.59.1 libtiff5-debuginfo-32bit-4.0.9-44.59.1 libtiff5-debuginfo-4.0.9-44.59.1 tiff-4.0.9-44.59.1 tiff-debuginfo-4.0.9-44.59.1 tiff-debugsource-4.0.9-44.59.1 References: https://www.suse.com/security/cve/CVE-2022-3597.html https://www.suse.com/security/cve/CVE-2022-3599.html https://www.suse.com/security/cve/CVE-2022-3626.html https://www.suse.com/security/cve/CVE-2022-3627.html https://www.suse.com/security/cve/CVE-2022-3970.html https://bugzilla.suse.com/1204641 https://bugzilla.suse.com/1204643 https://bugzilla.suse.com/1204644 https://bugzilla.suse.com/1204645 https://bugzilla.suse.com/1205392 From sle-updates at lists.suse.com Mon Nov 28 14:22:54 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 28 Nov 2022 15:22:54 +0100 (CET) Subject: SUSE-RU-2022:4246-1: important: Recommended update for gnutls Message-ID: <20221128142254.0F02FF3E2@maintenance.suse.de> SUSE Recommended Update: Recommended update for gnutls ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:4246-1 Rating: important References: #1204763 Affected Products: SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for gnutls fixes the following issues: - sysrng-linux: re-open /dev/urandom every time [bsc#1204763] This avoids crashes of samba-bgqd, which closes all filedescriptors on startup. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-4246=1 Package List: - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): libgnutls30-3.4.17-8.14.1 libgnutls30-debuginfo-3.4.17-8.14.1 - SUSE Linux Enterprise Server 12-SP5 (ppc64le s390x x86_64): gnutls-debugsource-3.4.17-8.14.1 - SUSE Linux Enterprise Server 12-SP5 (s390x x86_64): libgnutls30-32bit-3.4.17-8.14.1 libgnutls30-debuginfo-32bit-3.4.17-8.14.1 References: https://bugzilla.suse.com/1204763 From sle-updates at lists.suse.com Mon Nov 28 14:23:38 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 28 Nov 2022 15:23:38 +0100 (CET) Subject: SUSE-SU-2022:4249-1: important: Security update for pixman Message-ID: <20221128142338.603E6F3E2@maintenance.suse.de> SUSE Security Update: Security update for pixman ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:4249-1 Rating: important References: #1205033 Cross-References: CVE-2022-44638 CVSS scores: CVE-2022-44638 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-44638 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 9 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for pixman fixes the following issues: - CVE-2022-44638: Fixed an integer overflow in pixman_sample_floor_y leading to heap out-of-bounds write (bsc#1205033). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2022-4249=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2022-4249=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-4249=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2022-4249=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-4249=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2022-4249=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2022-4249=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2022-4249=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): libpixman-1-0-0.34.0-8.3.1 libpixman-1-0-32bit-0.34.0-8.3.1 libpixman-1-0-debuginfo-0.34.0-8.3.1 libpixman-1-0-debuginfo-32bit-0.34.0-8.3.1 pixman-debugsource-0.34.0-8.3.1 - SUSE OpenStack Cloud 9 (x86_64): libpixman-1-0-0.34.0-8.3.1 libpixman-1-0-32bit-0.34.0-8.3.1 libpixman-1-0-debuginfo-0.34.0-8.3.1 libpixman-1-0-debuginfo-32bit-0.34.0-8.3.1 pixman-debugsource-0.34.0-8.3.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): libpixman-1-0-devel-0.34.0-8.3.1 pixman-debugsource-0.34.0-8.3.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): libpixman-1-0-0.34.0-8.3.1 libpixman-1-0-debuginfo-0.34.0-8.3.1 pixman-debugsource-0.34.0-8.3.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (x86_64): libpixman-1-0-32bit-0.34.0-8.3.1 libpixman-1-0-debuginfo-32bit-0.34.0-8.3.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): libpixman-1-0-0.34.0-8.3.1 libpixman-1-0-debuginfo-0.34.0-8.3.1 pixman-debugsource-0.34.0-8.3.1 - SUSE Linux Enterprise Server 12-SP5 (s390x x86_64): libpixman-1-0-32bit-0.34.0-8.3.1 libpixman-1-0-debuginfo-32bit-0.34.0-8.3.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): libpixman-1-0-0.34.0-8.3.1 libpixman-1-0-debuginfo-0.34.0-8.3.1 pixman-debugsource-0.34.0-8.3.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (s390x x86_64): libpixman-1-0-32bit-0.34.0-8.3.1 libpixman-1-0-debuginfo-32bit-0.34.0-8.3.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): libpixman-1-0-0.34.0-8.3.1 libpixman-1-0-32bit-0.34.0-8.3.1 libpixman-1-0-debuginfo-0.34.0-8.3.1 libpixman-1-0-debuginfo-32bit-0.34.0-8.3.1 pixman-debugsource-0.34.0-8.3.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): libpixman-1-0-0.34.0-8.3.1 libpixman-1-0-32bit-0.34.0-8.3.1 libpixman-1-0-debuginfo-0.34.0-8.3.1 libpixman-1-0-debuginfo-32bit-0.34.0-8.3.1 pixman-debugsource-0.34.0-8.3.1 References: https://www.suse.com/security/cve/CVE-2022-44638.html https://bugzilla.suse.com/1205033 From sle-updates at lists.suse.com Mon Nov 28 14:24:31 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 28 Nov 2022 15:24:31 +0100 (CET) Subject: SUSE-SU-2022:4241-1: important: Security update for xen Message-ID: <20221128142431.C9EE4F3E2@maintenance.suse.de> SUSE Security Update: Security update for xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:4241-1 Rating: important References: #1185104 #1193923 #1203806 #1203807 #1204482 #1204485 #1204487 #1204488 #1204489 #1204490 #1204494 #1204496 Cross-References: CVE-2021-28689 CVE-2022-33746 CVE-2022-33748 CVE-2022-42309 CVE-2022-42310 CVE-2022-42311 CVE-2022-42312 CVE-2022-42313 CVE-2022-42314 CVE-2022-42315 CVE-2022-42316 CVE-2022-42317 CVE-2022-42318 CVE-2022-42319 CVE-2022-42320 CVE-2022-42321 CVE-2022-42322 CVE-2022-42323 CVE-2022-42325 CVE-2022-42326 CVSS scores: CVE-2021-28689 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2021-28689 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-33746 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2022-33746 (SUSE): 5.3 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H CVE-2022-33748 (NVD) : 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2022-33748 (SUSE): 5.3 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H CVE-2022-42309 (NVD) : 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H CVE-2022-42309 (SUSE): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H CVE-2022-42310 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-42310 (SUSE): 6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H CVE-2022-42311 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-42311 (SUSE): 6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H CVE-2022-42312 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2022-42312 (SUSE): 6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H CVE-2022-42313 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2022-42313 (SUSE): 6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H CVE-2022-42314 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2022-42314 (SUSE): 6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H CVE-2022-42315 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2022-42315 (SUSE): 6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H CVE-2022-42316 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2022-42316 (SUSE): 6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H CVE-2022-42317 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2022-42317 (SUSE): 6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H CVE-2022-42318 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2022-42318 (SUSE): 6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H CVE-2022-42319 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2022-42319 (SUSE): 6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H CVE-2022-42320 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-42320 (SUSE): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H CVE-2022-42321 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2022-42321 (SUSE): 6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H CVE-2022-42322 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-42322 (SUSE): 5.3 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H CVE-2022-42323 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-42323 (SUSE): 5.3 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H CVE-2022-42325 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-42325 (SUSE): 6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H CVE-2022-42326 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-42326 (SUSE): 6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server for SAP 12-SP4 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 9 ______________________________________________________________________________ An update that fixes 20 vulnerabilities is now available. Description: This update for xen fixes the following issues: - CVE-2022-33746: Fixed DoS due to excessively long P2M pool freeing (bsc#1203806). - CVE-2022-33748: Fixed DoS due to race in locking (bsc#1203807). - CVE-2021-28689: Fixed speculative vulnerabilities with bare (non-shim) 32-bit PV guests (bsc#1185104). - CVE-2022-42311, CVE-2022-42312, CVE-2022-42313, CVE-2022-42314, CVE-2022-42315, CVE-2022-42316, CVE-2022-42317, CVE-2022-42318: xen: Xenstore: Guests can let xenstored run out of memory (bsc#1204482) - CVE-2022-42309: xen: Xenstore: Guests can crash xenstored (bsc#1204485) - CVE-2022-42310: xen: Xenstore: Guests can create orphaned Xenstore nodes (bsc#1204487) - CVE-2022-42319: xen: Xenstore: Guests can cause Xenstore to not free temporary memory (bsc#1204488) - CVE-2022-42320: xen: Xenstore: Guests can get access to Xenstore nodes of deleted domains (bsc#1204489) - CVE-2022-42321: xen: Xenstore: Guests can crash xenstored via exhausting the stack (bsc#1204490) - CVE-2022-42322,CVE-2022-42323: xen: Xenstore: cooperating guests can create arbitrary numbers of nodes (bsc#1204494) - CVE-2022-42325,CVE-2022-42326: xen: Xenstore: Guests can create arbitrary number of nodes via transactions (bsc#1204496) - xen: Frontends vulnerable to backends (bsc#1193923) Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2022-4241=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2022-4241=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2022-4241=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2022-4241=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): xen-4.11.4_34-2.83.1 xen-debugsource-4.11.4_34-2.83.1 xen-doc-html-4.11.4_34-2.83.1 xen-libs-32bit-4.11.4_34-2.83.1 xen-libs-4.11.4_34-2.83.1 xen-libs-debuginfo-32bit-4.11.4_34-2.83.1 xen-libs-debuginfo-4.11.4_34-2.83.1 xen-tools-4.11.4_34-2.83.1 xen-tools-debuginfo-4.11.4_34-2.83.1 xen-tools-domU-4.11.4_34-2.83.1 xen-tools-domU-debuginfo-4.11.4_34-2.83.1 - SUSE OpenStack Cloud 9 (x86_64): xen-4.11.4_34-2.83.1 xen-debugsource-4.11.4_34-2.83.1 xen-doc-html-4.11.4_34-2.83.1 xen-libs-32bit-4.11.4_34-2.83.1 xen-libs-4.11.4_34-2.83.1 xen-libs-debuginfo-32bit-4.11.4_34-2.83.1 xen-libs-debuginfo-4.11.4_34-2.83.1 xen-tools-4.11.4_34-2.83.1 xen-tools-debuginfo-4.11.4_34-2.83.1 xen-tools-domU-4.11.4_34-2.83.1 xen-tools-domU-debuginfo-4.11.4_34-2.83.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (x86_64): xen-4.11.4_34-2.83.1 xen-debugsource-4.11.4_34-2.83.1 xen-doc-html-4.11.4_34-2.83.1 xen-libs-32bit-4.11.4_34-2.83.1 xen-libs-4.11.4_34-2.83.1 xen-libs-debuginfo-32bit-4.11.4_34-2.83.1 xen-libs-debuginfo-4.11.4_34-2.83.1 xen-tools-4.11.4_34-2.83.1 xen-tools-debuginfo-4.11.4_34-2.83.1 xen-tools-domU-4.11.4_34-2.83.1 xen-tools-domU-debuginfo-4.11.4_34-2.83.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (x86_64): xen-4.11.4_34-2.83.1 xen-debugsource-4.11.4_34-2.83.1 xen-doc-html-4.11.4_34-2.83.1 xen-libs-32bit-4.11.4_34-2.83.1 xen-libs-4.11.4_34-2.83.1 xen-libs-debuginfo-32bit-4.11.4_34-2.83.1 xen-libs-debuginfo-4.11.4_34-2.83.1 xen-tools-4.11.4_34-2.83.1 xen-tools-debuginfo-4.11.4_34-2.83.1 xen-tools-domU-4.11.4_34-2.83.1 xen-tools-domU-debuginfo-4.11.4_34-2.83.1 References: https://www.suse.com/security/cve/CVE-2021-28689.html https://www.suse.com/security/cve/CVE-2022-33746.html https://www.suse.com/security/cve/CVE-2022-33748.html https://www.suse.com/security/cve/CVE-2022-42309.html https://www.suse.com/security/cve/CVE-2022-42310.html https://www.suse.com/security/cve/CVE-2022-42311.html https://www.suse.com/security/cve/CVE-2022-42312.html https://www.suse.com/security/cve/CVE-2022-42313.html https://www.suse.com/security/cve/CVE-2022-42314.html https://www.suse.com/security/cve/CVE-2022-42315.html https://www.suse.com/security/cve/CVE-2022-42316.html https://www.suse.com/security/cve/CVE-2022-42317.html https://www.suse.com/security/cve/CVE-2022-42318.html https://www.suse.com/security/cve/CVE-2022-42319.html https://www.suse.com/security/cve/CVE-2022-42320.html https://www.suse.com/security/cve/CVE-2022-42321.html https://www.suse.com/security/cve/CVE-2022-42322.html https://www.suse.com/security/cve/CVE-2022-42323.html https://www.suse.com/security/cve/CVE-2022-42325.html https://www.suse.com/security/cve/CVE-2022-42326.html https://bugzilla.suse.com/1185104 https://bugzilla.suse.com/1193923 https://bugzilla.suse.com/1203806 https://bugzilla.suse.com/1203807 https://bugzilla.suse.com/1204482 https://bugzilla.suse.com/1204485 https://bugzilla.suse.com/1204487 https://bugzilla.suse.com/1204488 https://bugzilla.suse.com/1204489 https://bugzilla.suse.com/1204490 https://bugzilla.suse.com/1204494 https://bugzilla.suse.com/1204496 From sle-updates at lists.suse.com Mon Nov 28 14:26:50 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 28 Nov 2022 15:26:50 +0100 (CET) Subject: SUSE-RU-2022:4245-1: moderate: Recommended update for gcc12 Message-ID: <20221128142650.8AE50F3E2@maintenance.suse.de> SUSE Recommended Update: Recommended update for gcc12 ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:4245-1 Rating: moderate References: PED-2030 Affected Products: SUSE Linux Enterprise High Performance Computing 12 SUSE Linux Enterprise Module for Toolchain 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP Applications 12 SUSE Linux Enterprise Server for SAP Applications 12-SP3 SUSE Linux Enterprise Server for SAP Applications 12-SP4 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 9 ______________________________________________________________________________ An update that has 0 recommended fixes and contains one feature can now be installed. Description: This update for gcc12 fixes the following issues: This update ship the GCC 12 compiler suite and its base libraries. The compiler baselibraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 11 ones. The new compilers for C, C++, and Fortran are provided in the SUSE Linux Enterprise Toolchain Module. To use gcc12 compilers use: - install "gcc12" or "gcc12-c++" or one of the other "gcc12-COMPILER" frontend packages. - override your makefile to use CC=gcc12, CXX=g++12 and similar overrides for the other languages. For a full changelog with all new GCC12 features, check out https://gcc.gnu.org/gcc-12/changes.html Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2022-4245=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2022-4245=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2022-4245=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-4245=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2022-4245=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2022-4245=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2022-4245=1 - SUSE Linux Enterprise Module for Toolchain 12: zypper in -t patch SUSE-SLE-Module-Toolchain-12-2022-4245=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): libasan8-12.2.1+git416-1.5.1 libasan8-32bit-12.2.1+git416-1.5.1 libasan8-32bit-debuginfo-12.2.1+git416-1.5.1 libasan8-debuginfo-12.2.1+git416-1.5.1 libatomic1-12.2.1+git416-1.5.1 libatomic1-32bit-12.2.1+git416-1.5.1 libatomic1-32bit-debuginfo-12.2.1+git416-1.5.1 libatomic1-debuginfo-12.2.1+git416-1.5.1 libgcc_s1-12.2.1+git416-1.5.1 libgcc_s1-32bit-12.2.1+git416-1.5.1 libgcc_s1-32bit-debuginfo-12.2.1+git416-1.5.1 libgcc_s1-debuginfo-12.2.1+git416-1.5.1 libgfortran5-12.2.1+git416-1.5.1 libgfortran5-32bit-12.2.1+git416-1.5.1 libgfortran5-32bit-debuginfo-12.2.1+git416-1.5.1 libgfortran5-debuginfo-12.2.1+git416-1.5.1 libgomp1-12.2.1+git416-1.5.1 libgomp1-32bit-12.2.1+git416-1.5.1 libgomp1-32bit-debuginfo-12.2.1+git416-1.5.1 libgomp1-debuginfo-12.2.1+git416-1.5.1 libitm1-12.2.1+git416-1.5.1 libitm1-32bit-12.2.1+git416-1.5.1 libitm1-32bit-debuginfo-12.2.1+git416-1.5.1 libitm1-debuginfo-12.2.1+git416-1.5.1 liblsan0-12.2.1+git416-1.5.1 liblsan0-debuginfo-12.2.1+git416-1.5.1 libobjc4-12.2.1+git416-1.5.1 libobjc4-32bit-12.2.1+git416-1.5.1 libobjc4-32bit-debuginfo-12.2.1+git416-1.5.1 libobjc4-debuginfo-12.2.1+git416-1.5.1 libquadmath0-12.2.1+git416-1.5.1 libquadmath0-32bit-12.2.1+git416-1.5.1 libquadmath0-32bit-debuginfo-12.2.1+git416-1.5.1 libquadmath0-debuginfo-12.2.1+git416-1.5.1 libstdc++6-12.2.1+git416-1.5.1 libstdc++6-32bit-12.2.1+git416-1.5.1 libstdc++6-32bit-debuginfo-12.2.1+git416-1.5.1 libstdc++6-debuginfo-12.2.1+git416-1.5.1 libstdc++6-locale-12.2.1+git416-1.5.1 libstdc++6-pp-12.2.1+git416-1.5.1 libstdc++6-pp-32bit-12.2.1+git416-1.5.1 libtsan2-12.2.1+git416-1.5.1 libtsan2-debuginfo-12.2.1+git416-1.5.1 libubsan1-12.2.1+git416-1.5.1 libubsan1-32bit-12.2.1+git416-1.5.1 libubsan1-32bit-debuginfo-12.2.1+git416-1.5.1 libubsan1-debuginfo-12.2.1+git416-1.5.1 - SUSE OpenStack Cloud 9 (x86_64): libasan8-12.2.1+git416-1.5.1 libasan8-32bit-12.2.1+git416-1.5.1 libasan8-32bit-debuginfo-12.2.1+git416-1.5.1 libasan8-debuginfo-12.2.1+git416-1.5.1 libatomic1-12.2.1+git416-1.5.1 libatomic1-32bit-12.2.1+git416-1.5.1 libatomic1-32bit-debuginfo-12.2.1+git416-1.5.1 libatomic1-debuginfo-12.2.1+git416-1.5.1 libgcc_s1-12.2.1+git416-1.5.1 libgcc_s1-32bit-12.2.1+git416-1.5.1 libgcc_s1-32bit-debuginfo-12.2.1+git416-1.5.1 libgcc_s1-debuginfo-12.2.1+git416-1.5.1 libgfortran5-12.2.1+git416-1.5.1 libgfortran5-32bit-12.2.1+git416-1.5.1 libgfortran5-32bit-debuginfo-12.2.1+git416-1.5.1 libgfortran5-debuginfo-12.2.1+git416-1.5.1 libgomp1-12.2.1+git416-1.5.1 libgomp1-32bit-12.2.1+git416-1.5.1 libgomp1-32bit-debuginfo-12.2.1+git416-1.5.1 libgomp1-debuginfo-12.2.1+git416-1.5.1 libitm1-12.2.1+git416-1.5.1 libitm1-32bit-12.2.1+git416-1.5.1 libitm1-32bit-debuginfo-12.2.1+git416-1.5.1 libitm1-debuginfo-12.2.1+git416-1.5.1 liblsan0-12.2.1+git416-1.5.1 liblsan0-debuginfo-12.2.1+git416-1.5.1 libobjc4-12.2.1+git416-1.5.1 libobjc4-32bit-12.2.1+git416-1.5.1 libobjc4-32bit-debuginfo-12.2.1+git416-1.5.1 libobjc4-debuginfo-12.2.1+git416-1.5.1 libquadmath0-12.2.1+git416-1.5.1 libquadmath0-32bit-12.2.1+git416-1.5.1 libquadmath0-32bit-debuginfo-12.2.1+git416-1.5.1 libquadmath0-debuginfo-12.2.1+git416-1.5.1 libstdc++6-12.2.1+git416-1.5.1 libstdc++6-32bit-12.2.1+git416-1.5.1 libstdc++6-32bit-debuginfo-12.2.1+git416-1.5.1 libstdc++6-debuginfo-12.2.1+git416-1.5.1 libstdc++6-locale-12.2.1+git416-1.5.1 libstdc++6-pp-12.2.1+git416-1.5.1 libstdc++6-pp-32bit-12.2.1+git416-1.5.1 libtsan2-12.2.1+git416-1.5.1 libtsan2-debuginfo-12.2.1+git416-1.5.1 libubsan1-12.2.1+git416-1.5.1 libubsan1-32bit-12.2.1+git416-1.5.1 libubsan1-32bit-debuginfo-12.2.1+git416-1.5.1 libubsan1-debuginfo-12.2.1+git416-1.5.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): libasan8-12.2.1+git416-1.5.1 libasan8-debuginfo-12.2.1+git416-1.5.1 libatomic1-12.2.1+git416-1.5.1 libatomic1-debuginfo-12.2.1+git416-1.5.1 libgcc_s1-12.2.1+git416-1.5.1 libgcc_s1-debuginfo-12.2.1+git416-1.5.1 libgfortran5-12.2.1+git416-1.5.1 libgfortran5-debuginfo-12.2.1+git416-1.5.1 libgomp1-12.2.1+git416-1.5.1 libgomp1-debuginfo-12.2.1+git416-1.5.1 libitm1-12.2.1+git416-1.5.1 libitm1-debuginfo-12.2.1+git416-1.5.1 liblsan0-12.2.1+git416-1.5.1 liblsan0-debuginfo-12.2.1+git416-1.5.1 libobjc4-12.2.1+git416-1.5.1 libobjc4-debuginfo-12.2.1+git416-1.5.1 libquadmath0-12.2.1+git416-1.5.1 libquadmath0-debuginfo-12.2.1+git416-1.5.1 libstdc++6-12.2.1+git416-1.5.1 libstdc++6-debuginfo-12.2.1+git416-1.5.1 libstdc++6-locale-12.2.1+git416-1.5.1 libstdc++6-pp-12.2.1+git416-1.5.1 libtsan2-12.2.1+git416-1.5.1 libtsan2-debuginfo-12.2.1+git416-1.5.1 libubsan1-12.2.1+git416-1.5.1 libubsan1-debuginfo-12.2.1+git416-1.5.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (x86_64): libasan8-32bit-12.2.1+git416-1.5.1 libasan8-32bit-debuginfo-12.2.1+git416-1.5.1 libatomic1-32bit-12.2.1+git416-1.5.1 libatomic1-32bit-debuginfo-12.2.1+git416-1.5.1 libgcc_s1-32bit-12.2.1+git416-1.5.1 libgcc_s1-32bit-debuginfo-12.2.1+git416-1.5.1 libgfortran5-32bit-12.2.1+git416-1.5.1 libgfortran5-32bit-debuginfo-12.2.1+git416-1.5.1 libgomp1-32bit-12.2.1+git416-1.5.1 libgomp1-32bit-debuginfo-12.2.1+git416-1.5.1 libitm1-32bit-12.2.1+git416-1.5.1 libitm1-32bit-debuginfo-12.2.1+git416-1.5.1 libobjc4-32bit-12.2.1+git416-1.5.1 libobjc4-32bit-debuginfo-12.2.1+git416-1.5.1 libquadmath0-32bit-12.2.1+git416-1.5.1 libquadmath0-32bit-debuginfo-12.2.1+git416-1.5.1 libstdc++6-32bit-12.2.1+git416-1.5.1 libstdc++6-32bit-debuginfo-12.2.1+git416-1.5.1 libstdc++6-pp-32bit-12.2.1+git416-1.5.1 libubsan1-32bit-12.2.1+git416-1.5.1 libubsan1-32bit-debuginfo-12.2.1+git416-1.5.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): libasan8-12.2.1+git416-1.5.1 libasan8-debuginfo-12.2.1+git416-1.5.1 libatomic1-12.2.1+git416-1.5.1 libatomic1-debuginfo-12.2.1+git416-1.5.1 libgcc_s1-12.2.1+git416-1.5.1 libgcc_s1-debuginfo-12.2.1+git416-1.5.1 libgfortran5-12.2.1+git416-1.5.1 libgfortran5-debuginfo-12.2.1+git416-1.5.1 libgomp1-12.2.1+git416-1.5.1 libgomp1-debuginfo-12.2.1+git416-1.5.1 libitm1-12.2.1+git416-1.5.1 libitm1-debuginfo-12.2.1+git416-1.5.1 liblsan0-12.2.1+git416-1.5.1 liblsan0-debuginfo-12.2.1+git416-1.5.1 libobjc4-12.2.1+git416-1.5.1 libobjc4-debuginfo-12.2.1+git416-1.5.1 libstdc++6-12.2.1+git416-1.5.1 libstdc++6-debuginfo-12.2.1+git416-1.5.1 libstdc++6-locale-12.2.1+git416-1.5.1 libstdc++6-pp-12.2.1+git416-1.5.1 libtsan2-12.2.1+git416-1.5.1 libtsan2-debuginfo-12.2.1+git416-1.5.1 libubsan1-12.2.1+git416-1.5.1 libubsan1-debuginfo-12.2.1+git416-1.5.1 - SUSE Linux Enterprise Server 12-SP5 (ppc64le x86_64): libquadmath0-12.2.1+git416-1.5.1 libquadmath0-debuginfo-12.2.1+git416-1.5.1 - SUSE Linux Enterprise Server 12-SP5 (s390x x86_64): libasan8-32bit-12.2.1+git416-1.5.1 libasan8-32bit-debuginfo-12.2.1+git416-1.5.1 libatomic1-32bit-12.2.1+git416-1.5.1 libatomic1-32bit-debuginfo-12.2.1+git416-1.5.1 libgcc_s1-32bit-12.2.1+git416-1.5.1 libgcc_s1-32bit-debuginfo-12.2.1+git416-1.5.1 libgfortran5-32bit-12.2.1+git416-1.5.1 libgfortran5-32bit-debuginfo-12.2.1+git416-1.5.1 libgomp1-32bit-12.2.1+git416-1.5.1 libgomp1-32bit-debuginfo-12.2.1+git416-1.5.1 libitm1-32bit-12.2.1+git416-1.5.1 libitm1-32bit-debuginfo-12.2.1+git416-1.5.1 libobjc4-32bit-12.2.1+git416-1.5.1 libobjc4-32bit-debuginfo-12.2.1+git416-1.5.1 libstdc++6-32bit-12.2.1+git416-1.5.1 libstdc++6-32bit-debuginfo-12.2.1+git416-1.5.1 libstdc++6-pp-32bit-12.2.1+git416-1.5.1 libubsan1-32bit-12.2.1+git416-1.5.1 libubsan1-32bit-debuginfo-12.2.1+git416-1.5.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64): libhwasan0-12.2.1+git416-1.5.1 libhwasan0-debuginfo-12.2.1+git416-1.5.1 - SUSE Linux Enterprise Server 12-SP5 (x86_64): libquadmath0-32bit-12.2.1+git416-1.5.1 libquadmath0-32bit-debuginfo-12.2.1+git416-1.5.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): libasan8-12.2.1+git416-1.5.1 libasan8-debuginfo-12.2.1+git416-1.5.1 libatomic1-12.2.1+git416-1.5.1 libatomic1-debuginfo-12.2.1+git416-1.5.1 libgcc_s1-12.2.1+git416-1.5.1 libgcc_s1-debuginfo-12.2.1+git416-1.5.1 libgfortran5-12.2.1+git416-1.5.1 libgfortran5-debuginfo-12.2.1+git416-1.5.1 libgomp1-12.2.1+git416-1.5.1 libgomp1-debuginfo-12.2.1+git416-1.5.1 libitm1-12.2.1+git416-1.5.1 libitm1-debuginfo-12.2.1+git416-1.5.1 liblsan0-12.2.1+git416-1.5.1 liblsan0-debuginfo-12.2.1+git416-1.5.1 libobjc4-12.2.1+git416-1.5.1 libobjc4-debuginfo-12.2.1+git416-1.5.1 libstdc++6-12.2.1+git416-1.5.1 libstdc++6-debuginfo-12.2.1+git416-1.5.1 libstdc++6-locale-12.2.1+git416-1.5.1 libstdc++6-pp-12.2.1+git416-1.5.1 libtsan2-12.2.1+git416-1.5.1 libtsan2-debuginfo-12.2.1+git416-1.5.1 libubsan1-12.2.1+git416-1.5.1 libubsan1-debuginfo-12.2.1+git416-1.5.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (ppc64le x86_64): libquadmath0-12.2.1+git416-1.5.1 libquadmath0-debuginfo-12.2.1+git416-1.5.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (s390x x86_64): libasan8-32bit-12.2.1+git416-1.5.1 libasan8-32bit-debuginfo-12.2.1+git416-1.5.1 libatomic1-32bit-12.2.1+git416-1.5.1 libatomic1-32bit-debuginfo-12.2.1+git416-1.5.1 libgcc_s1-32bit-12.2.1+git416-1.5.1 libgcc_s1-32bit-debuginfo-12.2.1+git416-1.5.1 libgfortran5-32bit-12.2.1+git416-1.5.1 libgfortran5-32bit-debuginfo-12.2.1+git416-1.5.1 libgomp1-32bit-12.2.1+git416-1.5.1 libgomp1-32bit-debuginfo-12.2.1+git416-1.5.1 libitm1-32bit-12.2.1+git416-1.5.1 libitm1-32bit-debuginfo-12.2.1+git416-1.5.1 libobjc4-32bit-12.2.1+git416-1.5.1 libobjc4-32bit-debuginfo-12.2.1+git416-1.5.1 libstdc++6-32bit-12.2.1+git416-1.5.1 libstdc++6-32bit-debuginfo-12.2.1+git416-1.5.1 libstdc++6-pp-32bit-12.2.1+git416-1.5.1 libubsan1-32bit-12.2.1+git416-1.5.1 libubsan1-32bit-debuginfo-12.2.1+git416-1.5.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64): libhwasan0-12.2.1+git416-1.5.1 libhwasan0-debuginfo-12.2.1+git416-1.5.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (x86_64): libquadmath0-32bit-12.2.1+git416-1.5.1 libquadmath0-32bit-debuginfo-12.2.1+git416-1.5.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): libasan8-12.2.1+git416-1.5.1 libasan8-32bit-12.2.1+git416-1.5.1 libasan8-32bit-debuginfo-12.2.1+git416-1.5.1 libasan8-debuginfo-12.2.1+git416-1.5.1 libatomic1-12.2.1+git416-1.5.1 libatomic1-32bit-12.2.1+git416-1.5.1 libatomic1-32bit-debuginfo-12.2.1+git416-1.5.1 libatomic1-debuginfo-12.2.1+git416-1.5.1 libgcc_s1-12.2.1+git416-1.5.1 libgcc_s1-32bit-12.2.1+git416-1.5.1 libgcc_s1-32bit-debuginfo-12.2.1+git416-1.5.1 libgcc_s1-debuginfo-12.2.1+git416-1.5.1 libgfortran5-12.2.1+git416-1.5.1 libgfortran5-32bit-12.2.1+git416-1.5.1 libgfortran5-32bit-debuginfo-12.2.1+git416-1.5.1 libgfortran5-debuginfo-12.2.1+git416-1.5.1 libgomp1-12.2.1+git416-1.5.1 libgomp1-32bit-12.2.1+git416-1.5.1 libgomp1-32bit-debuginfo-12.2.1+git416-1.5.1 libgomp1-debuginfo-12.2.1+git416-1.5.1 libitm1-12.2.1+git416-1.5.1 libitm1-32bit-12.2.1+git416-1.5.1 libitm1-32bit-debuginfo-12.2.1+git416-1.5.1 libitm1-debuginfo-12.2.1+git416-1.5.1 liblsan0-12.2.1+git416-1.5.1 liblsan0-debuginfo-12.2.1+git416-1.5.1 libobjc4-12.2.1+git416-1.5.1 libobjc4-32bit-12.2.1+git416-1.5.1 libobjc4-32bit-debuginfo-12.2.1+git416-1.5.1 libobjc4-debuginfo-12.2.1+git416-1.5.1 libquadmath0-12.2.1+git416-1.5.1 libquadmath0-32bit-12.2.1+git416-1.5.1 libquadmath0-32bit-debuginfo-12.2.1+git416-1.5.1 libquadmath0-debuginfo-12.2.1+git416-1.5.1 libstdc++6-12.2.1+git416-1.5.1 libstdc++6-32bit-12.2.1+git416-1.5.1 libstdc++6-32bit-debuginfo-12.2.1+git416-1.5.1 libstdc++6-debuginfo-12.2.1+git416-1.5.1 libstdc++6-locale-12.2.1+git416-1.5.1 libstdc++6-pp-12.2.1+git416-1.5.1 libstdc++6-pp-32bit-12.2.1+git416-1.5.1 libtsan2-12.2.1+git416-1.5.1 libtsan2-debuginfo-12.2.1+git416-1.5.1 libubsan1-12.2.1+git416-1.5.1 libubsan1-32bit-12.2.1+git416-1.5.1 libubsan1-32bit-debuginfo-12.2.1+git416-1.5.1 libubsan1-debuginfo-12.2.1+git416-1.5.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): gcc12-debuginfo-12.2.1+git416-1.5.1 gcc12-debugsource-12.2.1+git416-1.5.1 libasan8-12.2.1+git416-1.5.1 libasan8-32bit-12.2.1+git416-1.5.1 libasan8-32bit-debuginfo-12.2.1+git416-1.5.1 libasan8-debuginfo-12.2.1+git416-1.5.1 libatomic1-12.2.1+git416-1.5.1 libatomic1-32bit-12.2.1+git416-1.5.1 libatomic1-32bit-debuginfo-12.2.1+git416-1.5.1 libatomic1-debuginfo-12.2.1+git416-1.5.1 libgcc_s1-12.2.1+git416-1.5.1 libgcc_s1-32bit-12.2.1+git416-1.5.1 libgcc_s1-32bit-debuginfo-12.2.1+git416-1.5.1 libgcc_s1-debuginfo-12.2.1+git416-1.5.1 libgfortran5-12.2.1+git416-1.5.1 libgfortran5-32bit-12.2.1+git416-1.5.1 libgfortran5-32bit-debuginfo-12.2.1+git416-1.5.1 libgfortran5-debuginfo-12.2.1+git416-1.5.1 libgomp1-12.2.1+git416-1.5.1 libgomp1-32bit-12.2.1+git416-1.5.1 libgomp1-32bit-debuginfo-12.2.1+git416-1.5.1 libgomp1-debuginfo-12.2.1+git416-1.5.1 libitm1-12.2.1+git416-1.5.1 libitm1-32bit-12.2.1+git416-1.5.1 libitm1-32bit-debuginfo-12.2.1+git416-1.5.1 libitm1-debuginfo-12.2.1+git416-1.5.1 liblsan0-12.2.1+git416-1.5.1 liblsan0-debuginfo-12.2.1+git416-1.5.1 libobjc4-32bit-12.2.1+git416-1.5.1 libobjc4-32bit-debuginfo-12.2.1+git416-1.5.1 libobjc4-debuginfo-12.2.1+git416-1.5.1 libquadmath0-12.2.1+git416-1.5.1 libquadmath0-32bit-12.2.1+git416-1.5.1 libquadmath0-32bit-debuginfo-12.2.1+git416-1.5.1 libquadmath0-debuginfo-12.2.1+git416-1.5.1 libstdc++6-12.2.1+git416-1.5.1 libstdc++6-32bit-12.2.1+git416-1.5.1 libstdc++6-32bit-debuginfo-12.2.1+git416-1.5.1 libstdc++6-debuginfo-12.2.1+git416-1.5.1 libstdc++6-locale-12.2.1+git416-1.5.1 libstdc++6-pp-12.2.1+git416-1.5.1 libstdc++6-pp-32bit-12.2.1+git416-1.5.1 libtsan2-12.2.1+git416-1.5.1 libtsan2-debuginfo-12.2.1+git416-1.5.1 libubsan1-12.2.1+git416-1.5.1 libubsan1-32bit-12.2.1+git416-1.5.1 libubsan1-32bit-debuginfo-12.2.1+git416-1.5.1 libubsan1-debuginfo-12.2.1+git416-1.5.1 - SUSE Linux Enterprise Module for Toolchain 12 (aarch64 ppc64le s390x x86_64): cpp12-12.2.1+git416-1.5.1 cpp12-debuginfo-12.2.1+git416-1.5.1 gcc12-12.2.1+git416-1.5.1 gcc12-PIE-12.2.1+git416-1.5.1 gcc12-c++-12.2.1+git416-1.5.1 gcc12-c++-debuginfo-12.2.1+git416-1.5.1 gcc12-debuginfo-12.2.1+git416-1.5.1 gcc12-debugsource-12.2.1+git416-1.5.1 gcc12-fortran-12.2.1+git416-1.5.1 gcc12-fortran-debuginfo-12.2.1+git416-1.5.1 gcc12-locale-12.2.1+git416-1.5.1 libstdc++6-devel-gcc12-12.2.1+git416-1.5.1 - SUSE Linux Enterprise Module for Toolchain 12 (s390x x86_64): gcc12-32bit-12.2.1+git416-1.5.1 gcc12-c++-32bit-12.2.1+git416-1.5.1 gcc12-fortran-32bit-12.2.1+git416-1.5.1 libstdc++6-devel-gcc12-32bit-12.2.1+git416-1.5.1 - SUSE Linux Enterprise Module for Toolchain 12 (x86_64): cross-nvptx-gcc12-12.2.1+git416-1.5.1 cross-nvptx-gcc12-debuginfo-12.2.1+git416-1.5.1 cross-nvptx-gcc12-debugsource-12.2.1+git416-1.5.1 cross-nvptx-newlib12-devel-12.2.1+git416-1.5.1 - SUSE Linux Enterprise Module for Toolchain 12 (noarch): gcc12-info-12.2.1+git416-1.5.1 References: From sle-updates at lists.suse.com Mon Nov 28 14:27:33 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 28 Nov 2022 15:27:33 +0100 (CET) Subject: SUSE-SU-2022:4243-1: important: Security update for ganglia-web Message-ID: <20221128142733.B0DCFF3E2@maintenance.suse.de> SUSE Security Update: Security update for ganglia-web ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:4243-1 Rating: important References: #1160761 #1179835 Cross-References: CVE-2019-20378 CVSS scores: CVE-2019-20378 (NVD) : 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVE-2019-20378 (SUSE): 7.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for ganglia-web fixes the following issues: - updated to 3.7.5 which fixes (bsc#1179835) - CVE-2019-20378: Fixed a possible XSS via ce and cs parameters in header.php (bsc#1160761). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-4243=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-4243=1 Package List: - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (noarch): ganglia-web-3.7.5-150200.3.3.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (noarch): ganglia-web-3.7.5-150200.3.3.1 References: https://www.suse.com/security/cve/CVE-2019-20378.html https://bugzilla.suse.com/1160761 https://bugzilla.suse.com/1179835 From sle-updates at lists.suse.com Mon Nov 28 14:28:19 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 28 Nov 2022 15:28:19 +0100 (CET) Subject: SUSE-SU-2022:4244-1: important: Security update for ganglia-web Message-ID: <20221128142819.F344BF3E2@maintenance.suse.de> SUSE Security Update: Security update for ganglia-web ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:4244-1 Rating: important References: #1160761 #1179835 Cross-References: CVE-2019-20378 CVSS scores: CVE-2019-20378 (NVD) : 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVE-2019-20378 (SUSE): 7.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L Affected Products: SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for ganglia-web fixes the following issues: - updated to 3.7.5 which fixes (bsc#1179835) - CVE-2019-20378: Fixed a possible XSS via ce and cs parameters in header.php (bsc#1160761). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-4244=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-4244=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-4244=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-4244=1 Package List: - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (noarch): ganglia-web-3.7.5-150000.4.3.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (noarch): ganglia-web-3.7.5-150000.4.3.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (noarch): ganglia-web-3.7.5-150000.4.3.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (noarch): ganglia-web-3.7.5-150000.4.3.1 References: https://www.suse.com/security/cve/CVE-2019-20378.html https://bugzilla.suse.com/1160761 https://bugzilla.suse.com/1179835 From sle-updates at lists.suse.com Mon Nov 28 14:29:19 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 28 Nov 2022 15:29:19 +0100 (CET) Subject: SUSE-SU-2022:4251-1: important: Security update for python3 Message-ID: <20221128142919.4BFF4F3E2@maintenance.suse.de> SUSE Security Update: Security update for python3 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:4251-1 Rating: important References: #1203125 #1205244 Cross-References: CVE-2020-10735 CVE-2022-45061 CVSS scores: CVE-2020-10735 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2020-10735 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-45061 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-45061 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise High Performance Computing 12 SUSE Linux Enterprise Module for Web Scripting 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP Applications 12 SUSE Linux Enterprise Server for SAP Applications 12-SP3 SUSE Linux Enterprise Server for SAP Applications 12-SP4 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 9 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for python3 fixes the following issues: - CVE-2020-10735: Fixed possible DoS when converting text to int and vice versa (bsc#1203125). - CVE-2022-45061: Fixed possible DoS when IDNA decoding extremely long domain names (bsc#1205244). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2022-4251=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2022-4251=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-4251=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2022-4251=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-4251=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2022-4251=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2022-4251=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2022-4251=1 - SUSE Linux Enterprise Module for Web Scripting 12: zypper in -t patch SUSE-SLE-Module-Web-Scripting-12-2022-4251=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): libpython3_4m1_0-3.4.10-25.102.2 libpython3_4m1_0-debuginfo-3.4.10-25.102.2 python3-3.4.10-25.102.2 python3-base-3.4.10-25.102.2 python3-base-debuginfo-3.4.10-25.102.2 python3-base-debugsource-3.4.10-25.102.2 python3-curses-3.4.10-25.102.2 python3-curses-debuginfo-3.4.10-25.102.2 python3-debuginfo-3.4.10-25.102.2 python3-debugsource-3.4.10-25.102.2 python3-devel-3.4.10-25.102.2 python3-devel-debuginfo-3.4.10-25.102.2 - SUSE OpenStack Cloud 9 (x86_64): libpython3_4m1_0-3.4.10-25.102.2 libpython3_4m1_0-debuginfo-3.4.10-25.102.2 python3-3.4.10-25.102.2 python3-base-3.4.10-25.102.2 python3-base-debuginfo-3.4.10-25.102.2 python3-base-debugsource-3.4.10-25.102.2 python3-curses-3.4.10-25.102.2 python3-curses-debuginfo-3.4.10-25.102.2 python3-debuginfo-3.4.10-25.102.2 python3-debugsource-3.4.10-25.102.2 python3-devel-3.4.10-25.102.2 python3-devel-debuginfo-3.4.10-25.102.2 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): python3-base-debuginfo-3.4.10-25.102.2 python3-base-debugsource-3.4.10-25.102.2 python3-dbm-3.4.10-25.102.2 python3-dbm-debuginfo-3.4.10-25.102.2 python3-debuginfo-3.4.10-25.102.2 python3-debugsource-3.4.10-25.102.2 python3-devel-3.4.10-25.102.2 - SUSE Linux Enterprise Software Development Kit 12-SP5 (ppc64le s390x x86_64): python3-devel-debuginfo-3.4.10-25.102.2 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): libpython3_4m1_0-3.4.10-25.102.2 libpython3_4m1_0-debuginfo-3.4.10-25.102.2 python3-3.4.10-25.102.2 python3-base-3.4.10-25.102.2 python3-base-debuginfo-3.4.10-25.102.2 python3-base-debugsource-3.4.10-25.102.2 python3-curses-3.4.10-25.102.2 python3-curses-debuginfo-3.4.10-25.102.2 python3-debuginfo-3.4.10-25.102.2 python3-debugsource-3.4.10-25.102.2 python3-devel-3.4.10-25.102.2 python3-devel-debuginfo-3.4.10-25.102.2 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): libpython3_4m1_0-3.4.10-25.102.2 libpython3_4m1_0-debuginfo-3.4.10-25.102.2 python3-3.4.10-25.102.2 python3-base-3.4.10-25.102.2 python3-base-debuginfo-3.4.10-25.102.2 python3-base-debugsource-3.4.10-25.102.2 python3-curses-3.4.10-25.102.2 python3-curses-debuginfo-3.4.10-25.102.2 python3-debuginfo-3.4.10-25.102.2 python3-debugsource-3.4.10-25.102.2 python3-devel-3.4.10-25.102.2 python3-tk-3.4.10-25.102.2 python3-tk-debuginfo-3.4.10-25.102.2 - SUSE Linux Enterprise Server 12-SP5 (ppc64le s390x x86_64): python3-devel-debuginfo-3.4.10-25.102.2 - SUSE Linux Enterprise Server 12-SP5 (s390x x86_64): libpython3_4m1_0-32bit-3.4.10-25.102.2 libpython3_4m1_0-debuginfo-32bit-3.4.10-25.102.2 python3-base-debuginfo-32bit-3.4.10-25.102.2 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): libpython3_4m1_0-3.4.10-25.102.2 libpython3_4m1_0-debuginfo-3.4.10-25.102.2 python3-3.4.10-25.102.2 python3-base-3.4.10-25.102.2 python3-base-debuginfo-3.4.10-25.102.2 python3-base-debugsource-3.4.10-25.102.2 python3-curses-3.4.10-25.102.2 python3-curses-debuginfo-3.4.10-25.102.2 python3-debuginfo-3.4.10-25.102.2 python3-debugsource-3.4.10-25.102.2 python3-devel-3.4.10-25.102.2 - SUSE Linux Enterprise Server 12-SP4-LTSS (ppc64le s390x x86_64): python3-devel-debuginfo-3.4.10-25.102.2 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): libpython3_4m1_0-3.4.10-25.102.2 libpython3_4m1_0-debuginfo-3.4.10-25.102.2 python3-3.4.10-25.102.2 python3-base-3.4.10-25.102.2 python3-base-debuginfo-3.4.10-25.102.2 python3-base-debugsource-3.4.10-25.102.2 python3-curses-3.4.10-25.102.2 python3-curses-debuginfo-3.4.10-25.102.2 python3-debuginfo-3.4.10-25.102.2 python3-debugsource-3.4.10-25.102.2 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): libpython3_4m1_0-3.4.10-25.102.2 libpython3_4m1_0-debuginfo-3.4.10-25.102.2 python3-3.4.10-25.102.2 python3-base-3.4.10-25.102.2 python3-base-debuginfo-3.4.10-25.102.2 python3-base-debugsource-3.4.10-25.102.2 python3-curses-3.4.10-25.102.2 python3-curses-debuginfo-3.4.10-25.102.2 python3-debuginfo-3.4.10-25.102.2 python3-debugsource-3.4.10-25.102.2 - SUSE Linux Enterprise Module for Web Scripting 12 (aarch64 ppc64le s390x x86_64): libpython3_4m1_0-3.4.10-25.102.2 libpython3_4m1_0-debuginfo-3.4.10-25.102.2 python3-3.4.10-25.102.2 python3-base-3.4.10-25.102.2 python3-base-debuginfo-3.4.10-25.102.2 python3-base-debugsource-3.4.10-25.102.2 python3-curses-3.4.10-25.102.2 python3-debuginfo-3.4.10-25.102.2 python3-debugsource-3.4.10-25.102.2 References: https://www.suse.com/security/cve/CVE-2020-10735.html https://www.suse.com/security/cve/CVE-2022-45061.html https://bugzilla.suse.com/1203125 https://bugzilla.suse.com/1205244 From sle-updates at lists.suse.com Mon Nov 28 14:30:31 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 28 Nov 2022 15:30:31 +0100 (CET) Subject: SUSE-SU-2022:4253-1: important: Security update for busybox Message-ID: <20221128143031.06DD4F3E2@maintenance.suse.de> SUSE Security Update: Security update for busybox ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:4253-1 Rating: important References: #1029961 #1064976 #1064978 #1069412 #1099260 #1099263 #1102912 #1121426 #1121428 #1184522 #1191514 #1192869 #914660 #951562 #970662 #970663 #991940 Cross-References: CVE-2011-5325 CVE-2014-9645 CVE-2015-9261 CVE-2016-2147 CVE-2016-2148 CVE-2016-6301 CVE-2017-15873 CVE-2017-15874 CVE-2017-16544 CVE-2018-1000500 CVE-2018-1000517 CVE-2018-20679 CVE-2019-5747 CVE-2021-28831 CVE-2021-42373 CVE-2021-42374 CVE-2021-42375 CVE-2021-42376 CVE-2021-42377 CVE-2021-42378 CVE-2021-42379 CVE-2021-42380 CVE-2021-42381 CVE-2021-42382 CVE-2021-42383 CVE-2021-42384 CVE-2021-42385 CVE-2021-42386 CVSS scores: CVE-2011-5325 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVE-2014-9645 (NVD) : 5.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N CVE-2015-9261 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2015-9261 (SUSE): 5.5 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2016-2147 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2016-2148 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2016-6301 (NVD) : 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2017-15873 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2017-15873 (SUSE): 7.8 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2017-15874 (NVD) : 5.5 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2017-15874 (SUSE): 3.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2017-16544 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2017-16544 (SUSE): 7.8 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2018-1000500 (NVD) : 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2018-1000500 (SUSE): 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVE-2018-1000517 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2018-1000517 (SUSE): 5.6 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L CVE-2018-20679 (NVD) : 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2018-20679 (SUSE): 5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVE-2019-5747 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2019-5747 (SUSE): 3.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N CVE-2021-28831 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-28831 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-42373 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-42373 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-42374 (NVD) : 5.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H CVE-2021-42374 (SUSE): 5.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H CVE-2021-42375 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-42375 (SUSE): 4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H CVE-2021-42376 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-42376 (SUSE): 4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H CVE-2021-42377 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-42377 (SUSE): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2021-42378 (NVD) : 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2021-42378 (SUSE): 6.6 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2021-42379 (NVD) : 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2021-42379 (SUSE): 6.6 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2021-42380 (NVD) : 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2021-42380 (SUSE): 6.6 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2021-42381 (NVD) : 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2021-42381 (SUSE): 6.6 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2021-42382 (NVD) : 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2021-42382 (SUSE): 6.6 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2021-42383 (NVD) : 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2021-42383 (SUSE): 6.6 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2021-42384 (NVD) : 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2021-42384 (SUSE): 6.6 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2021-42385 (NVD) : 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2021-42385 (SUSE): 6.6 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2021-42386 (NVD) : 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2021-42386 (SUSE): 6.6 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 9 ______________________________________________________________________________ An update that fixes 28 vulnerabilities is now available. Description: This update for busybox fixes the following issues: - CVE-2014-9645: Fixed loading of unwanted modules with / (bsc#914660). - CVE-2017-16544: Fixed insufficient sanitization of filenames when autocompleting (bsc#1069412). - CVE-2015-9261: Fixed huft_build misuses a pointer, causing segfaults (bsc#1102912). - CVE-2016-2147: Fixed out of bounds write (heap) due to integer underflow in udhcpc (bsc#970663). - CVE-2016-2148: Fixed heap-based buffer overflow in OPTION_6RD parsing (bsc#970662). - CVE-2016-6301: Fixed NTP server denial of service flaw (bsc#991940). - CVE-2017-15873: Fixed integer overflow in get_next_block function in archival/libarchive/decompress_bunzip2.c (bsc#1064976). - CVE-2017-15874: Fixed integer overflow in archival/libarchive/decompress_unlzma (bsc#1064978). - CVE-2019-5747: Fixed out of bounds read in udhcp components (bsc#1121428). - CVE-2021-42373, CVE-2021-42374, CVE-2021-42375, CVE-2021-42376, CVE-2021-42377, CVE-2021-42378, CVE-2021-42379, CVE-2021-42380, CVE-2021-42381, CVE-2021-42382, CVE-2021-42383, CVE-2021-42384, CVE-2021-42385, CVE-2021-42386: v1.34.0 bugfixes (bsc#1192869). - CVE-2021-28831: Fixed invalid free or segmentation fault via malformed gzip data (bsc#1184522). - CVE-2018-20679: Fixed out of bounds read in udhcp (bsc#1121426). - CVE-2018-1000517: Fixed heap-based buffer overflow in the retrieve_file_data() (bsc#1099260). - CVE-2011-5325: Fixed tar directory traversal (bsc#951562). - CVE-2018-1000500: Fixed missing SSL certificate validation in wget (bsc#1099263). - Update to 1.35.0 - awk: fix printf %%, fix read beyond end of buffer - chrt: silence analyzer warning - libarchive: remove duplicate forward declaration - mount: "mount -o rw ...." should not fall back to RO mount - ps: fix -o pid=PID,args interpreting entire "PID,args" as header - tar: prevent malicious archives with long name sizes causing OOM - udhcpc6: fix udhcp_find_option to actually find DHCP6 options - xxd: fix -p -r - support for new optoins added to basename, cpio, date, find, mktemp, wget and others - Enable fdisk (jsc#CAR-16) - Update to 1.34.1: * build system: use SOURCE_DATE_EPOCH for timestamp if available * many bug fixes and new features * touch: make FEATURE_TOUCH_NODEREF unconditional - update to 1.33.1: * httpd: fix sendfile * ash: fix HISTFILE corruptio * ash: fix unset variable pattern expansion * traceroute: fix option parsing * gunzip: fix for archive corruption - Update to version 1.33.0 - many bug fixes and new features - Update to version 1.32.1 - fixes a case where in ash, "wait" never finishes. - prepare usrmerge (bsc#1029961) - Enable testsuite and package it for later rerun (for QA, jsc#CAR-15) - Update to version 1.31.1: + Bug fix release. 1.30.1 has fixes for dc, ash (PS1 expansion fix), hush, dpkg-deb, telnet and wget. - Changes from version 1.31.0: + many bugfixes and new features. - Add busybox-no-stime.patch: stime() has been deprecated in glibc 2.31 and replaced with clock_settime(). - update to 1.25.1: * fixes for hush, gunzip, ip route, ntpd - includes changes from 1.25.0: * many added and expanded implementations of command options - includes changes from 1.24.2: * fixes for build system (static build with glibc fixed), truncate, gunzip and unzip. - Update to version 1.24.1 * for a full list of changes see http://www.busybox.net/news.html - Refresh busybox.install.patch - Update to 1.23.2 * for a full list of changes see http://www.busybox.net/news.html - Cleaned up spec file with spec-cleaner - Refreshed patches - update to 1.22.1: Many updates and fixes for most included tools, see see http://www.busybox.net/news.html Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2022-4253=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2022-4253=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2022-4253=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-4253=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2022-4253=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2022-4253=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2022-4253=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): busybox-1.35.0-4.3.1 - SUSE OpenStack Cloud 9 (x86_64): busybox-1.35.0-4.3.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): busybox-1.35.0-4.3.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): busybox-1.35.0-4.3.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): busybox-1.35.0-4.3.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): busybox-1.35.0-4.3.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): busybox-1.35.0-4.3.1 References: https://www.suse.com/security/cve/CVE-2011-5325.html https://www.suse.com/security/cve/CVE-2014-9645.html https://www.suse.com/security/cve/CVE-2015-9261.html https://www.suse.com/security/cve/CVE-2016-2147.html https://www.suse.com/security/cve/CVE-2016-2148.html https://www.suse.com/security/cve/CVE-2016-6301.html https://www.suse.com/security/cve/CVE-2017-15873.html https://www.suse.com/security/cve/CVE-2017-15874.html https://www.suse.com/security/cve/CVE-2017-16544.html https://www.suse.com/security/cve/CVE-2018-1000500.html https://www.suse.com/security/cve/CVE-2018-1000517.html https://www.suse.com/security/cve/CVE-2018-20679.html https://www.suse.com/security/cve/CVE-2019-5747.html https://www.suse.com/security/cve/CVE-2021-28831.html https://www.suse.com/security/cve/CVE-2021-42373.html https://www.suse.com/security/cve/CVE-2021-42374.html https://www.suse.com/security/cve/CVE-2021-42375.html https://www.suse.com/security/cve/CVE-2021-42376.html https://www.suse.com/security/cve/CVE-2021-42377.html https://www.suse.com/security/cve/CVE-2021-42378.html https://www.suse.com/security/cve/CVE-2021-42379.html https://www.suse.com/security/cve/CVE-2021-42380.html https://www.suse.com/security/cve/CVE-2021-42381.html https://www.suse.com/security/cve/CVE-2021-42382.html https://www.suse.com/security/cve/CVE-2021-42383.html https://www.suse.com/security/cve/CVE-2021-42384.html https://www.suse.com/security/cve/CVE-2021-42385.html https://www.suse.com/security/cve/CVE-2021-42386.html https://bugzilla.suse.com/1029961 https://bugzilla.suse.com/1064976 https://bugzilla.suse.com/1064978 https://bugzilla.suse.com/1069412 https://bugzilla.suse.com/1099260 https://bugzilla.suse.com/1099263 https://bugzilla.suse.com/1102912 https://bugzilla.suse.com/1121426 https://bugzilla.suse.com/1121428 https://bugzilla.suse.com/1184522 https://bugzilla.suse.com/1191514 https://bugzilla.suse.com/1192869 https://bugzilla.suse.com/914660 https://bugzilla.suse.com/951562 https://bugzilla.suse.com/970662 https://bugzilla.suse.com/970663 https://bugzilla.suse.com/991940 From sle-updates at lists.suse.com Mon Nov 28 14:33:08 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 28 Nov 2022 15:33:08 +0100 (CET) Subject: SUSE-SU-2022:4254-1: important: Security update for nodejs12 Message-ID: <20221128143308.47D90F3E2@maintenance.suse.de> SUSE Security Update: Security update for nodejs12 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:4254-1 Rating: important References: #1205119 Cross-References: CVE-2022-43548 CVSS scores: CVE-2022-43548 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Affected Products: SUSE Enterprise Storage 7 SUSE Enterprise Storage 7.1 SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Module for Web Scripting 15-SP3 SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.1 SUSE Manager Retail Branch Server 4.2 SUSE Manager Server 4.1 SUSE Manager Server 4.2 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for nodejs12 fixes the following issues: - CVE-2022-43548: Fixed DNS rebinding in --inspect via invalid octal IP address (bsc#1205119). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-4254=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-4254=1 - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-4254=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-4254=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-4254=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-4254=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-4254=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-4254=1 - SUSE Linux Enterprise Module for Web Scripting 15-SP3: zypper in -t patch SUSE-SLE-Module-Web-Scripting-15-SP3-2022-4254=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-4254=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-4254=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-4254=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): nodejs12-12.22.12-150200.4.41.2 nodejs12-debuginfo-12.22.12-150200.4.41.2 nodejs12-debugsource-12.22.12-150200.4.41.2 nodejs12-devel-12.22.12-150200.4.41.2 npm12-12.22.12-150200.4.41.2 - openSUSE Leap 15.4 (noarch): nodejs12-docs-12.22.12-150200.4.41.2 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): nodejs12-12.22.12-150200.4.41.2 nodejs12-debuginfo-12.22.12-150200.4.41.2 nodejs12-debugsource-12.22.12-150200.4.41.2 nodejs12-devel-12.22.12-150200.4.41.2 npm12-12.22.12-150200.4.41.2 - openSUSE Leap 15.3 (noarch): nodejs12-docs-12.22.12-150200.4.41.2 - SUSE Manager Server 4.1 (ppc64le s390x x86_64): nodejs12-12.22.12-150200.4.41.2 nodejs12-debuginfo-12.22.12-150200.4.41.2 nodejs12-debugsource-12.22.12-150200.4.41.2 nodejs12-devel-12.22.12-150200.4.41.2 npm12-12.22.12-150200.4.41.2 - SUSE Manager Server 4.1 (noarch): nodejs12-docs-12.22.12-150200.4.41.2 - SUSE Manager Retail Branch Server 4.1 (x86_64): nodejs12-12.22.12-150200.4.41.2 nodejs12-debuginfo-12.22.12-150200.4.41.2 nodejs12-debugsource-12.22.12-150200.4.41.2 nodejs12-devel-12.22.12-150200.4.41.2 npm12-12.22.12-150200.4.41.2 - SUSE Manager Retail Branch Server 4.1 (noarch): nodejs12-docs-12.22.12-150200.4.41.2 - SUSE Manager Proxy 4.1 (x86_64): nodejs12-12.22.12-150200.4.41.2 nodejs12-debuginfo-12.22.12-150200.4.41.2 nodejs12-debugsource-12.22.12-150200.4.41.2 nodejs12-devel-12.22.12-150200.4.41.2 npm12-12.22.12-150200.4.41.2 - SUSE Manager Proxy 4.1 (noarch): nodejs12-docs-12.22.12-150200.4.41.2 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): nodejs12-12.22.12-150200.4.41.2 nodejs12-debuginfo-12.22.12-150200.4.41.2 nodejs12-debugsource-12.22.12-150200.4.41.2 nodejs12-devel-12.22.12-150200.4.41.2 npm12-12.22.12-150200.4.41.2 - SUSE Linux Enterprise Server for SAP 15-SP2 (noarch): nodejs12-docs-12.22.12-150200.4.41.2 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): nodejs12-12.22.12-150200.4.41.2 nodejs12-debuginfo-12.22.12-150200.4.41.2 nodejs12-debugsource-12.22.12-150200.4.41.2 nodejs12-devel-12.22.12-150200.4.41.2 npm12-12.22.12-150200.4.41.2 - SUSE Linux Enterprise Server 15-SP2-LTSS (noarch): nodejs12-docs-12.22.12-150200.4.41.2 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): nodejs12-12.22.12-150200.4.41.2 nodejs12-debuginfo-12.22.12-150200.4.41.2 nodejs12-debugsource-12.22.12-150200.4.41.2 nodejs12-devel-12.22.12-150200.4.41.2 npm12-12.22.12-150200.4.41.2 - SUSE Linux Enterprise Server 15-SP2-BCL (noarch): nodejs12-docs-12.22.12-150200.4.41.2 - SUSE Linux Enterprise Module for Web Scripting 15-SP3 (aarch64 ppc64le s390x x86_64): nodejs12-12.22.12-150200.4.41.2 nodejs12-debuginfo-12.22.12-150200.4.41.2 nodejs12-debugsource-12.22.12-150200.4.41.2 nodejs12-devel-12.22.12-150200.4.41.2 npm12-12.22.12-150200.4.41.2 - SUSE Linux Enterprise Module for Web Scripting 15-SP3 (noarch): nodejs12-docs-12.22.12-150200.4.41.2 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): nodejs12-12.22.12-150200.4.41.2 nodejs12-debuginfo-12.22.12-150200.4.41.2 nodejs12-debugsource-12.22.12-150200.4.41.2 nodejs12-devel-12.22.12-150200.4.41.2 npm12-12.22.12-150200.4.41.2 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (noarch): nodejs12-docs-12.22.12-150200.4.41.2 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): nodejs12-12.22.12-150200.4.41.2 nodejs12-debuginfo-12.22.12-150200.4.41.2 nodejs12-debugsource-12.22.12-150200.4.41.2 nodejs12-devel-12.22.12-150200.4.41.2 npm12-12.22.12-150200.4.41.2 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (noarch): nodejs12-docs-12.22.12-150200.4.41.2 - SUSE Enterprise Storage 7 (aarch64 x86_64): nodejs12-12.22.12-150200.4.41.2 nodejs12-debuginfo-12.22.12-150200.4.41.2 nodejs12-debugsource-12.22.12-150200.4.41.2 nodejs12-devel-12.22.12-150200.4.41.2 npm12-12.22.12-150200.4.41.2 - SUSE Enterprise Storage 7 (noarch): nodejs12-docs-12.22.12-150200.4.41.2 References: https://www.suse.com/security/cve/CVE-2022-43548.html https://bugzilla.suse.com/1205119 From sle-updates at lists.suse.com Mon Nov 28 14:34:14 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 28 Nov 2022 15:34:14 +0100 (CET) Subject: SUSE-SU-2022:4247-1: important: Security update for MozillaFirefox Message-ID: <20221128143414.72656F3E2@maintenance.suse.de> SUSE Security Update: Security update for MozillaFirefox ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:4247-1 Rating: important References: #1205270 Cross-References: CVE-2022-45403 CVE-2022-45404 CVE-2022-45405 CVE-2022-45406 CVE-2022-45408 CVE-2022-45409 CVE-2022-45410 CVE-2022-45411 CVE-2022-45412 CVE-2022-45416 CVE-2022-45418 CVE-2022-45420 CVE-2022-45421 Affected Products: SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 9 ______________________________________________________________________________ An update that fixes 13 vulnerabilities is now available. Description: This update for MozillaFirefox fixes the following issues: Update to Firefox Extended Support Release 102.5.0 ESR (MFSA 2022-48, bsc#1205270): - CVE-2022-45403: Service Workers might have learned size of cross-origin media files - CVE-2022-45404: Fullscreen notification bypass - CVE-2022-45405: Use-after-free in InputStream implementation - CVE-2022-45406: Use-after-free of a JavaScript Realm - CVE-2022-45408: Fullscreen notification bypass via windowName - CVE-2022-45409: Use-after-free in Garbage Collection - CVE-2022-45410: ServiceWorker-intercepted requests bypassed SameSite cookie policy - CVE-2022-45411: Cross-Site Tracing was possible via non-standard override headers - CVE-2022-45412: Symlinks may resolve to partially uninitialized buffers - CVE-2022-45416: Keystroke Side-Channel Leakage - CVE-2022-45418: Custom mouse cursor could have been drawn over browser UI - CVE-2022-45420: Iframe contents could be rendered outside the iframe - CVE-2022-45421: Memory safety bugs fixed in Firefox 107 and Firefox ESR 102.5 Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2022-4247=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2022-4247=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-4247=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2022-4247=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-4247=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2022-4247=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2022-4247=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2022-4247=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): MozillaFirefox-102.5.0-112.139.1 MozillaFirefox-debuginfo-102.5.0-112.139.1 MozillaFirefox-debugsource-102.5.0-112.139.1 MozillaFirefox-devel-102.5.0-112.139.1 MozillaFirefox-translations-common-102.5.0-112.139.1 - SUSE OpenStack Cloud 9 (x86_64): MozillaFirefox-102.5.0-112.139.1 MozillaFirefox-debuginfo-102.5.0-112.139.1 MozillaFirefox-debugsource-102.5.0-112.139.1 MozillaFirefox-devel-102.5.0-112.139.1 MozillaFirefox-translations-common-102.5.0-112.139.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): MozillaFirefox-debuginfo-102.5.0-112.139.1 MozillaFirefox-debugsource-102.5.0-112.139.1 MozillaFirefox-devel-102.5.0-112.139.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): MozillaFirefox-102.5.0-112.139.1 MozillaFirefox-debuginfo-102.5.0-112.139.1 MozillaFirefox-debugsource-102.5.0-112.139.1 MozillaFirefox-devel-102.5.0-112.139.1 MozillaFirefox-translations-common-102.5.0-112.139.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): MozillaFirefox-102.5.0-112.139.1 MozillaFirefox-debuginfo-102.5.0-112.139.1 MozillaFirefox-debugsource-102.5.0-112.139.1 MozillaFirefox-devel-102.5.0-112.139.1 MozillaFirefox-translations-common-102.5.0-112.139.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): MozillaFirefox-102.5.0-112.139.1 MozillaFirefox-debuginfo-102.5.0-112.139.1 MozillaFirefox-debugsource-102.5.0-112.139.1 MozillaFirefox-devel-102.5.0-112.139.1 MozillaFirefox-translations-common-102.5.0-112.139.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): MozillaFirefox-102.5.0-112.139.1 MozillaFirefox-debuginfo-102.5.0-112.139.1 MozillaFirefox-debugsource-102.5.0-112.139.1 MozillaFirefox-devel-102.5.0-112.139.1 MozillaFirefox-translations-common-102.5.0-112.139.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): MozillaFirefox-102.5.0-112.139.1 MozillaFirefox-debuginfo-102.5.0-112.139.1 MozillaFirefox-debugsource-102.5.0-112.139.1 MozillaFirefox-devel-102.5.0-112.139.1 MozillaFirefox-translations-common-102.5.0-112.139.1 References: https://www.suse.com/security/cve/CVE-2022-45403.html https://www.suse.com/security/cve/CVE-2022-45404.html https://www.suse.com/security/cve/CVE-2022-45405.html https://www.suse.com/security/cve/CVE-2022-45406.html https://www.suse.com/security/cve/CVE-2022-45408.html https://www.suse.com/security/cve/CVE-2022-45409.html https://www.suse.com/security/cve/CVE-2022-45410.html https://www.suse.com/security/cve/CVE-2022-45411.html https://www.suse.com/security/cve/CVE-2022-45412.html https://www.suse.com/security/cve/CVE-2022-45416.html https://www.suse.com/security/cve/CVE-2022-45418.html https://www.suse.com/security/cve/CVE-2022-45420.html https://www.suse.com/security/cve/CVE-2022-45421.html https://bugzilla.suse.com/1205270 From sle-updates at lists.suse.com Mon Nov 28 14:35:15 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 28 Nov 2022 15:35:15 +0100 (CET) Subject: SUSE-SU-2022:4250-1: important: Security update for java-1_8_0-openj9 Message-ID: <20221128143515.3AAA1F3E2@maintenance.suse.de> SUSE Security Update: Security update for java-1_8_0-openj9 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:4250-1 Rating: important References: #1204471 #1204472 #1204473 #1204475 #1204703 Cross-References: CVE-2022-21619 CVE-2022-21624 CVE-2022-21626 CVE-2022-21628 CVE-2022-3676 CVSS scores: CVE-2022-21619 (NVD) : 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N CVE-2022-21619 (SUSE): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N CVE-2022-21624 (NVD) : 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N CVE-2022-21624 (SUSE): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N CVE-2022-21626 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2022-21626 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2022-21628 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2022-21628 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2022-3676 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N CVE-2022-3676 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N Affected Products: openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes 5 vulnerabilities is now available. Description: This update for java-1_8_0-openj9 fixes the following issues: - Update to OpenJDK 8u352 build 08 with OpenJ9 0.35.0 virtual machine, including Oracle October 2022 CPU changes. - CVE-2022-21619: An unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE (bsc#1204473). - CVE-2022-21626: An unauthenticated attacker with network access via HTTPS can compromise Oracle Java SE, Oracle GraalVM Enterprise Edition (bsc#1204471). - CVE-2022-21624: An unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise (bsc#1204475). - CVE-2022-21628: An unauthenticated attacker with network access via HTTP can compromise Oracle Java SE, Oracle GraalVM Enterprise Edition (bsc#1204472). - CVE-2022-3676: Fixed interface than calls can be inlined without a runtime type check (bsc#1204703). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-4250=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-4250=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): java-1_8_0-openj9-1.8.0.352-150200.3.27.1 java-1_8_0-openj9-accessibility-1.8.0.352-150200.3.27.1 java-1_8_0-openj9-debuginfo-1.8.0.352-150200.3.27.1 java-1_8_0-openj9-debugsource-1.8.0.352-150200.3.27.1 java-1_8_0-openj9-demo-1.8.0.352-150200.3.27.1 java-1_8_0-openj9-demo-debuginfo-1.8.0.352-150200.3.27.1 java-1_8_0-openj9-devel-1.8.0.352-150200.3.27.1 java-1_8_0-openj9-devel-debuginfo-1.8.0.352-150200.3.27.1 java-1_8_0-openj9-headless-1.8.0.352-150200.3.27.1 java-1_8_0-openj9-headless-debuginfo-1.8.0.352-150200.3.27.1 java-1_8_0-openj9-src-1.8.0.352-150200.3.27.1 - openSUSE Leap 15.4 (noarch): java-1_8_0-openj9-javadoc-1.8.0.352-150200.3.27.1 - openSUSE Leap 15.3 (ppc64le s390x x86_64): java-1_8_0-openj9-1.8.0.352-150200.3.27.1 java-1_8_0-openj9-accessibility-1.8.0.352-150200.3.27.1 java-1_8_0-openj9-debuginfo-1.8.0.352-150200.3.27.1 java-1_8_0-openj9-debugsource-1.8.0.352-150200.3.27.1 java-1_8_0-openj9-demo-1.8.0.352-150200.3.27.1 java-1_8_0-openj9-demo-debuginfo-1.8.0.352-150200.3.27.1 java-1_8_0-openj9-devel-1.8.0.352-150200.3.27.1 java-1_8_0-openj9-headless-1.8.0.352-150200.3.27.1 java-1_8_0-openj9-src-1.8.0.352-150200.3.27.1 - openSUSE Leap 15.3 (noarch): java-1_8_0-openj9-javadoc-1.8.0.352-150200.3.27.1 References: https://www.suse.com/security/cve/CVE-2022-21619.html https://www.suse.com/security/cve/CVE-2022-21624.html https://www.suse.com/security/cve/CVE-2022-21626.html https://www.suse.com/security/cve/CVE-2022-21628.html https://www.suse.com/security/cve/CVE-2022-3676.html https://bugzilla.suse.com/1204471 https://bugzilla.suse.com/1204472 https://bugzilla.suse.com/1204473 https://bugzilla.suse.com/1204475 https://bugzilla.suse.com/1204703 From sle-updates at lists.suse.com Mon Nov 28 14:36:23 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 28 Nov 2022 15:36:23 +0100 (CET) Subject: SUSE-SU-2022:4255-1: important: Security update for nodejs14 Message-ID: <20221128143623.7E84BF3E2@maintenance.suse.de> SUSE Security Update: Security update for nodejs14 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:4255-1 Rating: important References: #1205119 Cross-References: CVE-2022-43548 CVSS scores: CVE-2022-43548 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Affected Products: SUSE Enterprise Storage 7 SUSE Enterprise Storage 7.1 SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Module for Web Scripting 15-SP3 SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.1 SUSE Manager Retail Branch Server 4.2 SUSE Manager Server 4.1 SUSE Manager Server 4.2 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for nodejs14 fixes the following issues: - Update to 14.21.1: - CVE-2022-43548: Fixed DNS rebinding in --inspect via invalid octal IP address (bsc#1205119). - Update to 14.21.0: - src: add --openssl-shared-config option Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-4255=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-4255=1 - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-4255=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-4255=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-4255=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-4255=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-4255=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-4255=1 - SUSE Linux Enterprise Module for Web Scripting 15-SP3: zypper in -t patch SUSE-SLE-Module-Web-Scripting-15-SP3-2022-4255=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-4255=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-4255=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-4255=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): corepack14-14.21.1-150200.15.40.2 nodejs14-14.21.1-150200.15.40.2 nodejs14-debuginfo-14.21.1-150200.15.40.2 nodejs14-debugsource-14.21.1-150200.15.40.2 nodejs14-devel-14.21.1-150200.15.40.2 npm14-14.21.1-150200.15.40.2 - openSUSE Leap 15.4 (noarch): nodejs14-docs-14.21.1-150200.15.40.2 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): nodejs14-14.21.1-150200.15.40.2 nodejs14-debuginfo-14.21.1-150200.15.40.2 nodejs14-debugsource-14.21.1-150200.15.40.2 nodejs14-devel-14.21.1-150200.15.40.2 npm14-14.21.1-150200.15.40.2 - openSUSE Leap 15.3 (noarch): nodejs14-docs-14.21.1-150200.15.40.2 - SUSE Manager Server 4.1 (ppc64le s390x x86_64): nodejs14-14.21.1-150200.15.40.2 nodejs14-debuginfo-14.21.1-150200.15.40.2 nodejs14-debugsource-14.21.1-150200.15.40.2 nodejs14-devel-14.21.1-150200.15.40.2 npm14-14.21.1-150200.15.40.2 - SUSE Manager Server 4.1 (noarch): nodejs14-docs-14.21.1-150200.15.40.2 - SUSE Manager Retail Branch Server 4.1 (noarch): nodejs14-docs-14.21.1-150200.15.40.2 - SUSE Manager Retail Branch Server 4.1 (x86_64): nodejs14-14.21.1-150200.15.40.2 nodejs14-debuginfo-14.21.1-150200.15.40.2 nodejs14-debugsource-14.21.1-150200.15.40.2 nodejs14-devel-14.21.1-150200.15.40.2 npm14-14.21.1-150200.15.40.2 - SUSE Manager Proxy 4.1 (x86_64): nodejs14-14.21.1-150200.15.40.2 nodejs14-debuginfo-14.21.1-150200.15.40.2 nodejs14-debugsource-14.21.1-150200.15.40.2 nodejs14-devel-14.21.1-150200.15.40.2 npm14-14.21.1-150200.15.40.2 - SUSE Manager Proxy 4.1 (noarch): nodejs14-docs-14.21.1-150200.15.40.2 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): nodejs14-14.21.1-150200.15.40.2 nodejs14-debuginfo-14.21.1-150200.15.40.2 nodejs14-debugsource-14.21.1-150200.15.40.2 nodejs14-devel-14.21.1-150200.15.40.2 npm14-14.21.1-150200.15.40.2 - SUSE Linux Enterprise Server for SAP 15-SP2 (noarch): nodejs14-docs-14.21.1-150200.15.40.2 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): nodejs14-14.21.1-150200.15.40.2 nodejs14-debuginfo-14.21.1-150200.15.40.2 nodejs14-debugsource-14.21.1-150200.15.40.2 nodejs14-devel-14.21.1-150200.15.40.2 npm14-14.21.1-150200.15.40.2 - SUSE Linux Enterprise Server 15-SP2-LTSS (noarch): nodejs14-docs-14.21.1-150200.15.40.2 - SUSE Linux Enterprise Server 15-SP2-BCL (noarch): nodejs14-docs-14.21.1-150200.15.40.2 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): nodejs14-14.21.1-150200.15.40.2 nodejs14-debuginfo-14.21.1-150200.15.40.2 nodejs14-debugsource-14.21.1-150200.15.40.2 nodejs14-devel-14.21.1-150200.15.40.2 npm14-14.21.1-150200.15.40.2 - SUSE Linux Enterprise Module for Web Scripting 15-SP3 (aarch64 ppc64le s390x x86_64): nodejs14-14.21.1-150200.15.40.2 nodejs14-debuginfo-14.21.1-150200.15.40.2 nodejs14-debugsource-14.21.1-150200.15.40.2 nodejs14-devel-14.21.1-150200.15.40.2 npm14-14.21.1-150200.15.40.2 - SUSE Linux Enterprise Module for Web Scripting 15-SP3 (noarch): nodejs14-docs-14.21.1-150200.15.40.2 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): nodejs14-14.21.1-150200.15.40.2 nodejs14-debuginfo-14.21.1-150200.15.40.2 nodejs14-debugsource-14.21.1-150200.15.40.2 nodejs14-devel-14.21.1-150200.15.40.2 npm14-14.21.1-150200.15.40.2 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (noarch): nodejs14-docs-14.21.1-150200.15.40.2 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): nodejs14-14.21.1-150200.15.40.2 nodejs14-debuginfo-14.21.1-150200.15.40.2 nodejs14-debugsource-14.21.1-150200.15.40.2 nodejs14-devel-14.21.1-150200.15.40.2 npm14-14.21.1-150200.15.40.2 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (noarch): nodejs14-docs-14.21.1-150200.15.40.2 - SUSE Enterprise Storage 7 (aarch64 x86_64): nodejs14-14.21.1-150200.15.40.2 nodejs14-debuginfo-14.21.1-150200.15.40.2 nodejs14-debugsource-14.21.1-150200.15.40.2 nodejs14-devel-14.21.1-150200.15.40.2 npm14-14.21.1-150200.15.40.2 - SUSE Enterprise Storage 7 (noarch): nodejs14-docs-14.21.1-150200.15.40.2 References: https://www.suse.com/security/cve/CVE-2022-43548.html https://bugzilla.suse.com/1205119 From sle-updates at lists.suse.com Mon Nov 28 14:37:28 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 28 Nov 2022 15:37:28 +0100 (CET) Subject: SUSE-SU-2022:4252-1: important: Security update for exiv2 Message-ID: <20221128143728.A24C9F3E2@maintenance.suse.de> SUSE Security Update: Security update for exiv2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:4252-1 Rating: important References: #1119562 #1142681 #1185002 #1186231 #1188733 #1189332 #1189337 #1189338 Cross-References: CVE-2018-20097 CVE-2019-13112 CVE-2021-29457 CVE-2021-29473 CVE-2021-31291 CVE-2021-32815 CVE-2021-34334 CVE-2021-37620 CVSS scores: CVE-2018-20097 (NVD) : 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2018-20097 (SUSE): 4 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2019-13112 (NVD) : 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2019-13112 (SUSE): 4.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2021-29457 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-29457 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-29473 (NVD) : 2.5 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2021-29473 (SUSE): 4.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2021-31291 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2021-32815 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2021-32815 (SUSE): 3.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2021-34334 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2021-34334 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2021-37620 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2021-37620 (SUSE): 3.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L Affected Products: SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 9 ______________________________________________________________________________ An update that fixes 8 vulnerabilities is now available. Description: This update for exiv2 fixes the following issues: - CVE-2019-13112: Fixed an uncontrolled memory allocation in PngChunk:parseChunkContent causing denial of service. (bsc#1142681) - CVE-2021-37620: Fixed out-of-bounds read in XmpTextValue:read(). (bsc#1189332) - CVE-2021-34334: Fixed a DoS due to integer overflow in loop counter. (bsc#1189338) - CVE-2021-31291: Fixed a heap-based buffer overflow vulnerability in jp2image.cpp may lead to a denial of service via crafted metadata (bsc#1188733). - CVE-2021-32815: Fixed a deny-of-service due to assertion failure in crwimage_int.cpp (bsc#1189337). - CVE-2018-20097: Fixed SEGV in Exiv2::Internal::TiffParserWorker::findPrimaryGroupsu (bsc#1119562). - CVE-2021-29457: Fixed a heap buffer overflow when write metadata into a crafted image file (bsc#1185002). - CVE-2021-29473: Fixed out-of-bounds read in Exiv2::Jp2Image:doWriteMetadata (bsc#1186231). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2022-4252=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2022-4252=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-4252=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2022-4252=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-4252=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2022-4252=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2022-4252=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2022-4252=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): exiv2-debuginfo-0.23-12.18.1 exiv2-debugsource-0.23-12.18.1 libexiv2-12-0.23-12.18.1 libexiv2-12-debuginfo-0.23-12.18.1 - SUSE OpenStack Cloud 9 (x86_64): exiv2-debuginfo-0.23-12.18.1 exiv2-debugsource-0.23-12.18.1 libexiv2-12-0.23-12.18.1 libexiv2-12-debuginfo-0.23-12.18.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): exiv2-debuginfo-0.23-12.18.1 exiv2-debugsource-0.23-12.18.1 libexiv2-devel-0.23-12.18.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): exiv2-debuginfo-0.23-12.18.1 exiv2-debugsource-0.23-12.18.1 libexiv2-12-0.23-12.18.1 libexiv2-12-debuginfo-0.23-12.18.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): exiv2-debuginfo-0.23-12.18.1 exiv2-debugsource-0.23-12.18.1 libexiv2-12-0.23-12.18.1 libexiv2-12-debuginfo-0.23-12.18.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): exiv2-debuginfo-0.23-12.18.1 exiv2-debugsource-0.23-12.18.1 libexiv2-12-0.23-12.18.1 libexiv2-12-debuginfo-0.23-12.18.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): exiv2-debuginfo-0.23-12.18.1 exiv2-debugsource-0.23-12.18.1 libexiv2-12-0.23-12.18.1 libexiv2-12-debuginfo-0.23-12.18.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): exiv2-debuginfo-0.23-12.18.1 exiv2-debugsource-0.23-12.18.1 libexiv2-12-0.23-12.18.1 libexiv2-12-debuginfo-0.23-12.18.1 References: https://www.suse.com/security/cve/CVE-2018-20097.html https://www.suse.com/security/cve/CVE-2019-13112.html https://www.suse.com/security/cve/CVE-2021-29457.html https://www.suse.com/security/cve/CVE-2021-29473.html https://www.suse.com/security/cve/CVE-2021-31291.html https://www.suse.com/security/cve/CVE-2021-32815.html https://www.suse.com/security/cve/CVE-2021-34334.html https://www.suse.com/security/cve/CVE-2021-37620.html https://bugzilla.suse.com/1119562 https://bugzilla.suse.com/1142681 https://bugzilla.suse.com/1185002 https://bugzilla.suse.com/1186231 https://bugzilla.suse.com/1188733 https://bugzilla.suse.com/1189332 https://bugzilla.suse.com/1189337 https://bugzilla.suse.com/1189338 From sle-updates at lists.suse.com Mon Nov 28 17:23:29 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 28 Nov 2022 18:23:29 +0100 (CET) Subject: SUSE-SU-2022:4257-1: important: Security update for tomcat Message-ID: <20221128172329.7C4B6F46D@maintenance.suse.de> SUSE Security Update: Security update for tomcat ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:4257-1 Rating: important References: #1203868 #1204918 Cross-References: CVE-2021-43980 CVE-2022-42252 CVSS scores: CVE-2021-43980 (NVD) : 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N CVE-2021-43980 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2022-42252 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVE-2022-42252 (SUSE): 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server for SAP 15-SP1 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for tomcat fixes the following issues: - CVE-2021-43980: Fixed information disclosure due to concurrency issues in Http11Processor (bsc#1203868). - CVE-2022-42252: Fixed a request smuggling (bsc#1204918). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-4257=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-4257=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-4257=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-4257=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-4257=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-4257=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Linux Enterprise Server for SAP 15-SP1 (noarch): tomcat-9.0.36-150100.4.81.1 tomcat-admin-webapps-9.0.36-150100.4.81.1 tomcat-el-3_0-api-9.0.36-150100.4.81.1 tomcat-jsp-2_3-api-9.0.36-150100.4.81.1 tomcat-lib-9.0.36-150100.4.81.1 tomcat-servlet-4_0-api-9.0.36-150100.4.81.1 tomcat-webapps-9.0.36-150100.4.81.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (noarch): tomcat-9.0.36-150100.4.81.1 tomcat-admin-webapps-9.0.36-150100.4.81.1 tomcat-el-3_0-api-9.0.36-150100.4.81.1 tomcat-jsp-2_3-api-9.0.36-150100.4.81.1 tomcat-lib-9.0.36-150100.4.81.1 tomcat-servlet-4_0-api-9.0.36-150100.4.81.1 tomcat-webapps-9.0.36-150100.4.81.1 - SUSE Linux Enterprise Server 15-SP1-BCL (noarch): tomcat-9.0.36-150100.4.81.1 tomcat-admin-webapps-9.0.36-150100.4.81.1 tomcat-el-3_0-api-9.0.36-150100.4.81.1 tomcat-jsp-2_3-api-9.0.36-150100.4.81.1 tomcat-lib-9.0.36-150100.4.81.1 tomcat-servlet-4_0-api-9.0.36-150100.4.81.1 tomcat-webapps-9.0.36-150100.4.81.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (noarch): tomcat-9.0.36-150100.4.81.1 tomcat-admin-webapps-9.0.36-150100.4.81.1 tomcat-el-3_0-api-9.0.36-150100.4.81.1 tomcat-jsp-2_3-api-9.0.36-150100.4.81.1 tomcat-lib-9.0.36-150100.4.81.1 tomcat-servlet-4_0-api-9.0.36-150100.4.81.1 tomcat-webapps-9.0.36-150100.4.81.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (noarch): tomcat-9.0.36-150100.4.81.1 tomcat-admin-webapps-9.0.36-150100.4.81.1 tomcat-el-3_0-api-9.0.36-150100.4.81.1 tomcat-jsp-2_3-api-9.0.36-150100.4.81.1 tomcat-lib-9.0.36-150100.4.81.1 tomcat-servlet-4_0-api-9.0.36-150100.4.81.1 tomcat-webapps-9.0.36-150100.4.81.1 - SUSE Enterprise Storage 6 (noarch): tomcat-9.0.36-150100.4.81.1 tomcat-admin-webapps-9.0.36-150100.4.81.1 tomcat-el-3_0-api-9.0.36-150100.4.81.1 tomcat-jsp-2_3-api-9.0.36-150100.4.81.1 tomcat-lib-9.0.36-150100.4.81.1 tomcat-servlet-4_0-api-9.0.36-150100.4.81.1 tomcat-webapps-9.0.36-150100.4.81.1 - SUSE CaaS Platform 4.0 (noarch): tomcat-9.0.36-150100.4.81.1 tomcat-admin-webapps-9.0.36-150100.4.81.1 tomcat-el-3_0-api-9.0.36-150100.4.81.1 tomcat-jsp-2_3-api-9.0.36-150100.4.81.1 tomcat-lib-9.0.36-150100.4.81.1 tomcat-servlet-4_0-api-9.0.36-150100.4.81.1 tomcat-webapps-9.0.36-150100.4.81.1 References: https://www.suse.com/security/cve/CVE-2021-43980.html https://www.suse.com/security/cve/CVE-2022-42252.html https://bugzilla.suse.com/1203868 https://bugzilla.suse.com/1204918 From sle-updates at lists.suse.com Mon Nov 28 17:25:29 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 28 Nov 2022 18:25:29 +0100 (CET) Subject: SUSE-RU-2022:4256-1: moderate: Recommended update for gcc12 Message-ID: <20221128172529.3D9D0F46D@maintenance.suse.de> SUSE Recommended Update: Recommended update for gcc12 ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:4256-1 Rating: moderate References: PED-2030 Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Enterprise Storage 7 SUSE Enterprise Storage 7.1 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Micro 5.3 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Module for Development Tools 15-SP3 SUSE Linux Enterprise Module for Development Tools 15-SP4 SUSE Linux Enterprise Module for Legacy Software 15-SP3 SUSE Linux Enterprise Module for Legacy Software 15-SP4 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 SUSE Linux Enterprise Server SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP Applications SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.1 SUSE Manager Retail Branch Server 4.2 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.1 SUSE Manager Server 4.2 SUSE Manager Server 4.3 openSUSE Leap 15.3 openSUSE Leap 15.4 openSUSE Leap Micro 5.2 openSUSE Leap Micro 5.3 ______________________________________________________________________________ An update that has 0 recommended fixes and contains one feature can now be installed. Description: This update for gcc12 fixes the following issues: This update ship the GCC 12 compiler suite and its base libraries. The compiler baselibraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 11 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP3 and SP4, and provided in the "Development Tools" module. The Go, D and Ada language compiler parts are available unsupported via the PackageHub repositories. To use gcc12 compilers use: - install "gcc12" or "gcc12-c++" or one of the other "gcc12-COMPILER" frontend packages. - override your Makefile to use CC=gcc12, CXX=g++12 and similar overrides for the other languages. For a full changelog with all new GCC12 features, check out https://gcc.gnu.org/gcc-12/changes.html Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap Micro 5.3: zypper in -t patch openSUSE-Leap-Micro-5.3-2022-4256=1 - openSUSE Leap Micro 5.2: zypper in -t patch openSUSE-Leap-Micro-5.2-2022-4256=1 - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-4256=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-4256=1 - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-4256=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-4256=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-4256=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-4256=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-4256=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-4256=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-4256=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-4256=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-4256=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-4256=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2022-4256=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2022-4256=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP3-2022-4256=1 - SUSE Linux Enterprise Module for Legacy Software 15-SP4: zypper in -t patch SUSE-SLE-Module-Legacy-15-SP4-2022-4256=1 - SUSE Linux Enterprise Module for Legacy Software 15-SP3: zypper in -t patch SUSE-SLE-Module-Legacy-15-SP3-2022-4256=1 - SUSE Linux Enterprise Module for Development Tools 15-SP4: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2022-4256=1 - SUSE Linux Enterprise Module for Development Tools 15-SP3: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2022-4256=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-4256=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-4256=1 - SUSE Linux Enterprise Micro 5.3: zypper in -t patch SUSE-SLE-Micro-5.3-2022-4256=1 - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-4256=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-4256=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-4256=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-4256=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-4256=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-4256=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-4256=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-4256=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-4256=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-4256=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - openSUSE Leap Micro 5.3 (aarch64 x86_64): gcc12-debuginfo-12.2.1+git416-150000.1.5.1 gcc12-debugsource-12.2.1+git416-150000.1.5.1 libgcc_s1-12.2.1+git416-150000.1.5.1 libgcc_s1-debuginfo-12.2.1+git416-150000.1.5.1 libstdc++6-12.2.1+git416-150000.1.5.1 libstdc++6-debuginfo-12.2.1+git416-150000.1.5.1 - openSUSE Leap Micro 5.2 (aarch64 x86_64): libgcc_s1-12.2.1+git416-150000.1.5.1 libgcc_s1-debuginfo-12.2.1+git416-150000.1.5.1 libstdc++6-12.2.1+git416-150000.1.5.1 libstdc++6-debuginfo-12.2.1+git416-150000.1.5.1 - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): cpp12-12.2.1+git416-150000.1.5.1 cpp12-debuginfo-12.2.1+git416-150000.1.5.1 gcc12-12.2.1+git416-150000.1.5.1 gcc12-PIE-12.2.1+git416-150000.1.5.1 gcc12-ada-12.2.1+git416-150000.1.5.1 gcc12-ada-debuginfo-12.2.1+git416-150000.1.5.1 gcc12-c++-12.2.1+git416-150000.1.5.1 gcc12-c++-debuginfo-12.2.1+git416-150000.1.5.1 gcc12-debuginfo-12.2.1+git416-150000.1.5.1 gcc12-debugsource-12.2.1+git416-150000.1.5.1 gcc12-fortran-12.2.1+git416-150000.1.5.1 gcc12-fortran-debuginfo-12.2.1+git416-150000.1.5.1 gcc12-go-12.2.1+git416-150000.1.5.1 gcc12-go-debuginfo-12.2.1+git416-150000.1.5.1 gcc12-locale-12.2.1+git416-150000.1.5.1 gcc12-obj-c++-12.2.1+git416-150000.1.5.1 gcc12-obj-c++-debuginfo-12.2.1+git416-150000.1.5.1 gcc12-objc-12.2.1+git416-150000.1.5.1 gcc12-objc-debuginfo-12.2.1+git416-150000.1.5.1 gcc12-testresults-12.2.1+git416-150000.1.5.3 libada12-12.2.1+git416-150000.1.5.1 libada12-debuginfo-12.2.1+git416-150000.1.5.1 libasan8-12.2.1+git416-150000.1.5.1 libasan8-debuginfo-12.2.1+git416-150000.1.5.1 libatomic1-12.2.1+git416-150000.1.5.1 libatomic1-debuginfo-12.2.1+git416-150000.1.5.1 libgcc_s1-12.2.1+git416-150000.1.5.1 libgcc_s1-debuginfo-12.2.1+git416-150000.1.5.1 libgfortran5-12.2.1+git416-150000.1.5.1 libgfortran5-debuginfo-12.2.1+git416-150000.1.5.1 libgo21-12.2.1+git416-150000.1.5.1 libgo21-debuginfo-12.2.1+git416-150000.1.5.1 libgomp1-12.2.1+git416-150000.1.5.1 libgomp1-debuginfo-12.2.1+git416-150000.1.5.1 libitm1-12.2.1+git416-150000.1.5.1 libitm1-debuginfo-12.2.1+git416-150000.1.5.1 liblsan0-12.2.1+git416-150000.1.5.1 liblsan0-debuginfo-12.2.1+git416-150000.1.5.1 libobjc4-12.2.1+git416-150000.1.5.1 libobjc4-debuginfo-12.2.1+git416-150000.1.5.1 libstdc++6-12.2.1+git416-150000.1.5.1 libstdc++6-debuginfo-12.2.1+git416-150000.1.5.1 libstdc++6-devel-gcc12-12.2.1+git416-150000.1.5.1 libstdc++6-locale-12.2.1+git416-150000.1.5.1 libstdc++6-pp-12.2.1+git416-150000.1.5.1 libtsan2-12.2.1+git416-150000.1.5.1 libtsan2-debuginfo-12.2.1+git416-150000.1.5.1 libubsan1-12.2.1+git416-150000.1.5.1 libubsan1-debuginfo-12.2.1+git416-150000.1.5.1 - openSUSE Leap 15.4 (aarch64 s390x x86_64): gcc12-d-12.2.1+git416-150000.1.5.1 gcc12-d-debuginfo-12.2.1+git416-150000.1.5.1 libgdruntime3-12.2.1+git416-150000.1.5.1 libgdruntime3-debuginfo-12.2.1+git416-150000.1.5.1 libgphobos3-12.2.1+git416-150000.1.5.1 libgphobos3-debuginfo-12.2.1+git416-150000.1.5.1 - openSUSE Leap 15.4 (ppc64le x86_64): libquadmath0-12.2.1+git416-150000.1.5.1 libquadmath0-debuginfo-12.2.1+git416-150000.1.5.1 - openSUSE Leap 15.4 (s390x x86_64): libatomic1-32bit-12.2.1+git416-150000.1.5.1 libatomic1-32bit-debuginfo-12.2.1+git416-150000.1.5.1 libgcc_s1-32bit-12.2.1+git416-150000.1.5.1 libgcc_s1-32bit-debuginfo-12.2.1+git416-150000.1.5.1 libgfortran5-32bit-12.2.1+git416-150000.1.5.1 libgfortran5-32bit-debuginfo-12.2.1+git416-150000.1.5.1 libgomp1-32bit-12.2.1+git416-150000.1.5.1 libgomp1-32bit-debuginfo-12.2.1+git416-150000.1.5.1 libitm1-32bit-12.2.1+git416-150000.1.5.1 libitm1-32bit-debuginfo-12.2.1+git416-150000.1.5.1 libobjc4-32bit-12.2.1+git416-150000.1.5.1 libobjc4-32bit-debuginfo-12.2.1+git416-150000.1.5.1 libstdc++6-32bit-12.2.1+git416-150000.1.5.1 libstdc++6-32bit-debuginfo-12.2.1+git416-150000.1.5.1 libubsan1-32bit-12.2.1+git416-150000.1.5.1 libubsan1-32bit-debuginfo-12.2.1+git416-150000.1.5.1 - openSUSE Leap 15.4 (aarch64): libhwasan0-12.2.1+git416-150000.1.5.1 libhwasan0-debuginfo-12.2.1+git416-150000.1.5.1 - openSUSE Leap 15.4 (x86_64): cross-nvptx-gcc12-12.2.1+git416-150000.1.5.1 cross-nvptx-gcc12-debuginfo-12.2.1+git416-150000.1.5.1 cross-nvptx-gcc12-debugsource-12.2.1+git416-150000.1.5.1 cross-nvptx-newlib12-devel-12.2.1+git416-150000.1.5.1 gcc12-32bit-12.2.1+git416-150000.1.5.1 gcc12-ada-32bit-12.2.1+git416-150000.1.5.1 gcc12-c++-32bit-12.2.1+git416-150000.1.5.1 gcc12-d-32bit-12.2.1+git416-150000.1.5.1 gcc12-fortran-32bit-12.2.1+git416-150000.1.5.1 gcc12-go-32bit-12.2.1+git416-150000.1.5.1 gcc12-obj-c++-32bit-12.2.1+git416-150000.1.5.1 gcc12-objc-32bit-12.2.1+git416-150000.1.5.1 libada12-32bit-12.2.1+git416-150000.1.5.1 libada12-32bit-debuginfo-12.2.1+git416-150000.1.5.1 libasan8-32bit-12.2.1+git416-150000.1.5.1 libasan8-32bit-debuginfo-12.2.1+git416-150000.1.5.1 libgdruntime3-32bit-12.2.1+git416-150000.1.5.1 libgdruntime3-32bit-debuginfo-12.2.1+git416-150000.1.5.1 libgo21-32bit-12.2.1+git416-150000.1.5.1 libgo21-32bit-debuginfo-12.2.1+git416-150000.1.5.1 libgphobos3-32bit-12.2.1+git416-150000.1.5.1 libgphobos3-32bit-debuginfo-12.2.1+git416-150000.1.5.1 libquadmath0-32bit-12.2.1+git416-150000.1.5.1 libquadmath0-32bit-debuginfo-12.2.1+git416-150000.1.5.1 libstdc++6-devel-gcc12-32bit-12.2.1+git416-150000.1.5.1 libstdc++6-pp-32bit-12.2.1+git416-150000.1.5.1 - openSUSE Leap 15.4 (noarch): gcc12-info-12.2.1+git416-150000.1.5.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): cpp12-12.2.1+git416-150000.1.5.1 cpp12-debuginfo-12.2.1+git416-150000.1.5.1 gcc12-12.2.1+git416-150000.1.5.1 gcc12-PIE-12.2.1+git416-150000.1.5.1 gcc12-ada-12.2.1+git416-150000.1.5.1 gcc12-ada-debuginfo-12.2.1+git416-150000.1.5.1 gcc12-c++-12.2.1+git416-150000.1.5.1 gcc12-c++-debuginfo-12.2.1+git416-150000.1.5.1 gcc12-debuginfo-12.2.1+git416-150000.1.5.1 gcc12-debugsource-12.2.1+git416-150000.1.5.1 gcc12-fortran-12.2.1+git416-150000.1.5.1 gcc12-fortran-debuginfo-12.2.1+git416-150000.1.5.1 gcc12-go-12.2.1+git416-150000.1.5.1 gcc12-go-debuginfo-12.2.1+git416-150000.1.5.1 gcc12-locale-12.2.1+git416-150000.1.5.1 gcc12-obj-c++-12.2.1+git416-150000.1.5.1 gcc12-obj-c++-debuginfo-12.2.1+git416-150000.1.5.1 gcc12-objc-12.2.1+git416-150000.1.5.1 gcc12-objc-debuginfo-12.2.1+git416-150000.1.5.1 gcc12-testresults-12.2.1+git416-150000.1.5.3 libada12-12.2.1+git416-150000.1.5.1 libada12-debuginfo-12.2.1+git416-150000.1.5.1 libasan8-12.2.1+git416-150000.1.5.1 libasan8-debuginfo-12.2.1+git416-150000.1.5.1 libatomic1-12.2.1+git416-150000.1.5.1 libatomic1-debuginfo-12.2.1+git416-150000.1.5.1 libgcc_s1-12.2.1+git416-150000.1.5.1 libgcc_s1-debuginfo-12.2.1+git416-150000.1.5.1 libgfortran5-12.2.1+git416-150000.1.5.1 libgfortran5-debuginfo-12.2.1+git416-150000.1.5.1 libgo21-12.2.1+git416-150000.1.5.1 libgo21-debuginfo-12.2.1+git416-150000.1.5.1 libgomp1-12.2.1+git416-150000.1.5.1 libgomp1-debuginfo-12.2.1+git416-150000.1.5.1 libitm1-12.2.1+git416-150000.1.5.1 libitm1-debuginfo-12.2.1+git416-150000.1.5.1 liblsan0-12.2.1+git416-150000.1.5.1 liblsan0-debuginfo-12.2.1+git416-150000.1.5.1 libobjc4-12.2.1+git416-150000.1.5.1 libobjc4-debuginfo-12.2.1+git416-150000.1.5.1 libstdc++6-12.2.1+git416-150000.1.5.1 libstdc++6-debuginfo-12.2.1+git416-150000.1.5.1 libstdc++6-devel-gcc12-12.2.1+git416-150000.1.5.1 libstdc++6-locale-12.2.1+git416-150000.1.5.1 libstdc++6-pp-12.2.1+git416-150000.1.5.1 libtsan2-12.2.1+git416-150000.1.5.1 libtsan2-debuginfo-12.2.1+git416-150000.1.5.1 libubsan1-12.2.1+git416-150000.1.5.1 libubsan1-debuginfo-12.2.1+git416-150000.1.5.1 - openSUSE Leap 15.3 (aarch64 s390x x86_64): gcc12-d-12.2.1+git416-150000.1.5.1 gcc12-d-debuginfo-12.2.1+git416-150000.1.5.1 libgdruntime3-12.2.1+git416-150000.1.5.1 libgdruntime3-debuginfo-12.2.1+git416-150000.1.5.1 libgphobos3-12.2.1+git416-150000.1.5.1 libgphobos3-debuginfo-12.2.1+git416-150000.1.5.1 - openSUSE Leap 15.3 (ppc64le x86_64): libquadmath0-12.2.1+git416-150000.1.5.1 libquadmath0-debuginfo-12.2.1+git416-150000.1.5.1 - openSUSE Leap 15.3 (s390x x86_64): libatomic1-32bit-12.2.1+git416-150000.1.5.1 libatomic1-32bit-debuginfo-12.2.1+git416-150000.1.5.1 libgcc_s1-32bit-12.2.1+git416-150000.1.5.1 libgcc_s1-32bit-debuginfo-12.2.1+git416-150000.1.5.1 libgfortran5-32bit-12.2.1+git416-150000.1.5.1 libgfortran5-32bit-debuginfo-12.2.1+git416-150000.1.5.1 libgomp1-32bit-12.2.1+git416-150000.1.5.1 libgomp1-32bit-debuginfo-12.2.1+git416-150000.1.5.1 libitm1-32bit-12.2.1+git416-150000.1.5.1 libitm1-32bit-debuginfo-12.2.1+git416-150000.1.5.1 libobjc4-32bit-12.2.1+git416-150000.1.5.1 libobjc4-32bit-debuginfo-12.2.1+git416-150000.1.5.1 libstdc++6-32bit-12.2.1+git416-150000.1.5.1 libstdc++6-32bit-debuginfo-12.2.1+git416-150000.1.5.1 libubsan1-32bit-12.2.1+git416-150000.1.5.1 libubsan1-32bit-debuginfo-12.2.1+git416-150000.1.5.1 - openSUSE Leap 15.3 (aarch64): libhwasan0-12.2.1+git416-150000.1.5.1 libhwasan0-debuginfo-12.2.1+git416-150000.1.5.1 - openSUSE Leap 15.3 (x86_64): gcc12-32bit-12.2.1+git416-150000.1.5.1 gcc12-ada-32bit-12.2.1+git416-150000.1.5.1 gcc12-c++-32bit-12.2.1+git416-150000.1.5.1 gcc12-d-32bit-12.2.1+git416-150000.1.5.1 gcc12-fortran-32bit-12.2.1+git416-150000.1.5.1 gcc12-go-32bit-12.2.1+git416-150000.1.5.1 gcc12-obj-c++-32bit-12.2.1+git416-150000.1.5.1 gcc12-objc-32bit-12.2.1+git416-150000.1.5.1 libada12-32bit-12.2.1+git416-150000.1.5.1 libada12-32bit-debuginfo-12.2.1+git416-150000.1.5.1 libasan8-32bit-12.2.1+git416-150000.1.5.1 libasan8-32bit-debuginfo-12.2.1+git416-150000.1.5.1 libgdruntime3-32bit-12.2.1+git416-150000.1.5.1 libgdruntime3-32bit-debuginfo-12.2.1+git416-150000.1.5.1 libgo21-32bit-12.2.1+git416-150000.1.5.1 libgo21-32bit-debuginfo-12.2.1+git416-150000.1.5.1 libgphobos3-32bit-12.2.1+git416-150000.1.5.1 libgphobos3-32bit-debuginfo-12.2.1+git416-150000.1.5.1 libquadmath0-32bit-12.2.1+git416-150000.1.5.1 libquadmath0-32bit-debuginfo-12.2.1+git416-150000.1.5.1 libstdc++6-devel-gcc12-32bit-12.2.1+git416-150000.1.5.1 libstdc++6-pp-32bit-12.2.1+git416-150000.1.5.1 - openSUSE Leap 15.3 (noarch): gcc12-info-12.2.1+git416-150000.1.5.1 - SUSE Manager Server 4.1 (ppc64le s390x x86_64): libasan8-12.2.1+git416-150000.1.5.1 libasan8-debuginfo-12.2.1+git416-150000.1.5.1 libatomic1-12.2.1+git416-150000.1.5.1 libatomic1-debuginfo-12.2.1+git416-150000.1.5.1 libgcc_s1-12.2.1+git416-150000.1.5.1 libgcc_s1-debuginfo-12.2.1+git416-150000.1.5.1 libgfortran5-12.2.1+git416-150000.1.5.1 libgfortran5-debuginfo-12.2.1+git416-150000.1.5.1 libgomp1-12.2.1+git416-150000.1.5.1 libgomp1-debuginfo-12.2.1+git416-150000.1.5.1 libitm1-12.2.1+git416-150000.1.5.1 libitm1-debuginfo-12.2.1+git416-150000.1.5.1 libobjc4-12.2.1+git416-150000.1.5.1 libobjc4-debuginfo-12.2.1+git416-150000.1.5.1 libstdc++6-12.2.1+git416-150000.1.5.1 libstdc++6-debuginfo-12.2.1+git416-150000.1.5.1 libstdc++6-devel-gcc12-12.2.1+git416-150000.1.5.1 libstdc++6-locale-12.2.1+git416-150000.1.5.1 libstdc++6-pp-12.2.1+git416-150000.1.5.1 libubsan1-12.2.1+git416-150000.1.5.1 libubsan1-debuginfo-12.2.1+git416-150000.1.5.1 - SUSE Manager Server 4.1 (ppc64le x86_64): liblsan0-12.2.1+git416-150000.1.5.1 liblsan0-debuginfo-12.2.1+git416-150000.1.5.1 libquadmath0-12.2.1+git416-150000.1.5.1 libquadmath0-debuginfo-12.2.1+git416-150000.1.5.1 libtsan2-12.2.1+git416-150000.1.5.1 libtsan2-debuginfo-12.2.1+git416-150000.1.5.1 - SUSE Manager Server 4.1 (x86_64): libasan8-32bit-12.2.1+git416-150000.1.5.1 libasan8-32bit-debuginfo-12.2.1+git416-150000.1.5.1 libatomic1-32bit-12.2.1+git416-150000.1.5.1 libatomic1-32bit-debuginfo-12.2.1+git416-150000.1.5.1 libgcc_s1-32bit-12.2.1+git416-150000.1.5.1 libgcc_s1-32bit-debuginfo-12.2.1+git416-150000.1.5.1 libgfortran5-32bit-12.2.1+git416-150000.1.5.1 libgfortran5-32bit-debuginfo-12.2.1+git416-150000.1.5.1 libgomp1-32bit-12.2.1+git416-150000.1.5.1 libgomp1-32bit-debuginfo-12.2.1+git416-150000.1.5.1 libitm1-32bit-12.2.1+git416-150000.1.5.1 libitm1-32bit-debuginfo-12.2.1+git416-150000.1.5.1 libobjc4-32bit-12.2.1+git416-150000.1.5.1 libobjc4-32bit-debuginfo-12.2.1+git416-150000.1.5.1 libquadmath0-32bit-12.2.1+git416-150000.1.5.1 libquadmath0-32bit-debuginfo-12.2.1+git416-150000.1.5.1 libstdc++6-32bit-12.2.1+git416-150000.1.5.1 libstdc++6-32bit-debuginfo-12.2.1+git416-150000.1.5.1 libstdc++6-devel-gcc12-32bit-12.2.1+git416-150000.1.5.1 libstdc++6-pp-32bit-12.2.1+git416-150000.1.5.1 libubsan1-32bit-12.2.1+git416-150000.1.5.1 libubsan1-32bit-debuginfo-12.2.1+git416-150000.1.5.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): libasan8-12.2.1+git416-150000.1.5.1 libasan8-32bit-12.2.1+git416-150000.1.5.1 libasan8-32bit-debuginfo-12.2.1+git416-150000.1.5.1 libasan8-debuginfo-12.2.1+git416-150000.1.5.1 libatomic1-12.2.1+git416-150000.1.5.1 libatomic1-32bit-12.2.1+git416-150000.1.5.1 libatomic1-32bit-debuginfo-12.2.1+git416-150000.1.5.1 libatomic1-debuginfo-12.2.1+git416-150000.1.5.1 libgcc_s1-12.2.1+git416-150000.1.5.1 libgcc_s1-32bit-12.2.1+git416-150000.1.5.1 libgcc_s1-32bit-debuginfo-12.2.1+git416-150000.1.5.1 libgcc_s1-debuginfo-12.2.1+git416-150000.1.5.1 libgfortran5-12.2.1+git416-150000.1.5.1 libgfortran5-32bit-12.2.1+git416-150000.1.5.1 libgfortran5-32bit-debuginfo-12.2.1+git416-150000.1.5.1 libgfortran5-debuginfo-12.2.1+git416-150000.1.5.1 libgomp1-12.2.1+git416-150000.1.5.1 libgomp1-32bit-12.2.1+git416-150000.1.5.1 libgomp1-32bit-debuginfo-12.2.1+git416-150000.1.5.1 libgomp1-debuginfo-12.2.1+git416-150000.1.5.1 libitm1-12.2.1+git416-150000.1.5.1 libitm1-32bit-12.2.1+git416-150000.1.5.1 libitm1-32bit-debuginfo-12.2.1+git416-150000.1.5.1 libitm1-debuginfo-12.2.1+git416-150000.1.5.1 liblsan0-12.2.1+git416-150000.1.5.1 liblsan0-debuginfo-12.2.1+git416-150000.1.5.1 libobjc4-12.2.1+git416-150000.1.5.1 libobjc4-32bit-12.2.1+git416-150000.1.5.1 libobjc4-32bit-debuginfo-12.2.1+git416-150000.1.5.1 libobjc4-debuginfo-12.2.1+git416-150000.1.5.1 libquadmath0-12.2.1+git416-150000.1.5.1 libquadmath0-32bit-12.2.1+git416-150000.1.5.1 libquadmath0-32bit-debuginfo-12.2.1+git416-150000.1.5.1 libquadmath0-debuginfo-12.2.1+git416-150000.1.5.1 libstdc++6-12.2.1+git416-150000.1.5.1 libstdc++6-32bit-12.2.1+git416-150000.1.5.1 libstdc++6-32bit-debuginfo-12.2.1+git416-150000.1.5.1 libstdc++6-debuginfo-12.2.1+git416-150000.1.5.1 libstdc++6-devel-gcc12-12.2.1+git416-150000.1.5.1 libstdc++6-devel-gcc12-32bit-12.2.1+git416-150000.1.5.1 libstdc++6-locale-12.2.1+git416-150000.1.5.1 libstdc++6-pp-12.2.1+git416-150000.1.5.1 libstdc++6-pp-32bit-12.2.1+git416-150000.1.5.1 libtsan2-12.2.1+git416-150000.1.5.1 libtsan2-debuginfo-12.2.1+git416-150000.1.5.1 libubsan1-12.2.1+git416-150000.1.5.1 libubsan1-32bit-12.2.1+git416-150000.1.5.1 libubsan1-32bit-debuginfo-12.2.1+git416-150000.1.5.1 libubsan1-debuginfo-12.2.1+git416-150000.1.5.1 - SUSE Manager Proxy 4.1 (x86_64): libasan8-12.2.1+git416-150000.1.5.1 libasan8-32bit-12.2.1+git416-150000.1.5.1 libasan8-32bit-debuginfo-12.2.1+git416-150000.1.5.1 libasan8-debuginfo-12.2.1+git416-150000.1.5.1 libatomic1-12.2.1+git416-150000.1.5.1 libatomic1-32bit-12.2.1+git416-150000.1.5.1 libatomic1-32bit-debuginfo-12.2.1+git416-150000.1.5.1 libatomic1-debuginfo-12.2.1+git416-150000.1.5.1 libgcc_s1-12.2.1+git416-150000.1.5.1 libgcc_s1-32bit-12.2.1+git416-150000.1.5.1 libgcc_s1-32bit-debuginfo-12.2.1+git416-150000.1.5.1 libgcc_s1-debuginfo-12.2.1+git416-150000.1.5.1 libgfortran5-12.2.1+git416-150000.1.5.1 libgfortran5-32bit-12.2.1+git416-150000.1.5.1 libgfortran5-32bit-debuginfo-12.2.1+git416-150000.1.5.1 libgfortran5-debuginfo-12.2.1+git416-150000.1.5.1 libgomp1-12.2.1+git416-150000.1.5.1 libgomp1-32bit-12.2.1+git416-150000.1.5.1 libgomp1-32bit-debuginfo-12.2.1+git416-150000.1.5.1 libgomp1-debuginfo-12.2.1+git416-150000.1.5.1 libitm1-12.2.1+git416-150000.1.5.1 libitm1-32bit-12.2.1+git416-150000.1.5.1 libitm1-32bit-debuginfo-12.2.1+git416-150000.1.5.1 libitm1-debuginfo-12.2.1+git416-150000.1.5.1 liblsan0-12.2.1+git416-150000.1.5.1 liblsan0-debuginfo-12.2.1+git416-150000.1.5.1 libobjc4-12.2.1+git416-150000.1.5.1 libobjc4-32bit-12.2.1+git416-150000.1.5.1 libobjc4-32bit-debuginfo-12.2.1+git416-150000.1.5.1 libobjc4-debuginfo-12.2.1+git416-150000.1.5.1 libquadmath0-12.2.1+git416-150000.1.5.1 libquadmath0-32bit-12.2.1+git416-150000.1.5.1 libquadmath0-32bit-debuginfo-12.2.1+git416-150000.1.5.1 libquadmath0-debuginfo-12.2.1+git416-150000.1.5.1 libstdc++6-12.2.1+git416-150000.1.5.1 libstdc++6-32bit-12.2.1+git416-150000.1.5.1 libstdc++6-32bit-debuginfo-12.2.1+git416-150000.1.5.1 libstdc++6-debuginfo-12.2.1+git416-150000.1.5.1 libstdc++6-devel-gcc12-12.2.1+git416-150000.1.5.1 libstdc++6-devel-gcc12-32bit-12.2.1+git416-150000.1.5.1 libstdc++6-locale-12.2.1+git416-150000.1.5.1 libstdc++6-pp-12.2.1+git416-150000.1.5.1 libstdc++6-pp-32bit-12.2.1+git416-150000.1.5.1 libtsan2-12.2.1+git416-150000.1.5.1 libtsan2-debuginfo-12.2.1+git416-150000.1.5.1 libubsan1-12.2.1+git416-150000.1.5.1 libubsan1-32bit-12.2.1+git416-150000.1.5.1 libubsan1-32bit-debuginfo-12.2.1+git416-150000.1.5.1 libubsan1-debuginfo-12.2.1+git416-150000.1.5.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): libasan8-12.2.1+git416-150000.1.5.1 libasan8-debuginfo-12.2.1+git416-150000.1.5.1 libatomic1-12.2.1+git416-150000.1.5.1 libatomic1-debuginfo-12.2.1+git416-150000.1.5.1 libgcc_s1-12.2.1+git416-150000.1.5.1 libgcc_s1-debuginfo-12.2.1+git416-150000.1.5.1 libgfortran5-12.2.1+git416-150000.1.5.1 libgfortran5-debuginfo-12.2.1+git416-150000.1.5.1 libgomp1-12.2.1+git416-150000.1.5.1 libgomp1-debuginfo-12.2.1+git416-150000.1.5.1 libitm1-12.2.1+git416-150000.1.5.1 libitm1-debuginfo-12.2.1+git416-150000.1.5.1 liblsan0-12.2.1+git416-150000.1.5.1 liblsan0-debuginfo-12.2.1+git416-150000.1.5.1 libobjc4-12.2.1+git416-150000.1.5.1 libobjc4-debuginfo-12.2.1+git416-150000.1.5.1 libquadmath0-12.2.1+git416-150000.1.5.1 libquadmath0-debuginfo-12.2.1+git416-150000.1.5.1 libstdc++6-12.2.1+git416-150000.1.5.1 libstdc++6-debuginfo-12.2.1+git416-150000.1.5.1 libstdc++6-devel-gcc12-12.2.1+git416-150000.1.5.1 libstdc++6-locale-12.2.1+git416-150000.1.5.1 libstdc++6-pp-12.2.1+git416-150000.1.5.1 libtsan2-12.2.1+git416-150000.1.5.1 libtsan2-debuginfo-12.2.1+git416-150000.1.5.1 libubsan1-12.2.1+git416-150000.1.5.1 libubsan1-debuginfo-12.2.1+git416-150000.1.5.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (x86_64): libasan8-32bit-12.2.1+git416-150000.1.5.1 libasan8-32bit-debuginfo-12.2.1+git416-150000.1.5.1 libatomic1-32bit-12.2.1+git416-150000.1.5.1 libatomic1-32bit-debuginfo-12.2.1+git416-150000.1.5.1 libgcc_s1-32bit-12.2.1+git416-150000.1.5.1 libgcc_s1-32bit-debuginfo-12.2.1+git416-150000.1.5.1 libgfortran5-32bit-12.2.1+git416-150000.1.5.1 libgfortran5-32bit-debuginfo-12.2.1+git416-150000.1.5.1 libgomp1-32bit-12.2.1+git416-150000.1.5.1 libgomp1-32bit-debuginfo-12.2.1+git416-150000.1.5.1 libitm1-32bit-12.2.1+git416-150000.1.5.1 libitm1-32bit-debuginfo-12.2.1+git416-150000.1.5.1 libobjc4-32bit-12.2.1+git416-150000.1.5.1 libobjc4-32bit-debuginfo-12.2.1+git416-150000.1.5.1 libquadmath0-32bit-12.2.1+git416-150000.1.5.1 libquadmath0-32bit-debuginfo-12.2.1+git416-150000.1.5.1 libstdc++6-32bit-12.2.1+git416-150000.1.5.1 libstdc++6-32bit-debuginfo-12.2.1+git416-150000.1.5.1 libstdc++6-devel-gcc12-32bit-12.2.1+git416-150000.1.5.1 libstdc++6-pp-32bit-12.2.1+git416-150000.1.5.1 libubsan1-32bit-12.2.1+git416-150000.1.5.1 libubsan1-32bit-debuginfo-12.2.1+git416-150000.1.5.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): libasan8-12.2.1+git416-150000.1.5.1 libasan8-debuginfo-12.2.1+git416-150000.1.5.1 libatomic1-12.2.1+git416-150000.1.5.1 libatomic1-debuginfo-12.2.1+git416-150000.1.5.1 libgcc_s1-12.2.1+git416-150000.1.5.1 libgcc_s1-debuginfo-12.2.1+git416-150000.1.5.1 libgfortran5-12.2.1+git416-150000.1.5.1 libgfortran5-debuginfo-12.2.1+git416-150000.1.5.1 libgomp1-12.2.1+git416-150000.1.5.1 libgomp1-debuginfo-12.2.1+git416-150000.1.5.1 libitm1-12.2.1+git416-150000.1.5.1 libitm1-debuginfo-12.2.1+git416-150000.1.5.1 liblsan0-12.2.1+git416-150000.1.5.1 liblsan0-debuginfo-12.2.1+git416-150000.1.5.1 libobjc4-12.2.1+git416-150000.1.5.1 libobjc4-debuginfo-12.2.1+git416-150000.1.5.1 libquadmath0-12.2.1+git416-150000.1.5.1 libquadmath0-debuginfo-12.2.1+git416-150000.1.5.1 libstdc++6-12.2.1+git416-150000.1.5.1 libstdc++6-debuginfo-12.2.1+git416-150000.1.5.1 libstdc++6-devel-gcc12-12.2.1+git416-150000.1.5.1 libstdc++6-locale-12.2.1+git416-150000.1.5.1 libstdc++6-pp-12.2.1+git416-150000.1.5.1 libtsan2-12.2.1+git416-150000.1.5.1 libtsan2-debuginfo-12.2.1+git416-150000.1.5.1 libubsan1-12.2.1+git416-150000.1.5.1 libubsan1-debuginfo-12.2.1+git416-150000.1.5.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (x86_64): libasan8-32bit-12.2.1+git416-150000.1.5.1 libasan8-32bit-debuginfo-12.2.1+git416-150000.1.5.1 libatomic1-32bit-12.2.1+git416-150000.1.5.1 libatomic1-32bit-debuginfo-12.2.1+git416-150000.1.5.1 libgcc_s1-32bit-12.2.1+git416-150000.1.5.1 libgcc_s1-32bit-debuginfo-12.2.1+git416-150000.1.5.1 libgfortran5-32bit-12.2.1+git416-150000.1.5.1 libgfortran5-32bit-debuginfo-12.2.1+git416-150000.1.5.1 libgomp1-32bit-12.2.1+git416-150000.1.5.1 libgomp1-32bit-debuginfo-12.2.1+git416-150000.1.5.1 libitm1-32bit-12.2.1+git416-150000.1.5.1 libitm1-32bit-debuginfo-12.2.1+git416-150000.1.5.1 libobjc4-32bit-12.2.1+git416-150000.1.5.1 libobjc4-32bit-debuginfo-12.2.1+git416-150000.1.5.1 libquadmath0-32bit-12.2.1+git416-150000.1.5.1 libquadmath0-32bit-debuginfo-12.2.1+git416-150000.1.5.1 libstdc++6-32bit-12.2.1+git416-150000.1.5.1 libstdc++6-32bit-debuginfo-12.2.1+git416-150000.1.5.1 libstdc++6-pp-32bit-12.2.1+git416-150000.1.5.1 libubsan1-32bit-12.2.1+git416-150000.1.5.1 libubsan1-32bit-debuginfo-12.2.1+git416-150000.1.5.1 - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): libasan8-12.2.1+git416-150000.1.5.1 libasan8-debuginfo-12.2.1+git416-150000.1.5.1 libatomic1-12.2.1+git416-150000.1.5.1 libatomic1-debuginfo-12.2.1+git416-150000.1.5.1 libgcc_s1-12.2.1+git416-150000.1.5.1 libgcc_s1-debuginfo-12.2.1+git416-150000.1.5.1 libgfortran5-12.2.1+git416-150000.1.5.1 libgfortran5-debuginfo-12.2.1+git416-150000.1.5.1 libgomp1-12.2.1+git416-150000.1.5.1 libgomp1-debuginfo-12.2.1+git416-150000.1.5.1 libitm1-12.2.1+git416-150000.1.5.1 libitm1-debuginfo-12.2.1+git416-150000.1.5.1 liblsan0-12.2.1+git416-150000.1.5.1 liblsan0-debuginfo-12.2.1+git416-150000.1.5.1 libobjc4-12.2.1+git416-150000.1.5.1 libobjc4-debuginfo-12.2.1+git416-150000.1.5.1 libquadmath0-12.2.1+git416-150000.1.5.1 libquadmath0-debuginfo-12.2.1+git416-150000.1.5.1 libstdc++6-12.2.1+git416-150000.1.5.1 libstdc++6-debuginfo-12.2.1+git416-150000.1.5.1 libstdc++6-devel-gcc12-12.2.1+git416-150000.1.5.1 libstdc++6-locale-12.2.1+git416-150000.1.5.1 libstdc++6-pp-12.2.1+git416-150000.1.5.1 libtsan2-12.2.1+git416-150000.1.5.1 libtsan2-debuginfo-12.2.1+git416-150000.1.5.1 libubsan1-12.2.1+git416-150000.1.5.1 libubsan1-debuginfo-12.2.1+git416-150000.1.5.1 - SUSE Linux Enterprise Server for SAP 15 (x86_64): libasan8-32bit-12.2.1+git416-150000.1.5.1 libasan8-32bit-debuginfo-12.2.1+git416-150000.1.5.1 libatomic1-32bit-12.2.1+git416-150000.1.5.1 libatomic1-32bit-debuginfo-12.2.1+git416-150000.1.5.1 libgcc_s1-32bit-12.2.1+git416-150000.1.5.1 libgcc_s1-32bit-debuginfo-12.2.1+git416-150000.1.5.1 libgfortran5-32bit-12.2.1+git416-150000.1.5.1 libgfortran5-32bit-debuginfo-12.2.1+git416-150000.1.5.1 libgomp1-32bit-12.2.1+git416-150000.1.5.1 libgomp1-32bit-debuginfo-12.2.1+git416-150000.1.5.1 libitm1-32bit-12.2.1+git416-150000.1.5.1 libitm1-32bit-debuginfo-12.2.1+git416-150000.1.5.1 libobjc4-32bit-12.2.1+git416-150000.1.5.1 libobjc4-32bit-debuginfo-12.2.1+git416-150000.1.5.1 libquadmath0-32bit-12.2.1+git416-150000.1.5.1 libquadmath0-32bit-debuginfo-12.2.1+git416-150000.1.5.1 libstdc++6-32bit-12.2.1+git416-150000.1.5.1 libstdc++6-32bit-debuginfo-12.2.1+git416-150000.1.5.1 libstdc++6-pp-32bit-12.2.1+git416-150000.1.5.1 libubsan1-32bit-12.2.1+git416-150000.1.5.1 libubsan1-32bit-debuginfo-12.2.1+git416-150000.1.5.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): libasan8-12.2.1+git416-150000.1.5.1 libasan8-debuginfo-12.2.1+git416-150000.1.5.1 libatomic1-12.2.1+git416-150000.1.5.1 libatomic1-debuginfo-12.2.1+git416-150000.1.5.1 libgcc_s1-12.2.1+git416-150000.1.5.1 libgcc_s1-debuginfo-12.2.1+git416-150000.1.5.1 libgfortran5-12.2.1+git416-150000.1.5.1 libgfortran5-debuginfo-12.2.1+git416-150000.1.5.1 libgomp1-12.2.1+git416-150000.1.5.1 libgomp1-debuginfo-12.2.1+git416-150000.1.5.1 libitm1-12.2.1+git416-150000.1.5.1 libitm1-debuginfo-12.2.1+git416-150000.1.5.1 libobjc4-12.2.1+git416-150000.1.5.1 libobjc4-debuginfo-12.2.1+git416-150000.1.5.1 libstdc++6-12.2.1+git416-150000.1.5.1 libstdc++6-debuginfo-12.2.1+git416-150000.1.5.1 libstdc++6-devel-gcc12-12.2.1+git416-150000.1.5.1 libstdc++6-locale-12.2.1+git416-150000.1.5.1 libstdc++6-pp-12.2.1+git416-150000.1.5.1 libubsan1-12.2.1+git416-150000.1.5.1 libubsan1-debuginfo-12.2.1+git416-150000.1.5.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le x86_64): liblsan0-12.2.1+git416-150000.1.5.1 liblsan0-debuginfo-12.2.1+git416-150000.1.5.1 libtsan2-12.2.1+git416-150000.1.5.1 libtsan2-debuginfo-12.2.1+git416-150000.1.5.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (ppc64le x86_64): libquadmath0-12.2.1+git416-150000.1.5.1 libquadmath0-debuginfo-12.2.1+git416-150000.1.5.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64): libhwasan0-12.2.1+git416-150000.1.5.1 libhwasan0-debuginfo-12.2.1+git416-150000.1.5.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (x86_64): libasan8-32bit-12.2.1+git416-150000.1.5.1 libasan8-32bit-debuginfo-12.2.1+git416-150000.1.5.1 libatomic1-32bit-12.2.1+git416-150000.1.5.1 libatomic1-32bit-debuginfo-12.2.1+git416-150000.1.5.1 libgcc_s1-32bit-12.2.1+git416-150000.1.5.1 libgcc_s1-32bit-debuginfo-12.2.1+git416-150000.1.5.1 libgfortran5-32bit-12.2.1+git416-150000.1.5.1 libgfortran5-32bit-debuginfo-12.2.1+git416-150000.1.5.1 libgomp1-32bit-12.2.1+git416-150000.1.5.1 libgomp1-32bit-debuginfo-12.2.1+git416-150000.1.5.1 libitm1-32bit-12.2.1+git416-150000.1.5.1 libitm1-32bit-debuginfo-12.2.1+git416-150000.1.5.1 libobjc4-32bit-12.2.1+git416-150000.1.5.1 libobjc4-32bit-debuginfo-12.2.1+git416-150000.1.5.1 libquadmath0-32bit-12.2.1+git416-150000.1.5.1 libquadmath0-32bit-debuginfo-12.2.1+git416-150000.1.5.1 libstdc++6-32bit-12.2.1+git416-150000.1.5.1 libstdc++6-32bit-debuginfo-12.2.1+git416-150000.1.5.1 libstdc++6-devel-gcc12-32bit-12.2.1+git416-150000.1.5.1 libstdc++6-pp-32bit-12.2.1+git416-150000.1.5.1 libubsan1-32bit-12.2.1+git416-150000.1.5.1 libubsan1-32bit-debuginfo-12.2.1+git416-150000.1.5.1 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): libasan8-12.2.1+git416-150000.1.5.1 libasan8-32bit-12.2.1+git416-150000.1.5.1 libasan8-32bit-debuginfo-12.2.1+git416-150000.1.5.1 libasan8-debuginfo-12.2.1+git416-150000.1.5.1 libatomic1-12.2.1+git416-150000.1.5.1 libatomic1-32bit-12.2.1+git416-150000.1.5.1 libatomic1-32bit-debuginfo-12.2.1+git416-150000.1.5.1 libatomic1-debuginfo-12.2.1+git416-150000.1.5.1 libgcc_s1-12.2.1+git416-150000.1.5.1 libgcc_s1-32bit-12.2.1+git416-150000.1.5.1 libgcc_s1-32bit-debuginfo-12.2.1+git416-150000.1.5.1 libgcc_s1-debuginfo-12.2.1+git416-150000.1.5.1 libgfortran5-12.2.1+git416-150000.1.5.1 libgfortran5-32bit-12.2.1+git416-150000.1.5.1 libgfortran5-32bit-debuginfo-12.2.1+git416-150000.1.5.1 libgfortran5-debuginfo-12.2.1+git416-150000.1.5.1 libgomp1-12.2.1+git416-150000.1.5.1 libgomp1-32bit-12.2.1+git416-150000.1.5.1 libgomp1-32bit-debuginfo-12.2.1+git416-150000.1.5.1 libgomp1-debuginfo-12.2.1+git416-150000.1.5.1 libitm1-12.2.1+git416-150000.1.5.1 libitm1-32bit-12.2.1+git416-150000.1.5.1 libitm1-32bit-debuginfo-12.2.1+git416-150000.1.5.1 libitm1-debuginfo-12.2.1+git416-150000.1.5.1 liblsan0-12.2.1+git416-150000.1.5.1 liblsan0-debuginfo-12.2.1+git416-150000.1.5.1 libobjc4-12.2.1+git416-150000.1.5.1 libobjc4-32bit-12.2.1+git416-150000.1.5.1 libobjc4-32bit-debuginfo-12.2.1+git416-150000.1.5.1 libobjc4-debuginfo-12.2.1+git416-150000.1.5.1 libquadmath0-12.2.1+git416-150000.1.5.1 libquadmath0-32bit-12.2.1+git416-150000.1.5.1 libquadmath0-32bit-debuginfo-12.2.1+git416-150000.1.5.1 libquadmath0-debuginfo-12.2.1+git416-150000.1.5.1 libstdc++6-12.2.1+git416-150000.1.5.1 libstdc++6-32bit-12.2.1+git416-150000.1.5.1 libstdc++6-32bit-debuginfo-12.2.1+git416-150000.1.5.1 libstdc++6-debuginfo-12.2.1+git416-150000.1.5.1 libstdc++6-devel-gcc12-12.2.1+git416-150000.1.5.1 libstdc++6-devel-gcc12-32bit-12.2.1+git416-150000.1.5.1 libstdc++6-locale-12.2.1+git416-150000.1.5.1 libstdc++6-pp-12.2.1+git416-150000.1.5.1 libstdc++6-pp-32bit-12.2.1+git416-150000.1.5.1 libtsan2-12.2.1+git416-150000.1.5.1 libtsan2-debuginfo-12.2.1+git416-150000.1.5.1 libubsan1-12.2.1+git416-150000.1.5.1 libubsan1-32bit-12.2.1+git416-150000.1.5.1 libubsan1-32bit-debuginfo-12.2.1+git416-150000.1.5.1 libubsan1-debuginfo-12.2.1+git416-150000.1.5.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): libasan8-12.2.1+git416-150000.1.5.1 libasan8-debuginfo-12.2.1+git416-150000.1.5.1 libatomic1-12.2.1+git416-150000.1.5.1 libatomic1-debuginfo-12.2.1+git416-150000.1.5.1 libgcc_s1-12.2.1+git416-150000.1.5.1 libgcc_s1-debuginfo-12.2.1+git416-150000.1.5.1 libgfortran5-12.2.1+git416-150000.1.5.1 libgfortran5-debuginfo-12.2.1+git416-150000.1.5.1 libgomp1-12.2.1+git416-150000.1.5.1 libgomp1-debuginfo-12.2.1+git416-150000.1.5.1 libitm1-12.2.1+git416-150000.1.5.1 libitm1-debuginfo-12.2.1+git416-150000.1.5.1 libobjc4-12.2.1+git416-150000.1.5.1 libobjc4-debuginfo-12.2.1+git416-150000.1.5.1 libstdc++6-12.2.1+git416-150000.1.5.1 libstdc++6-debuginfo-12.2.1+git416-150000.1.5.1 libstdc++6-devel-gcc12-12.2.1+git416-150000.1.5.1 libstdc++6-locale-12.2.1+git416-150000.1.5.1 libstdc++6-pp-12.2.1+git416-150000.1.5.1 libubsan1-12.2.1+git416-150000.1.5.1 libubsan1-debuginfo-12.2.1+git416-150000.1.5.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le x86_64): liblsan0-12.2.1+git416-150000.1.5.1 liblsan0-debuginfo-12.2.1+git416-150000.1.5.1 libtsan2-12.2.1+git416-150000.1.5.1 libtsan2-debuginfo-12.2.1+git416-150000.1.5.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (ppc64le x86_64): libquadmath0-12.2.1+git416-150000.1.5.1 libquadmath0-debuginfo-12.2.1+git416-150000.1.5.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64): libhwasan0-12.2.1+git416-150000.1.5.1 libhwasan0-debuginfo-12.2.1+git416-150000.1.5.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (x86_64): libasan8-32bit-12.2.1+git416-150000.1.5.1 libasan8-32bit-debuginfo-12.2.1+git416-150000.1.5.1 libatomic1-32bit-12.2.1+git416-150000.1.5.1 libatomic1-32bit-debuginfo-12.2.1+git416-150000.1.5.1 libgcc_s1-32bit-12.2.1+git416-150000.1.5.1 libgcc_s1-32bit-debuginfo-12.2.1+git416-150000.1.5.1 libgfortran5-32bit-12.2.1+git416-150000.1.5.1 libgfortran5-32bit-debuginfo-12.2.1+git416-150000.1.5.1 libgomp1-32bit-12.2.1+git416-150000.1.5.1 libgomp1-32bit-debuginfo-12.2.1+git416-150000.1.5.1 libitm1-32bit-12.2.1+git416-150000.1.5.1 libitm1-32bit-debuginfo-12.2.1+git416-150000.1.5.1 libobjc4-32bit-12.2.1+git416-150000.1.5.1 libobjc4-32bit-debuginfo-12.2.1+git416-150000.1.5.1 libquadmath0-32bit-12.2.1+git416-150000.1.5.1 libquadmath0-32bit-debuginfo-12.2.1+git416-150000.1.5.1 libstdc++6-32bit-12.2.1+git416-150000.1.5.1 libstdc++6-32bit-debuginfo-12.2.1+git416-150000.1.5.1 libstdc++6-pp-32bit-12.2.1+git416-150000.1.5.1 libubsan1-32bit-12.2.1+git416-150000.1.5.1 libubsan1-32bit-debuginfo-12.2.1+git416-150000.1.5.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): libasan8-12.2.1+git416-150000.1.5.1 libasan8-32bit-12.2.1+git416-150000.1.5.1 libasan8-32bit-debuginfo-12.2.1+git416-150000.1.5.1 libasan8-debuginfo-12.2.1+git416-150000.1.5.1 libatomic1-12.2.1+git416-150000.1.5.1 libatomic1-32bit-12.2.1+git416-150000.1.5.1 libatomic1-32bit-debuginfo-12.2.1+git416-150000.1.5.1 libatomic1-debuginfo-12.2.1+git416-150000.1.5.1 libgcc_s1-12.2.1+git416-150000.1.5.1 libgcc_s1-32bit-12.2.1+git416-150000.1.5.1 libgcc_s1-32bit-debuginfo-12.2.1+git416-150000.1.5.1 libgcc_s1-debuginfo-12.2.1+git416-150000.1.5.1 libgfortran5-12.2.1+git416-150000.1.5.1 libgfortran5-32bit-12.2.1+git416-150000.1.5.1 libgfortran5-32bit-debuginfo-12.2.1+git416-150000.1.5.1 libgfortran5-debuginfo-12.2.1+git416-150000.1.5.1 libgomp1-12.2.1+git416-150000.1.5.1 libgomp1-32bit-12.2.1+git416-150000.1.5.1 libgomp1-32bit-debuginfo-12.2.1+git416-150000.1.5.1 libgomp1-debuginfo-12.2.1+git416-150000.1.5.1 libitm1-12.2.1+git416-150000.1.5.1 libitm1-32bit-12.2.1+git416-150000.1.5.1 libitm1-32bit-debuginfo-12.2.1+git416-150000.1.5.1 libitm1-debuginfo-12.2.1+git416-150000.1.5.1 liblsan0-12.2.1+git416-150000.1.5.1 liblsan0-debuginfo-12.2.1+git416-150000.1.5.1 libobjc4-12.2.1+git416-150000.1.5.1 libobjc4-32bit-12.2.1+git416-150000.1.5.1 libobjc4-32bit-debuginfo-12.2.1+git416-150000.1.5.1 libobjc4-debuginfo-12.2.1+git416-150000.1.5.1 libquadmath0-12.2.1+git416-150000.1.5.1 libquadmath0-32bit-12.2.1+git416-150000.1.5.1 libquadmath0-32bit-debuginfo-12.2.1+git416-150000.1.5.1 libquadmath0-debuginfo-12.2.1+git416-150000.1.5.1 libstdc++6-12.2.1+git416-150000.1.5.1 libstdc++6-32bit-12.2.1+git416-150000.1.5.1 libstdc++6-32bit-debuginfo-12.2.1+git416-150000.1.5.1 libstdc++6-debuginfo-12.2.1+git416-150000.1.5.1 libstdc++6-devel-gcc12-12.2.1+git416-150000.1.5.1 libstdc++6-locale-12.2.1+git416-150000.1.5.1 libstdc++6-pp-12.2.1+git416-150000.1.5.1 libstdc++6-pp-32bit-12.2.1+git416-150000.1.5.1 libtsan2-12.2.1+git416-150000.1.5.1 libtsan2-debuginfo-12.2.1+git416-150000.1.5.1 libubsan1-12.2.1+git416-150000.1.5.1 libubsan1-32bit-12.2.1+git416-150000.1.5.1 libubsan1-32bit-debuginfo-12.2.1+git416-150000.1.5.1 libubsan1-debuginfo-12.2.1+git416-150000.1.5.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): libasan8-12.2.1+git416-150000.1.5.1 libasan8-debuginfo-12.2.1+git416-150000.1.5.1 libatomic1-12.2.1+git416-150000.1.5.1 libatomic1-debuginfo-12.2.1+git416-150000.1.5.1 libgcc_s1-12.2.1+git416-150000.1.5.1 libgcc_s1-debuginfo-12.2.1+git416-150000.1.5.1 libgfortran5-12.2.1+git416-150000.1.5.1 libgfortran5-debuginfo-12.2.1+git416-150000.1.5.1 libgomp1-12.2.1+git416-150000.1.5.1 libgomp1-debuginfo-12.2.1+git416-150000.1.5.1 libitm1-12.2.1+git416-150000.1.5.1 libitm1-debuginfo-12.2.1+git416-150000.1.5.1 libobjc4-12.2.1+git416-150000.1.5.1 libobjc4-debuginfo-12.2.1+git416-150000.1.5.1 libstdc++6-12.2.1+git416-150000.1.5.1 libstdc++6-debuginfo-12.2.1+git416-150000.1.5.1 libstdc++6-devel-gcc12-12.2.1+git416-150000.1.5.1 libstdc++6-locale-12.2.1+git416-150000.1.5.1 libstdc++6-pp-12.2.1+git416-150000.1.5.1 libubsan1-12.2.1+git416-150000.1.5.1 libubsan1-debuginfo-12.2.1+git416-150000.1.5.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64): libhwasan0-12.2.1+git416-150000.1.5.1 libhwasan0-debuginfo-12.2.1+git416-150000.1.5.1 liblsan0-12.2.1+git416-150000.1.5.1 liblsan0-debuginfo-12.2.1+git416-150000.1.5.1 libtsan2-12.2.1+git416-150000.1.5.1 libtsan2-debuginfo-12.2.1+git416-150000.1.5.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 (aarch64 ppc64le s390x x86_64): gcc12-ada-12.2.1+git416-150000.1.5.1 gcc12-ada-debuginfo-12.2.1+git416-150000.1.5.1 gcc12-debuginfo-12.2.1+git416-150000.1.5.1 gcc12-debugsource-12.2.1+git416-150000.1.5.1 gcc12-go-12.2.1+git416-150000.1.5.1 gcc12-go-debuginfo-12.2.1+git416-150000.1.5.1 gcc12-obj-c++-12.2.1+git416-150000.1.5.1 gcc12-obj-c++-debuginfo-12.2.1+git416-150000.1.5.1 gcc12-objc-12.2.1+git416-150000.1.5.1 gcc12-objc-debuginfo-12.2.1+git416-150000.1.5.1 libada12-12.2.1+git416-150000.1.5.1 libada12-debuginfo-12.2.1+git416-150000.1.5.1 libgo21-12.2.1+git416-150000.1.5.1 libgo21-debuginfo-12.2.1+git416-150000.1.5.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 (aarch64 s390x x86_64): gcc12-d-12.2.1+git416-150000.1.5.1 gcc12-d-debuginfo-12.2.1+git416-150000.1.5.1 libgdruntime3-12.2.1+git416-150000.1.5.1 libgdruntime3-debuginfo-12.2.1+git416-150000.1.5.1 libgphobos3-12.2.1+git416-150000.1.5.1 libgphobos3-debuginfo-12.2.1+git416-150000.1.5.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 (x86_64): gcc12-ada-32bit-12.2.1+git416-150000.1.5.1 gcc12-d-32bit-12.2.1+git416-150000.1.5.1 gcc12-go-32bit-12.2.1+git416-150000.1.5.1 gcc12-obj-c++-32bit-12.2.1+git416-150000.1.5.1 gcc12-objc-32bit-12.2.1+git416-150000.1.5.1 libada12-32bit-12.2.1+git416-150000.1.5.1 libada12-32bit-debuginfo-12.2.1+git416-150000.1.5.1 libgdruntime3-32bit-12.2.1+git416-150000.1.5.1 libgdruntime3-32bit-debuginfo-12.2.1+git416-150000.1.5.1 libgo21-32bit-12.2.1+git416-150000.1.5.1 libgo21-32bit-debuginfo-12.2.1+git416-150000.1.5.1 libgphobos3-32bit-12.2.1+git416-150000.1.5.1 libgphobos3-32bit-debuginfo-12.2.1+git416-150000.1.5.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (aarch64 ppc64le s390x x86_64): gcc12-ada-12.2.1+git416-150000.1.5.1 gcc12-ada-debuginfo-12.2.1+git416-150000.1.5.1 gcc12-debuginfo-12.2.1+git416-150000.1.5.1 gcc12-debugsource-12.2.1+git416-150000.1.5.1 gcc12-go-12.2.1+git416-150000.1.5.1 gcc12-go-debuginfo-12.2.1+git416-150000.1.5.1 gcc12-obj-c++-12.2.1+git416-150000.1.5.1 gcc12-obj-c++-debuginfo-12.2.1+git416-150000.1.5.1 gcc12-objc-12.2.1+git416-150000.1.5.1 gcc12-objc-debuginfo-12.2.1+git416-150000.1.5.1 libada12-12.2.1+git416-150000.1.5.1 libada12-debuginfo-12.2.1+git416-150000.1.5.1 libgo21-12.2.1+git416-150000.1.5.1 libgo21-debuginfo-12.2.1+git416-150000.1.5.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (aarch64 s390x x86_64): gcc12-d-12.2.1+git416-150000.1.5.1 gcc12-d-debuginfo-12.2.1+git416-150000.1.5.1 libgdruntime3-12.2.1+git416-150000.1.5.1 libgdruntime3-debuginfo-12.2.1+git416-150000.1.5.1 libgphobos3-12.2.1+git416-150000.1.5.1 libgphobos3-debuginfo-12.2.1+git416-150000.1.5.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (aarch64): gcc12-c++-12.2.1+git416-150000.1.5.1 gcc12-c++-debuginfo-12.2.1+git416-150000.1.5.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (ppc64le): libobjc4-12.2.1+git416-150000.1.5.1 libobjc4-debuginfo-12.2.1+git416-150000.1.5.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (x86_64): gcc12-ada-32bit-12.2.1+git416-150000.1.5.1 gcc12-d-32bit-12.2.1+git416-150000.1.5.1 gcc12-go-32bit-12.2.1+git416-150000.1.5.1 gcc12-obj-c++-32bit-12.2.1+git416-150000.1.5.1 gcc12-objc-32bit-12.2.1+git416-150000.1.5.1 libada12-32bit-12.2.1+git416-150000.1.5.1 libada12-32bit-debuginfo-12.2.1+git416-150000.1.5.1 libgdruntime3-32bit-12.2.1+git416-150000.1.5.1 libgdruntime3-32bit-debuginfo-12.2.1+git416-150000.1.5.1 libgo21-32bit-12.2.1+git416-150000.1.5.1 libgo21-32bit-debuginfo-12.2.1+git416-150000.1.5.1 libgphobos3-32bit-12.2.1+git416-150000.1.5.1 libgphobos3-32bit-debuginfo-12.2.1+git416-150000.1.5.1 - SUSE Linux Enterprise Module for Legacy Software 15-SP4 (s390x): libatomic1-32bit-12.2.1+git416-150000.1.5.1 libatomic1-32bit-debuginfo-12.2.1+git416-150000.1.5.1 libgcc_s1-32bit-12.2.1+git416-150000.1.5.1 libgcc_s1-32bit-debuginfo-12.2.1+git416-150000.1.5.1 libgfortran5-32bit-12.2.1+git416-150000.1.5.1 libgfortran5-32bit-debuginfo-12.2.1+git416-150000.1.5.1 libgomp1-32bit-12.2.1+git416-150000.1.5.1 libgomp1-32bit-debuginfo-12.2.1+git416-150000.1.5.1 libitm1-32bit-12.2.1+git416-150000.1.5.1 libitm1-32bit-debuginfo-12.2.1+git416-150000.1.5.1 libstdc++6-32bit-12.2.1+git416-150000.1.5.1 libstdc++6-32bit-debuginfo-12.2.1+git416-150000.1.5.1 libubsan1-32bit-12.2.1+git416-150000.1.5.1 libubsan1-32bit-debuginfo-12.2.1+git416-150000.1.5.1 - SUSE Linux Enterprise Module for Legacy Software 15-SP3 (s390x): libatomic1-32bit-12.2.1+git416-150000.1.5.1 libatomic1-32bit-debuginfo-12.2.1+git416-150000.1.5.1 libgcc_s1-32bit-12.2.1+git416-150000.1.5.1 libgcc_s1-32bit-debuginfo-12.2.1+git416-150000.1.5.1 libgfortran5-32bit-12.2.1+git416-150000.1.5.1 libgfortran5-32bit-debuginfo-12.2.1+git416-150000.1.5.1 libgomp1-32bit-12.2.1+git416-150000.1.5.1 libgomp1-32bit-debuginfo-12.2.1+git416-150000.1.5.1 libitm1-32bit-12.2.1+git416-150000.1.5.1 libitm1-32bit-debuginfo-12.2.1+git416-150000.1.5.1 libstdc++6-32bit-12.2.1+git416-150000.1.5.1 libstdc++6-32bit-debuginfo-12.2.1+git416-150000.1.5.1 libubsan1-32bit-12.2.1+git416-150000.1.5.1 libubsan1-32bit-debuginfo-12.2.1+git416-150000.1.5.1 - SUSE Linux Enterprise Module for Development Tools 15-SP4 (aarch64 ppc64le s390x x86_64): cpp12-12.2.1+git416-150000.1.5.1 cpp12-debuginfo-12.2.1+git416-150000.1.5.1 gcc12-12.2.1+git416-150000.1.5.1 gcc12-PIE-12.2.1+git416-150000.1.5.1 gcc12-c++-12.2.1+git416-150000.1.5.1 gcc12-c++-debuginfo-12.2.1+git416-150000.1.5.1 gcc12-debuginfo-12.2.1+git416-150000.1.5.1 gcc12-debugsource-12.2.1+git416-150000.1.5.1 gcc12-fortran-12.2.1+git416-150000.1.5.1 gcc12-fortran-debuginfo-12.2.1+git416-150000.1.5.1 gcc12-locale-12.2.1+git416-150000.1.5.1 libstdc++6-devel-gcc12-12.2.1+git416-150000.1.5.1 - SUSE Linux Enterprise Module for Development Tools 15-SP4 (noarch): gcc12-info-12.2.1+git416-150000.1.5.1 - SUSE Linux Enterprise Module for Development Tools 15-SP4 (x86_64): cross-nvptx-gcc12-12.2.1+git416-150000.1.5.1 cross-nvptx-gcc12-debuginfo-12.2.1+git416-150000.1.5.1 cross-nvptx-gcc12-debugsource-12.2.1+git416-150000.1.5.1 cross-nvptx-newlib12-devel-12.2.1+git416-150000.1.5.1 gcc12-32bit-12.2.1+git416-150000.1.5.1 gcc12-c++-32bit-12.2.1+git416-150000.1.5.1 gcc12-fortran-32bit-12.2.1+git416-150000.1.5.1 gcc12-testresults-12.2.1+git416-150000.1.5.3 libstdc++6-devel-gcc12-32bit-12.2.1+git416-150000.1.5.1 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 ppc64le s390x x86_64): cpp12-12.2.1+git416-150000.1.5.1 cpp12-debuginfo-12.2.1+git416-150000.1.5.1 gcc12-12.2.1+git416-150000.1.5.1 gcc12-PIE-12.2.1+git416-150000.1.5.1 gcc12-c++-12.2.1+git416-150000.1.5.1 gcc12-c++-debuginfo-12.2.1+git416-150000.1.5.1 gcc12-debuginfo-12.2.1+git416-150000.1.5.1 gcc12-debugsource-12.2.1+git416-150000.1.5.1 gcc12-fortran-12.2.1+git416-150000.1.5.1 gcc12-fortran-debuginfo-12.2.1+git416-150000.1.5.1 gcc12-locale-12.2.1+git416-150000.1.5.1 libstdc++6-devel-gcc12-12.2.1+git416-150000.1.5.1 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (ppc64le): libstdc++6-locale-12.2.1+git416-150000.1.5.1 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (x86_64): cross-nvptx-gcc12-12.2.1+git416-150000.1.5.1 cross-nvptx-gcc12-debuginfo-12.2.1+git416-150000.1.5.1 cross-nvptx-gcc12-debugsource-12.2.1+git416-150000.1.5.1 cross-nvptx-newlib12-devel-12.2.1+git416-150000.1.5.1 gcc12-32bit-12.2.1+git416-150000.1.5.1 gcc12-c++-32bit-12.2.1+git416-150000.1.5.1 gcc12-fortran-32bit-12.2.1+git416-150000.1.5.1 libstdc++6-devel-gcc12-32bit-12.2.1+git416-150000.1.5.1 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (noarch): gcc12-info-12.2.1+git416-150000.1.5.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): gcc12-debuginfo-12.2.1+git416-150000.1.5.1 gcc12-debugsource-12.2.1+git416-150000.1.5.1 libasan8-12.2.1+git416-150000.1.5.1 libasan8-debuginfo-12.2.1+git416-150000.1.5.1 libatomic1-12.2.1+git416-150000.1.5.1 libatomic1-debuginfo-12.2.1+git416-150000.1.5.1 libgcc_s1-12.2.1+git416-150000.1.5.1 libgcc_s1-debuginfo-12.2.1+git416-150000.1.5.1 libgfortran5-12.2.1+git416-150000.1.5.1 libgfortran5-debuginfo-12.2.1+git416-150000.1.5.1 libgomp1-12.2.1+git416-150000.1.5.1 libgomp1-debuginfo-12.2.1+git416-150000.1.5.1 libitm1-12.2.1+git416-150000.1.5.1 libitm1-debuginfo-12.2.1+git416-150000.1.5.1 liblsan0-12.2.1+git416-150000.1.5.1 liblsan0-debuginfo-12.2.1+git416-150000.1.5.1 libobjc4-12.2.1+git416-150000.1.5.1 libobjc4-debuginfo-12.2.1+git416-150000.1.5.1 libstdc++6-12.2.1+git416-150000.1.5.1 libstdc++6-debuginfo-12.2.1+git416-150000.1.5.1 libstdc++6-locale-12.2.1+git416-150000.1.5.1 libstdc++6-pp-12.2.1+git416-150000.1.5.1 libtsan2-12.2.1+git416-150000.1.5.1 libtsan2-debuginfo-12.2.1+git416-150000.1.5.1 libubsan1-12.2.1+git416-150000.1.5.1 libubsan1-debuginfo-12.2.1+git416-150000.1.5.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (ppc64le x86_64): libquadmath0-12.2.1+git416-150000.1.5.1 libquadmath0-debuginfo-12.2.1+git416-150000.1.5.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64): libhwasan0-12.2.1+git416-150000.1.5.1 libhwasan0-debuginfo-12.2.1+git416-150000.1.5.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (x86_64): libasan8-32bit-12.2.1+git416-150000.1.5.1 libasan8-32bit-debuginfo-12.2.1+git416-150000.1.5.1 libatomic1-32bit-12.2.1+git416-150000.1.5.1 libatomic1-32bit-debuginfo-12.2.1+git416-150000.1.5.1 libgcc_s1-32bit-12.2.1+git416-150000.1.5.1 libgcc_s1-32bit-debuginfo-12.2.1+git416-150000.1.5.1 libgfortran5-32bit-12.2.1+git416-150000.1.5.1 libgfortran5-32bit-debuginfo-12.2.1+git416-150000.1.5.1 libgomp1-32bit-12.2.1+git416-150000.1.5.1 libgomp1-32bit-debuginfo-12.2.1+git416-150000.1.5.1 libitm1-32bit-12.2.1+git416-150000.1.5.1 libitm1-32bit-debuginfo-12.2.1+git416-150000.1.5.1 libobjc4-32bit-12.2.1+git416-150000.1.5.1 libobjc4-32bit-debuginfo-12.2.1+git416-150000.1.5.1 libquadmath0-32bit-12.2.1+git416-150000.1.5.1 libquadmath0-32bit-debuginfo-12.2.1+git416-150000.1.5.1 libstdc++6-32bit-12.2.1+git416-150000.1.5.1 libstdc++6-32bit-debuginfo-12.2.1+git416-150000.1.5.1 libstdc++6-pp-32bit-12.2.1+git416-150000.1.5.1 libubsan1-32bit-12.2.1+git416-150000.1.5.1 libubsan1-32bit-debuginfo-12.2.1+git416-150000.1.5.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): libasan8-12.2.1+git416-150000.1.5.1 libasan8-debuginfo-12.2.1+git416-150000.1.5.1 libatomic1-12.2.1+git416-150000.1.5.1 libatomic1-debuginfo-12.2.1+git416-150000.1.5.1 libgcc_s1-12.2.1+git416-150000.1.5.1 libgcc_s1-debuginfo-12.2.1+git416-150000.1.5.1 libgfortran5-12.2.1+git416-150000.1.5.1 libgfortran5-debuginfo-12.2.1+git416-150000.1.5.1 libgomp1-12.2.1+git416-150000.1.5.1 libgomp1-debuginfo-12.2.1+git416-150000.1.5.1 libitm1-12.2.1+git416-150000.1.5.1 libitm1-debuginfo-12.2.1+git416-150000.1.5.1 liblsan0-12.2.1+git416-150000.1.5.1 liblsan0-debuginfo-12.2.1+git416-150000.1.5.1 libobjc4-12.2.1+git416-150000.1.5.1 libobjc4-debuginfo-12.2.1+git416-150000.1.5.1 libstdc++6-12.2.1+git416-150000.1.5.1 libstdc++6-debuginfo-12.2.1+git416-150000.1.5.1 libstdc++6-locale-12.2.1+git416-150000.1.5.1 libstdc++6-pp-12.2.1+git416-150000.1.5.1 libtsan2-12.2.1+git416-150000.1.5.1 libtsan2-debuginfo-12.2.1+git416-150000.1.5.1 libubsan1-12.2.1+git416-150000.1.5.1 libubsan1-debuginfo-12.2.1+git416-150000.1.5.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (ppc64le x86_64): libquadmath0-12.2.1+git416-150000.1.5.1 libquadmath0-debuginfo-12.2.1+git416-150000.1.5.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64): libhwasan0-12.2.1+git416-150000.1.5.1 libhwasan0-debuginfo-12.2.1+git416-150000.1.5.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (x86_64): libasan8-32bit-12.2.1+git416-150000.1.5.1 libasan8-32bit-debuginfo-12.2.1+git416-150000.1.5.1 libatomic1-32bit-12.2.1+git416-150000.1.5.1 libatomic1-32bit-debuginfo-12.2.1+git416-150000.1.5.1 libgcc_s1-32bit-12.2.1+git416-150000.1.5.1 libgcc_s1-32bit-debuginfo-12.2.1+git416-150000.1.5.1 libgfortran5-32bit-12.2.1+git416-150000.1.5.1 libgfortran5-32bit-debuginfo-12.2.1+git416-150000.1.5.1 libgomp1-32bit-12.2.1+git416-150000.1.5.1 libgomp1-32bit-debuginfo-12.2.1+git416-150000.1.5.1 libitm1-32bit-12.2.1+git416-150000.1.5.1 libitm1-32bit-debuginfo-12.2.1+git416-150000.1.5.1 libobjc4-32bit-12.2.1+git416-150000.1.5.1 libobjc4-32bit-debuginfo-12.2.1+git416-150000.1.5.1 libquadmath0-32bit-12.2.1+git416-150000.1.5.1 libquadmath0-32bit-debuginfo-12.2.1+git416-150000.1.5.1 libstdc++6-32bit-12.2.1+git416-150000.1.5.1 libstdc++6-32bit-debuginfo-12.2.1+git416-150000.1.5.1 libstdc++6-pp-32bit-12.2.1+git416-150000.1.5.1 libubsan1-32bit-12.2.1+git416-150000.1.5.1 libubsan1-32bit-debuginfo-12.2.1+git416-150000.1.5.1 - SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64): gcc12-debuginfo-12.2.1+git416-150000.1.5.1 gcc12-debugsource-12.2.1+git416-150000.1.5.1 libgcc_s1-12.2.1+git416-150000.1.5.1 libgcc_s1-debuginfo-12.2.1+git416-150000.1.5.1 libstdc++6-12.2.1+git416-150000.1.5.1 libstdc++6-debuginfo-12.2.1+git416-150000.1.5.1 - SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64): libgcc_s1-12.2.1+git416-150000.1.5.1 libgcc_s1-debuginfo-12.2.1+git416-150000.1.5.1 libstdc++6-12.2.1+git416-150000.1.5.1 libstdc++6-debuginfo-12.2.1+git416-150000.1.5.1 - SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64): libgcc_s1-12.2.1+git416-150000.1.5.1 libgcc_s1-debuginfo-12.2.1+git416-150000.1.5.1 libstdc++6-12.2.1+git416-150000.1.5.1 libstdc++6-debuginfo-12.2.1+git416-150000.1.5.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): libasan8-12.2.1+git416-150000.1.5.1 libasan8-debuginfo-12.2.1+git416-150000.1.5.1 libatomic1-12.2.1+git416-150000.1.5.1 libatomic1-debuginfo-12.2.1+git416-150000.1.5.1 libgcc_s1-12.2.1+git416-150000.1.5.1 libgcc_s1-debuginfo-12.2.1+git416-150000.1.5.1 libgfortran5-12.2.1+git416-150000.1.5.1 libgfortran5-debuginfo-12.2.1+git416-150000.1.5.1 libgomp1-12.2.1+git416-150000.1.5.1 libgomp1-debuginfo-12.2.1+git416-150000.1.5.1 libitm1-12.2.1+git416-150000.1.5.1 libitm1-debuginfo-12.2.1+git416-150000.1.5.1 liblsan0-12.2.1+git416-150000.1.5.1 liblsan0-debuginfo-12.2.1+git416-150000.1.5.1 libobjc4-12.2.1+git416-150000.1.5.1 libobjc4-debuginfo-12.2.1+git416-150000.1.5.1 libstdc++6-12.2.1+git416-150000.1.5.1 libstdc++6-debuginfo-12.2.1+git416-150000.1.5.1 libstdc++6-devel-gcc12-12.2.1+git416-150000.1.5.1 libstdc++6-locale-12.2.1+git416-150000.1.5.1 libstdc++6-pp-12.2.1+git416-150000.1.5.1 libtsan2-debuginfo-12.2.1+git416-150000.1.5.1 libubsan1-12.2.1+git416-150000.1.5.1 libubsan1-debuginfo-12.2.1+git416-150000.1.5.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64): libhwasan0-12.2.1+git416-150000.1.5.1 libhwasan0-debuginfo-12.2.1+git416-150000.1.5.1 libtsan2-12.2.1+git416-150000.1.5.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (x86_64): libasan8-32bit-12.2.1+git416-150000.1.5.1 libasan8-32bit-debuginfo-12.2.1+git416-150000.1.5.1 libatomic1-32bit-12.2.1+git416-150000.1.5.1 libatomic1-32bit-debuginfo-12.2.1+git416-150000.1.5.1 libgcc_s1-32bit-12.2.1+git416-150000.1.5.1 libgcc_s1-32bit-debuginfo-12.2.1+git416-150000.1.5.1 libgfortran5-32bit-12.2.1+git416-150000.1.5.1 libgfortran5-32bit-debuginfo-12.2.1+git416-150000.1.5.1 libgomp1-32bit-12.2.1+git416-150000.1.5.1 libgomp1-32bit-debuginfo-12.2.1+git416-150000.1.5.1 libitm1-32bit-12.2.1+git416-150000.1.5.1 libitm1-32bit-debuginfo-12.2.1+git416-150000.1.5.1 libobjc4-32bit-12.2.1+git416-150000.1.5.1 libobjc4-32bit-debuginfo-12.2.1+git416-150000.1.5.1 libquadmath0-12.2.1+git416-150000.1.5.1 libquadmath0-32bit-12.2.1+git416-150000.1.5.1 libquadmath0-32bit-debuginfo-12.2.1+git416-150000.1.5.1 libquadmath0-debuginfo-12.2.1+git416-150000.1.5.1 libstdc++6-32bit-12.2.1+git416-150000.1.5.1 libstdc++6-32bit-debuginfo-12.2.1+git416-150000.1.5.1 libstdc++6-devel-gcc12-32bit-12.2.1+git416-150000.1.5.1 libstdc++6-pp-32bit-12.2.1+git416-150000.1.5.1 libubsan1-32bit-12.2.1+git416-150000.1.5.1 libubsan1-32bit-debuginfo-12.2.1+git416-150000.1.5.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): libasan8-12.2.1+git416-150000.1.5.1 libasan8-debuginfo-12.2.1+git416-150000.1.5.1 libatomic1-12.2.1+git416-150000.1.5.1 libatomic1-debuginfo-12.2.1+git416-150000.1.5.1 libgcc_s1-12.2.1+git416-150000.1.5.1 libgcc_s1-debuginfo-12.2.1+git416-150000.1.5.1 libgfortran5-12.2.1+git416-150000.1.5.1 libgfortran5-debuginfo-12.2.1+git416-150000.1.5.1 libgomp1-12.2.1+git416-150000.1.5.1 libgomp1-debuginfo-12.2.1+git416-150000.1.5.1 libitm1-12.2.1+git416-150000.1.5.1 libitm1-debuginfo-12.2.1+git416-150000.1.5.1 liblsan0-12.2.1+git416-150000.1.5.1 liblsan0-debuginfo-12.2.1+git416-150000.1.5.1 libobjc4-12.2.1+git416-150000.1.5.1 libobjc4-debuginfo-12.2.1+git416-150000.1.5.1 libstdc++6-12.2.1+git416-150000.1.5.1 libstdc++6-debuginfo-12.2.1+git416-150000.1.5.1 libstdc++6-devel-gcc12-12.2.1+git416-150000.1.5.1 libstdc++6-locale-12.2.1+git416-150000.1.5.1 libtsan2-12.2.1+git416-150000.1.5.1 libtsan2-debuginfo-12.2.1+git416-150000.1.5.1 libubsan1-12.2.1+git416-150000.1.5.1 libubsan1-debuginfo-12.2.1+git416-150000.1.5.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64): libhwasan0-12.2.1+git416-150000.1.5.1 libhwasan0-debuginfo-12.2.1+git416-150000.1.5.1 libstdc++6-pp-12.2.1+git416-150000.1.5.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (x86_64): libasan8-32bit-12.2.1+git416-150000.1.5.1 libasan8-32bit-debuginfo-12.2.1+git416-150000.1.5.1 libatomic1-32bit-12.2.1+git416-150000.1.5.1 libatomic1-32bit-debuginfo-12.2.1+git416-150000.1.5.1 libgcc_s1-32bit-12.2.1+git416-150000.1.5.1 libgcc_s1-32bit-debuginfo-12.2.1+git416-150000.1.5.1 libgfortran5-32bit-12.2.1+git416-150000.1.5.1 libgfortran5-32bit-debuginfo-12.2.1+git416-150000.1.5.1 libgomp1-32bit-12.2.1+git416-150000.1.5.1 libgomp1-32bit-debuginfo-12.2.1+git416-150000.1.5.1 libitm1-32bit-12.2.1+git416-150000.1.5.1 libitm1-32bit-debuginfo-12.2.1+git416-150000.1.5.1 libobjc4-32bit-12.2.1+git416-150000.1.5.1 libobjc4-32bit-debuginfo-12.2.1+git416-150000.1.5.1 libquadmath0-12.2.1+git416-150000.1.5.1 libquadmath0-32bit-12.2.1+git416-150000.1.5.1 libquadmath0-32bit-debuginfo-12.2.1+git416-150000.1.5.1 libquadmath0-debuginfo-12.2.1+git416-150000.1.5.1 libstdc++6-32bit-12.2.1+git416-150000.1.5.1 libstdc++6-32bit-debuginfo-12.2.1+git416-150000.1.5.1 libstdc++6-devel-gcc12-32bit-12.2.1+git416-150000.1.5.1 libubsan1-32bit-12.2.1+git416-150000.1.5.1 libubsan1-32bit-debuginfo-12.2.1+git416-150000.1.5.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): libasan8-12.2.1+git416-150000.1.5.1 libasan8-debuginfo-12.2.1+git416-150000.1.5.1 libatomic1-12.2.1+git416-150000.1.5.1 libatomic1-debuginfo-12.2.1+git416-150000.1.5.1 libgcc_s1-12.2.1+git416-150000.1.5.1 libgcc_s1-debuginfo-12.2.1+git416-150000.1.5.1 libgfortran5-12.2.1+git416-150000.1.5.1 libgfortran5-debuginfo-12.2.1+git416-150000.1.5.1 libgomp1-12.2.1+git416-150000.1.5.1 libgomp1-debuginfo-12.2.1+git416-150000.1.5.1 libitm1-12.2.1+git416-150000.1.5.1 libitm1-debuginfo-12.2.1+git416-150000.1.5.1 liblsan0-12.2.1+git416-150000.1.5.1 liblsan0-debuginfo-12.2.1+git416-150000.1.5.1 libobjc4-12.2.1+git416-150000.1.5.1 libobjc4-debuginfo-12.2.1+git416-150000.1.5.1 libstdc++6-12.2.1+git416-150000.1.5.1 libstdc++6-debuginfo-12.2.1+git416-150000.1.5.1 libstdc++6-devel-gcc12-12.2.1+git416-150000.1.5.1 libstdc++6-locale-12.2.1+git416-150000.1.5.1 libstdc++6-pp-12.2.1+git416-150000.1.5.1 libtsan2-12.2.1+git416-150000.1.5.1 libtsan2-debuginfo-12.2.1+git416-150000.1.5.1 libubsan1-12.2.1+git416-150000.1.5.1 libubsan1-debuginfo-12.2.1+git416-150000.1.5.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64): libhwasan0-12.2.1+git416-150000.1.5.1 libhwasan0-debuginfo-12.2.1+git416-150000.1.5.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (x86_64): libasan8-32bit-12.2.1+git416-150000.1.5.1 libasan8-32bit-debuginfo-12.2.1+git416-150000.1.5.1 libatomic1-32bit-12.2.1+git416-150000.1.5.1 libatomic1-32bit-debuginfo-12.2.1+git416-150000.1.5.1 libgcc_s1-32bit-12.2.1+git416-150000.1.5.1 libgcc_s1-32bit-debuginfo-12.2.1+git416-150000.1.5.1 libgfortran5-32bit-12.2.1+git416-150000.1.5.1 libgfortran5-32bit-debuginfo-12.2.1+git416-150000.1.5.1 libgomp1-32bit-12.2.1+git416-150000.1.5.1 libgomp1-32bit-debuginfo-12.2.1+git416-150000.1.5.1 libitm1-32bit-12.2.1+git416-150000.1.5.1 libitm1-32bit-debuginfo-12.2.1+git416-150000.1.5.1 libobjc4-32bit-12.2.1+git416-150000.1.5.1 libobjc4-32bit-debuginfo-12.2.1+git416-150000.1.5.1 libquadmath0-12.2.1+git416-150000.1.5.1 libquadmath0-32bit-12.2.1+git416-150000.1.5.1 libquadmath0-32bit-debuginfo-12.2.1+git416-150000.1.5.1 libquadmath0-debuginfo-12.2.1+git416-150000.1.5.1 libstdc++6-32bit-12.2.1+git416-150000.1.5.1 libstdc++6-32bit-debuginfo-12.2.1+git416-150000.1.5.1 libstdc++6-devel-gcc12-32bit-12.2.1+git416-150000.1.5.1 libstdc++6-pp-32bit-12.2.1+git416-150000.1.5.1 libubsan1-32bit-12.2.1+git416-150000.1.5.1 libubsan1-32bit-debuginfo-12.2.1+git416-150000.1.5.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): libasan8-12.2.1+git416-150000.1.5.1 libasan8-debuginfo-12.2.1+git416-150000.1.5.1 libatomic1-12.2.1+git416-150000.1.5.1 libatomic1-debuginfo-12.2.1+git416-150000.1.5.1 libgcc_s1-12.2.1+git416-150000.1.5.1 libgcc_s1-debuginfo-12.2.1+git416-150000.1.5.1 libgfortran5-12.2.1+git416-150000.1.5.1 libgfortran5-debuginfo-12.2.1+git416-150000.1.5.1 libgomp1-12.2.1+git416-150000.1.5.1 libgomp1-debuginfo-12.2.1+git416-150000.1.5.1 libitm1-12.2.1+git416-150000.1.5.1 libitm1-debuginfo-12.2.1+git416-150000.1.5.1 liblsan0-12.2.1+git416-150000.1.5.1 liblsan0-debuginfo-12.2.1+git416-150000.1.5.1 libobjc4-12.2.1+git416-150000.1.5.1 libobjc4-debuginfo-12.2.1+git416-150000.1.5.1 libstdc++6-12.2.1+git416-150000.1.5.1 libstdc++6-debuginfo-12.2.1+git416-150000.1.5.1 libstdc++6-devel-gcc12-12.2.1+git416-150000.1.5.1 libstdc++6-locale-12.2.1+git416-150000.1.5.1 libstdc++6-pp-12.2.1+git416-150000.1.5.1 libtsan2-12.2.1+git416-150000.1.5.1 libtsan2-debuginfo-12.2.1+git416-150000.1.5.1 libubsan1-12.2.1+git416-150000.1.5.1 libubsan1-debuginfo-12.2.1+git416-150000.1.5.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64): libhwasan0-12.2.1+git416-150000.1.5.1 libhwasan0-debuginfo-12.2.1+git416-150000.1.5.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (x86_64): libasan8-32bit-12.2.1+git416-150000.1.5.1 libasan8-32bit-debuginfo-12.2.1+git416-150000.1.5.1 libatomic1-32bit-12.2.1+git416-150000.1.5.1 libatomic1-32bit-debuginfo-12.2.1+git416-150000.1.5.1 libgcc_s1-32bit-12.2.1+git416-150000.1.5.1 libgcc_s1-32bit-debuginfo-12.2.1+git416-150000.1.5.1 libgfortran5-32bit-12.2.1+git416-150000.1.5.1 libgfortran5-32bit-debuginfo-12.2.1+git416-150000.1.5.1 libgomp1-32bit-12.2.1+git416-150000.1.5.1 libgomp1-32bit-debuginfo-12.2.1+git416-150000.1.5.1 libitm1-32bit-12.2.1+git416-150000.1.5.1 libitm1-32bit-debuginfo-12.2.1+git416-150000.1.5.1 libobjc4-32bit-12.2.1+git416-150000.1.5.1 libobjc4-32bit-debuginfo-12.2.1+git416-150000.1.5.1 libquadmath0-12.2.1+git416-150000.1.5.1 libquadmath0-32bit-12.2.1+git416-150000.1.5.1 libquadmath0-32bit-debuginfo-12.2.1+git416-150000.1.5.1 libquadmath0-debuginfo-12.2.1+git416-150000.1.5.1 libstdc++6-32bit-12.2.1+git416-150000.1.5.1 libstdc++6-32bit-debuginfo-12.2.1+git416-150000.1.5.1 libstdc++6-pp-32bit-12.2.1+git416-150000.1.5.1 libubsan1-32bit-12.2.1+git416-150000.1.5.1 libubsan1-32bit-debuginfo-12.2.1+git416-150000.1.5.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): libasan8-12.2.1+git416-150000.1.5.1 libasan8-debuginfo-12.2.1+git416-150000.1.5.1 libatomic1-12.2.1+git416-150000.1.5.1 libatomic1-debuginfo-12.2.1+git416-150000.1.5.1 libgcc_s1-12.2.1+git416-150000.1.5.1 libgcc_s1-debuginfo-12.2.1+git416-150000.1.5.1 libgfortran5-12.2.1+git416-150000.1.5.1 libgfortran5-debuginfo-12.2.1+git416-150000.1.5.1 libgomp1-12.2.1+git416-150000.1.5.1 libgomp1-debuginfo-12.2.1+git416-150000.1.5.1 libitm1-12.2.1+git416-150000.1.5.1 libitm1-debuginfo-12.2.1+git416-150000.1.5.1 liblsan0-12.2.1+git416-150000.1.5.1 liblsan0-debuginfo-12.2.1+git416-150000.1.5.1 libobjc4-12.2.1+git416-150000.1.5.1 libobjc4-debuginfo-12.2.1+git416-150000.1.5.1 libstdc++6-12.2.1+git416-150000.1.5.1 libstdc++6-debuginfo-12.2.1+git416-150000.1.5.1 libstdc++6-devel-gcc12-12.2.1+git416-150000.1.5.1 libstdc++6-locale-12.2.1+git416-150000.1.5.1 libstdc++6-pp-12.2.1+git416-150000.1.5.1 libtsan2-12.2.1+git416-150000.1.5.1 libtsan2-debuginfo-12.2.1+git416-150000.1.5.1 libubsan1-12.2.1+git416-150000.1.5.1 libubsan1-debuginfo-12.2.1+git416-150000.1.5.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64): libhwasan0-12.2.1+git416-150000.1.5.1 libhwasan0-debuginfo-12.2.1+git416-150000.1.5.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (x86_64): libasan8-32bit-12.2.1+git416-150000.1.5.1 libasan8-32bit-debuginfo-12.2.1+git416-150000.1.5.1 libatomic1-32bit-12.2.1+git416-150000.1.5.1 libatomic1-32bit-debuginfo-12.2.1+git416-150000.1.5.1 libgcc_s1-32bit-12.2.1+git416-150000.1.5.1 libgcc_s1-32bit-debuginfo-12.2.1+git416-150000.1.5.1 libgfortran5-32bit-12.2.1+git416-150000.1.5.1 libgfortran5-32bit-debuginfo-12.2.1+git416-150000.1.5.1 libgomp1-32bit-12.2.1+git416-150000.1.5.1 libgomp1-32bit-debuginfo-12.2.1+git416-150000.1.5.1 libitm1-32bit-12.2.1+git416-150000.1.5.1 libitm1-32bit-debuginfo-12.2.1+git416-150000.1.5.1 libobjc4-32bit-12.2.1+git416-150000.1.5.1 libobjc4-32bit-debuginfo-12.2.1+git416-150000.1.5.1 libquadmath0-12.2.1+git416-150000.1.5.1 libquadmath0-32bit-12.2.1+git416-150000.1.5.1 libquadmath0-32bit-debuginfo-12.2.1+git416-150000.1.5.1 libquadmath0-debuginfo-12.2.1+git416-150000.1.5.1 libstdc++6-32bit-12.2.1+git416-150000.1.5.1 libstdc++6-32bit-debuginfo-12.2.1+git416-150000.1.5.1 libstdc++6-devel-gcc12-32bit-12.2.1+git416-150000.1.5.1 libstdc++6-pp-32bit-12.2.1+git416-150000.1.5.1 libubsan1-32bit-12.2.1+git416-150000.1.5.1 libubsan1-32bit-debuginfo-12.2.1+git416-150000.1.5.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): libasan8-12.2.1+git416-150000.1.5.1 libasan8-debuginfo-12.2.1+git416-150000.1.5.1 libatomic1-12.2.1+git416-150000.1.5.1 libatomic1-debuginfo-12.2.1+git416-150000.1.5.1 libgcc_s1-12.2.1+git416-150000.1.5.1 libgcc_s1-debuginfo-12.2.1+git416-150000.1.5.1 libgfortran5-12.2.1+git416-150000.1.5.1 libgfortran5-debuginfo-12.2.1+git416-150000.1.5.1 libgomp1-12.2.1+git416-150000.1.5.1 libgomp1-debuginfo-12.2.1+git416-150000.1.5.1 libitm1-12.2.1+git416-150000.1.5.1 libitm1-debuginfo-12.2.1+git416-150000.1.5.1 liblsan0-12.2.1+git416-150000.1.5.1 liblsan0-debuginfo-12.2.1+git416-150000.1.5.1 libobjc4-12.2.1+git416-150000.1.5.1 libobjc4-debuginfo-12.2.1+git416-150000.1.5.1 libstdc++6-12.2.1+git416-150000.1.5.1 libstdc++6-debuginfo-12.2.1+git416-150000.1.5.1 libstdc++6-devel-gcc12-12.2.1+git416-150000.1.5.1 libstdc++6-locale-12.2.1+git416-150000.1.5.1 libstdc++6-pp-12.2.1+git416-150000.1.5.1 libtsan2-12.2.1+git416-150000.1.5.1 libtsan2-debuginfo-12.2.1+git416-150000.1.5.1 libubsan1-12.2.1+git416-150000.1.5.1 libubsan1-debuginfo-12.2.1+git416-150000.1.5.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64): libhwasan0-12.2.1+git416-150000.1.5.1 libhwasan0-debuginfo-12.2.1+git416-150000.1.5.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (x86_64): libasan8-32bit-12.2.1+git416-150000.1.5.1 libasan8-32bit-debuginfo-12.2.1+git416-150000.1.5.1 libatomic1-32bit-12.2.1+git416-150000.1.5.1 libatomic1-32bit-debuginfo-12.2.1+git416-150000.1.5.1 libgcc_s1-32bit-12.2.1+git416-150000.1.5.1 libgcc_s1-32bit-debuginfo-12.2.1+git416-150000.1.5.1 libgfortran5-32bit-12.2.1+git416-150000.1.5.1 libgfortran5-32bit-debuginfo-12.2.1+git416-150000.1.5.1 libgomp1-32bit-12.2.1+git416-150000.1.5.1 libgomp1-32bit-debuginfo-12.2.1+git416-150000.1.5.1 libitm1-32bit-12.2.1+git416-150000.1.5.1 libitm1-32bit-debuginfo-12.2.1+git416-150000.1.5.1 libobjc4-32bit-12.2.1+git416-150000.1.5.1 libobjc4-32bit-debuginfo-12.2.1+git416-150000.1.5.1 libquadmath0-12.2.1+git416-150000.1.5.1 libquadmath0-32bit-12.2.1+git416-150000.1.5.1 libquadmath0-32bit-debuginfo-12.2.1+git416-150000.1.5.1 libquadmath0-debuginfo-12.2.1+git416-150000.1.5.1 libstdc++6-32bit-12.2.1+git416-150000.1.5.1 libstdc++6-32bit-debuginfo-12.2.1+git416-150000.1.5.1 libstdc++6-devel-gcc12-32bit-12.2.1+git416-150000.1.5.1 libstdc++6-pp-32bit-12.2.1+git416-150000.1.5.1 libubsan1-32bit-12.2.1+git416-150000.1.5.1 libubsan1-32bit-debuginfo-12.2.1+git416-150000.1.5.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): libasan8-12.2.1+git416-150000.1.5.1 libasan8-debuginfo-12.2.1+git416-150000.1.5.1 libatomic1-12.2.1+git416-150000.1.5.1 libatomic1-debuginfo-12.2.1+git416-150000.1.5.1 libgcc_s1-12.2.1+git416-150000.1.5.1 libgcc_s1-debuginfo-12.2.1+git416-150000.1.5.1 libgfortran5-12.2.1+git416-150000.1.5.1 libgfortran5-debuginfo-12.2.1+git416-150000.1.5.1 libgomp1-12.2.1+git416-150000.1.5.1 libgomp1-debuginfo-12.2.1+git416-150000.1.5.1 libitm1-12.2.1+git416-150000.1.5.1 libitm1-debuginfo-12.2.1+git416-150000.1.5.1 liblsan0-12.2.1+git416-150000.1.5.1 liblsan0-debuginfo-12.2.1+git416-150000.1.5.1 libobjc4-12.2.1+git416-150000.1.5.1 libobjc4-debuginfo-12.2.1+git416-150000.1.5.1 libstdc++6-12.2.1+git416-150000.1.5.1 libstdc++6-debuginfo-12.2.1+git416-150000.1.5.1 libstdc++6-devel-gcc12-12.2.1+git416-150000.1.5.1 libstdc++6-locale-12.2.1+git416-150000.1.5.1 libstdc++6-pp-12.2.1+git416-150000.1.5.1 libtsan2-12.2.1+git416-150000.1.5.1 libtsan2-debuginfo-12.2.1+git416-150000.1.5.1 libubsan1-12.2.1+git416-150000.1.5.1 libubsan1-debuginfo-12.2.1+git416-150000.1.5.1 - SUSE Enterprise Storage 7 (aarch64): libhwasan0-12.2.1+git416-150000.1.5.1 libhwasan0-debuginfo-12.2.1+git416-150000.1.5.1 - SUSE Enterprise Storage 7 (x86_64): libasan8-32bit-12.2.1+git416-150000.1.5.1 libasan8-32bit-debuginfo-12.2.1+git416-150000.1.5.1 libatomic1-32bit-12.2.1+git416-150000.1.5.1 libatomic1-32bit-debuginfo-12.2.1+git416-150000.1.5.1 libgcc_s1-32bit-12.2.1+git416-150000.1.5.1 libgcc_s1-32bit-debuginfo-12.2.1+git416-150000.1.5.1 libgfortran5-32bit-12.2.1+git416-150000.1.5.1 libgfortran5-32bit-debuginfo-12.2.1+git416-150000.1.5.1 libgomp1-32bit-12.2.1+git416-150000.1.5.1 libgomp1-32bit-debuginfo-12.2.1+git416-150000.1.5.1 libitm1-32bit-12.2.1+git416-150000.1.5.1 libitm1-32bit-debuginfo-12.2.1+git416-150000.1.5.1 libobjc4-32bit-12.2.1+git416-150000.1.5.1 libobjc4-32bit-debuginfo-12.2.1+git416-150000.1.5.1 libquadmath0-12.2.1+git416-150000.1.5.1 libquadmath0-32bit-12.2.1+git416-150000.1.5.1 libquadmath0-32bit-debuginfo-12.2.1+git416-150000.1.5.1 libquadmath0-debuginfo-12.2.1+git416-150000.1.5.1 libstdc++6-32bit-12.2.1+git416-150000.1.5.1 libstdc++6-32bit-debuginfo-12.2.1+git416-150000.1.5.1 libstdc++6-devel-gcc12-32bit-12.2.1+git416-150000.1.5.1 libstdc++6-pp-32bit-12.2.1+git416-150000.1.5.1 libubsan1-32bit-12.2.1+git416-150000.1.5.1 libubsan1-32bit-debuginfo-12.2.1+git416-150000.1.5.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): libasan8-12.2.1+git416-150000.1.5.1 libasan8-debuginfo-12.2.1+git416-150000.1.5.1 libatomic1-12.2.1+git416-150000.1.5.1 libatomic1-debuginfo-12.2.1+git416-150000.1.5.1 libgcc_s1-12.2.1+git416-150000.1.5.1 libgcc_s1-debuginfo-12.2.1+git416-150000.1.5.1 libgfortran5-12.2.1+git416-150000.1.5.1 libgfortran5-debuginfo-12.2.1+git416-150000.1.5.1 libgomp1-12.2.1+git416-150000.1.5.1 libgomp1-debuginfo-12.2.1+git416-150000.1.5.1 libitm1-12.2.1+git416-150000.1.5.1 libitm1-debuginfo-12.2.1+git416-150000.1.5.1 liblsan0-12.2.1+git416-150000.1.5.1 liblsan0-debuginfo-12.2.1+git416-150000.1.5.1 libobjc4-12.2.1+git416-150000.1.5.1 libobjc4-debuginfo-12.2.1+git416-150000.1.5.1 libstdc++6-12.2.1+git416-150000.1.5.1 libstdc++6-debuginfo-12.2.1+git416-150000.1.5.1 libstdc++6-devel-gcc12-12.2.1+git416-150000.1.5.1 libstdc++6-locale-12.2.1+git416-150000.1.5.1 libstdc++6-pp-12.2.1+git416-150000.1.5.1 libtsan2-12.2.1+git416-150000.1.5.1 libtsan2-debuginfo-12.2.1+git416-150000.1.5.1 libubsan1-12.2.1+git416-150000.1.5.1 libubsan1-debuginfo-12.2.1+git416-150000.1.5.1 - SUSE Enterprise Storage 6 (aarch64): libhwasan0-12.2.1+git416-150000.1.5.1 libhwasan0-debuginfo-12.2.1+git416-150000.1.5.1 - SUSE Enterprise Storage 6 (x86_64): libasan8-32bit-12.2.1+git416-150000.1.5.1 libasan8-32bit-debuginfo-12.2.1+git416-150000.1.5.1 libatomic1-32bit-12.2.1+git416-150000.1.5.1 libatomic1-32bit-debuginfo-12.2.1+git416-150000.1.5.1 libgcc_s1-32bit-12.2.1+git416-150000.1.5.1 libgcc_s1-32bit-debuginfo-12.2.1+git416-150000.1.5.1 libgfortran5-32bit-12.2.1+git416-150000.1.5.1 libgfortran5-32bit-debuginfo-12.2.1+git416-150000.1.5.1 libgomp1-32bit-12.2.1+git416-150000.1.5.1 libgomp1-32bit-debuginfo-12.2.1+git416-150000.1.5.1 libitm1-32bit-12.2.1+git416-150000.1.5.1 libitm1-32bit-debuginfo-12.2.1+git416-150000.1.5.1 libobjc4-32bit-12.2.1+git416-150000.1.5.1 libobjc4-32bit-debuginfo-12.2.1+git416-150000.1.5.1 libquadmath0-12.2.1+git416-150000.1.5.1 libquadmath0-32bit-12.2.1+git416-150000.1.5.1 libquadmath0-32bit-debuginfo-12.2.1+git416-150000.1.5.1 libquadmath0-debuginfo-12.2.1+git416-150000.1.5.1 libstdc++6-32bit-12.2.1+git416-150000.1.5.1 libstdc++6-32bit-debuginfo-12.2.1+git416-150000.1.5.1 libstdc++6-pp-32bit-12.2.1+git416-150000.1.5.1 libubsan1-32bit-12.2.1+git416-150000.1.5.1 libubsan1-32bit-debuginfo-12.2.1+git416-150000.1.5.1 - SUSE CaaS Platform 4.0 (x86_64): libasan8-12.2.1+git416-150000.1.5.1 libasan8-32bit-12.2.1+git416-150000.1.5.1 libasan8-32bit-debuginfo-12.2.1+git416-150000.1.5.1 libasan8-debuginfo-12.2.1+git416-150000.1.5.1 libatomic1-12.2.1+git416-150000.1.5.1 libatomic1-32bit-12.2.1+git416-150000.1.5.1 libatomic1-32bit-debuginfo-12.2.1+git416-150000.1.5.1 libatomic1-debuginfo-12.2.1+git416-150000.1.5.1 libgcc_s1-12.2.1+git416-150000.1.5.1 libgcc_s1-32bit-12.2.1+git416-150000.1.5.1 libgcc_s1-32bit-debuginfo-12.2.1+git416-150000.1.5.1 libgcc_s1-debuginfo-12.2.1+git416-150000.1.5.1 libgfortran5-12.2.1+git416-150000.1.5.1 libgfortran5-32bit-12.2.1+git416-150000.1.5.1 libgfortran5-32bit-debuginfo-12.2.1+git416-150000.1.5.1 libgfortran5-debuginfo-12.2.1+git416-150000.1.5.1 libgomp1-12.2.1+git416-150000.1.5.1 libgomp1-32bit-12.2.1+git416-150000.1.5.1 libgomp1-32bit-debuginfo-12.2.1+git416-150000.1.5.1 libgomp1-debuginfo-12.2.1+git416-150000.1.5.1 libitm1-12.2.1+git416-150000.1.5.1 libitm1-32bit-12.2.1+git416-150000.1.5.1 libitm1-32bit-debuginfo-12.2.1+git416-150000.1.5.1 libitm1-debuginfo-12.2.1+git416-150000.1.5.1 liblsan0-12.2.1+git416-150000.1.5.1 liblsan0-debuginfo-12.2.1+git416-150000.1.5.1 libobjc4-12.2.1+git416-150000.1.5.1 libobjc4-32bit-12.2.1+git416-150000.1.5.1 libobjc4-32bit-debuginfo-12.2.1+git416-150000.1.5.1 libobjc4-debuginfo-12.2.1+git416-150000.1.5.1 libquadmath0-12.2.1+git416-150000.1.5.1 libquadmath0-32bit-12.2.1+git416-150000.1.5.1 libquadmath0-32bit-debuginfo-12.2.1+git416-150000.1.5.1 libquadmath0-debuginfo-12.2.1+git416-150000.1.5.1 libstdc++6-12.2.1+git416-150000.1.5.1 libstdc++6-32bit-12.2.1+git416-150000.1.5.1 libstdc++6-32bit-debuginfo-12.2.1+git416-150000.1.5.1 libstdc++6-debuginfo-12.2.1+git416-150000.1.5.1 libstdc++6-devel-gcc12-12.2.1+git416-150000.1.5.1 libstdc++6-locale-12.2.1+git416-150000.1.5.1 libstdc++6-pp-12.2.1+git416-150000.1.5.1 libstdc++6-pp-32bit-12.2.1+git416-150000.1.5.1 libtsan2-12.2.1+git416-150000.1.5.1 libtsan2-debuginfo-12.2.1+git416-150000.1.5.1 libubsan1-12.2.1+git416-150000.1.5.1 libubsan1-32bit-12.2.1+git416-150000.1.5.1 libubsan1-32bit-debuginfo-12.2.1+git416-150000.1.5.1 libubsan1-debuginfo-12.2.1+git416-150000.1.5.1 References: From sle-updates at lists.suse.com Mon Nov 28 20:22:36 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 28 Nov 2022 21:22:36 +0100 (CET) Subject: SUSE-SU-2022:4260-1: important: Security update for busybox Message-ID: <20221128202236.A835FF46D@maintenance.suse.de> SUSE Security Update: Security update for busybox ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:4260-1 Rating: important References: #1099260 #914660 Cross-References: CVE-2014-9645 CVE-2018-1000517 CVSS scores: CVE-2014-9645 (NVD) : 5.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N CVE-2018-1000517 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2018-1000517 (SUSE): 5.6 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Enterprise Storage 7 SUSE Enterprise Storage 7.1 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.1 SUSE Manager Retail Branch Server 4.2 SUSE Manager Server 4.1 SUSE Manager Server 4.2 openSUSE Leap 15.3 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for busybox fixes the following issues: - CVE-2014-9645: Fixed loading of unwanted module with / in module names (bsc#914660). - Enable switch_root With this change virtme --force-initramfs works as expected. - Enable udhcpc Update to 1.35.0: - awk: fix printf %%, fix read beyond end of buffer - Adjust busybox.config for new features in find, date and cpio - chrt: silence analyzer warning - libarchive: remove duplicate forward declaration - mount: "mount -o rw ...." should not fall back to RO mount - ps: fix -o pid=PID,args interpreting entire "PID,args" as header - tar: prevent malicious archives with long name sizes causing OOM - udhcpc6: fix udhcp_find_option to actually find DHCP6 options - xxd: fix -p -r - support for new optoins added to basename, cpio, date, find, mktemp, wget and others - Adjust busybox.config for new features in find, date and cpio Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-4260=1 - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-4260=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-4260=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-4260=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-4260=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-4260=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-4260=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-4260=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-4260=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-4260=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-4260=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2022-4260=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-4260=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-4260=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-4260=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-4260=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-4260=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-4260=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-4260=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-4260=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-4260=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): busybox-1.35.0-150000.4.14.1 busybox-static-1.35.0-150000.4.14.1 - SUSE Manager Server 4.1 (ppc64le s390x x86_64): busybox-1.35.0-150000.4.14.1 busybox-static-1.35.0-150000.4.14.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): busybox-1.35.0-150000.4.14.1 busybox-static-1.35.0-150000.4.14.1 - SUSE Manager Proxy 4.1 (x86_64): busybox-1.35.0-150000.4.14.1 busybox-static-1.35.0-150000.4.14.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): busybox-1.35.0-150000.4.14.1 busybox-static-1.35.0-150000.4.14.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): busybox-1.35.0-150000.4.14.1 busybox-static-1.35.0-150000.4.14.1 - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): busybox-1.35.0-150000.4.14.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): busybox-1.35.0-150000.4.14.1 busybox-static-1.35.0-150000.4.14.1 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): busybox-1.35.0-150000.4.14.1 busybox-static-1.35.0-150000.4.14.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): busybox-1.35.0-150000.4.14.1 busybox-static-1.35.0-150000.4.14.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): busybox-1.35.0-150000.4.14.1 busybox-static-1.35.0-150000.4.14.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): busybox-1.35.0-150000.4.14.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): busybox-1.35.0-150000.4.14.1 busybox-static-1.35.0-150000.4.14.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): busybox-1.35.0-150000.4.14.1 busybox-static-1.35.0-150000.4.14.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): busybox-1.35.0-150000.4.14.1 busybox-static-1.35.0-150000.4.14.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): busybox-1.35.0-150000.4.14.1 busybox-static-1.35.0-150000.4.14.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): busybox-1.35.0-150000.4.14.1 busybox-static-1.35.0-150000.4.14.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): busybox-1.35.0-150000.4.14.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): busybox-1.35.0-150000.4.14.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): busybox-1.35.0-150000.4.14.1 busybox-static-1.35.0-150000.4.14.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): busybox-1.35.0-150000.4.14.1 busybox-static-1.35.0-150000.4.14.1 - SUSE CaaS Platform 4.0 (x86_64): busybox-1.35.0-150000.4.14.1 busybox-static-1.35.0-150000.4.14.1 References: https://www.suse.com/security/cve/CVE-2014-9645.html https://www.suse.com/security/cve/CVE-2018-1000517.html https://bugzilla.suse.com/1099260 https://bugzilla.suse.com/914660 From sle-updates at lists.suse.com Mon Nov 28 20:24:35 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 28 Nov 2022 21:24:35 +0100 (CET) Subject: SUSE-SU-2022:4258-1: important: Security update for python3 Message-ID: <20221128202435.AAA37F46D@maintenance.suse.de> SUSE Security Update: Security update for python3 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:4258-1 Rating: important References: #1205244 Cross-References: CVE-2022-45061 CVSS scores: CVE-2022-45061 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-45061 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Enterprise Storage 7 SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Manager Proxy 4.1 SUSE Manager Retail Branch Server 4.1 SUSE Manager Server 4.1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for python3 fixes the following issues: - CVE-2022-45061: Fixed possible DoS when IDNA decoding extremely long domain names (bsc#1205244). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-4258=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-4258=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-4258=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-4258=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-4258=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-4258=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-4258=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-4258=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-4258=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-4258=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2022-4258=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-4258=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-4258=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-4258=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-4258=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-4258=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-4258=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-4258=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-4258=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-4258=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Manager Server 4.1 (ppc64le s390x x86_64): libpython3_6m1_0-3.6.15-150000.3.119.1 libpython3_6m1_0-debuginfo-3.6.15-150000.3.119.1 python3-3.6.15-150000.3.119.1 python3-base-3.6.15-150000.3.119.1 python3-base-debuginfo-3.6.15-150000.3.119.1 python3-core-debugsource-3.6.15-150000.3.119.1 python3-curses-3.6.15-150000.3.119.1 python3-curses-debuginfo-3.6.15-150000.3.119.1 python3-dbm-3.6.15-150000.3.119.1 python3-dbm-debuginfo-3.6.15-150000.3.119.1 python3-debuginfo-3.6.15-150000.3.119.1 python3-debugsource-3.6.15-150000.3.119.1 python3-devel-3.6.15-150000.3.119.1 python3-devel-debuginfo-3.6.15-150000.3.119.1 python3-idle-3.6.15-150000.3.119.1 python3-tk-3.6.15-150000.3.119.1 python3-tk-debuginfo-3.6.15-150000.3.119.1 python3-tools-3.6.15-150000.3.119.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): libpython3_6m1_0-3.6.15-150000.3.119.1 libpython3_6m1_0-debuginfo-3.6.15-150000.3.119.1 python3-3.6.15-150000.3.119.1 python3-base-3.6.15-150000.3.119.1 python3-base-debuginfo-3.6.15-150000.3.119.1 python3-core-debugsource-3.6.15-150000.3.119.1 python3-curses-3.6.15-150000.3.119.1 python3-curses-debuginfo-3.6.15-150000.3.119.1 python3-dbm-3.6.15-150000.3.119.1 python3-dbm-debuginfo-3.6.15-150000.3.119.1 python3-debuginfo-3.6.15-150000.3.119.1 python3-debugsource-3.6.15-150000.3.119.1 python3-devel-3.6.15-150000.3.119.1 python3-devel-debuginfo-3.6.15-150000.3.119.1 python3-idle-3.6.15-150000.3.119.1 python3-tk-3.6.15-150000.3.119.1 python3-tk-debuginfo-3.6.15-150000.3.119.1 python3-tools-3.6.15-150000.3.119.1 - SUSE Manager Proxy 4.1 (x86_64): libpython3_6m1_0-3.6.15-150000.3.119.1 libpython3_6m1_0-debuginfo-3.6.15-150000.3.119.1 python3-3.6.15-150000.3.119.1 python3-base-3.6.15-150000.3.119.1 python3-base-debuginfo-3.6.15-150000.3.119.1 python3-core-debugsource-3.6.15-150000.3.119.1 python3-curses-3.6.15-150000.3.119.1 python3-curses-debuginfo-3.6.15-150000.3.119.1 python3-dbm-3.6.15-150000.3.119.1 python3-dbm-debuginfo-3.6.15-150000.3.119.1 python3-debuginfo-3.6.15-150000.3.119.1 python3-debugsource-3.6.15-150000.3.119.1 python3-devel-3.6.15-150000.3.119.1 python3-devel-debuginfo-3.6.15-150000.3.119.1 python3-idle-3.6.15-150000.3.119.1 python3-tk-3.6.15-150000.3.119.1 python3-tk-debuginfo-3.6.15-150000.3.119.1 python3-tools-3.6.15-150000.3.119.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): libpython3_6m1_0-3.6.15-150000.3.119.1 libpython3_6m1_0-debuginfo-3.6.15-150000.3.119.1 python3-3.6.15-150000.3.119.1 python3-base-3.6.15-150000.3.119.1 python3-base-debuginfo-3.6.15-150000.3.119.1 python3-core-debugsource-3.6.15-150000.3.119.1 python3-curses-3.6.15-150000.3.119.1 python3-curses-debuginfo-3.6.15-150000.3.119.1 python3-dbm-3.6.15-150000.3.119.1 python3-dbm-debuginfo-3.6.15-150000.3.119.1 python3-debuginfo-3.6.15-150000.3.119.1 python3-debugsource-3.6.15-150000.3.119.1 python3-devel-3.6.15-150000.3.119.1 python3-devel-debuginfo-3.6.15-150000.3.119.1 python3-idle-3.6.15-150000.3.119.1 python3-tk-3.6.15-150000.3.119.1 python3-tk-debuginfo-3.6.15-150000.3.119.1 python3-tools-3.6.15-150000.3.119.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): libpython3_6m1_0-3.6.15-150000.3.119.1 libpython3_6m1_0-debuginfo-3.6.15-150000.3.119.1 python3-3.6.15-150000.3.119.1 python3-base-3.6.15-150000.3.119.1 python3-base-debuginfo-3.6.15-150000.3.119.1 python3-core-debugsource-3.6.15-150000.3.119.1 python3-curses-3.6.15-150000.3.119.1 python3-curses-debuginfo-3.6.15-150000.3.119.1 python3-dbm-3.6.15-150000.3.119.1 python3-dbm-debuginfo-3.6.15-150000.3.119.1 python3-debuginfo-3.6.15-150000.3.119.1 python3-debugsource-3.6.15-150000.3.119.1 python3-devel-3.6.15-150000.3.119.1 python3-devel-debuginfo-3.6.15-150000.3.119.1 python3-idle-3.6.15-150000.3.119.1 python3-testsuite-3.6.15-150000.3.119.1 python3-tk-3.6.15-150000.3.119.1 python3-tk-debuginfo-3.6.15-150000.3.119.1 python3-tools-3.6.15-150000.3.119.1 - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): libpython3_6m1_0-3.6.15-150000.3.119.1 libpython3_6m1_0-debuginfo-3.6.15-150000.3.119.1 python3-3.6.15-150000.3.119.1 python3-base-3.6.15-150000.3.119.1 python3-base-debuginfo-3.6.15-150000.3.119.1 python3-core-debugsource-3.6.15-150000.3.119.1 python3-curses-3.6.15-150000.3.119.1 python3-curses-debuginfo-3.6.15-150000.3.119.1 python3-dbm-3.6.15-150000.3.119.1 python3-dbm-debuginfo-3.6.15-150000.3.119.1 python3-debuginfo-3.6.15-150000.3.119.1 python3-debugsource-3.6.15-150000.3.119.1 python3-devel-3.6.15-150000.3.119.1 python3-devel-debuginfo-3.6.15-150000.3.119.1 python3-idle-3.6.15-150000.3.119.1 python3-tk-3.6.15-150000.3.119.1 python3-tk-debuginfo-3.6.15-150000.3.119.1 python3-tools-3.6.15-150000.3.119.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): libpython3_6m1_0-3.6.15-150000.3.119.1 libpython3_6m1_0-debuginfo-3.6.15-150000.3.119.1 python3-3.6.15-150000.3.119.1 python3-base-3.6.15-150000.3.119.1 python3-base-debuginfo-3.6.15-150000.3.119.1 python3-core-debugsource-3.6.15-150000.3.119.1 python3-curses-3.6.15-150000.3.119.1 python3-curses-debuginfo-3.6.15-150000.3.119.1 python3-dbm-3.6.15-150000.3.119.1 python3-dbm-debuginfo-3.6.15-150000.3.119.1 python3-debuginfo-3.6.15-150000.3.119.1 python3-debugsource-3.6.15-150000.3.119.1 python3-devel-3.6.15-150000.3.119.1 python3-devel-debuginfo-3.6.15-150000.3.119.1 python3-idle-3.6.15-150000.3.119.1 python3-tk-3.6.15-150000.3.119.1 python3-tk-debuginfo-3.6.15-150000.3.119.1 python3-tools-3.6.15-150000.3.119.1 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): libpython3_6m1_0-3.6.15-150000.3.119.1 libpython3_6m1_0-debuginfo-3.6.15-150000.3.119.1 python3-3.6.15-150000.3.119.1 python3-base-3.6.15-150000.3.119.1 python3-base-debuginfo-3.6.15-150000.3.119.1 python3-core-debugsource-3.6.15-150000.3.119.1 python3-curses-3.6.15-150000.3.119.1 python3-curses-debuginfo-3.6.15-150000.3.119.1 python3-dbm-3.6.15-150000.3.119.1 python3-dbm-debuginfo-3.6.15-150000.3.119.1 python3-debuginfo-3.6.15-150000.3.119.1 python3-debugsource-3.6.15-150000.3.119.1 python3-devel-3.6.15-150000.3.119.1 python3-devel-debuginfo-3.6.15-150000.3.119.1 python3-idle-3.6.15-150000.3.119.1 python3-tk-3.6.15-150000.3.119.1 python3-tk-debuginfo-3.6.15-150000.3.119.1 python3-tools-3.6.15-150000.3.119.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): libpython3_6m1_0-3.6.15-150000.3.119.1 libpython3_6m1_0-debuginfo-3.6.15-150000.3.119.1 python3-3.6.15-150000.3.119.1 python3-base-3.6.15-150000.3.119.1 python3-base-debuginfo-3.6.15-150000.3.119.1 python3-core-debugsource-3.6.15-150000.3.119.1 python3-curses-3.6.15-150000.3.119.1 python3-curses-debuginfo-3.6.15-150000.3.119.1 python3-dbm-3.6.15-150000.3.119.1 python3-dbm-debuginfo-3.6.15-150000.3.119.1 python3-debuginfo-3.6.15-150000.3.119.1 python3-debugsource-3.6.15-150000.3.119.1 python3-devel-3.6.15-150000.3.119.1 python3-devel-debuginfo-3.6.15-150000.3.119.1 python3-idle-3.6.15-150000.3.119.1 python3-testsuite-3.6.15-150000.3.119.1 python3-tk-3.6.15-150000.3.119.1 python3-tk-debuginfo-3.6.15-150000.3.119.1 python3-tools-3.6.15-150000.3.119.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): libpython3_6m1_0-3.6.15-150000.3.119.1 libpython3_6m1_0-debuginfo-3.6.15-150000.3.119.1 python3-3.6.15-150000.3.119.1 python3-base-3.6.15-150000.3.119.1 python3-base-debuginfo-3.6.15-150000.3.119.1 python3-core-debugsource-3.6.15-150000.3.119.1 python3-curses-3.6.15-150000.3.119.1 python3-curses-debuginfo-3.6.15-150000.3.119.1 python3-dbm-3.6.15-150000.3.119.1 python3-dbm-debuginfo-3.6.15-150000.3.119.1 python3-debuginfo-3.6.15-150000.3.119.1 python3-debugsource-3.6.15-150000.3.119.1 python3-devel-3.6.15-150000.3.119.1 python3-devel-debuginfo-3.6.15-150000.3.119.1 python3-idle-3.6.15-150000.3.119.1 python3-testsuite-3.6.15-150000.3.119.1 python3-tk-3.6.15-150000.3.119.1 python3-tk-debuginfo-3.6.15-150000.3.119.1 python3-tools-3.6.15-150000.3.119.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): libpython3_6m1_0-3.6.15-150000.3.119.1 libpython3_6m1_0-debuginfo-3.6.15-150000.3.119.1 python3-3.6.15-150000.3.119.1 python3-base-3.6.15-150000.3.119.1 python3-base-debuginfo-3.6.15-150000.3.119.1 python3-core-debugsource-3.6.15-150000.3.119.1 python3-curses-3.6.15-150000.3.119.1 python3-curses-debuginfo-3.6.15-150000.3.119.1 python3-dbm-3.6.15-150000.3.119.1 python3-dbm-debuginfo-3.6.15-150000.3.119.1 python3-debuginfo-3.6.15-150000.3.119.1 python3-debugsource-3.6.15-150000.3.119.1 python3-devel-3.6.15-150000.3.119.1 python3-devel-debuginfo-3.6.15-150000.3.119.1 python3-idle-3.6.15-150000.3.119.1 python3-tk-3.6.15-150000.3.119.1 python3-tk-debuginfo-3.6.15-150000.3.119.1 python3-tools-3.6.15-150000.3.119.1 - SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64): libpython3_6m1_0-3.6.15-150000.3.119.1 libpython3_6m1_0-debuginfo-3.6.15-150000.3.119.1 python3-3.6.15-150000.3.119.1 python3-base-3.6.15-150000.3.119.1 python3-base-debuginfo-3.6.15-150000.3.119.1 python3-core-debugsource-3.6.15-150000.3.119.1 python3-debuginfo-3.6.15-150000.3.119.1 python3-debugsource-3.6.15-150000.3.119.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): libpython3_6m1_0-3.6.15-150000.3.119.1 libpython3_6m1_0-debuginfo-3.6.15-150000.3.119.1 python3-3.6.15-150000.3.119.1 python3-base-3.6.15-150000.3.119.1 python3-base-debuginfo-3.6.15-150000.3.119.1 python3-core-debugsource-3.6.15-150000.3.119.1 python3-curses-3.6.15-150000.3.119.1 python3-curses-debuginfo-3.6.15-150000.3.119.1 python3-dbm-3.6.15-150000.3.119.1 python3-dbm-debuginfo-3.6.15-150000.3.119.1 python3-debuginfo-3.6.15-150000.3.119.1 python3-debugsource-3.6.15-150000.3.119.1 python3-devel-3.6.15-150000.3.119.1 python3-devel-debuginfo-3.6.15-150000.3.119.1 python3-idle-3.6.15-150000.3.119.1 python3-tk-3.6.15-150000.3.119.1 python3-tk-debuginfo-3.6.15-150000.3.119.1 python3-tools-3.6.15-150000.3.119.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): libpython3_6m1_0-3.6.15-150000.3.119.1 libpython3_6m1_0-debuginfo-3.6.15-150000.3.119.1 python3-3.6.15-150000.3.119.1 python3-base-3.6.15-150000.3.119.1 python3-base-debuginfo-3.6.15-150000.3.119.1 python3-core-debugsource-3.6.15-150000.3.119.1 python3-curses-3.6.15-150000.3.119.1 python3-curses-debuginfo-3.6.15-150000.3.119.1 python3-dbm-3.6.15-150000.3.119.1 python3-dbm-debuginfo-3.6.15-150000.3.119.1 python3-debuginfo-3.6.15-150000.3.119.1 python3-debugsource-3.6.15-150000.3.119.1 python3-devel-3.6.15-150000.3.119.1 python3-devel-debuginfo-3.6.15-150000.3.119.1 python3-idle-3.6.15-150000.3.119.1 python3-tk-3.6.15-150000.3.119.1 python3-tk-debuginfo-3.6.15-150000.3.119.1 python3-tools-3.6.15-150000.3.119.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): libpython3_6m1_0-3.6.15-150000.3.119.1 libpython3_6m1_0-debuginfo-3.6.15-150000.3.119.1 python3-3.6.15-150000.3.119.1 python3-base-3.6.15-150000.3.119.1 python3-base-debuginfo-3.6.15-150000.3.119.1 python3-core-debugsource-3.6.15-150000.3.119.1 python3-curses-3.6.15-150000.3.119.1 python3-curses-debuginfo-3.6.15-150000.3.119.1 python3-dbm-3.6.15-150000.3.119.1 python3-dbm-debuginfo-3.6.15-150000.3.119.1 python3-debuginfo-3.6.15-150000.3.119.1 python3-debugsource-3.6.15-150000.3.119.1 python3-devel-3.6.15-150000.3.119.1 python3-devel-debuginfo-3.6.15-150000.3.119.1 python3-idle-3.6.15-150000.3.119.1 python3-testsuite-3.6.15-150000.3.119.1 python3-tk-3.6.15-150000.3.119.1 python3-tk-debuginfo-3.6.15-150000.3.119.1 python3-tools-3.6.15-150000.3.119.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): libpython3_6m1_0-3.6.15-150000.3.119.1 libpython3_6m1_0-debuginfo-3.6.15-150000.3.119.1 python3-3.6.15-150000.3.119.1 python3-base-3.6.15-150000.3.119.1 python3-base-debuginfo-3.6.15-150000.3.119.1 python3-core-debugsource-3.6.15-150000.3.119.1 python3-curses-3.6.15-150000.3.119.1 python3-curses-debuginfo-3.6.15-150000.3.119.1 python3-dbm-3.6.15-150000.3.119.1 python3-dbm-debuginfo-3.6.15-150000.3.119.1 python3-debuginfo-3.6.15-150000.3.119.1 python3-debugsource-3.6.15-150000.3.119.1 python3-devel-3.6.15-150000.3.119.1 python3-devel-debuginfo-3.6.15-150000.3.119.1 python3-idle-3.6.15-150000.3.119.1 python3-testsuite-3.6.15-150000.3.119.1 python3-tk-3.6.15-150000.3.119.1 python3-tk-debuginfo-3.6.15-150000.3.119.1 python3-tools-3.6.15-150000.3.119.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): libpython3_6m1_0-3.6.15-150000.3.119.1 libpython3_6m1_0-debuginfo-3.6.15-150000.3.119.1 python3-3.6.15-150000.3.119.1 python3-base-3.6.15-150000.3.119.1 python3-base-debuginfo-3.6.15-150000.3.119.1 python3-core-debugsource-3.6.15-150000.3.119.1 python3-curses-3.6.15-150000.3.119.1 python3-curses-debuginfo-3.6.15-150000.3.119.1 python3-dbm-3.6.15-150000.3.119.1 python3-dbm-debuginfo-3.6.15-150000.3.119.1 python3-debuginfo-3.6.15-150000.3.119.1 python3-debugsource-3.6.15-150000.3.119.1 python3-devel-3.6.15-150000.3.119.1 python3-devel-debuginfo-3.6.15-150000.3.119.1 python3-idle-3.6.15-150000.3.119.1 python3-tk-3.6.15-150000.3.119.1 python3-tk-debuginfo-3.6.15-150000.3.119.1 python3-tools-3.6.15-150000.3.119.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): libpython3_6m1_0-3.6.15-150000.3.119.1 libpython3_6m1_0-debuginfo-3.6.15-150000.3.119.1 python3-3.6.15-150000.3.119.1 python3-base-3.6.15-150000.3.119.1 python3-base-debuginfo-3.6.15-150000.3.119.1 python3-core-debugsource-3.6.15-150000.3.119.1 python3-curses-3.6.15-150000.3.119.1 python3-curses-debuginfo-3.6.15-150000.3.119.1 python3-dbm-3.6.15-150000.3.119.1 python3-dbm-debuginfo-3.6.15-150000.3.119.1 python3-debuginfo-3.6.15-150000.3.119.1 python3-debugsource-3.6.15-150000.3.119.1 python3-devel-3.6.15-150000.3.119.1 python3-devel-debuginfo-3.6.15-150000.3.119.1 python3-idle-3.6.15-150000.3.119.1 python3-tk-3.6.15-150000.3.119.1 python3-tk-debuginfo-3.6.15-150000.3.119.1 python3-tools-3.6.15-150000.3.119.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): libpython3_6m1_0-3.6.15-150000.3.119.1 libpython3_6m1_0-debuginfo-3.6.15-150000.3.119.1 python3-3.6.15-150000.3.119.1 python3-base-3.6.15-150000.3.119.1 python3-base-debuginfo-3.6.15-150000.3.119.1 python3-core-debugsource-3.6.15-150000.3.119.1 python3-curses-3.6.15-150000.3.119.1 python3-curses-debuginfo-3.6.15-150000.3.119.1 python3-dbm-3.6.15-150000.3.119.1 python3-dbm-debuginfo-3.6.15-150000.3.119.1 python3-debuginfo-3.6.15-150000.3.119.1 python3-debugsource-3.6.15-150000.3.119.1 python3-devel-3.6.15-150000.3.119.1 python3-devel-debuginfo-3.6.15-150000.3.119.1 python3-idle-3.6.15-150000.3.119.1 python3-tk-3.6.15-150000.3.119.1 python3-tk-debuginfo-3.6.15-150000.3.119.1 python3-tools-3.6.15-150000.3.119.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): libpython3_6m1_0-3.6.15-150000.3.119.1 libpython3_6m1_0-debuginfo-3.6.15-150000.3.119.1 python3-3.6.15-150000.3.119.1 python3-base-3.6.15-150000.3.119.1 python3-base-debuginfo-3.6.15-150000.3.119.1 python3-core-debugsource-3.6.15-150000.3.119.1 python3-curses-3.6.15-150000.3.119.1 python3-curses-debuginfo-3.6.15-150000.3.119.1 python3-dbm-3.6.15-150000.3.119.1 python3-dbm-debuginfo-3.6.15-150000.3.119.1 python3-debuginfo-3.6.15-150000.3.119.1 python3-debugsource-3.6.15-150000.3.119.1 python3-devel-3.6.15-150000.3.119.1 python3-devel-debuginfo-3.6.15-150000.3.119.1 python3-idle-3.6.15-150000.3.119.1 python3-testsuite-3.6.15-150000.3.119.1 python3-tk-3.6.15-150000.3.119.1 python3-tk-debuginfo-3.6.15-150000.3.119.1 python3-tools-3.6.15-150000.3.119.1 - SUSE CaaS Platform 4.0 (x86_64): libpython3_6m1_0-3.6.15-150000.3.119.1 libpython3_6m1_0-debuginfo-3.6.15-150000.3.119.1 python3-3.6.15-150000.3.119.1 python3-base-3.6.15-150000.3.119.1 python3-base-debuginfo-3.6.15-150000.3.119.1 python3-core-debugsource-3.6.15-150000.3.119.1 python3-curses-3.6.15-150000.3.119.1 python3-curses-debuginfo-3.6.15-150000.3.119.1 python3-dbm-3.6.15-150000.3.119.1 python3-dbm-debuginfo-3.6.15-150000.3.119.1 python3-debuginfo-3.6.15-150000.3.119.1 python3-debugsource-3.6.15-150000.3.119.1 python3-devel-3.6.15-150000.3.119.1 python3-devel-debuginfo-3.6.15-150000.3.119.1 python3-idle-3.6.15-150000.3.119.1 python3-testsuite-3.6.15-150000.3.119.1 python3-tk-3.6.15-150000.3.119.1 python3-tk-debuginfo-3.6.15-150000.3.119.1 python3-tools-3.6.15-150000.3.119.1 References: https://www.suse.com/security/cve/CVE-2022-45061.html https://bugzilla.suse.com/1205244 From sle-updates at lists.suse.com Mon Nov 28 20:26:50 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 28 Nov 2022 21:26:50 +0100 (CET) Subject: SUSE-SU-2022:4259-1: important: Security update for tiff Message-ID: <20221128202650.6D009F46D@maintenance.suse.de> SUSE Security Update: Security update for tiff ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:4259-1 Rating: important References: #1204641 #1204643 #1204644 #1204645 #1205392 Cross-References: CVE-2022-3597 CVE-2022-3599 CVE-2022-3626 CVE-2022-3627 CVE-2022-3970 CVSS scores: CVE-2022-3597 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2022-3597 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2022-3599 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2022-3599 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2022-3626 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2022-3626 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2022-3627 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2022-3627 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2022-3970 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-3970 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Enterprise Storage 7 SUSE Enterprise Storage 7.1 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Micro 5.3 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Module for Desktop Applications 15-SP3 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.1 SUSE Manager Retail Branch Server 4.2 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.1 SUSE Manager Server 4.2 SUSE Manager Server 4.3 openSUSE Leap 15.3 openSUSE Leap 15.4 openSUSE Leap Micro 5.2 openSUSE Leap Micro 5.3 ______________________________________________________________________________ An update that fixes 5 vulnerabilities is now available. Description: This update for tiff fixes the following issues: - CVE-2022-3597: Fixed out-of-bounds write in _TIFFmemcpy in libtiff/tif_unix.c (bnc#1204641). - CVE-2022-3599: Fixed out-of-bounds read in writeSingleSection in tools/tiffcrop.c (bnc#1204643). - CVE-2022-3626: Fixed out-of-bounds write in _TIFFmemset in libtiff/tif_unix.c (bnc#1204644) - CVE-2022-3627: Fixed out-of-bounds write in _TIFFmemcpy in libtiff/tif_unix.c (bnc#1204645). - CVE-2022-3970: Fixed unsigned integer overflow in TIFFReadRGBATileExt() (bnc#1205392). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap Micro 5.3: zypper in -t patch openSUSE-Leap-Micro-5.3-2022-4259=1 - openSUSE Leap Micro 5.2: zypper in -t patch openSUSE-Leap-Micro-5.2-2022-4259=1 - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-4259=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-4259=1 - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-4259=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-4259=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-4259=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-4259=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-4259=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-4259=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-4259=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-4259=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-4259=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-4259=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2022-4259=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2022-4259=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP3-2022-4259=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP3-2022-4259=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-4259=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-4259=1 - SUSE Linux Enterprise Micro 5.3: zypper in -t patch SUSE-SLE-Micro-5.3-2022-4259=1 - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-4259=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-4259=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-4259=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-4259=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-4259=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-4259=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-4259=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-4259=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-4259=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - openSUSE Leap Micro 5.3 (aarch64 x86_64): libtiff5-4.0.9-150000.45.19.1 libtiff5-debuginfo-4.0.9-150000.45.19.1 tiff-debuginfo-4.0.9-150000.45.19.1 tiff-debugsource-4.0.9-150000.45.19.1 - openSUSE Leap Micro 5.2 (aarch64 x86_64): libtiff5-4.0.9-150000.45.19.1 libtiff5-debuginfo-4.0.9-150000.45.19.1 tiff-debuginfo-4.0.9-150000.45.19.1 tiff-debugsource-4.0.9-150000.45.19.1 - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): libtiff-devel-4.0.9-150000.45.19.1 libtiff5-4.0.9-150000.45.19.1 libtiff5-debuginfo-4.0.9-150000.45.19.1 tiff-4.0.9-150000.45.19.1 tiff-debuginfo-4.0.9-150000.45.19.1 tiff-debugsource-4.0.9-150000.45.19.1 - openSUSE Leap 15.4 (x86_64): libtiff-devel-32bit-4.0.9-150000.45.19.1 libtiff5-32bit-4.0.9-150000.45.19.1 libtiff5-32bit-debuginfo-4.0.9-150000.45.19.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): libtiff-devel-4.0.9-150000.45.19.1 libtiff5-4.0.9-150000.45.19.1 libtiff5-debuginfo-4.0.9-150000.45.19.1 tiff-4.0.9-150000.45.19.1 tiff-debuginfo-4.0.9-150000.45.19.1 tiff-debugsource-4.0.9-150000.45.19.1 - openSUSE Leap 15.3 (x86_64): libtiff-devel-32bit-4.0.9-150000.45.19.1 libtiff5-32bit-4.0.9-150000.45.19.1 libtiff5-32bit-debuginfo-4.0.9-150000.45.19.1 - SUSE Manager Server 4.1 (ppc64le s390x x86_64): libtiff-devel-4.0.9-150000.45.19.1 libtiff5-4.0.9-150000.45.19.1 libtiff5-debuginfo-4.0.9-150000.45.19.1 tiff-debuginfo-4.0.9-150000.45.19.1 tiff-debugsource-4.0.9-150000.45.19.1 - SUSE Manager Server 4.1 (x86_64): libtiff5-32bit-4.0.9-150000.45.19.1 libtiff5-32bit-debuginfo-4.0.9-150000.45.19.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): libtiff-devel-4.0.9-150000.45.19.1 libtiff5-32bit-4.0.9-150000.45.19.1 libtiff5-32bit-debuginfo-4.0.9-150000.45.19.1 libtiff5-4.0.9-150000.45.19.1 libtiff5-debuginfo-4.0.9-150000.45.19.1 tiff-debuginfo-4.0.9-150000.45.19.1 tiff-debugsource-4.0.9-150000.45.19.1 - SUSE Manager Proxy 4.1 (x86_64): libtiff-devel-4.0.9-150000.45.19.1 libtiff5-32bit-4.0.9-150000.45.19.1 libtiff5-32bit-debuginfo-4.0.9-150000.45.19.1 libtiff5-4.0.9-150000.45.19.1 libtiff5-debuginfo-4.0.9-150000.45.19.1 tiff-debuginfo-4.0.9-150000.45.19.1 tiff-debugsource-4.0.9-150000.45.19.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): libtiff-devel-4.0.9-150000.45.19.1 libtiff5-4.0.9-150000.45.19.1 libtiff5-debuginfo-4.0.9-150000.45.19.1 tiff-debuginfo-4.0.9-150000.45.19.1 tiff-debugsource-4.0.9-150000.45.19.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (x86_64): libtiff5-32bit-4.0.9-150000.45.19.1 libtiff5-32bit-debuginfo-4.0.9-150000.45.19.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): libtiff-devel-4.0.9-150000.45.19.1 libtiff5-4.0.9-150000.45.19.1 libtiff5-debuginfo-4.0.9-150000.45.19.1 tiff-debuginfo-4.0.9-150000.45.19.1 tiff-debugsource-4.0.9-150000.45.19.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (x86_64): libtiff5-32bit-4.0.9-150000.45.19.1 libtiff5-32bit-debuginfo-4.0.9-150000.45.19.1 - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): libtiff-devel-4.0.9-150000.45.19.1 libtiff5-4.0.9-150000.45.19.1 libtiff5-debuginfo-4.0.9-150000.45.19.1 tiff-debuginfo-4.0.9-150000.45.19.1 tiff-debugsource-4.0.9-150000.45.19.1 - SUSE Linux Enterprise Server for SAP 15 (x86_64): libtiff5-32bit-4.0.9-150000.45.19.1 libtiff5-32bit-debuginfo-4.0.9-150000.45.19.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): libtiff-devel-4.0.9-150000.45.19.1 libtiff5-4.0.9-150000.45.19.1 libtiff5-debuginfo-4.0.9-150000.45.19.1 tiff-debuginfo-4.0.9-150000.45.19.1 tiff-debugsource-4.0.9-150000.45.19.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (x86_64): libtiff5-32bit-4.0.9-150000.45.19.1 libtiff5-32bit-debuginfo-4.0.9-150000.45.19.1 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): libtiff-devel-4.0.9-150000.45.19.1 libtiff5-32bit-4.0.9-150000.45.19.1 libtiff5-32bit-debuginfo-4.0.9-150000.45.19.1 libtiff5-4.0.9-150000.45.19.1 libtiff5-debuginfo-4.0.9-150000.45.19.1 tiff-debuginfo-4.0.9-150000.45.19.1 tiff-debugsource-4.0.9-150000.45.19.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): libtiff-devel-4.0.9-150000.45.19.1 libtiff5-4.0.9-150000.45.19.1 libtiff5-debuginfo-4.0.9-150000.45.19.1 tiff-debuginfo-4.0.9-150000.45.19.1 tiff-debugsource-4.0.9-150000.45.19.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (x86_64): libtiff5-32bit-4.0.9-150000.45.19.1 libtiff5-32bit-debuginfo-4.0.9-150000.45.19.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): libtiff-devel-4.0.9-150000.45.19.1 libtiff5-32bit-4.0.9-150000.45.19.1 libtiff5-32bit-debuginfo-4.0.9-150000.45.19.1 libtiff5-4.0.9-150000.45.19.1 libtiff5-debuginfo-4.0.9-150000.45.19.1 tiff-debuginfo-4.0.9-150000.45.19.1 tiff-debugsource-4.0.9-150000.45.19.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): libtiff-devel-4.0.9-150000.45.19.1 libtiff5-4.0.9-150000.45.19.1 libtiff5-debuginfo-4.0.9-150000.45.19.1 tiff-debuginfo-4.0.9-150000.45.19.1 tiff-debugsource-4.0.9-150000.45.19.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 (aarch64 ppc64le s390x x86_64): tiff-4.0.9-150000.45.19.1 tiff-debuginfo-4.0.9-150000.45.19.1 tiff-debugsource-4.0.9-150000.45.19.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (aarch64 ppc64le s390x x86_64): tiff-4.0.9-150000.45.19.1 tiff-debuginfo-4.0.9-150000.45.19.1 tiff-debugsource-4.0.9-150000.45.19.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (x86_64): libtiff5-32bit-4.0.9-150000.45.19.1 libtiff5-32bit-debuginfo-4.0.9-150000.45.19.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (x86_64): libtiff5-32bit-4.0.9-150000.45.19.1 libtiff5-32bit-debuginfo-4.0.9-150000.45.19.1 tiff-debugsource-4.0.9-150000.45.19.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): libtiff-devel-4.0.9-150000.45.19.1 libtiff5-4.0.9-150000.45.19.1 libtiff5-debuginfo-4.0.9-150000.45.19.1 tiff-debuginfo-4.0.9-150000.45.19.1 tiff-debugsource-4.0.9-150000.45.19.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (x86_64): libtiff5-32bit-4.0.9-150000.45.19.1 libtiff5-32bit-debuginfo-4.0.9-150000.45.19.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): libtiff-devel-4.0.9-150000.45.19.1 libtiff5-4.0.9-150000.45.19.1 libtiff5-debuginfo-4.0.9-150000.45.19.1 tiff-debuginfo-4.0.9-150000.45.19.1 tiff-debugsource-4.0.9-150000.45.19.1 - SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64): libtiff5-4.0.9-150000.45.19.1 libtiff5-debuginfo-4.0.9-150000.45.19.1 tiff-debuginfo-4.0.9-150000.45.19.1 tiff-debugsource-4.0.9-150000.45.19.1 - SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64): libtiff5-4.0.9-150000.45.19.1 libtiff5-debuginfo-4.0.9-150000.45.19.1 tiff-debuginfo-4.0.9-150000.45.19.1 tiff-debugsource-4.0.9-150000.45.19.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): libtiff-devel-4.0.9-150000.45.19.1 libtiff5-4.0.9-150000.45.19.1 libtiff5-debuginfo-4.0.9-150000.45.19.1 tiff-debuginfo-4.0.9-150000.45.19.1 tiff-debugsource-4.0.9-150000.45.19.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (x86_64): libtiff5-32bit-4.0.9-150000.45.19.1 libtiff5-32bit-debuginfo-4.0.9-150000.45.19.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): libtiff-devel-4.0.9-150000.45.19.1 libtiff5-4.0.9-150000.45.19.1 libtiff5-debuginfo-4.0.9-150000.45.19.1 tiff-debuginfo-4.0.9-150000.45.19.1 tiff-debugsource-4.0.9-150000.45.19.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (x86_64): libtiff5-32bit-4.0.9-150000.45.19.1 libtiff5-32bit-debuginfo-4.0.9-150000.45.19.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): libtiff-devel-4.0.9-150000.45.19.1 libtiff5-4.0.9-150000.45.19.1 libtiff5-debuginfo-4.0.9-150000.45.19.1 tiff-debuginfo-4.0.9-150000.45.19.1 tiff-debugsource-4.0.9-150000.45.19.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (x86_64): libtiff5-32bit-4.0.9-150000.45.19.1 libtiff5-32bit-debuginfo-4.0.9-150000.45.19.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): libtiff-devel-4.0.9-150000.45.19.1 libtiff5-4.0.9-150000.45.19.1 libtiff5-debuginfo-4.0.9-150000.45.19.1 tiff-debuginfo-4.0.9-150000.45.19.1 tiff-debugsource-4.0.9-150000.45.19.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (x86_64): libtiff5-32bit-4.0.9-150000.45.19.1 libtiff5-32bit-debuginfo-4.0.9-150000.45.19.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): libtiff-devel-4.0.9-150000.45.19.1 libtiff5-4.0.9-150000.45.19.1 libtiff5-debuginfo-4.0.9-150000.45.19.1 tiff-debuginfo-4.0.9-150000.45.19.1 tiff-debugsource-4.0.9-150000.45.19.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (x86_64): libtiff5-32bit-4.0.9-150000.45.19.1 libtiff5-32bit-debuginfo-4.0.9-150000.45.19.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): libtiff-devel-4.0.9-150000.45.19.1 libtiff5-4.0.9-150000.45.19.1 libtiff5-debuginfo-4.0.9-150000.45.19.1 tiff-debuginfo-4.0.9-150000.45.19.1 tiff-debugsource-4.0.9-150000.45.19.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (x86_64): libtiff5-32bit-4.0.9-150000.45.19.1 libtiff5-32bit-debuginfo-4.0.9-150000.45.19.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): libtiff-devel-4.0.9-150000.45.19.1 libtiff5-4.0.9-150000.45.19.1 libtiff5-debuginfo-4.0.9-150000.45.19.1 tiff-debuginfo-4.0.9-150000.45.19.1 tiff-debugsource-4.0.9-150000.45.19.1 - SUSE Enterprise Storage 7 (x86_64): libtiff5-32bit-4.0.9-150000.45.19.1 libtiff5-32bit-debuginfo-4.0.9-150000.45.19.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): libtiff-devel-4.0.9-150000.45.19.1 libtiff5-4.0.9-150000.45.19.1 libtiff5-debuginfo-4.0.9-150000.45.19.1 tiff-debuginfo-4.0.9-150000.45.19.1 tiff-debugsource-4.0.9-150000.45.19.1 - SUSE Enterprise Storage 6 (x86_64): libtiff5-32bit-4.0.9-150000.45.19.1 libtiff5-32bit-debuginfo-4.0.9-150000.45.19.1 - SUSE CaaS Platform 4.0 (x86_64): libtiff-devel-4.0.9-150000.45.19.1 libtiff5-32bit-4.0.9-150000.45.19.1 libtiff5-32bit-debuginfo-4.0.9-150000.45.19.1 libtiff5-4.0.9-150000.45.19.1 libtiff5-debuginfo-4.0.9-150000.45.19.1 tiff-debuginfo-4.0.9-150000.45.19.1 tiff-debugsource-4.0.9-150000.45.19.1 References: https://www.suse.com/security/cve/CVE-2022-3597.html https://www.suse.com/security/cve/CVE-2022-3599.html https://www.suse.com/security/cve/CVE-2022-3626.html https://www.suse.com/security/cve/CVE-2022-3627.html https://www.suse.com/security/cve/CVE-2022-3970.html https://bugzilla.suse.com/1204641 https://bugzilla.suse.com/1204643 https://bugzilla.suse.com/1204644 https://bugzilla.suse.com/1204645 https://bugzilla.suse.com/1205392 From sle-updates at lists.suse.com Tue Nov 29 08:20:57 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 29 Nov 2022 09:20:57 +0100 (CET) Subject: SUSE-FU-2022:4261-1: moderate: Feature update for libvpd Message-ID: <20221129082057.AFA22F746@maintenance.suse.de> SUSE Feature Update: Feature update for libvpd ______________________________________________________________________________ Announcement ID: SUSE-FU-2022:4261-1 Rating: moderate References: SLE-24497 SLE-25107 Affected Products: SUSE Enterprise Storage 7 SUSE Enterprise Storage 7.1 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.1 SUSE Manager Retail Branch Server 4.2 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.1 SUSE Manager Server 4.2 SUSE Manager Server 4.3 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has 0 feature fixes and contains two features can now be installed. Description: This feature update for libvpd fixes the following issues: libvpd: - New package at version 2.2.9 needed by lsvpd (jsc#SLE-25107, jsc#SLE-24497) Patch Instructions: To install this SUSE Feature Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-4261=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-4261=1 - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-4261=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-4261=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-4261=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-4261=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-4261=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-4261=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-4261=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-4261=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-4261=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-4261=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-4261=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): libvpd-2_2-3-2.2.9-150200.5.3.1 libvpd-2_2-3-debuginfo-2.2.9-150200.5.3.1 libvpd-base-2.2.9-150200.5.3.1 libvpd-debugsource-2.2.9-150200.5.3.1 libvpd-devel-2.2.9-150200.5.3.1 - openSUSE Leap 15.4 (x86_64): libvpd-2_2-3-32bit-2.2.9-150200.5.3.1 libvpd-2_2-3-32bit-debuginfo-2.2.9-150200.5.3.1 libvpd-devel-32bit-2.2.9-150200.5.3.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): libvpd-2_2-3-2.2.9-150200.5.3.1 libvpd-2_2-3-debuginfo-2.2.9-150200.5.3.1 libvpd-base-2.2.9-150200.5.3.1 libvpd-debugsource-2.2.9-150200.5.3.1 libvpd-devel-2.2.9-150200.5.3.1 - openSUSE Leap 15.3 (x86_64): libvpd-2_2-3-32bit-2.2.9-150200.5.3.1 libvpd-2_2-3-32bit-debuginfo-2.2.9-150200.5.3.1 libvpd-devel-32bit-2.2.9-150200.5.3.1 - SUSE Manager Server 4.1 (ppc64le s390x x86_64): libvpd-2_2-3-2.2.9-150200.5.3.1 libvpd-2_2-3-debuginfo-2.2.9-150200.5.3.1 libvpd-base-2.2.9-150200.5.3.1 libvpd-debugsource-2.2.9-150200.5.3.1 libvpd-devel-2.2.9-150200.5.3.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): libvpd-2_2-3-2.2.9-150200.5.3.1 libvpd-2_2-3-debuginfo-2.2.9-150200.5.3.1 libvpd-base-2.2.9-150200.5.3.1 libvpd-debugsource-2.2.9-150200.5.3.1 libvpd-devel-2.2.9-150200.5.3.1 - SUSE Manager Proxy 4.1 (x86_64): libvpd-2_2-3-2.2.9-150200.5.3.1 libvpd-2_2-3-debuginfo-2.2.9-150200.5.3.1 libvpd-base-2.2.9-150200.5.3.1 libvpd-debugsource-2.2.9-150200.5.3.1 libvpd-devel-2.2.9-150200.5.3.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): libvpd-2_2-3-2.2.9-150200.5.3.1 libvpd-2_2-3-debuginfo-2.2.9-150200.5.3.1 libvpd-base-2.2.9-150200.5.3.1 libvpd-debugsource-2.2.9-150200.5.3.1 libvpd-devel-2.2.9-150200.5.3.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): libvpd-2_2-3-2.2.9-150200.5.3.1 libvpd-2_2-3-debuginfo-2.2.9-150200.5.3.1 libvpd-base-2.2.9-150200.5.3.1 libvpd-debugsource-2.2.9-150200.5.3.1 libvpd-devel-2.2.9-150200.5.3.1 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): libvpd-2_2-3-2.2.9-150200.5.3.1 libvpd-2_2-3-debuginfo-2.2.9-150200.5.3.1 libvpd-base-2.2.9-150200.5.3.1 libvpd-debugsource-2.2.9-150200.5.3.1 libvpd-devel-2.2.9-150200.5.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): libvpd-2_2-3-2.2.9-150200.5.3.1 libvpd-2_2-3-debuginfo-2.2.9-150200.5.3.1 libvpd-base-2.2.9-150200.5.3.1 libvpd-debugsource-2.2.9-150200.5.3.1 libvpd-devel-2.2.9-150200.5.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): libvpd-2_2-3-2.2.9-150200.5.3.1 libvpd-2_2-3-debuginfo-2.2.9-150200.5.3.1 libvpd-base-2.2.9-150200.5.3.1 libvpd-debugsource-2.2.9-150200.5.3.1 libvpd-devel-2.2.9-150200.5.3.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): libvpd-2_2-3-2.2.9-150200.5.3.1 libvpd-2_2-3-debuginfo-2.2.9-150200.5.3.1 libvpd-base-2.2.9-150200.5.3.1 libvpd-debugsource-2.2.9-150200.5.3.1 libvpd-devel-2.2.9-150200.5.3.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): libvpd-2_2-3-2.2.9-150200.5.3.1 libvpd-2_2-3-debuginfo-2.2.9-150200.5.3.1 libvpd-base-2.2.9-150200.5.3.1 libvpd-debugsource-2.2.9-150200.5.3.1 libvpd-devel-2.2.9-150200.5.3.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): libvpd-2_2-3-2.2.9-150200.5.3.1 libvpd-2_2-3-debuginfo-2.2.9-150200.5.3.1 libvpd-base-2.2.9-150200.5.3.1 libvpd-debugsource-2.2.9-150200.5.3.1 libvpd-devel-2.2.9-150200.5.3.1 References: From sle-updates at lists.suse.com Tue Nov 29 08:22:01 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 29 Nov 2022 09:22:01 +0100 (CET) Subject: SUSE-RU-2022:4262-1: important: Recommended update for lvm2 Message-ID: <20221129082201.29296F746@maintenance.suse.de> SUSE Recommended Update: Recommended update for lvm2 ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:4262-1 Rating: important References: #1199074 #1203216 #1203482 Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Availability 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Micro 5.3 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 openSUSE Leap Micro 5.3 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for lvm2 fixes the following issues: - Fix terminated lvmlockd not clearing/adopting locks, leading to inability to start volume group (bsc#1203216) - Fix device-mapper rpm package versioning to prevent migration issues (bsc#1199074) - Fix lvmlockd to support sanlock (bsc#1203482) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap Micro 5.3: zypper in -t patch openSUSE-Leap-Micro-5.3-2022-4262=1 - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-4262=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-4262=1 - SUSE Linux Enterprise Micro 5.3: zypper in -t patch SUSE-SLE-Micro-5.3-2022-4262=1 - SUSE Linux Enterprise High Availability 15-SP4: zypper in -t patch SUSE-SLE-Product-HA-15-SP4-2022-4262=1 Package List: - openSUSE Leap Micro 5.3 (aarch64 x86_64): device-mapper-2.03.05_1.02.163-150400.185.1 device-mapper-debuginfo-2.03.05_1.02.163-150400.185.1 libdevmapper-event1_03-2.03.05_1.02.163-150400.185.1 libdevmapper-event1_03-debuginfo-2.03.05_1.02.163-150400.185.1 libdevmapper1_03-2.03.05_1.02.163-150400.185.1 libdevmapper1_03-debuginfo-2.03.05_1.02.163-150400.185.1 liblvm2cmd2_03-2.03.05-150400.185.1 liblvm2cmd2_03-debuginfo-2.03.05-150400.185.1 lvm2-2.03.05-150400.185.1 lvm2-debuginfo-2.03.05-150400.185.1 lvm2-debugsource-2.03.05-150400.185.1 - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): device-mapper-2.03.05_1.02.163-150400.185.1 device-mapper-debuginfo-2.03.05_1.02.163-150400.185.1 device-mapper-devel-2.03.05_1.02.163-150400.185.1 libdevmapper-event1_03-2.03.05_1.02.163-150400.185.1 libdevmapper-event1_03-debuginfo-2.03.05_1.02.163-150400.185.1 libdevmapper1_03-2.03.05_1.02.163-150400.185.1 libdevmapper1_03-debuginfo-2.03.05_1.02.163-150400.185.1 liblvm2cmd2_03-2.03.05-150400.185.1 liblvm2cmd2_03-debuginfo-2.03.05-150400.185.1 lvm2-2.03.05-150400.185.1 lvm2-debuginfo-2.03.05-150400.185.1 lvm2-debugsource-2.03.05-150400.185.1 lvm2-devel-2.03.05-150400.185.1 lvm2-device-mapper-debugsource-2.03.05-150400.185.1 lvm2-lockd-2.03.05-150400.185.1 lvm2-lockd-debuginfo-2.03.05-150400.185.1 lvm2-lvmlockd-debugsource-2.03.05-150400.185.1 lvm2-testsuite-2.03.05-150400.185.1 lvm2-testsuite-debuginfo-2.03.05-150400.185.1 - openSUSE Leap 15.4 (x86_64): device-mapper-devel-32bit-2.03.05_1.02.163-150400.185.1 libdevmapper-event1_03-32bit-2.03.05_1.02.163-150400.185.1 libdevmapper-event1_03-32bit-debuginfo-2.03.05_1.02.163-150400.185.1 libdevmapper1_03-32bit-2.03.05_1.02.163-150400.185.1 libdevmapper1_03-32bit-debuginfo-2.03.05_1.02.163-150400.185.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): device-mapper-2.03.05_1.02.163-150400.185.1 device-mapper-debuginfo-2.03.05_1.02.163-150400.185.1 device-mapper-devel-2.03.05_1.02.163-150400.185.1 libdevmapper-event1_03-2.03.05_1.02.163-150400.185.1 libdevmapper-event1_03-debuginfo-2.03.05_1.02.163-150400.185.1 libdevmapper1_03-2.03.05_1.02.163-150400.185.1 libdevmapper1_03-debuginfo-2.03.05_1.02.163-150400.185.1 liblvm2cmd2_03-2.03.05-150400.185.1 liblvm2cmd2_03-debuginfo-2.03.05-150400.185.1 lvm2-2.03.05-150400.185.1 lvm2-debuginfo-2.03.05-150400.185.1 lvm2-debugsource-2.03.05-150400.185.1 lvm2-devel-2.03.05-150400.185.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (x86_64): libdevmapper1_03-32bit-2.03.05_1.02.163-150400.185.1 libdevmapper1_03-32bit-debuginfo-2.03.05_1.02.163-150400.185.1 - SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64): device-mapper-2.03.05_1.02.163-150400.185.1 device-mapper-debuginfo-2.03.05_1.02.163-150400.185.1 libdevmapper-event1_03-2.03.05_1.02.163-150400.185.1 libdevmapper-event1_03-debuginfo-2.03.05_1.02.163-150400.185.1 libdevmapper1_03-2.03.05_1.02.163-150400.185.1 libdevmapper1_03-debuginfo-2.03.05_1.02.163-150400.185.1 liblvm2cmd2_03-2.03.05-150400.185.1 liblvm2cmd2_03-debuginfo-2.03.05-150400.185.1 lvm2-2.03.05-150400.185.1 lvm2-debuginfo-2.03.05-150400.185.1 lvm2-debugsource-2.03.05-150400.185.1 - SUSE Linux Enterprise High Availability 15-SP4 (aarch64 ppc64le s390x x86_64): lvm2-lockd-2.03.05-150400.185.1 lvm2-lockd-debuginfo-2.03.05-150400.185.1 lvm2-lvmlockd-debugsource-2.03.05-150400.185.1 References: https://bugzilla.suse.com/1199074 https://bugzilla.suse.com/1203216 https://bugzilla.suse.com/1203482 From sle-updates at lists.suse.com Tue Nov 29 08:27:26 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 29 Nov 2022 09:27:26 +0100 (CET) Subject: SUSE-CU-2022:3204-1: Recommended update of suse/389-ds Message-ID: <20221129082726.31DC4F746@maintenance.suse.de> SUSE Container Update Advisory: suse/389-ds ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3204-1 Container Tags : suse/389-ds:2.0 , suse/389-ds:2.0-17.59 , suse/389-ds:latest Container Release : 17.59 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container suse/389-ds was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4256-1 Released: Mon Nov 28 12:36:32 2022 Summary: Recommended update for gcc12 Type: recommended Severity: moderate References: This update for gcc12 fixes the following issues: This update ship the GCC 12 compiler suite and its base libraries. The compiler baselibraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 11 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP3 and SP4, and provided in the 'Development Tools' module. The Go, D and Ada language compiler parts are available unsupported via the PackageHub repositories. To use gcc12 compilers use: - install 'gcc12' or 'gcc12-c++' or one of the other 'gcc12-COMPILER' frontend packages. - override your Makefile to use CC=gcc12, CXX=g++12 and similar overrides for the other languages. For a full changelog with all new GCC12 features, check out https://gcc.gnu.org/gcc-12/changes.html The following package changes have been done: - libgcc_s1-12.2.1+git416-150000.1.5.1 updated - libstdc++6-12.2.1+git416-150000.1.5.1 updated - container:sles15-image-15.0.0-27.14.21 updated From sle-updates at lists.suse.com Tue Nov 29 08:29:53 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 29 Nov 2022 09:29:53 +0100 (CET) Subject: SUSE-CU-2022:3205-1: Recommended update of bci/dotnet-aspnet Message-ID: <20221129082953.423BFF746@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-aspnet ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3205-1 Container Tags : bci/dotnet-aspnet:3.1 , bci/dotnet-aspnet:3.1-43.5 , bci/dotnet-aspnet:3.1.31 , bci/dotnet-aspnet:3.1.31-43.5 Container Release : 43.5 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container bci/dotnet-aspnet was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4256-1 Released: Mon Nov 28 12:36:32 2022 Summary: Recommended update for gcc12 Type: recommended Severity: moderate References: This update for gcc12 fixes the following issues: This update ship the GCC 12 compiler suite and its base libraries. The compiler baselibraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 11 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP3 and SP4, and provided in the 'Development Tools' module. The Go, D and Ada language compiler parts are available unsupported via the PackageHub repositories. To use gcc12 compilers use: - install 'gcc12' or 'gcc12-c++' or one of the other 'gcc12-COMPILER' frontend packages. - override your Makefile to use CC=gcc12, CXX=g++12 and similar overrides for the other languages. For a full changelog with all new GCC12 features, check out https://gcc.gnu.org/gcc-12/changes.html The following package changes have been done: - libgcc_s1-12.2.1+git416-150000.1.5.1 updated - libstdc++6-12.2.1+git416-150000.1.5.1 updated - container:sles15-image-15.0.0-27.14.21 updated From sle-updates at lists.suse.com Tue Nov 29 08:32:21 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 29 Nov 2022 09:32:21 +0100 (CET) Subject: SUSE-CU-2022:3206-1: Recommended update of bci/dotnet-aspnet Message-ID: <20221129083221.A5473F746@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-aspnet ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3206-1 Container Tags : bci/dotnet-aspnet:5.0 , bci/dotnet-aspnet:5.0-27.59 , bci/dotnet-aspnet:5.0.17 , bci/dotnet-aspnet:5.0.17-27.59 Container Release : 27.59 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container bci/dotnet-aspnet was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4256-1 Released: Mon Nov 28 12:36:32 2022 Summary: Recommended update for gcc12 Type: recommended Severity: moderate References: This update for gcc12 fixes the following issues: This update ship the GCC 12 compiler suite and its base libraries. The compiler baselibraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 11 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP3 and SP4, and provided in the 'Development Tools' module. The Go, D and Ada language compiler parts are available unsupported via the PackageHub repositories. To use gcc12 compilers use: - install 'gcc12' or 'gcc12-c++' or one of the other 'gcc12-COMPILER' frontend packages. - override your Makefile to use CC=gcc12, CXX=g++12 and similar overrides for the other languages. For a full changelog with all new GCC12 features, check out https://gcc.gnu.org/gcc-12/changes.html The following package changes have been done: - libgcc_s1-12.2.1+git416-150000.1.5.1 updated - libstdc++6-12.2.1+git416-150000.1.5.1 updated - container:sles15-image-15.0.0-27.14.21 updated From sle-updates at lists.suse.com Tue Nov 29 08:34:53 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 29 Nov 2022 09:34:53 +0100 (CET) Subject: SUSE-CU-2022:3207-1: Recommended update of bci/dotnet-aspnet Message-ID: <20221129083453.AF5CCF746@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-aspnet ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3207-1 Container Tags : bci/dotnet-aspnet:6.0 , bci/dotnet-aspnet:6.0-23.5 , bci/dotnet-aspnet:6.0.11 , bci/dotnet-aspnet:6.0.11-23.5 Container Release : 23.5 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container bci/dotnet-aspnet was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4256-1 Released: Mon Nov 28 12:36:32 2022 Summary: Recommended update for gcc12 Type: recommended Severity: moderate References: This update for gcc12 fixes the following issues: This update ship the GCC 12 compiler suite and its base libraries. The compiler baselibraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 11 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP3 and SP4, and provided in the 'Development Tools' module. The Go, D and Ada language compiler parts are available unsupported via the PackageHub repositories. To use gcc12 compilers use: - install 'gcc12' or 'gcc12-c++' or one of the other 'gcc12-COMPILER' frontend packages. - override your Makefile to use CC=gcc12, CXX=g++12 and similar overrides for the other languages. For a full changelog with all new GCC12 features, check out https://gcc.gnu.org/gcc-12/changes.html The following package changes have been done: - libgcc_s1-12.2.1+git416-150000.1.5.1 updated - libstdc++6-12.2.1+git416-150000.1.5.1 updated - container:sles15-image-15.0.0-27.14.21 updated From sle-updates at lists.suse.com Tue Nov 29 08:37:36 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 29 Nov 2022 09:37:36 +0100 (CET) Subject: SUSE-CU-2022:3208-1: Recommended update of bci/dotnet-sdk Message-ID: <20221129083736.BC5E3F746@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-sdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3208-1 Container Tags : bci/dotnet-sdk:3.1 , bci/dotnet-sdk:3.1-48.5 , bci/dotnet-sdk:3.1.31 , bci/dotnet-sdk:3.1.31-48.5 Container Release : 48.5 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container bci/dotnet-sdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4256-1 Released: Mon Nov 28 12:36:32 2022 Summary: Recommended update for gcc12 Type: recommended Severity: moderate References: This update for gcc12 fixes the following issues: This update ship the GCC 12 compiler suite and its base libraries. The compiler baselibraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 11 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP3 and SP4, and provided in the 'Development Tools' module. The Go, D and Ada language compiler parts are available unsupported via the PackageHub repositories. To use gcc12 compilers use: - install 'gcc12' or 'gcc12-c++' or one of the other 'gcc12-COMPILER' frontend packages. - override your Makefile to use CC=gcc12, CXX=g++12 and similar overrides for the other languages. For a full changelog with all new GCC12 features, check out https://gcc.gnu.org/gcc-12/changes.html The following package changes have been done: - libgcc_s1-12.2.1+git416-150000.1.5.1 updated - libstdc++6-12.2.1+git416-150000.1.5.1 updated - container:sles15-image-15.0.0-27.14.21 updated From sle-updates at lists.suse.com Tue Nov 29 08:40:09 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 29 Nov 2022 09:40:09 +0100 (CET) Subject: SUSE-CU-2022:3209-1: Recommended update of bci/dotnet-sdk Message-ID: <20221129084009.7ACB2F746@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-sdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3209-1 Container Tags : bci/dotnet-sdk:5.0 , bci/dotnet-sdk:5.0-35.58 , bci/dotnet-sdk:5.0.17 , bci/dotnet-sdk:5.0.17-35.58 Container Release : 35.58 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container bci/dotnet-sdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4256-1 Released: Mon Nov 28 12:36:32 2022 Summary: Recommended update for gcc12 Type: recommended Severity: moderate References: This update for gcc12 fixes the following issues: This update ship the GCC 12 compiler suite and its base libraries. The compiler baselibraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 11 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP3 and SP4, and provided in the 'Development Tools' module. The Go, D and Ada language compiler parts are available unsupported via the PackageHub repositories. To use gcc12 compilers use: - install 'gcc12' or 'gcc12-c++' or one of the other 'gcc12-COMPILER' frontend packages. - override your Makefile to use CC=gcc12, CXX=g++12 and similar overrides for the other languages. For a full changelog with all new GCC12 features, check out https://gcc.gnu.org/gcc-12/changes.html The following package changes have been done: - libgcc_s1-12.2.1+git416-150000.1.5.1 updated - libstdc++6-12.2.1+git416-150000.1.5.1 updated - container:sles15-image-15.0.0-27.14.21 updated From sle-updates at lists.suse.com Tue Nov 29 08:42:52 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 29 Nov 2022 09:42:52 +0100 (CET) Subject: SUSE-CU-2022:3210-1: Recommended update of bci/dotnet-sdk Message-ID: <20221129084252.36C3FF746@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-sdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3210-1 Container Tags : bci/dotnet-sdk:6.0 , bci/dotnet-sdk:6.0-25.6 , bci/dotnet-sdk:6.0.11 , bci/dotnet-sdk:6.0.11-25.6 Container Release : 25.6 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container bci/dotnet-sdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4256-1 Released: Mon Nov 28 12:36:32 2022 Summary: Recommended update for gcc12 Type: recommended Severity: moderate References: This update for gcc12 fixes the following issues: This update ship the GCC 12 compiler suite and its base libraries. The compiler baselibraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 11 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP3 and SP4, and provided in the 'Development Tools' module. The Go, D and Ada language compiler parts are available unsupported via the PackageHub repositories. To use gcc12 compilers use: - install 'gcc12' or 'gcc12-c++' or one of the other 'gcc12-COMPILER' frontend packages. - override your Makefile to use CC=gcc12, CXX=g++12 and similar overrides for the other languages. For a full changelog with all new GCC12 features, check out https://gcc.gnu.org/gcc-12/changes.html The following package changes have been done: - libgcc_s1-12.2.1+git416-150000.1.5.1 updated - libstdc++6-12.2.1+git416-150000.1.5.1 updated - container:sles15-image-15.0.0-27.14.21 updated From sle-updates at lists.suse.com Tue Nov 29 08:45:33 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 29 Nov 2022 09:45:33 +0100 (CET) Subject: SUSE-CU-2022:3211-1: Recommended update of bci/dotnet-runtime Message-ID: <20221129084533.B299AF746@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-runtime ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3211-1 Container Tags : bci/dotnet-runtime:3.1 , bci/dotnet-runtime:3.1-49.6 , bci/dotnet-runtime:3.1.31 , bci/dotnet-runtime:3.1.31-49.6 Container Release : 49.6 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container bci/dotnet-runtime was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4256-1 Released: Mon Nov 28 12:36:32 2022 Summary: Recommended update for gcc12 Type: recommended Severity: moderate References: This update for gcc12 fixes the following issues: This update ship the GCC 12 compiler suite and its base libraries. The compiler baselibraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 11 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP3 and SP4, and provided in the 'Development Tools' module. The Go, D and Ada language compiler parts are available unsupported via the PackageHub repositories. To use gcc12 compilers use: - install 'gcc12' or 'gcc12-c++' or one of the other 'gcc12-COMPILER' frontend packages. - override your Makefile to use CC=gcc12, CXX=g++12 and similar overrides for the other languages. For a full changelog with all new GCC12 features, check out https://gcc.gnu.org/gcc-12/changes.html The following package changes have been done: - libgcc_s1-12.2.1+git416-150000.1.5.1 updated - libstdc++6-12.2.1+git416-150000.1.5.1 updated - container:sles15-image-15.0.0-27.14.21 updated From sle-updates at lists.suse.com Tue Nov 29 08:48:02 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 29 Nov 2022 09:48:02 +0100 (CET) Subject: SUSE-CU-2022:3212-1: Recommended update of bci/dotnet-runtime Message-ID: <20221129084802.8FDDEF746@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-runtime ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3212-1 Container Tags : bci/dotnet-runtime:5.0 , bci/dotnet-runtime:5.0-34.57 , bci/dotnet-runtime:5.0.17 , bci/dotnet-runtime:5.0.17-34.57 Container Release : 34.57 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container bci/dotnet-runtime was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4256-1 Released: Mon Nov 28 12:36:32 2022 Summary: Recommended update for gcc12 Type: recommended Severity: moderate References: This update for gcc12 fixes the following issues: This update ship the GCC 12 compiler suite and its base libraries. The compiler baselibraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 11 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP3 and SP4, and provided in the 'Development Tools' module. The Go, D and Ada language compiler parts are available unsupported via the PackageHub repositories. To use gcc12 compilers use: - install 'gcc12' or 'gcc12-c++' or one of the other 'gcc12-COMPILER' frontend packages. - override your Makefile to use CC=gcc12, CXX=g++12 and similar overrides for the other languages. For a full changelog with all new GCC12 features, check out https://gcc.gnu.org/gcc-12/changes.html The following package changes have been done: - libgcc_s1-12.2.1+git416-150000.1.5.1 updated - libstdc++6-12.2.1+git416-150000.1.5.1 updated From sle-updates at lists.suse.com Tue Nov 29 08:50:19 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 29 Nov 2022 09:50:19 +0100 (CET) Subject: SUSE-CU-2022:3213-1: Recommended update of bci/dotnet-runtime Message-ID: <20221129085019.D4CF0F746@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-runtime ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3213-1 Container Tags : bci/dotnet-runtime:6.0 , bci/dotnet-runtime:6.0-22.5 , bci/dotnet-runtime:6.0.11 , bci/dotnet-runtime:6.0.11-22.5 Container Release : 22.5 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container bci/dotnet-runtime was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4256-1 Released: Mon Nov 28 12:36:32 2022 Summary: Recommended update for gcc12 Type: recommended Severity: moderate References: This update for gcc12 fixes the following issues: This update ship the GCC 12 compiler suite and its base libraries. The compiler baselibraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 11 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP3 and SP4, and provided in the 'Development Tools' module. The Go, D and Ada language compiler parts are available unsupported via the PackageHub repositories. To use gcc12 compilers use: - install 'gcc12' or 'gcc12-c++' or one of the other 'gcc12-COMPILER' frontend packages. - override your Makefile to use CC=gcc12, CXX=g++12 and similar overrides for the other languages. For a full changelog with all new GCC12 features, check out https://gcc.gnu.org/gcc-12/changes.html The following package changes have been done: - libgcc_s1-12.2.1+git416-150000.1.5.1 updated - libstdc++6-12.2.1+git416-150000.1.5.1 updated From sle-updates at lists.suse.com Tue Nov 29 08:54:21 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 29 Nov 2022 09:54:21 +0100 (CET) Subject: SUSE-CU-2022:3214-1: Recommended update of bci/golang Message-ID: <20221129085421.5EAFCF746@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3214-1 Container Tags : bci/golang:1.16 , bci/golang:1.16-30.100 Container Release : 30.100 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4256-1 Released: Mon Nov 28 12:36:32 2022 Summary: Recommended update for gcc12 Type: recommended Severity: moderate References: This update for gcc12 fixes the following issues: This update ship the GCC 12 compiler suite and its base libraries. The compiler baselibraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 11 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP3 and SP4, and provided in the 'Development Tools' module. The Go, D and Ada language compiler parts are available unsupported via the PackageHub repositories. To use gcc12 compilers use: - install 'gcc12' or 'gcc12-c++' or one of the other 'gcc12-COMPILER' frontend packages. - override your Makefile to use CC=gcc12, CXX=g++12 and similar overrides for the other languages. For a full changelog with all new GCC12 features, check out https://gcc.gnu.org/gcc-12/changes.html The following package changes have been done: - libgcc_s1-12.2.1+git416-150000.1.5.1 updated - libstdc++6-12.2.1+git416-150000.1.5.1 updated - libatomic1-12.2.1+git416-150000.1.5.1 updated - libgomp1-12.2.1+git416-150000.1.5.1 updated - libitm1-12.2.1+git416-150000.1.5.1 updated - liblsan0-12.2.1+git416-150000.1.5.1 updated From sle-updates at lists.suse.com Tue Nov 29 08:57:47 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 29 Nov 2022 09:57:47 +0100 (CET) Subject: SUSE-CU-2022:3215-1: Recommended update of bci/golang Message-ID: <20221129085747.68D0EF746@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3215-1 Container Tags : bci/golang:1.17 , bci/golang:1.17-29.101 Container Release : 29.101 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4236-1 Released: Fri Nov 25 18:20:32 2022 Summary: Recommended update for linux-glibc-devel Type: recommended Severity: moderate References: This update for linux-glibc-devel fixes the following issues: - Add the rest of 1.0 IAA operation definitions to the user header (jsc#PED-813). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4256-1 Released: Mon Nov 28 12:36:32 2022 Summary: Recommended update for gcc12 Type: recommended Severity: moderate References: This update for gcc12 fixes the following issues: This update ship the GCC 12 compiler suite and its base libraries. The compiler baselibraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 11 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP3 and SP4, and provided in the 'Development Tools' module. The Go, D and Ada language compiler parts are available unsupported via the PackageHub repositories. To use gcc12 compilers use: - install 'gcc12' or 'gcc12-c++' or one of the other 'gcc12-COMPILER' frontend packages. - override your Makefile to use CC=gcc12, CXX=g++12 and similar overrides for the other languages. For a full changelog with all new GCC12 features, check out https://gcc.gnu.org/gcc-12/changes.html The following package changes have been done: - libgcc_s1-12.2.1+git416-150000.1.5.1 updated - libstdc++6-12.2.1+git416-150000.1.5.1 updated - libatomic1-12.2.1+git416-150000.1.5.1 updated - libgomp1-12.2.1+git416-150000.1.5.1 updated - libitm1-12.2.1+git416-150000.1.5.1 updated - liblsan0-12.2.1+git416-150000.1.5.1 updated - linux-glibc-devel-5.14-150400.6.3.1 updated From sle-updates at lists.suse.com Tue Nov 29 09:00:37 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 29 Nov 2022 10:00:37 +0100 (CET) Subject: SUSE-CU-2022:3216-1: Recommended update of bci/golang Message-ID: <20221129090037.30EC1F746@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3216-1 Container Tags : bci/golang:1.18 , bci/golang:1.18-18.46 Container Release : 18.46 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4256-1 Released: Mon Nov 28 12:36:32 2022 Summary: Recommended update for gcc12 Type: recommended Severity: moderate References: This update for gcc12 fixes the following issues: This update ship the GCC 12 compiler suite and its base libraries. The compiler baselibraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 11 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP3 and SP4, and provided in the 'Development Tools' module. The Go, D and Ada language compiler parts are available unsupported via the PackageHub repositories. To use gcc12 compilers use: - install 'gcc12' or 'gcc12-c++' or one of the other 'gcc12-COMPILER' frontend packages. - override your Makefile to use CC=gcc12, CXX=g++12 and similar overrides for the other languages. For a full changelog with all new GCC12 features, check out https://gcc.gnu.org/gcc-12/changes.html The following package changes have been done: - libgcc_s1-12.2.1+git416-150000.1.5.1 updated - libstdc++6-12.2.1+git416-150000.1.5.1 updated - libatomic1-12.2.1+git416-150000.1.5.1 updated - libgomp1-12.2.1+git416-150000.1.5.1 updated - libitm1-12.2.1+git416-150000.1.5.1 updated - liblsan0-12.2.1+git416-150000.1.5.1 updated From sle-updates at lists.suse.com Tue Nov 29 09:00:53 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 29 Nov 2022 10:00:53 +0100 (CET) Subject: SUSE-CU-2022:3217-1: Recommended update of bci/bci-micro Message-ID: <20221129090053.D7483F790@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-micro ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3217-1 Container Tags : bci/bci-micro:15.4 , bci/bci-micro:15.4.16.2 , bci/bci-micro:latest Container Release : 16.2 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container bci/bci-micro was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4256-1 Released: Mon Nov 28 12:36:32 2022 Summary: Recommended update for gcc12 Type: recommended Severity: moderate References: This update for gcc12 fixes the following issues: This update ship the GCC 12 compiler suite and its base libraries. The compiler baselibraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 11 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP3 and SP4, and provided in the 'Development Tools' module. The Go, D and Ada language compiler parts are available unsupported via the PackageHub repositories. To use gcc12 compilers use: - install 'gcc12' or 'gcc12-c++' or one of the other 'gcc12-COMPILER' frontend packages. - override your Makefile to use CC=gcc12, CXX=g++12 and similar overrides for the other languages. For a full changelog with all new GCC12 features, check out https://gcc.gnu.org/gcc-12/changes.html The following package changes have been done: - libgcc_s1-12.2.1+git416-150000.1.5.1 updated - libstdc++6-12.2.1+git416-150000.1.5.1 updated From sle-updates at lists.suse.com Tue Nov 29 09:01:26 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 29 Nov 2022 10:01:26 +0100 (CET) Subject: SUSE-CU-2022:3218-1: Recommended update of bci/bci-minimal Message-ID: <20221129090126.21DCEF746@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-minimal ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3218-1 Container Tags : bci/bci-minimal:15.4 , bci/bci-minimal:15.4.16.6 , bci/bci-minimal:latest Container Release : 16.6 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container bci/bci-minimal was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4256-1 Released: Mon Nov 28 12:36:32 2022 Summary: Recommended update for gcc12 Type: recommended Severity: moderate References: This update for gcc12 fixes the following issues: This update ship the GCC 12 compiler suite and its base libraries. The compiler baselibraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 11 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP3 and SP4, and provided in the 'Development Tools' module. The Go, D and Ada language compiler parts are available unsupported via the PackageHub repositories. To use gcc12 compilers use: - install 'gcc12' or 'gcc12-c++' or one of the other 'gcc12-COMPILER' frontend packages. - override your Makefile to use CC=gcc12, CXX=g++12 and similar overrides for the other languages. For a full changelog with all new GCC12 features, check out https://gcc.gnu.org/gcc-12/changes.html The following package changes have been done: - libgcc_s1-12.2.1+git416-150000.1.5.1 updated - libstdc++6-12.2.1+git416-150000.1.5.1 updated - container:micro-image-15.4.0-16.2 updated From sle-updates at lists.suse.com Tue Nov 29 09:03:27 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 29 Nov 2022 10:03:27 +0100 (CET) Subject: SUSE-CU-2022:3219-1: Security update of bci/nodejs Message-ID: <20221129090327.75DC2F746@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3219-1 Container Tags : bci/node:14 , bci/node:14-35.43 , bci/nodejs:14 , bci/nodejs:14-35.43 Container Release : 35.43 Severity : important Type : security References : 1205119 CVE-2022-43548 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4255-1 Released: Mon Nov 28 12:30:26 2022 Summary: Security update for nodejs14 Type: security Severity: important References: 1205119,CVE-2022-43548 This update for nodejs14 fixes the following issues: - Update to 14.21.1: - CVE-2022-43548: Fixed DNS rebinding in --inspect via invalid octal IP address (bsc#1205119). - Update to 14.21.0: - src: add --openssl-shared-config option ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4256-1 Released: Mon Nov 28 12:36:32 2022 Summary: Recommended update for gcc12 Type: recommended Severity: moderate References: This update for gcc12 fixes the following issues: This update ship the GCC 12 compiler suite and its base libraries. The compiler baselibraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 11 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP3 and SP4, and provided in the 'Development Tools' module. The Go, D and Ada language compiler parts are available unsupported via the PackageHub repositories. To use gcc12 compilers use: - install 'gcc12' or 'gcc12-c++' or one of the other 'gcc12-COMPILER' frontend packages. - override your Makefile to use CC=gcc12, CXX=g++12 and similar overrides for the other languages. For a full changelog with all new GCC12 features, check out https://gcc.gnu.org/gcc-12/changes.html The following package changes have been done: - libgcc_s1-12.2.1+git416-150000.1.5.1 updated - libstdc++6-12.2.1+git416-150000.1.5.1 updated - nodejs14-14.21.1-150200.15.40.2 updated - npm14-14.21.1-150200.15.40.2 updated - container:sles15-image-15.0.0-27.14.21 updated From sle-updates at lists.suse.com Tue Nov 29 09:04:46 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 29 Nov 2022 10:04:46 +0100 (CET) Subject: SUSE-CU-2022:3220-1: Recommended update of bci/nodejs Message-ID: <20221129090446.8D015F746@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3220-1 Container Tags : bci/node:16 , bci/node:16-11.43 , bci/node:latest , bci/nodejs:16 , bci/nodejs:16-11.43 , bci/nodejs:latest Container Release : 11.43 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4256-1 Released: Mon Nov 28 12:36:32 2022 Summary: Recommended update for gcc12 Type: recommended Severity: moderate References: This update for gcc12 fixes the following issues: This update ship the GCC 12 compiler suite and its base libraries. The compiler baselibraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 11 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP3 and SP4, and provided in the 'Development Tools' module. The Go, D and Ada language compiler parts are available unsupported via the PackageHub repositories. To use gcc12 compilers use: - install 'gcc12' or 'gcc12-c++' or one of the other 'gcc12-COMPILER' frontend packages. - override your Makefile to use CC=gcc12, CXX=g++12 and similar overrides for the other languages. For a full changelog with all new GCC12 features, check out https://gcc.gnu.org/gcc-12/changes.html The following package changes have been done: - libgcc_s1-12.2.1+git416-150000.1.5.1 updated - libstdc++6-12.2.1+git416-150000.1.5.1 updated - container:sles15-image-15.0.0-27.14.21 updated From sle-updates at lists.suse.com Tue Nov 29 09:08:28 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 29 Nov 2022 10:08:28 +0100 (CET) Subject: SUSE-CU-2022:3221-1: Recommended update of bci/openjdk-devel Message-ID: <20221129090828.C4B02F746@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3221-1 Container Tags : bci/openjdk-devel:11 , bci/openjdk-devel:11-36.94 , bci/openjdk-devel:latest Container Release : 36.94 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4256-1 Released: Mon Nov 28 12:36:32 2022 Summary: Recommended update for gcc12 Type: recommended Severity: moderate References: This update for gcc12 fixes the following issues: This update ship the GCC 12 compiler suite and its base libraries. The compiler baselibraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 11 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP3 and SP4, and provided in the 'Development Tools' module. The Go, D and Ada language compiler parts are available unsupported via the PackageHub repositories. To use gcc12 compilers use: - install 'gcc12' or 'gcc12-c++' or one of the other 'gcc12-COMPILER' frontend packages. - override your Makefile to use CC=gcc12, CXX=g++12 and similar overrides for the other languages. For a full changelog with all new GCC12 features, check out https://gcc.gnu.org/gcc-12/changes.html The following package changes have been done: - libgcc_s1-12.2.1+git416-150000.1.5.1 updated - libstdc++6-12.2.1+git416-150000.1.5.1 updated - container:bci-openjdk-11-15.4-32.45 updated From sle-updates at lists.suse.com Tue Nov 29 09:11:30 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 29 Nov 2022 10:11:30 +0100 (CET) Subject: SUSE-CU-2022:3222-1: Recommended update of bci/openjdk Message-ID: <20221129091130.9F792F746@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3222-1 Container Tags : bci/openjdk:11 , bci/openjdk:11-32.45 , bci/openjdk:latest Container Release : 32.45 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4256-1 Released: Mon Nov 28 12:36:32 2022 Summary: Recommended update for gcc12 Type: recommended Severity: moderate References: This update for gcc12 fixes the following issues: This update ship the GCC 12 compiler suite and its base libraries. The compiler baselibraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 11 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP3 and SP4, and provided in the 'Development Tools' module. The Go, D and Ada language compiler parts are available unsupported via the PackageHub repositories. To use gcc12 compilers use: - install 'gcc12' or 'gcc12-c++' or one of the other 'gcc12-COMPILER' frontend packages. - override your Makefile to use CC=gcc12, CXX=g++12 and similar overrides for the other languages. For a full changelog with all new GCC12 features, check out https://gcc.gnu.org/gcc-12/changes.html The following package changes have been done: - libgcc_s1-12.2.1+git416-150000.1.5.1 updated - libstdc++6-12.2.1+git416-150000.1.5.1 updated - container:sles15-image-15.0.0-27.14.21 updated From sle-updates at lists.suse.com Tue Nov 29 09:13:11 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 29 Nov 2022 10:13:11 +0100 (CET) Subject: SUSE-CU-2022:3223-1: Recommended update of bci/python Message-ID: <20221129091311.35162F746@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3223-1 Container Tags : bci/python:3 , bci/python:3.10 , bci/python:3.10-8.7 , bci/python:latest Container Release : 8.7 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4256-1 Released: Mon Nov 28 12:36:32 2022 Summary: Recommended update for gcc12 Type: recommended Severity: moderate References: This update for gcc12 fixes the following issues: This update ship the GCC 12 compiler suite and its base libraries. The compiler baselibraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 11 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP3 and SP4, and provided in the 'Development Tools' module. The Go, D and Ada language compiler parts are available unsupported via the PackageHub repositories. To use gcc12 compilers use: - install 'gcc12' or 'gcc12-c++' or one of the other 'gcc12-COMPILER' frontend packages. - override your Makefile to use CC=gcc12, CXX=g++12 and similar overrides for the other languages. For a full changelog with all new GCC12 features, check out https://gcc.gnu.org/gcc-12/changes.html The following package changes have been done: - libgcc_s1-12.2.1+git416-150000.1.5.1 updated - libstdc++6-12.2.1+git416-150000.1.5.1 updated - container:sles15-image-15.0.0-27.14.21 updated From sle-updates at lists.suse.com Tue Nov 29 09:15:04 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 29 Nov 2022 10:15:04 +0100 (CET) Subject: SUSE-CU-2022:3224-1: Recommended update of bci/python Message-ID: <20221129091504.253CCF746@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3224-1 Container Tags : bci/python:3 , bci/python:3.6 , bci/python:3.6-31.6 Container Release : 31.6 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4256-1 Released: Mon Nov 28 12:36:32 2022 Summary: Recommended update for gcc12 Type: recommended Severity: moderate References: This update for gcc12 fixes the following issues: This update ship the GCC 12 compiler suite and its base libraries. The compiler baselibraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 11 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP3 and SP4, and provided in the 'Development Tools' module. The Go, D and Ada language compiler parts are available unsupported via the PackageHub repositories. To use gcc12 compilers use: - install 'gcc12' or 'gcc12-c++' or one of the other 'gcc12-COMPILER' frontend packages. - override your Makefile to use CC=gcc12, CXX=g++12 and similar overrides for the other languages. For a full changelog with all new GCC12 features, check out https://gcc.gnu.org/gcc-12/changes.html The following package changes have been done: - libgcc_s1-12.2.1+git416-150000.1.5.1 updated - libstdc++6-12.2.1+git416-150000.1.5.1 updated From sle-updates at lists.suse.com Tue Nov 29 11:21:03 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 29 Nov 2022 12:21:03 +0100 (CET) Subject: SUSE-RU-2022:4263-1: important: Recommended update for python-pyperclip Message-ID: <20221129112103.98C54F7A5@maintenance.suse.de> SUSE Recommended Update: Recommended update for python-pyperclip ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:4263-1 Rating: important References: #1203743 Affected Products: SUSE Enterprise Storage 6 SUSE Enterprise Storage 7 SUSE Enterprise Storage 7.1 SUSE Linux Enterprise High Performance Computing 15-SP1 SUSE Linux Enterprise High Performance Computing 15-SP2 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 SUSE Linux Enterprise Module for Public Cloud 15-SP1 SUSE Linux Enterprise Module for Public Cloud 15-SP2 SUSE Linux Enterprise Module for Public Cloud 15-SP3 SUSE Linux Enterprise Module for Public Cloud 15-SP4 SUSE Linux Enterprise Server 15-SP1 SUSE Linux Enterprise Server 15-SP2 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP1 SUSE Linux Enterprise Server for SAP Applications 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.0 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.0 SUSE Manager Retail Branch Server 4.1 SUSE Manager Retail Branch Server 4.2 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.0 SUSE Manager Server 4.1 SUSE Manager Server 4.2 SUSE Manager Server 4.3 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for python-pyperclip fixes the following issues: - Fix build failures on SUSE Linux Enterprise 15 Service Pack 5 (bsc#1203743) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-4263=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-4263=1 - SUSE Linux Enterprise Module for Public Cloud 15-SP4: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP4-2022-4263=1 - SUSE Linux Enterprise Module for Public Cloud 15-SP3: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP3-2022-4263=1 - SUSE Linux Enterprise Module for Public Cloud 15-SP2: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP2-2022-4263=1 - SUSE Linux Enterprise Module for Public Cloud 15-SP1: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP1-2022-4263=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2022-4263=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP3-2022-4263=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-4263=1 Package List: - openSUSE Leap 15.4 (noarch): python3-pyperclip-1.6.0-150000.3.3.1 - openSUSE Leap 15.3 (noarch): python2-pyperclip-1.6.0-150000.3.3.1 python3-pyperclip-1.6.0-150000.3.3.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP4 (noarch): python3-pyperclip-1.6.0-150000.3.3.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP3 (noarch): python3-pyperclip-1.6.0-150000.3.3.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP2 (noarch): python3-pyperclip-1.6.0-150000.3.3.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP1 (noarch): python3-pyperclip-1.6.0-150000.3.3.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 (noarch): python2-pyperclip-1.6.0-150000.3.3.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (noarch): python2-pyperclip-1.6.0-150000.3.3.1 - SUSE Enterprise Storage 6 (noarch): python3-pyperclip-1.6.0-150000.3.3.1 References: https://bugzilla.suse.com/1203743 From sle-updates at lists.suse.com Tue Nov 29 14:20:17 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 29 Nov 2022 15:20:17 +0100 (CET) Subject: SUSE-RU-2022:4268-1: moderate: Recommended update for kubernetes1.23 Message-ID: <20221129142017.3BE6CF790@maintenance.suse.de> SUSE Recommended Update: Recommended update for kubernetes1.23 ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:4268-1 Rating: moderate References: #1195391 SLE-24655 Affected Products: SUSE Enterprise Storage 7.1 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Containers 15-SP3 SUSE Linux Enterprise Module for Containers 15-SP4 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.2 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.2 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.2 SUSE Manager Server 4.3 ______________________________________________________________________________ An update that has one recommended fix and contains one feature can now be installed. Description: This update for kubernetes1.23 fixes the following issues: - Add kubernetes 1.23.9 (bsc#1195391) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Containers 15-SP4: zypper in -t patch SUSE-SLE-Module-Containers-15-SP4-2022-4268=1 - SUSE Linux Enterprise Module for Containers 15-SP3: zypper in -t patch SUSE-SLE-Module-Containers-15-SP3-2022-4268=1 Package List: - SUSE Linux Enterprise Module for Containers 15-SP4 (aarch64 ppc64le s390x x86_64): kubernetes1.23-client-1.23.9-150300.7.3.5 kubernetes1.23-client-common-1.23.9-150300.7.3.5 - SUSE Linux Enterprise Module for Containers 15-SP4 (ppc64le): kubernetes1.23-client-debuginfo-1.23.9-150300.7.3.5 - SUSE Linux Enterprise Module for Containers 15-SP3 (aarch64 ppc64le s390x x86_64): kubernetes1.23-client-1.23.9-150300.7.3.5 kubernetes1.23-client-common-1.23.9-150300.7.3.5 - SUSE Linux Enterprise Module for Containers 15-SP3 (ppc64le): kubernetes1.23-client-debuginfo-1.23.9-150300.7.3.5 References: https://bugzilla.suse.com/1195391 From sle-updates at lists.suse.com Tue Nov 29 14:21:07 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 29 Nov 2022 15:21:07 +0100 (CET) Subject: SUSE-SU-2022:4266-1: important: Security update for nginx Message-ID: <20221129142107.BC7B1F790@maintenance.suse.de> SUSE Security Update: Security update for nginx ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:4266-1 Rating: important References: #1187685 Cross-References: CVE-2021-3618 CVSS scores: CVE-2021-3618 (NVD) : 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N CVE-2021-3618 (SUSE): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server for SAP 15-SP1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for nginx fixes the following issues: - CVE-2021-3618: Fixed the ALPACA attack limiting the number of errors after which the connection is closed (bsc#1187685). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-4266=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-4266=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-4266=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-4266=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-4266=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-4266=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): nginx-1.16.1-150100.6.16.1 nginx-debuginfo-1.16.1-150100.6.16.1 nginx-debugsource-1.16.1-150100.6.16.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (noarch): nginx-source-1.16.1-150100.6.16.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): nginx-1.16.1-150100.6.16.1 nginx-debuginfo-1.16.1-150100.6.16.1 nginx-debugsource-1.16.1-150100.6.16.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (noarch): nginx-source-1.16.1-150100.6.16.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): nginx-1.16.1-150100.6.16.1 nginx-debuginfo-1.16.1-150100.6.16.1 nginx-debugsource-1.16.1-150100.6.16.1 - SUSE Linux Enterprise Server 15-SP1-BCL (noarch): nginx-source-1.16.1-150100.6.16.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): nginx-1.16.1-150100.6.16.1 nginx-debuginfo-1.16.1-150100.6.16.1 nginx-debugsource-1.16.1-150100.6.16.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (noarch): nginx-source-1.16.1-150100.6.16.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): nginx-1.16.1-150100.6.16.1 nginx-debuginfo-1.16.1-150100.6.16.1 nginx-debugsource-1.16.1-150100.6.16.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (noarch): nginx-source-1.16.1-150100.6.16.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): nginx-1.16.1-150100.6.16.1 nginx-debuginfo-1.16.1-150100.6.16.1 nginx-debugsource-1.16.1-150100.6.16.1 - SUSE Enterprise Storage 6 (noarch): nginx-source-1.16.1-150100.6.16.1 - SUSE CaaS Platform 4.0 (noarch): nginx-source-1.16.1-150100.6.16.1 - SUSE CaaS Platform 4.0 (x86_64): nginx-1.16.1-150100.6.16.1 nginx-debuginfo-1.16.1-150100.6.16.1 nginx-debugsource-1.16.1-150100.6.16.1 References: https://www.suse.com/security/cve/CVE-2021-3618.html https://bugzilla.suse.com/1187685 From sle-updates at lists.suse.com Tue Nov 29 14:21:55 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 29 Nov 2022 15:21:55 +0100 (CET) Subject: SUSE-RU-2022:4267-1: important: Recommended update for cockpit-tukit and transactional-update Message-ID: <20221129142155.82C36F790@maintenance.suse.de> SUSE Recommended Update: Recommended update for cockpit-tukit and transactional-update ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:4267-1 Rating: important References: #1188215 #1196149 #1197242 #1202147 Affected Products: SUSE Linux Enterprise Micro 5.2 openSUSE Leap Micro 5.2 ______________________________________________________________________________ An update that has four recommended fixes can now be installed. Description: This update for cockpit-tukit and transactional-update fixes the following issues: cockpit-tukit: - Add support for dict-format snapshots List - Change help URL to official docs - Fix URIError: malformed URI sequence - Fix filemane+duplications - Hide snapshot item extension part - Update translations transactional-update: - Handle directories owned by multiple packages [gh#openSUSE/transactional-update#90], [bsc#1188215] - Changed "List" method of Snapshot D-Bus interface to return a map of properties instead of a comma separated list of strings; this will allow retrieving the snapshot properties even if they contain a comma in their value (bsc#1202147) - Add documented D-Bus interface definition files - Add header file documentation for SnapshotManager.hpp - Add method to delete snapshot - Allow setting description of snapshot - Fix issue with "shell" prompt after selfupdate - Fix issue with logrotate due to typo in the configuration file - Fix C error and exception handling for snapshots - Fix stack overflow with very long commands / ids (bsc#1196149) - Moved logrotate files from user specific directory /etc/logrotate.d to vendor specific directory /usr/etc/logrotate.d - Remove "Snapshot.hpp" as a public API for now - all public functionality is part of SnapshotManager.hpp - Use separate mount namespace for chroot, allowing overwriting the bind mounts from the update environment - this could have lead to data loss of the bind mount previously - create_dirs_from_rpmdb: Fix handling return code of create_dirs() - create_dirs_from_rpmdb: set SELinux file context of missing directories (bsc#1197242) - create_dirs_from_rpmdb: Give a warning if no default SELinux context found (bsc#1188215) - create_dirs_from_rpmdb: Don't update the rpmdb cookie on failure Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap Micro 5.2: zypper in -t patch openSUSE-Leap-Micro-5.2-2022-4267=1 - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-4267=1 Package List: - openSUSE Leap Micro 5.2 (aarch64 x86_64): libtukit4-4.0.1-150300.3.8.1 libtukit4-debuginfo-4.0.1-150300.3.8.1 transactional-update-4.0.1-150300.3.8.1 transactional-update-debuginfo-4.0.1-150300.3.8.1 transactional-update-debugsource-4.0.1-150300.3.8.1 tukit-4.0.1-150300.3.8.1 tukit-debuginfo-4.0.1-150300.3.8.1 tukitd-4.0.1-150300.3.8.1 tukitd-debuginfo-4.0.1-150300.3.8.1 - openSUSE Leap Micro 5.2 (noarch): dracut-transactional-update-4.0.1-150300.3.8.1 transactional-update-zypp-config-4.0.1-150300.3.8.1 - SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64): libtukit4-4.0.1-150300.3.8.1 libtukit4-debuginfo-4.0.1-150300.3.8.1 transactional-update-4.0.1-150300.3.8.1 transactional-update-debuginfo-4.0.1-150300.3.8.1 transactional-update-debugsource-4.0.1-150300.3.8.1 tukit-4.0.1-150300.3.8.1 tukit-debuginfo-4.0.1-150300.3.8.1 tukitd-4.0.1-150300.3.8.1 tukitd-debuginfo-4.0.1-150300.3.8.1 - SUSE Linux Enterprise Micro 5.2 (noarch): cockpit-tukit-0.0.3~git14.ff11a9a-150300.1.6.1 dracut-transactional-update-4.0.1-150300.3.8.1 transactional-update-zypp-config-4.0.1-150300.3.8.1 References: https://bugzilla.suse.com/1188215 https://bugzilla.suse.com/1196149 https://bugzilla.suse.com/1197242 https://bugzilla.suse.com/1202147 From sle-updates at lists.suse.com Tue Nov 29 14:22:59 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 29 Nov 2022 15:22:59 +0100 (CET) Subject: SUSE-SU-2022:4265-1: important: Security update for nginx Message-ID: <20221129142259.72CCFF790@maintenance.suse.de> SUSE Security Update: Security update for nginx ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:4265-1 Rating: important References: #1187685 Cross-References: CVE-2021-3618 CVSS scores: CVE-2021-3618 (NVD) : 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N CVE-2021-3618 (SUSE): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N Affected Products: SUSE Enterprise Storage 7 SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Manager Proxy 4.1 SUSE Manager Retail Branch Server 4.1 SUSE Manager Server 4.1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for nginx fixes the following issues: - CVE-2021-3618: Fixed the ALPACA attack limiting the number of errors after which the connection is closed (bsc#1187685). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-4265=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-4265=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-4265=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-4265=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-4265=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-4265=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-4265=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-4265=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-4265=1 Package List: - SUSE Manager Server 4.1 (ppc64le s390x x86_64): nginx-1.16.1-150200.3.9.1 nginx-debuginfo-1.16.1-150200.3.9.1 nginx-debugsource-1.16.1-150200.3.9.1 - SUSE Manager Server 4.1 (noarch): nginx-source-1.16.1-150200.3.9.1 - SUSE Manager Retail Branch Server 4.1 (noarch): nginx-source-1.16.1-150200.3.9.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): nginx-1.16.1-150200.3.9.1 nginx-debuginfo-1.16.1-150200.3.9.1 nginx-debugsource-1.16.1-150200.3.9.1 - SUSE Manager Proxy 4.1 (x86_64): nginx-1.16.1-150200.3.9.1 nginx-debuginfo-1.16.1-150200.3.9.1 nginx-debugsource-1.16.1-150200.3.9.1 - SUSE Manager Proxy 4.1 (noarch): nginx-source-1.16.1-150200.3.9.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): nginx-1.16.1-150200.3.9.1 nginx-debuginfo-1.16.1-150200.3.9.1 nginx-debugsource-1.16.1-150200.3.9.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (noarch): nginx-source-1.16.1-150200.3.9.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): nginx-1.16.1-150200.3.9.1 nginx-debuginfo-1.16.1-150200.3.9.1 nginx-debugsource-1.16.1-150200.3.9.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (noarch): nginx-source-1.16.1-150200.3.9.1 - SUSE Linux Enterprise Server 15-SP2-BCL (noarch): nginx-source-1.16.1-150200.3.9.1 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): nginx-1.16.1-150200.3.9.1 nginx-debuginfo-1.16.1-150200.3.9.1 nginx-debugsource-1.16.1-150200.3.9.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): nginx-1.16.1-150200.3.9.1 nginx-debuginfo-1.16.1-150200.3.9.1 nginx-debugsource-1.16.1-150200.3.9.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (noarch): nginx-source-1.16.1-150200.3.9.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): nginx-1.16.1-150200.3.9.1 nginx-debuginfo-1.16.1-150200.3.9.1 nginx-debugsource-1.16.1-150200.3.9.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (noarch): nginx-source-1.16.1-150200.3.9.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): nginx-1.16.1-150200.3.9.1 nginx-debuginfo-1.16.1-150200.3.9.1 nginx-debugsource-1.16.1-150200.3.9.1 - SUSE Enterprise Storage 7 (noarch): nginx-source-1.16.1-150200.3.9.1 References: https://www.suse.com/security/cve/CVE-2021-3618.html https://bugzilla.suse.com/1187685 From sle-updates at lists.suse.com Tue Nov 29 17:26:31 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 29 Nov 2022 18:26:31 +0100 (CET) Subject: SUSE-RU-2022:4270-1: moderate: Recommended update for lvm2 Message-ID: <20221129172631.E3551F7A5@maintenance.suse.de> SUSE Recommended Update: Recommended update for lvm2 ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:4270-1 Rating: moderate References: #1198523 #1199074 #1203216 Affected Products: SUSE Enterprise Storage 7 SUSE Enterprise Storage 7.1 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Availability 15-SP2 SUSE Linux Enterprise High Availability 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP2 SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Server 15-SP2 SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.1 SUSE Manager Retail Branch Server 4.2 SUSE Manager Server 4.1 SUSE Manager Server 4.2 openSUSE Leap 15.3 openSUSE Leap Micro 5.2 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for lvm2 fixes the following issues: - Design changes to avoid kernel panic (bsc#1198523) - Fix device-mapper rpm package versioning to prevent migration issues (bsc#1199074) - killed lvmlockd doesn't clear/adopt locks leading to inability to start volume group (bsc#1203216) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap Micro 5.2: zypper in -t patch openSUSE-Leap-Micro-5.2-2022-4270=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-4270=1 - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-4270=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-4270=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-4270=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-4270=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-4270=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-4270=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-4270=1 - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-4270=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-4270=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-4270=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-4270=1 - SUSE Linux Enterprise High Availability 15-SP3: zypper in -t patch SUSE-SLE-Product-HA-15-SP3-2022-4270=1 - SUSE Linux Enterprise High Availability 15-SP2: zypper in -t patch SUSE-SLE-Product-HA-15-SP2-2022-4270=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-4270=1 Package List: - openSUSE Leap Micro 5.2 (aarch64 x86_64): device-mapper-2.03.05_1.02.163-150200.8.49.1 device-mapper-debuginfo-2.03.05_1.02.163-150200.8.49.1 libdevmapper-event1_03-2.03.05_1.02.163-150200.8.49.1 libdevmapper-event1_03-debuginfo-2.03.05_1.02.163-150200.8.49.1 libdevmapper1_03-2.03.05_1.02.163-150200.8.49.1 libdevmapper1_03-debuginfo-2.03.05_1.02.163-150200.8.49.1 liblvm2cmd2_03-2.03.05-150200.8.49.1 liblvm2cmd2_03-debuginfo-2.03.05-150200.8.49.1 lvm2-2.03.05-150200.8.49.1 lvm2-debuginfo-2.03.05-150200.8.49.1 lvm2-debugsource-2.03.05-150200.8.49.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): device-mapper-2.03.05_1.02.163-150200.8.49.1 device-mapper-debuginfo-2.03.05_1.02.163-150200.8.49.1 device-mapper-devel-2.03.05_1.02.163-150200.8.49.1 libdevmapper-event1_03-2.03.05_1.02.163-150200.8.49.1 libdevmapper-event1_03-debuginfo-2.03.05_1.02.163-150200.8.49.1 libdevmapper1_03-2.03.05_1.02.163-150200.8.49.1 libdevmapper1_03-debuginfo-2.03.05_1.02.163-150200.8.49.1 liblvm2cmd2_03-2.03.05-150200.8.49.1 liblvm2cmd2_03-debuginfo-2.03.05-150200.8.49.1 lvm2-2.03.05-150200.8.49.1 lvm2-debuginfo-2.03.05-150200.8.49.1 lvm2-debugsource-2.03.05-150200.8.49.1 lvm2-devel-2.03.05-150200.8.49.1 lvm2-device-mapper-debugsource-2.03.05-150200.8.49.1 lvm2-lockd-2.03.05-150200.8.49.1 lvm2-lockd-debuginfo-2.03.05-150200.8.49.1 lvm2-lvmlockd-debugsource-2.03.05-150200.8.49.1 lvm2-testsuite-2.03.05-150200.8.49.1 lvm2-testsuite-debuginfo-2.03.05-150200.8.49.1 - openSUSE Leap 15.3 (x86_64): device-mapper-devel-32bit-2.03.05_1.02.163-150200.8.49.1 libdevmapper-event1_03-32bit-2.03.05_1.02.163-150200.8.49.1 libdevmapper-event1_03-32bit-debuginfo-2.03.05_1.02.163-150200.8.49.1 libdevmapper1_03-32bit-2.03.05_1.02.163-150200.8.49.1 libdevmapper1_03-32bit-debuginfo-2.03.05_1.02.163-150200.8.49.1 - SUSE Manager Server 4.1 (ppc64le s390x x86_64): device-mapper-2.03.05_1.02.163-150200.8.49.1 device-mapper-debuginfo-2.03.05_1.02.163-150200.8.49.1 device-mapper-devel-2.03.05_1.02.163-150200.8.49.1 libdevmapper-event1_03-2.03.05_1.02.163-150200.8.49.1 libdevmapper-event1_03-debuginfo-2.03.05_1.02.163-150200.8.49.1 libdevmapper1_03-2.03.05_1.02.163-150200.8.49.1 libdevmapper1_03-debuginfo-2.03.05_1.02.163-150200.8.49.1 liblvm2cmd2_03-2.03.05-150200.8.49.1 liblvm2cmd2_03-debuginfo-2.03.05-150200.8.49.1 lvm2-2.03.05-150200.8.49.1 lvm2-debuginfo-2.03.05-150200.8.49.1 lvm2-debugsource-2.03.05-150200.8.49.1 lvm2-devel-2.03.05-150200.8.49.1 - SUSE Manager Server 4.1 (x86_64): libdevmapper1_03-32bit-2.03.05_1.02.163-150200.8.49.1 libdevmapper1_03-32bit-debuginfo-2.03.05_1.02.163-150200.8.49.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): device-mapper-2.03.05_1.02.163-150200.8.49.1 device-mapper-debuginfo-2.03.05_1.02.163-150200.8.49.1 device-mapper-devel-2.03.05_1.02.163-150200.8.49.1 libdevmapper-event1_03-2.03.05_1.02.163-150200.8.49.1 libdevmapper-event1_03-debuginfo-2.03.05_1.02.163-150200.8.49.1 libdevmapper1_03-2.03.05_1.02.163-150200.8.49.1 libdevmapper1_03-32bit-2.03.05_1.02.163-150200.8.49.1 libdevmapper1_03-32bit-debuginfo-2.03.05_1.02.163-150200.8.49.1 libdevmapper1_03-debuginfo-2.03.05_1.02.163-150200.8.49.1 liblvm2cmd2_03-2.03.05-150200.8.49.1 liblvm2cmd2_03-debuginfo-2.03.05-150200.8.49.1 lvm2-2.03.05-150200.8.49.1 lvm2-debuginfo-2.03.05-150200.8.49.1 lvm2-debugsource-2.03.05-150200.8.49.1 lvm2-devel-2.03.05-150200.8.49.1 - SUSE Manager Proxy 4.1 (x86_64): device-mapper-2.03.05_1.02.163-150200.8.49.1 device-mapper-debuginfo-2.03.05_1.02.163-150200.8.49.1 device-mapper-devel-2.03.05_1.02.163-150200.8.49.1 libdevmapper-event1_03-2.03.05_1.02.163-150200.8.49.1 libdevmapper-event1_03-debuginfo-2.03.05_1.02.163-150200.8.49.1 libdevmapper1_03-2.03.05_1.02.163-150200.8.49.1 libdevmapper1_03-32bit-2.03.05_1.02.163-150200.8.49.1 libdevmapper1_03-32bit-debuginfo-2.03.05_1.02.163-150200.8.49.1 libdevmapper1_03-debuginfo-2.03.05_1.02.163-150200.8.49.1 liblvm2cmd2_03-2.03.05-150200.8.49.1 liblvm2cmd2_03-debuginfo-2.03.05-150200.8.49.1 lvm2-2.03.05-150200.8.49.1 lvm2-debuginfo-2.03.05-150200.8.49.1 lvm2-debugsource-2.03.05-150200.8.49.1 lvm2-devel-2.03.05-150200.8.49.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): device-mapper-2.03.05_1.02.163-150200.8.49.1 device-mapper-debuginfo-2.03.05_1.02.163-150200.8.49.1 device-mapper-devel-2.03.05_1.02.163-150200.8.49.1 libdevmapper-event1_03-2.03.05_1.02.163-150200.8.49.1 libdevmapper-event1_03-debuginfo-2.03.05_1.02.163-150200.8.49.1 libdevmapper1_03-2.03.05_1.02.163-150200.8.49.1 libdevmapper1_03-debuginfo-2.03.05_1.02.163-150200.8.49.1 liblvm2cmd2_03-2.03.05-150200.8.49.1 liblvm2cmd2_03-debuginfo-2.03.05-150200.8.49.1 lvm2-2.03.05-150200.8.49.1 lvm2-debuginfo-2.03.05-150200.8.49.1 lvm2-debugsource-2.03.05-150200.8.49.1 lvm2-devel-2.03.05-150200.8.49.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (x86_64): libdevmapper1_03-32bit-2.03.05_1.02.163-150200.8.49.1 libdevmapper1_03-32bit-debuginfo-2.03.05_1.02.163-150200.8.49.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): device-mapper-2.03.05_1.02.163-150200.8.49.1 device-mapper-debuginfo-2.03.05_1.02.163-150200.8.49.1 device-mapper-devel-2.03.05_1.02.163-150200.8.49.1 libdevmapper-event1_03-2.03.05_1.02.163-150200.8.49.1 libdevmapper-event1_03-debuginfo-2.03.05_1.02.163-150200.8.49.1 libdevmapper1_03-2.03.05_1.02.163-150200.8.49.1 libdevmapper1_03-debuginfo-2.03.05_1.02.163-150200.8.49.1 liblvm2cmd2_03-2.03.05-150200.8.49.1 liblvm2cmd2_03-debuginfo-2.03.05-150200.8.49.1 lvm2-2.03.05-150200.8.49.1 lvm2-debuginfo-2.03.05-150200.8.49.1 lvm2-debugsource-2.03.05-150200.8.49.1 lvm2-devel-2.03.05-150200.8.49.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (x86_64): libdevmapper1_03-32bit-2.03.05_1.02.163-150200.8.49.1 libdevmapper1_03-32bit-debuginfo-2.03.05_1.02.163-150200.8.49.1 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): device-mapper-2.03.05_1.02.163-150200.8.49.1 device-mapper-debuginfo-2.03.05_1.02.163-150200.8.49.1 device-mapper-devel-2.03.05_1.02.163-150200.8.49.1 libdevmapper-event1_03-2.03.05_1.02.163-150200.8.49.1 libdevmapper-event1_03-debuginfo-2.03.05_1.02.163-150200.8.49.1 libdevmapper1_03-2.03.05_1.02.163-150200.8.49.1 libdevmapper1_03-32bit-2.03.05_1.02.163-150200.8.49.1 libdevmapper1_03-32bit-debuginfo-2.03.05_1.02.163-150200.8.49.1 libdevmapper1_03-debuginfo-2.03.05_1.02.163-150200.8.49.1 liblvm2cmd2_03-2.03.05-150200.8.49.1 liblvm2cmd2_03-debuginfo-2.03.05-150200.8.49.1 lvm2-2.03.05-150200.8.49.1 lvm2-debuginfo-2.03.05-150200.8.49.1 lvm2-debugsource-2.03.05-150200.8.49.1 lvm2-devel-2.03.05-150200.8.49.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): device-mapper-2.03.05_1.02.163-150200.8.49.1 device-mapper-debuginfo-2.03.05_1.02.163-150200.8.49.1 device-mapper-devel-2.03.05_1.02.163-150200.8.49.1 libdevmapper-event1_03-2.03.05_1.02.163-150200.8.49.1 libdevmapper-event1_03-debuginfo-2.03.05_1.02.163-150200.8.49.1 libdevmapper1_03-2.03.05_1.02.163-150200.8.49.1 libdevmapper1_03-debuginfo-2.03.05_1.02.163-150200.8.49.1 liblvm2cmd2_03-2.03.05-150200.8.49.1 liblvm2cmd2_03-debuginfo-2.03.05-150200.8.49.1 lvm2-2.03.05-150200.8.49.1 lvm2-debuginfo-2.03.05-150200.8.49.1 lvm2-debugsource-2.03.05-150200.8.49.1 lvm2-devel-2.03.05-150200.8.49.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (x86_64): libdevmapper1_03-32bit-2.03.05_1.02.163-150200.8.49.1 libdevmapper1_03-32bit-debuginfo-2.03.05_1.02.163-150200.8.49.1 - SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64): device-mapper-2.03.05_1.02.163-150200.8.49.1 device-mapper-debuginfo-2.03.05_1.02.163-150200.8.49.1 libdevmapper-event1_03-2.03.05_1.02.163-150200.8.49.1 libdevmapper-event1_03-debuginfo-2.03.05_1.02.163-150200.8.49.1 libdevmapper1_03-2.03.05_1.02.163-150200.8.49.1 libdevmapper1_03-debuginfo-2.03.05_1.02.163-150200.8.49.1 liblvm2cmd2_03-2.03.05-150200.8.49.1 liblvm2cmd2_03-debuginfo-2.03.05-150200.8.49.1 lvm2-2.03.05-150200.8.49.1 lvm2-debuginfo-2.03.05-150200.8.49.1 lvm2-debugsource-2.03.05-150200.8.49.1 - SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64): device-mapper-2.03.05_1.02.163-150200.8.49.1 device-mapper-debuginfo-2.03.05_1.02.163-150200.8.49.1 libdevmapper-event1_03-2.03.05_1.02.163-150200.8.49.1 libdevmapper-event1_03-debuginfo-2.03.05_1.02.163-150200.8.49.1 libdevmapper1_03-2.03.05_1.02.163-150200.8.49.1 libdevmapper1_03-debuginfo-2.03.05_1.02.163-150200.8.49.1 liblvm2cmd2_03-2.03.05-150200.8.49.1 liblvm2cmd2_03-debuginfo-2.03.05-150200.8.49.1 lvm2-2.03.05-150200.8.49.1 lvm2-debuginfo-2.03.05-150200.8.49.1 lvm2-debugsource-2.03.05-150200.8.49.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): device-mapper-2.03.05_1.02.163-150200.8.49.1 device-mapper-debuginfo-2.03.05_1.02.163-150200.8.49.1 device-mapper-devel-2.03.05_1.02.163-150200.8.49.1 libdevmapper-event1_03-2.03.05_1.02.163-150200.8.49.1 libdevmapper-event1_03-debuginfo-2.03.05_1.02.163-150200.8.49.1 libdevmapper1_03-2.03.05_1.02.163-150200.8.49.1 libdevmapper1_03-debuginfo-2.03.05_1.02.163-150200.8.49.1 liblvm2cmd2_03-2.03.05-150200.8.49.1 liblvm2cmd2_03-debuginfo-2.03.05-150200.8.49.1 lvm2-2.03.05-150200.8.49.1 lvm2-debuginfo-2.03.05-150200.8.49.1 lvm2-debugsource-2.03.05-150200.8.49.1 lvm2-devel-2.03.05-150200.8.49.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (x86_64): libdevmapper1_03-32bit-2.03.05_1.02.163-150200.8.49.1 libdevmapper1_03-32bit-debuginfo-2.03.05_1.02.163-150200.8.49.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): device-mapper-2.03.05_1.02.163-150200.8.49.1 device-mapper-debuginfo-2.03.05_1.02.163-150200.8.49.1 device-mapper-devel-2.03.05_1.02.163-150200.8.49.1 libdevmapper-event1_03-2.03.05_1.02.163-150200.8.49.1 libdevmapper-event1_03-debuginfo-2.03.05_1.02.163-150200.8.49.1 libdevmapper1_03-2.03.05_1.02.163-150200.8.49.1 libdevmapper1_03-debuginfo-2.03.05_1.02.163-150200.8.49.1 liblvm2cmd2_03-2.03.05-150200.8.49.1 liblvm2cmd2_03-debuginfo-2.03.05-150200.8.49.1 lvm2-2.03.05-150200.8.49.1 lvm2-debuginfo-2.03.05-150200.8.49.1 lvm2-debugsource-2.03.05-150200.8.49.1 lvm2-devel-2.03.05-150200.8.49.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (x86_64): libdevmapper1_03-32bit-2.03.05_1.02.163-150200.8.49.1 libdevmapper1_03-32bit-debuginfo-2.03.05_1.02.163-150200.8.49.1 - SUSE Linux Enterprise High Availability 15-SP3 (aarch64 ppc64le s390x x86_64): lvm2-lockd-2.03.05-150200.8.49.1 lvm2-lockd-debuginfo-2.03.05-150200.8.49.1 lvm2-lvmlockd-debugsource-2.03.05-150200.8.49.1 - SUSE Linux Enterprise High Availability 15-SP2 (aarch64 ppc64le s390x x86_64): lvm2-lockd-2.03.05-150200.8.49.1 lvm2-lockd-debuginfo-2.03.05-150200.8.49.1 lvm2-lvmlockd-debugsource-2.03.05-150200.8.49.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): device-mapper-2.03.05_1.02.163-150200.8.49.1 device-mapper-debuginfo-2.03.05_1.02.163-150200.8.49.1 device-mapper-devel-2.03.05_1.02.163-150200.8.49.1 libdevmapper-event1_03-2.03.05_1.02.163-150200.8.49.1 libdevmapper-event1_03-debuginfo-2.03.05_1.02.163-150200.8.49.1 libdevmapper1_03-2.03.05_1.02.163-150200.8.49.1 libdevmapper1_03-debuginfo-2.03.05_1.02.163-150200.8.49.1 liblvm2cmd2_03-2.03.05-150200.8.49.1 liblvm2cmd2_03-debuginfo-2.03.05-150200.8.49.1 lvm2-2.03.05-150200.8.49.1 lvm2-debuginfo-2.03.05-150200.8.49.1 lvm2-debugsource-2.03.05-150200.8.49.1 lvm2-devel-2.03.05-150200.8.49.1 - SUSE Enterprise Storage 7 (x86_64): libdevmapper1_03-32bit-2.03.05_1.02.163-150200.8.49.1 libdevmapper1_03-32bit-debuginfo-2.03.05_1.02.163-150200.8.49.1 References: https://bugzilla.suse.com/1198523 https://bugzilla.suse.com/1199074 https://bugzilla.suse.com/1203216 From sle-updates at lists.suse.com Tue Nov 29 17:27:53 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 29 Nov 2022 18:27:53 +0100 (CET) Subject: SUSE-SU-2022:4274-1: important: Security update for python3 Message-ID: <20221129172753.DDA15F7A5@maintenance.suse.de> SUSE Security Update: Security update for python3 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:4274-1 Rating: important References: #1203125 #1204577 Cross-References: CVE-2020-10735 CVE-2022-37454 CVSS scores: CVE-2020-10735 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2020-10735 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-37454 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-37454 (SUSE): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for python3 fixes the following issues: - CVE-2022-37454: Fixed a buffer overflow in hashlib.sha3_* implementations. (bsc#1204577) - CVE-2020-10735: Fixed a bug to limit amount of digits converting text to int and vice vera. (bsc#1203125) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-4274=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-4274=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): python36-devel-3.6.15-32.2 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): libpython3_6m1_0-3.6.15-32.2 libpython3_6m1_0-debuginfo-3.6.15-32.2 python36-3.6.15-32.2 python36-base-3.6.15-32.2 python36-base-debuginfo-3.6.15-32.2 python36-debuginfo-3.6.15-32.2 python36-debugsource-3.6.15-32.2 - SUSE Linux Enterprise Server 12-SP5 (s390x x86_64): libpython3_6m1_0-32bit-3.6.15-32.2 libpython3_6m1_0-debuginfo-32bit-3.6.15-32.2 References: https://www.suse.com/security/cve/CVE-2020-10735.html https://www.suse.com/security/cve/CVE-2022-37454.html https://bugzilla.suse.com/1203125 https://bugzilla.suse.com/1204577 From sle-updates at lists.suse.com Tue Nov 29 17:29:03 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 29 Nov 2022 18:29:03 +0100 (CET) Subject: SUSE-SU-2022:4272-1: important: Security update for the Linux Kernel Message-ID: <20221129172904.0047DF7A7@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:4272-1 Rating: important References: #1032323 #1065729 #1198702 #1200788 #1202686 #1202972 #1203098 #1203142 #1203198 #1203254 #1203290 #1203322 #1203387 #1203514 #1203802 #1204166 #1204168 #1204241 #1204354 #1204355 #1204402 #1204415 #1204431 #1204439 #1204479 #1204574 #1204635 #1204646 #1204647 #1204653 #1204755 Cross-References: CVE-2021-4037 CVE-2022-2153 CVE-2022-2964 CVE-2022-3169 CVE-2022-3424 CVE-2022-3521 CVE-2022-3524 CVE-2022-3542 CVE-2022-3545 CVE-2022-3565 CVE-2022-3586 CVE-2022-3594 CVE-2022-3621 CVE-2022-3629 CVE-2022-3646 CVE-2022-3649 CVE-2022-40307 CVE-2022-40768 CVE-2022-42703 CVE-2022-43750 CVSS scores: CVE-2021-4037 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-4037 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N CVE-2022-2153 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-2153 (SUSE): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2022-2964 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-2964 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3169 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3169 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-3424 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3521 (NVD) : 2.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L CVE-2022-3521 (SUSE): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-3524 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-3524 (SUSE): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3542 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3542 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-3545 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3545 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-3565 (NVD) : 8 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3565 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-3586 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3586 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3594 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-3594 (SUSE): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-3621 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-3621 (SUSE): 4.3 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3629 (NVD) : 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L CVE-2022-3629 (SUSE): 2.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L CVE-2022-3646 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2022-3646 (SUSE): 2.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L CVE-2022-3649 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-3649 (SUSE): 3.1 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L CVE-2022-40307 (NVD) : 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-40307 (SUSE): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2022-40768 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-40768 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-42703 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-42703 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-43750 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-43750 (SUSE): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Desktop 12-SP5 SUSE Linux Enterprise High Availability 12-SP5 SUSE Linux Enterprise High Performance Computing 12-SP5 SUSE Linux Enterprise Live Patching 12-SP5 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Workstation Extension 12-SP5 ______________________________________________________________________________ An update that solves 20 vulnerabilities and has 11 fixes is now available. Description: The SUSE Linux Enterprise 12 SP5 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2021-4037: Fixed function logic vulnerability that allowed local users to create files for the XFS file-system with an unintended group ownership and with group execution and SGID permission bits set (bnc#1198702). - CVE-2022-2153: Fixed vulnerability in KVM that could allow an unprivileged local attacker on the host to cause DoS (bnc#1200788). - CVE-2022-2964: Fixed memory corruption issues in ax88179_178a devices (bnc#1202686). - CVE-2022-3169: Fixed a denial of service flaw which occurs when consecutive requests to NVME_IOCTL_RESET and the NVME_IOCTL_SUBSYS_RESET are sent (bnc#1203290). - CVE-2022-3521: Fixed race condition in kcm_tx_work() in net/kcm/kcmsock.c (bnc#1204355). - CVE-2022-3524: Fixed memory leak in ipv6_renew_options() in the IPv6 handler (bnc#1204354). - CVE-2022-3542: Fixed memory leak in bnx2x_tpa_stop() in drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.c (bnc#1204402). - CVE-2022-3545: Fixed use-after-free in area_cache_get() in drivers/net/ethernet/netronome/nfp/nfpcore/nfp_cppcore.c (bnc#1204415). - CVE-2022-3565: Fixed use-after-free in del_timer() in drivers/isdn/mISDN/l1oip_core.c (bnc#1204431). - CVE-2022-3586: Fixed use-after-free in socket buffer (SKB) that could allow a local unprivileged user to cause a denial of service (bnc#1204439). - CVE-2022-3594: Fixed excessive data logging in intr_callback() in drivers/net/usb/r8152.c (bnc#1204479). - CVE-2022-3621: Fixed null pointer dereference in nilfs_bmap_lookup_at_level() in fs/nilfs2/inode.c (bnc#1204574). - CVE-2022-3629: Fixed memory leak in vsock_connect() in net/vmw_vsock/af_vsock.c (bnc#1204635). - CVE-2022-3646: Fixed memory leak in nilfs_attach_log_writer() in fs/nilfs2/segment.c (bnc#1204646). - CVE-2022-3649: Fixed use-after-free in nilfs_new_inode() in fs/nilfs2/inode.c (bnc#1204647). - CVE-2022-40307: Fixed a race condition that could had been exploited to trigger a use-after-free in the efi firmware capsule-loader.c (bnc#1203322). - CVE-2022-40768: Fixed information leak in the scsi driver which allowed local users to obtain sensitive information from kernel memory (bnc#1203514). - CVE-2022-42703: Fixed use-after-free in mm/rmap.c related to leaf anon_vma double reuse (bnc#1204168). - CVE-2022-43750: Fixed vulnerability in usbmon that allowed a user-space client to corrupt the monitor's internal memory (bnc#1204653). The following non-security bugs were fixed: - ACPI: processor idle: Practically limit "Dummy wait" workaround to old Intel systems (bnc#1203802). - ACPI: processor_idle: Skip dummy wait if kernel is in guest (bnc#1203802). - Input: gscps2 - check return value of ioremap() in gscps2_probe() (git-fixes). - Input: xpad - add supported devices as contributed on github (git-fixes). - KVM: x86/emulator: Fix handing of POP SS to correctly set interruptibility (git-fixes). - USB: core: Fix RST error in hub.c (git-fixes). - USB: serial: ch341: add basis for quirk detection (git-fixes). - USB: serial: ch341: fix lockup of devices with limited prescaler (git-fixes). - USB: serial: ch341: fix lost character on LCR updates (git-fixes). - USB: serial: ch341: fix receiver regression (git-fixes). - USB: serial: ch341: reimplement line-speed handling (git-fixes). - USB: serial: cp210x: add Decagon UCA device id (git-fixes). - USB: serial: ftdi_sio: add Omron CS1W-CIF31 device id (git-fixes). - USB: serial: option: add Quectel BG95 0x0203 composition (git-fixes). - USB: serial: option: add Quectel EM060K modem (git-fixes). - USB: serial: option: add Quectel RM520N (git-fixes). - USB: serial: option: add support for OPPO R11 diag port (git-fixes). - amd-xgbe: Update DMA coherency values (git-fixes). - bnxt: do not lock the tx queue from napi poll (git-fixes). - bnxt_en: Fix RX consumer index logic in the error path (git-fixes). - bnxt_en: reverse order of TX disable and carrier off (git-fixes). - ethernet: sun: niu: fix missing checks of niu_pci_eeprom_read() (git-fixes). - i40e: Fix flow for IPv6 next header (extension header) (git-fixes). - i40e: Fix overwriting flow control settings during driver loading (git-fixes). - i40e: improve locking of mac_filter_hash (git-fixes). - ip6: fix skb leak in ip6frag_expire_frag_queue (bsc#1202972) - locking/csd_lock: Change csdlock_debug from early_param to __setup (git-fixes). - memcg, kmem: do not fail __GFP_NOFAIL charges (bsc#1204755). - net/mlx4: Fix EEPROM dump support (git-fixes). - net/mlx4_core: Add missed mlx4_free_cmd_mailbox() (git-fixes). - net/mlx5e: Remove dependency in IPsec initialization flows (git-fixes). - net: amd-xgbe: Fix NETDEV WATCHDOG transmit queue timeout warning (git-fixes). - net: amd-xgbe: Fix network fluctuations when using 1G BELFUSE SFP (git-fixes). - net: amd-xgbe: Reset link when the link never comes back (git-fixes). - net: dsa: mt7530: add the missing RxUnicast MIB counter (git-fixes). - net: ethernet: ezchip: fix UAF in nps_enet_remove (git-fixes). - net: lapbether: Prevent racing when checking whether the netif is running (git-fixes). - net: marvell: fix MVNETA_TX_IN_PRGRS bit number (git-fixes). - net: mvpp2: Put fwnode in error case during ->probe() (git-fixes). - net: stmmac: fix watchdog timeout during suspend/resume stress test (git-fixes). - net: stmmac: stop each tx channel independently (git-fixes). - net: usb: qmi_wwan: Add new usb-id for Dell branded EM7455 (git-fixes). - net: vxge: fix use-after-free in vxge_device_unregister (git-fixes). - nvmem: core: Check input parameter for NULL in nvmem_unregister() (bsc#1204241). - powerpc/mm/64s: Drop pgd_huge() (bsc#1065729). - powerpc/mm: remove pmd_huge/pud_huge stubs and include hugetlb.h (bsc#1065729). - powerpc/pci_dn: Add missing of_node_put() (bsc#1065729). - powerpc/powernv: add missing of_node_put() in opal_export_attrs() (bsc#1065729). - ppp: Fix generating ifname when empty IFLA_IFNAME is specified (git-fixes). - ppp: Fix generating ppp unit id when ifname is not specified (git-fixes). - quota: widen timestamps for the fs_disk_quota structure (bsc#1203387). - r8169: fix jumbo packet handling on RTL8168e (git-fixes). - s390/guarded storage: simplify task exit handling (bsc#1203254 LTC#199911). - s390/hugetlb: fix prepare_hugepage_range() check for 2 GB hugepages (bsc#1203142 LTC#199883). - s390/hypfs: avoid error message under KVM (bsc#1032323). - s390/mm: do not trigger write fault when vma does not allow VM_WRITE (bsc#1203198 LTC#199898). - s390: fix double free of GS and RI CBs on fork() failure (bsc#1203254 LTC#199911). - x86/xen: Remove undefined behavior in setup_features() (git-fixes). - xfs: account finobt blocks properly in perag reservation (bsc#1203387). - xfs: enable big timestamps (bsc#1203387). - xfs: enable new inode btree counters feature (bsc#1203387). - xfs: explicitly define inode timestamp range (bsc#1203387). - xfs: preserve default grace interval during quotacheck (bsc#1203387). - xfs: quota: move to time64_t interfaces (bsc#1203387). - xfs: redefine xfs_ictimestamp_t (bsc#1203387). - xfs: redefine xfs_timestamp_t (bsc#1203387). - xfs: store inode btree block counts in AGI header (bsc#1203387). - xfs: use a struct timespec64 for the in-core crtime (bsc#1203387). - xfs: use the finobt block counts to speed up mount times (bsc#1203387). - xfs: widen ondisk inode timestamps to deal with y2038+ (bsc#1203387). - xfs: widen ondisk quota expiration timestamps to handle y2038+ (bsc#1203387). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP5: zypper in -t patch SUSE-SLE-WE-12-SP5-2022-4272=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-4272=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-4272=1 - SUSE Linux Enterprise Live Patching 12-SP5: zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2022-4272=1 Please note that this is the initial kernel livepatch without fixes itself, this livepatch package is later updated by seperate standalone livepatch updates. - SUSE Linux Enterprise High Availability 12-SP5: zypper in -t patch SUSE-SLE-HA-12-SP5-2022-4272=1 Package List: - SUSE Linux Enterprise Workstation Extension 12-SP5 (x86_64): kernel-default-debuginfo-4.12.14-122.139.1 kernel-default-debugsource-4.12.14-122.139.1 kernel-default-extra-4.12.14-122.139.1 kernel-default-extra-debuginfo-4.12.14-122.139.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): kernel-obs-build-4.12.14-122.139.1 kernel-obs-build-debugsource-4.12.14-122.139.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (noarch): kernel-docs-4.12.14-122.139.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): kernel-default-4.12.14-122.139.1 kernel-default-base-4.12.14-122.139.1 kernel-default-base-debuginfo-4.12.14-122.139.1 kernel-default-debuginfo-4.12.14-122.139.1 kernel-default-debugsource-4.12.14-122.139.1 kernel-default-devel-4.12.14-122.139.1 kernel-syms-4.12.14-122.139.1 - SUSE Linux Enterprise Server 12-SP5 (noarch): kernel-devel-4.12.14-122.139.1 kernel-macros-4.12.14-122.139.1 kernel-source-4.12.14-122.139.1 - SUSE Linux Enterprise Server 12-SP5 (x86_64): kernel-default-devel-debuginfo-4.12.14-122.139.1 - SUSE Linux Enterprise Server 12-SP5 (s390x): kernel-default-man-4.12.14-122.139.1 - SUSE Linux Enterprise Live Patching 12-SP5 (ppc64le s390x x86_64): kernel-default-debuginfo-4.12.14-122.139.1 kernel-default-debugsource-4.12.14-122.139.1 kernel-default-kgraft-4.12.14-122.139.1 kernel-default-kgraft-devel-4.12.14-122.139.1 kgraft-patch-4_12_14-122_139-default-1-8.3.1 - SUSE Linux Enterprise High Availability 12-SP5 (ppc64le s390x x86_64): cluster-md-kmp-default-4.12.14-122.139.1 cluster-md-kmp-default-debuginfo-4.12.14-122.139.1 dlm-kmp-default-4.12.14-122.139.1 dlm-kmp-default-debuginfo-4.12.14-122.139.1 gfs2-kmp-default-4.12.14-122.139.1 gfs2-kmp-default-debuginfo-4.12.14-122.139.1 kernel-default-debuginfo-4.12.14-122.139.1 kernel-default-debugsource-4.12.14-122.139.1 ocfs2-kmp-default-4.12.14-122.139.1 ocfs2-kmp-default-debuginfo-4.12.14-122.139.1 References: https://www.suse.com/security/cve/CVE-2021-4037.html https://www.suse.com/security/cve/CVE-2022-2153.html https://www.suse.com/security/cve/CVE-2022-2964.html https://www.suse.com/security/cve/CVE-2022-3169.html https://www.suse.com/security/cve/CVE-2022-3424.html https://www.suse.com/security/cve/CVE-2022-3521.html https://www.suse.com/security/cve/CVE-2022-3524.html https://www.suse.com/security/cve/CVE-2022-3542.html https://www.suse.com/security/cve/CVE-2022-3545.html https://www.suse.com/security/cve/CVE-2022-3565.html https://www.suse.com/security/cve/CVE-2022-3586.html https://www.suse.com/security/cve/CVE-2022-3594.html https://www.suse.com/security/cve/CVE-2022-3621.html https://www.suse.com/security/cve/CVE-2022-3629.html https://www.suse.com/security/cve/CVE-2022-3646.html https://www.suse.com/security/cve/CVE-2022-3649.html https://www.suse.com/security/cve/CVE-2022-40307.html https://www.suse.com/security/cve/CVE-2022-40768.html https://www.suse.com/security/cve/CVE-2022-42703.html https://www.suse.com/security/cve/CVE-2022-43750.html https://bugzilla.suse.com/1032323 https://bugzilla.suse.com/1065729 https://bugzilla.suse.com/1198702 https://bugzilla.suse.com/1200788 https://bugzilla.suse.com/1202686 https://bugzilla.suse.com/1202972 https://bugzilla.suse.com/1203098 https://bugzilla.suse.com/1203142 https://bugzilla.suse.com/1203198 https://bugzilla.suse.com/1203254 https://bugzilla.suse.com/1203290 https://bugzilla.suse.com/1203322 https://bugzilla.suse.com/1203387 https://bugzilla.suse.com/1203514 https://bugzilla.suse.com/1203802 https://bugzilla.suse.com/1204166 https://bugzilla.suse.com/1204168 https://bugzilla.suse.com/1204241 https://bugzilla.suse.com/1204354 https://bugzilla.suse.com/1204355 https://bugzilla.suse.com/1204402 https://bugzilla.suse.com/1204415 https://bugzilla.suse.com/1204431 https://bugzilla.suse.com/1204439 https://bugzilla.suse.com/1204479 https://bugzilla.suse.com/1204574 https://bugzilla.suse.com/1204635 https://bugzilla.suse.com/1204646 https://bugzilla.suse.com/1204647 https://bugzilla.suse.com/1204653 https://bugzilla.suse.com/1204755 From sle-updates at lists.suse.com Tue Nov 29 17:33:03 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 29 Nov 2022 18:33:03 +0100 (CET) Subject: SUSE-SU-2022:4271-1: moderate: Security update for git Message-ID: <20221129173303.367BEF7A7@maintenance.suse.de> SUSE Security Update: Security update for git ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:4271-1 Rating: moderate References: #1204455 #1204456 Cross-References: CVE-2022-39253 CVE-2022-39260 CVSS scores: CVE-2022-39253 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N CVE-2022-39253 (SUSE): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N CVE-2022-39260 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-39260 (SUSE): 6.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L Affected Products: HPE Helion Openstack 8 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE OpenStack Cloud 8 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for git fixes the following issues: - CVE-2022-39260: Fixed overflow in split_cmdline() (bsc#1204456). - CVE-2022-39253: Fixed dereference issue with symbolic links via the `--local` clone mechanism (bsc#1204455). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2022-4271=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-4271=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-4271=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2022-4271=1 Package List: - SUSE OpenStack Cloud 8 (x86_64): git-2.26.2-27.60.1 git-debugsource-2.26.2-27.60.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): git-2.26.2-27.60.1 git-arch-2.26.2-27.60.1 git-core-2.26.2-27.60.1 git-core-debuginfo-2.26.2-27.60.1 git-cvs-2.26.2-27.60.1 git-daemon-2.26.2-27.60.1 git-daemon-debuginfo-2.26.2-27.60.1 git-debugsource-2.26.2-27.60.1 git-email-2.26.2-27.60.1 git-gui-2.26.2-27.60.1 git-svn-2.26.2-27.60.1 git-svn-debuginfo-2.26.2-27.60.1 git-web-2.26.2-27.60.1 gitk-2.26.2-27.60.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (noarch): git-doc-2.26.2-27.60.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): git-2.26.2-27.60.1 git-core-2.26.2-27.60.1 git-core-debuginfo-2.26.2-27.60.1 git-cvs-2.26.2-27.60.1 git-daemon-2.26.2-27.60.1 git-daemon-debuginfo-2.26.2-27.60.1 git-debugsource-2.26.2-27.60.1 git-email-2.26.2-27.60.1 git-gui-2.26.2-27.60.1 git-svn-2.26.2-27.60.1 git-web-2.26.2-27.60.1 gitk-2.26.2-27.60.1 - HPE Helion Openstack 8 (x86_64): git-2.26.2-27.60.1 git-debugsource-2.26.2-27.60.1 References: https://www.suse.com/security/cve/CVE-2022-39253.html https://www.suse.com/security/cve/CVE-2022-39260.html https://bugzilla.suse.com/1204455 https://bugzilla.suse.com/1204456 From sle-updates at lists.suse.com Tue Nov 29 17:33:54 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 29 Nov 2022 18:33:54 +0100 (CET) Subject: SUSE-RU-2022:4269-1: moderate: Recommended update for cockpit-podman Message-ID: <20221129173354.8D874F7A7@maintenance.suse.de> SUSE Recommended Update: Recommended update for cockpit-podman ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:4269-1 Rating: moderate References: SMO-71 Affected Products: SUSE Linux Enterprise Micro 5.2 ______________________________________________________________________________ An update that has 0 recommended fixes and contains one feature can now be installed. Description: This update for cockpit-podman fixes the following issues: - Version upgrade from 27.1 to 33 Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-4269=1 Package List: - SUSE Linux Enterprise Micro 5.2 (noarch): cockpit-podman-33-150300.6.3.1 References: From sle-updates at lists.suse.com Tue Nov 29 17:34:36 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 29 Nov 2022 18:34:36 +0100 (CET) Subject: SUSE-SU-2022:4273-1: important: Security update for the Linux Kernel Message-ID: <20221129173436.E6035F7A7@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:4273-1 Rating: important References: #1032323 #1065729 #1196018 #1198702 #1200788 #1202686 #1202972 #1203098 #1203142 #1203198 #1203254 #1203290 #1203322 #1203387 #1203514 #1203802 #1204166 #1204168 #1204241 #1204354 #1204355 #1204402 #1204415 #1204431 #1204439 #1204479 #1204574 #1204635 #1204646 #1204647 #1204653 #1204755 Cross-References: CVE-2021-4037 CVE-2022-2153 CVE-2022-28748 CVE-2022-2964 CVE-2022-3169 CVE-2022-3424 CVE-2022-3521 CVE-2022-3524 CVE-2022-3542 CVE-2022-3545 CVE-2022-3565 CVE-2022-3586 CVE-2022-3594 CVE-2022-3621 CVE-2022-3629 CVE-2022-3646 CVE-2022-3649 CVE-2022-40307 CVE-2022-40768 CVE-2022-42703 CVE-2022-43750 CVSS scores: CVE-2021-4037 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-4037 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N CVE-2022-2153 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-2153 (SUSE): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2022-28748 (SUSE): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N CVE-2022-2964 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-2964 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3169 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3169 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-3424 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3521 (NVD) : 2.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L CVE-2022-3521 (SUSE): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-3524 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-3524 (SUSE): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3542 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3542 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-3545 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3545 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-3565 (NVD) : 8 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3565 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-3586 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3586 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3594 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-3594 (SUSE): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-3621 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-3621 (SUSE): 4.3 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3629 (NVD) : 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L CVE-2022-3629 (SUSE): 2.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L CVE-2022-3646 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2022-3646 (SUSE): 2.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L CVE-2022-3649 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-3649 (SUSE): 3.1 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L CVE-2022-40307 (NVD) : 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-40307 (SUSE): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2022-40768 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-40768 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-42703 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-42703 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-43750 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-43750 (SUSE): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that solves 21 vulnerabilities and has 11 fixes is now available. Description: The SUSE Linux Enterprise 12 SP5 Azure kernel was updated. The following security bugs were fixed: - CVE-2021-4037: Fixed function logic vulnerability that allowed local users to create files for the XFS file-system with an unintended group ownership and with group execution and SGID permission bits set (bnc#1198702). - CVE-2022-2153: Fixed vulnerability in KVM that could allow an unprivileged local attacker on the host to cause DoS (bnc#1200788). - CVE-2022-2964, CVE-2022-28748: Fixed memory corruption issues in ax88179_178a devices (bnc#1202686). - CVE-2022-3169: Fixed a denial of service flaw which occurs when consecutive requests to NVME_IOCTL_RESET and the NVME_IOCTL_SUBSYS_RESET are sent (bnc#1203290). - CVE-2022-3424: Fixed use-after-free in gru_set_context_option(), gru_fault() and gru_handle_user_call_os() that could lead to kernel panic (bsc#1204166). - CVE-2022-3521: Fixed race condition in kcm_tx_work() in net/kcm/kcmsock.c (bnc#1204355). - CVE-2022-3524: Fixed memory leak in ipv6_renew_options() in the IPv6 handler (bnc#1204354). - CVE-2022-3542: Fixed memory leak in bnx2x_tpa_stop() in drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.c (bnc#1204402). - CVE-2022-3545: Fixed use-after-free in area_cache_get() in drivers/net/ethernet/netronome/nfp/nfpcore/nfp_cppcore.c (bnc#1204415). - CVE-2022-3565: Fixed use-after-free in del_timer() in drivers/isdn/mISDN/l1oip_core.c (bnc#1204431). - CVE-2022-3586: Fixed use-after-free in socket buffer (SKB) that could allow a local unprivileged user to cause a denial of service (bnc#1204439). - CVE-2022-3594: Fixed excessive data logging in intr_callback() in drivers/net/usb/r8152.c (bnc#1204479). - CVE-2022-3621: Fixed null pointer dereference in nilfs_bmap_lookup_at_level() in fs/nilfs2/inode.c (bnc#1204574). - CVE-2022-3629: Fixed memory leak in vsock_connect() in net/vmw_vsock/af_vsock.c (bnc#1204635). - CVE-2022-3646: Fixed memory leak in nilfs_attach_log_writer() in fs/nilfs2/segment.c (bnc#1204646). - CVE-2022-3649: Fixed use-after-free in nilfs_new_inode() in fs/nilfs2/inode.c (bnc#1204647). - CVE-2022-40307: Fixed a race condition that could had been exploited to trigger a use-after-free in the efi firmware capsule-loader.c (bnc#1203322). - CVE-2022-40768: Fixed information leak in the scsi driver which allowed local users to obtain sensitive information from kernel memory (bnc#1203514). - CVE-2022-42703: Fixed use-after-free in mm/rmap.c related to leaf anon_vma double reuse (bnc#1204168). - CVE-2022-43750: Fixed vulnerability in usbmon that allowed a user-space client to corrupt the monitor's internal memory (bnc#1204653). The following non-security bugs were fixed: - acpi: processor idle: Practically limit "Dummy wait" workaround to old Intel systems (bnc#1203802). - acpi: processor_idle: Skip dummy wait if kernel is in guest (bnc#1203802). - amd-xgbe: Update DMA coherency values (git-fixes). - bnxt: do not lock the tx queue from napi poll (git-fixes). - bnxt_en: Fix RX consumer index logic in the error path (git-fixes). - bnxt_en: reverse order of TX disable and carrier off (git-fixes). - ethernet: sun: niu: fix missing checks of niu_pci_eeprom_read() (git-fixes). - i40e: Fix flow for IPv6 next header (extension header) (git-fixes). - i40e: Fix overwriting flow control settings during driver loading (git-fixes). - i40e: improve locking of mac_filter_hash (git-fixes). - input: gscps2 - check return value of ioremap() in gscps2_probe() (git-fixes). - input: xpad - add supported devices as contributed on github (git-fixes). - ip6: fix skb leak in ip6frag_expire_frag_queue (bsc#1202972) - kvm: x86/emulator: Fix handing of POP SS to correctly set interruptibility (git-fixes). - locking/csd_lock: Change csdlock_debug from early_param to __setup (git-fixes). - memcg, kmem: do not fail __GFP_NOFAIL charges (bsc#1204755). - net/mlx4: Fix EEPROM dump support (git-fixes). - net/mlx4_core: Add missed mlx4_free_cmd_mailbox() (git-fixes). - net/mlx5e: Remove dependency in IPsec initialization flows (git-fixes). - net: amd-xgbe: Fix NETDEV WATCHDOG transmit queue timeout warning (git-fixes). - net: amd-xgbe: Fix network fluctuations when using 1G BELFUSE SFP (git-fixes). - net: amd-xgbe: Reset link when the link never comes back (git-fixes). - net: dsa: mt7530: add the missing RxUnicast MIB counter (git-fixes). - net: ethernet: ezchip: fix UAF in nps_enet_remove (git-fixes). - net: lapbether: Prevent racing when checking whether the netif is running (git-fixes). - net: marvell: fix MVNETA_TX_IN_PRGRS bit number (git-fixes). - net: mvpp2: Put fwnode in error case during ->probe() (git-fixes). - net: stmmac: fix watchdog timeout during suspend/resume stress test (git-fixes). - net: stmmac: stop each tx channel independently (git-fixes). - net: usb: qmi_wwan: Add new usb-id for Dell branded EM7455 (git-fixes). - net: vxge: fix use-after-free in vxge_device_unregister (git-fixes). - nvmem: core: Check input parameter for NULL in nvmem_unregister() (bsc#1204241). - powerpc/mm/64s: Drop pgd_huge() (bsc#1065729). - powerpc/mm: remove pmd_huge/pud_huge stubs and include hugetlb.h (bsc#1065729). - powerpc/pci_dn: Add missing of_node_put() (bsc#1065729). - powerpc/powernv: add missing of_node_put() in opal_export_attrs() (bsc#1065729). - ppp: Fix generating ifname when empty IFLA_IFNAME is specified (git-fixes). - ppp: Fix generating ppp unit id when ifname is not specified (git-fixes). - quota: widen timestamps for the fs_disk_quota structure (bsc#1203387). - r8169: fix jumbo packet handling on RTL8168e (git-fixes). - revert "niu: fix missing checks of niu_pci_eeprom_read" (git-fixes). - s390/guarded storage: simplify task exit handling (bsc#1203254 LTC#199911). - s390/hugetlb: fix prepare_hugepage_range() check for 2 GB hugepages (bsc#1203142 LTC#199883). - s390/hypfs: avoid error message under KVM (bsc#1032323). - s390/mm: do not trigger write fault when vma does not allow VM_WRITE (bsc#1203198 LTC#199898). - s390: fix double free of GS and RI CBs on fork() failure (bsc#1203254 LTC#199911). - usb: core: Fix RST error in hub.c (git-fixes). - usb: serial: ch341: add basis for quirk detection (git-fixes). - usb: serial: ch341: fix lockup of devices with limited prescaler (git-fixes). - usb: serial: ch341: fix lost character on LCR updates (git-fixes). - usb: serial: ch341: fix receiver regression (git-fixes). - usb: serial: ch341: reimplement line-speed handling (git-fixes). - usb: serial: cp210x: add Decagon UCA device id (git-fixes). - usb: serial: ftdi_sio: add Omron CS1W-CIF31 device id (git-fixes). - usb: serial: option: add Quectel BG95 0x0203 composition (git-fixes). - usb: serial: option: add Quectel EM060K modem (git-fixes). - usb: serial: option: add Quectel RM520N (git-fixes). - usb: serial: option: add support for OPPO R11 diag port (git-fixes). - x86/xen: Remove undefined behavior in setup_features() (git-fixes). - xfs: account finobt blocks properly in perag reservation (bsc#1203387). - xfs: enable big timestamps (bsc#1203387). - xfs: enable new inode btree counters feature (bsc#1203387). - xfs: explicitly define inode timestamp range (bsc#1203387). - xfs: preserve default grace interval during quotacheck (bsc#1203387). - xfs: quota: move to time64_t interfaces (bsc#1203387). - xfs: redefine xfs_ictimestamp_t (bsc#1203387). - xfs: redefine xfs_timestamp_t (bsc#1203387). - xfs: store inode btree block counts in AGI header (bsc#1203387). - xfs: use a struct timespec64 for the in-core crtime (bsc#1203387). - xfs: use the finobt block counts to speed up mount times (bsc#1203387). - xfs: widen ondisk inode timestamps to deal with y2038+ (bsc#1203387). - xfs: widen ondisk quota expiration timestamps to handle y2038+ (bsc#1203387). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-4273=1 Package List: - SUSE Linux Enterprise Server 12-SP5 (x86_64): kernel-azure-4.12.14-16.115.1 kernel-azure-base-4.12.14-16.115.1 kernel-azure-base-debuginfo-4.12.14-16.115.1 kernel-azure-debuginfo-4.12.14-16.115.1 kernel-azure-debugsource-4.12.14-16.115.1 kernel-azure-devel-4.12.14-16.115.1 kernel-syms-azure-4.12.14-16.115.1 - SUSE Linux Enterprise Server 12-SP5 (noarch): kernel-devel-azure-4.12.14-16.115.1 kernel-source-azure-4.12.14-16.115.1 References: https://www.suse.com/security/cve/CVE-2021-4037.html https://www.suse.com/security/cve/CVE-2022-2153.html https://www.suse.com/security/cve/CVE-2022-28748.html https://www.suse.com/security/cve/CVE-2022-2964.html https://www.suse.com/security/cve/CVE-2022-3169.html https://www.suse.com/security/cve/CVE-2022-3424.html https://www.suse.com/security/cve/CVE-2022-3521.html https://www.suse.com/security/cve/CVE-2022-3524.html https://www.suse.com/security/cve/CVE-2022-3542.html https://www.suse.com/security/cve/CVE-2022-3545.html https://www.suse.com/security/cve/CVE-2022-3565.html https://www.suse.com/security/cve/CVE-2022-3586.html https://www.suse.com/security/cve/CVE-2022-3594.html https://www.suse.com/security/cve/CVE-2022-3621.html https://www.suse.com/security/cve/CVE-2022-3629.html https://www.suse.com/security/cve/CVE-2022-3646.html https://www.suse.com/security/cve/CVE-2022-3649.html https://www.suse.com/security/cve/CVE-2022-40307.html https://www.suse.com/security/cve/CVE-2022-40768.html https://www.suse.com/security/cve/CVE-2022-42703.html https://www.suse.com/security/cve/CVE-2022-43750.html https://bugzilla.suse.com/1032323 https://bugzilla.suse.com/1065729 https://bugzilla.suse.com/1196018 https://bugzilla.suse.com/1198702 https://bugzilla.suse.com/1200788 https://bugzilla.suse.com/1202686 https://bugzilla.suse.com/1202972 https://bugzilla.suse.com/1203098 https://bugzilla.suse.com/1203142 https://bugzilla.suse.com/1203198 https://bugzilla.suse.com/1203254 https://bugzilla.suse.com/1203290 https://bugzilla.suse.com/1203322 https://bugzilla.suse.com/1203387 https://bugzilla.suse.com/1203514 https://bugzilla.suse.com/1203802 https://bugzilla.suse.com/1204166 https://bugzilla.suse.com/1204168 https://bugzilla.suse.com/1204241 https://bugzilla.suse.com/1204354 https://bugzilla.suse.com/1204355 https://bugzilla.suse.com/1204402 https://bugzilla.suse.com/1204415 https://bugzilla.suse.com/1204431 https://bugzilla.suse.com/1204439 https://bugzilla.suse.com/1204479 https://bugzilla.suse.com/1204574 https://bugzilla.suse.com/1204635 https://bugzilla.suse.com/1204646 https://bugzilla.suse.com/1204647 https://bugzilla.suse.com/1204653 https://bugzilla.suse.com/1204755 From sle-updates at lists.suse.com Tue Nov 29 17:39:52 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 29 Nov 2022 18:39:52 +0100 (CET) Subject: SUSE-SU-2022:4276-1: important: Security update for exiv2 Message-ID: <20221129173952.07D16F7A7@maintenance.suse.de> SUSE Security Update: Security update for exiv2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:4276-1 Rating: important References: #1050257 #1095070 #1110282 #1119559 #1119560 #1119562 #1142677 #1142678 #1153577 #1186231 #1189337 Cross-References: CVE-2017-11591 CVE-2018-11531 CVE-2018-17581 CVE-2018-20097 CVE-2018-20098 CVE-2018-20099 CVE-2019-13109 CVE-2019-13110 CVE-2019-17402 CVE-2021-29473 CVE-2021-32815 CVSS scores: CVE-2017-11591 (NVD) : 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2017-11591 (SUSE): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2018-11531 (NVD) : 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2018-11531 (SUSE): 5.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L CVE-2018-17581 (NVD) : 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2018-17581 (SUSE): 3.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2018-20097 (NVD) : 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2018-20097 (SUSE): 4 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2018-20098 (NVD) : 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2018-20098 (SUSE): 4 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2018-20099 (NVD) : 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2018-20099 (SUSE): 4 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2019-13109 (NVD) : 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2019-13109 (SUSE): 4.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2019-13110 (NVD) : 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2019-13110 (SUSE): 4.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2019-17402 (SUSE): 3.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2021-29473 (NVD) : 2.5 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2021-29473 (SUSE): 4.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2021-32815 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2021-32815 (SUSE): 3.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Enterprise Storage 7 SUSE Enterprise Storage 7.1 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Module for Desktop Applications 15-SP3 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.1 SUSE Manager Retail Branch Server 4.2 SUSE Manager Server 4.1 SUSE Manager Server 4.2 openSUSE Leap 15.3 ______________________________________________________________________________ An update that fixes 11 vulnerabilities is now available. Description: This update for exiv2 fixes the following issues: - CVE-2019-13110: Fixed an integer-overflow and out-of-bounds read in CiffDirectory:readDirectory leads to denail of service (bsc#1142678). - CVE-2019-13109: Fixed a denial of service in PngImage:readMetadata (bsc#1142677). - CVE-2018-17581: Fixed an excessive stack consumption CiffDirectory:readDirectory() at crwimage_int.cpp (bsc#1110282). - CVE-2017-11591: Fixed a floating point exception in Exiv2::ValueType (bsc#1050257). - CVE-2019-17402: Fixed an improper validation of the total size to the offset and size leads to a crash in Exiv2::getULong in types.cpp (bsc#1153577). - CVE-2021-32815: Fixed a deny-of-service due to assertion failure in crwimage_int.cpp (bsc#1189337). - CVE-2018-20097: Fixed SEGV in Exiv2::Internal::TiffParserWorker::findPrimaryGroupsu (bsc#1119562). - CVE-2021-29473: Fixed out-of-bounds read in Exiv2::Jp2Image:doWriteMetadata (bsc#1186231). - CVE-2018-20098: Fixed a heap-based buffer over-read in Exiv2::Jp2Image::encodeJp2Header (bsc#1119560). - CVE-2018-11531: Fixed a heap-based buffer overflow in getData in preview.cpp (bsc#1095070). - CVE-2018-20099: exiv2: infinite loop in Exiv2::Jp2Image::encodeJp2Header (bsc#1119559). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-4276=1 - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-4276=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-4276=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-4276=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-4276=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-4276=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-4276=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-4276=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-4276=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-4276=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-4276=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2022-4276=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP3-2022-4276=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-4276=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-4276=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-4276=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-4276=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-4276=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-4276=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-4276=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-4276=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): exiv2-0.26-150000.6.26.1 exiv2-debuginfo-0.26-150000.6.26.1 exiv2-debugsource-0.26-150000.6.26.1 libexiv2-26-0.26-150000.6.26.1 libexiv2-26-debuginfo-0.26-150000.6.26.1 libexiv2-devel-0.26-150000.6.26.1 libexiv2-doc-0.26-150000.6.26.1 - openSUSE Leap 15.3 (noarch): exiv2-lang-0.26-150000.6.26.1 - openSUSE Leap 15.3 (x86_64): libexiv2-26-32bit-0.26-150000.6.26.1 libexiv2-26-32bit-debuginfo-0.26-150000.6.26.1 - SUSE Manager Server 4.1 (ppc64le s390x x86_64): exiv2-debuginfo-0.26-150000.6.26.1 exiv2-debugsource-0.26-150000.6.26.1 libexiv2-26-0.26-150000.6.26.1 libexiv2-26-debuginfo-0.26-150000.6.26.1 libexiv2-devel-0.26-150000.6.26.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): exiv2-debuginfo-0.26-150000.6.26.1 exiv2-debugsource-0.26-150000.6.26.1 libexiv2-26-0.26-150000.6.26.1 libexiv2-26-debuginfo-0.26-150000.6.26.1 libexiv2-devel-0.26-150000.6.26.1 - SUSE Manager Proxy 4.1 (x86_64): exiv2-debuginfo-0.26-150000.6.26.1 exiv2-debugsource-0.26-150000.6.26.1 libexiv2-26-0.26-150000.6.26.1 libexiv2-26-debuginfo-0.26-150000.6.26.1 libexiv2-devel-0.26-150000.6.26.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): exiv2-debuginfo-0.26-150000.6.26.1 exiv2-debugsource-0.26-150000.6.26.1 libexiv2-26-0.26-150000.6.26.1 libexiv2-26-debuginfo-0.26-150000.6.26.1 libexiv2-devel-0.26-150000.6.26.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): exiv2-debuginfo-0.26-150000.6.26.1 exiv2-debugsource-0.26-150000.6.26.1 libexiv2-26-0.26-150000.6.26.1 libexiv2-26-debuginfo-0.26-150000.6.26.1 libexiv2-devel-0.26-150000.6.26.1 - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): exiv2-debuginfo-0.26-150000.6.26.1 exiv2-debugsource-0.26-150000.6.26.1 libexiv2-26-0.26-150000.6.26.1 libexiv2-26-debuginfo-0.26-150000.6.26.1 libexiv2-devel-0.26-150000.6.26.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): exiv2-debuginfo-0.26-150000.6.26.1 exiv2-debugsource-0.26-150000.6.26.1 libexiv2-26-0.26-150000.6.26.1 libexiv2-26-debuginfo-0.26-150000.6.26.1 libexiv2-devel-0.26-150000.6.26.1 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): exiv2-debuginfo-0.26-150000.6.26.1 exiv2-debugsource-0.26-150000.6.26.1 libexiv2-26-0.26-150000.6.26.1 libexiv2-26-debuginfo-0.26-150000.6.26.1 libexiv2-devel-0.26-150000.6.26.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): exiv2-debuginfo-0.26-150000.6.26.1 exiv2-debugsource-0.26-150000.6.26.1 libexiv2-26-0.26-150000.6.26.1 libexiv2-26-debuginfo-0.26-150000.6.26.1 libexiv2-devel-0.26-150000.6.26.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): exiv2-debuginfo-0.26-150000.6.26.1 exiv2-debugsource-0.26-150000.6.26.1 libexiv2-26-0.26-150000.6.26.1 libexiv2-26-debuginfo-0.26-150000.6.26.1 libexiv2-devel-0.26-150000.6.26.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): exiv2-debuginfo-0.26-150000.6.26.1 exiv2-debugsource-0.26-150000.6.26.1 libexiv2-26-0.26-150000.6.26.1 libexiv2-26-debuginfo-0.26-150000.6.26.1 libexiv2-devel-0.26-150000.6.26.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (aarch64 ppc64le s390x x86_64): exiv2-debuginfo-0.26-150000.6.26.1 exiv2-debugsource-0.26-150000.6.26.1 libexiv2-26-0.26-150000.6.26.1 libexiv2-26-debuginfo-0.26-150000.6.26.1 libexiv2-devel-0.26-150000.6.26.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): exiv2-debuginfo-0.26-150000.6.26.1 exiv2-debugsource-0.26-150000.6.26.1 libexiv2-26-0.26-150000.6.26.1 libexiv2-26-debuginfo-0.26-150000.6.26.1 libexiv2-devel-0.26-150000.6.26.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): exiv2-debuginfo-0.26-150000.6.26.1 exiv2-debugsource-0.26-150000.6.26.1 libexiv2-26-0.26-150000.6.26.1 libexiv2-26-debuginfo-0.26-150000.6.26.1 libexiv2-devel-0.26-150000.6.26.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): exiv2-debuginfo-0.26-150000.6.26.1 exiv2-debugsource-0.26-150000.6.26.1 libexiv2-26-0.26-150000.6.26.1 libexiv2-26-debuginfo-0.26-150000.6.26.1 libexiv2-devel-0.26-150000.6.26.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): exiv2-debuginfo-0.26-150000.6.26.1 exiv2-debugsource-0.26-150000.6.26.1 libexiv2-26-0.26-150000.6.26.1 libexiv2-26-debuginfo-0.26-150000.6.26.1 libexiv2-devel-0.26-150000.6.26.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): exiv2-debuginfo-0.26-150000.6.26.1 exiv2-debugsource-0.26-150000.6.26.1 libexiv2-26-0.26-150000.6.26.1 libexiv2-26-debuginfo-0.26-150000.6.26.1 libexiv2-devel-0.26-150000.6.26.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): exiv2-debuginfo-0.26-150000.6.26.1 exiv2-debugsource-0.26-150000.6.26.1 libexiv2-26-0.26-150000.6.26.1 libexiv2-26-debuginfo-0.26-150000.6.26.1 libexiv2-devel-0.26-150000.6.26.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): exiv2-debuginfo-0.26-150000.6.26.1 exiv2-debugsource-0.26-150000.6.26.1 libexiv2-26-0.26-150000.6.26.1 libexiv2-26-debuginfo-0.26-150000.6.26.1 libexiv2-devel-0.26-150000.6.26.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): exiv2-debuginfo-0.26-150000.6.26.1 exiv2-debugsource-0.26-150000.6.26.1 libexiv2-26-0.26-150000.6.26.1 libexiv2-26-debuginfo-0.26-150000.6.26.1 libexiv2-devel-0.26-150000.6.26.1 - SUSE CaaS Platform 4.0 (x86_64): exiv2-debuginfo-0.26-150000.6.26.1 exiv2-debugsource-0.26-150000.6.26.1 libexiv2-26-0.26-150000.6.26.1 libexiv2-26-debuginfo-0.26-150000.6.26.1 libexiv2-devel-0.26-150000.6.26.1 References: https://www.suse.com/security/cve/CVE-2017-11591.html https://www.suse.com/security/cve/CVE-2018-11531.html https://www.suse.com/security/cve/CVE-2018-17581.html https://www.suse.com/security/cve/CVE-2018-20097.html https://www.suse.com/security/cve/CVE-2018-20098.html https://www.suse.com/security/cve/CVE-2018-20099.html https://www.suse.com/security/cve/CVE-2019-13109.html https://www.suse.com/security/cve/CVE-2019-13110.html https://www.suse.com/security/cve/CVE-2019-17402.html https://www.suse.com/security/cve/CVE-2021-29473.html https://www.suse.com/security/cve/CVE-2021-32815.html https://bugzilla.suse.com/1050257 https://bugzilla.suse.com/1095070 https://bugzilla.suse.com/1110282 https://bugzilla.suse.com/1119559 https://bugzilla.suse.com/1119560 https://bugzilla.suse.com/1119562 https://bugzilla.suse.com/1142677 https://bugzilla.suse.com/1142678 https://bugzilla.suse.com/1153577 https://bugzilla.suse.com/1186231 https://bugzilla.suse.com/1189337 From sle-updates at lists.suse.com Tue Nov 29 17:42:14 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 29 Nov 2022 18:42:14 +0100 (CET) Subject: SUSE-SU-2022:4275-1: important: Security update for python Message-ID: <20221129174214.6A8F4F7B8@maintenance.suse.de> SUSE Security Update: Security update for python ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:4275-1 Rating: important References: #1202666 #1205244 Cross-References: CVE-2022-45061 CVSS scores: CVE-2022-45061 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-45061 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Desktop 12-SP5 SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Linux Enterprise Workstation Extension 12-SP5 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 9 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for python fixes the following issues: - CVE-2022-45061: Fixed a quadratic IDNA decoding time (bsc#1205244). The following non-security bug was fixed: - Making compileall.py compliant with year 2038, backport of fix to Python 2.7 (bsc#1202666, gh#python/cpython#79171). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2022-4275=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2022-4275=1 - SUSE Linux Enterprise Workstation Extension 12-SP5: zypper in -t patch SUSE-SLE-WE-12-SP5-2022-4275=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2022-4275=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-4275=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2022-4275=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): libpython2_7-1_0-2.7.18-33.17.1 libpython2_7-1_0-32bit-2.7.18-33.17.1 libpython2_7-1_0-debuginfo-2.7.18-33.17.1 libpython2_7-1_0-debuginfo-32bit-2.7.18-33.17.1 python-2.7.18-33.17.1 python-32bit-2.7.18-33.17.1 python-base-2.7.18-33.17.1 python-base-32bit-2.7.18-33.17.1 python-base-debuginfo-2.7.18-33.17.1 python-base-debuginfo-32bit-2.7.18-33.17.1 python-base-debugsource-2.7.18-33.17.1 python-curses-2.7.18-33.17.1 python-curses-debuginfo-2.7.18-33.17.1 python-debuginfo-2.7.18-33.17.1 python-debuginfo-32bit-2.7.18-33.17.1 python-debugsource-2.7.18-33.17.1 python-demo-2.7.18-33.17.1 python-devel-2.7.18-33.17.1 python-gdbm-2.7.18-33.17.1 python-gdbm-debuginfo-2.7.18-33.17.1 python-idle-2.7.18-33.17.1 python-tk-2.7.18-33.17.1 python-tk-debuginfo-2.7.18-33.17.1 python-xml-2.7.18-33.17.1 python-xml-debuginfo-2.7.18-33.17.1 - SUSE OpenStack Cloud Crowbar 9 (noarch): python-doc-2.7.18-33.17.1 python-doc-pdf-2.7.18-33.17.1 - SUSE OpenStack Cloud 9 (noarch): python-doc-2.7.18-33.17.1 python-doc-pdf-2.7.18-33.17.1 - SUSE OpenStack Cloud 9 (x86_64): libpython2_7-1_0-2.7.18-33.17.1 libpython2_7-1_0-32bit-2.7.18-33.17.1 libpython2_7-1_0-debuginfo-2.7.18-33.17.1 libpython2_7-1_0-debuginfo-32bit-2.7.18-33.17.1 python-2.7.18-33.17.1 python-32bit-2.7.18-33.17.1 python-base-2.7.18-33.17.1 python-base-32bit-2.7.18-33.17.1 python-base-debuginfo-2.7.18-33.17.1 python-base-debuginfo-32bit-2.7.18-33.17.1 python-base-debugsource-2.7.18-33.17.1 python-curses-2.7.18-33.17.1 python-curses-debuginfo-2.7.18-33.17.1 python-debuginfo-2.7.18-33.17.1 python-debuginfo-32bit-2.7.18-33.17.1 python-debugsource-2.7.18-33.17.1 python-demo-2.7.18-33.17.1 python-devel-2.7.18-33.17.1 python-gdbm-2.7.18-33.17.1 python-gdbm-debuginfo-2.7.18-33.17.1 python-idle-2.7.18-33.17.1 python-tk-2.7.18-33.17.1 python-tk-debuginfo-2.7.18-33.17.1 python-xml-2.7.18-33.17.1 python-xml-debuginfo-2.7.18-33.17.1 - SUSE Linux Enterprise Workstation Extension 12-SP5 (x86_64): python-base-debuginfo-2.7.18-33.17.1 python-base-debugsource-2.7.18-33.17.1 python-devel-2.7.18-33.17.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): libpython2_7-1_0-2.7.18-33.17.1 libpython2_7-1_0-debuginfo-2.7.18-33.17.1 python-2.7.18-33.17.1 python-base-2.7.18-33.17.1 python-base-debuginfo-2.7.18-33.17.1 python-base-debugsource-2.7.18-33.17.1 python-curses-2.7.18-33.17.1 python-curses-debuginfo-2.7.18-33.17.1 python-debuginfo-2.7.18-33.17.1 python-debugsource-2.7.18-33.17.1 python-demo-2.7.18-33.17.1 python-devel-2.7.18-33.17.1 python-gdbm-2.7.18-33.17.1 python-gdbm-debuginfo-2.7.18-33.17.1 python-idle-2.7.18-33.17.1 python-tk-2.7.18-33.17.1 python-tk-debuginfo-2.7.18-33.17.1 python-xml-2.7.18-33.17.1 python-xml-debuginfo-2.7.18-33.17.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (noarch): python-doc-2.7.18-33.17.1 python-doc-pdf-2.7.18-33.17.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (x86_64): libpython2_7-1_0-32bit-2.7.18-33.17.1 libpython2_7-1_0-debuginfo-32bit-2.7.18-33.17.1 python-32bit-2.7.18-33.17.1 python-base-32bit-2.7.18-33.17.1 python-base-debuginfo-32bit-2.7.18-33.17.1 python-debuginfo-32bit-2.7.18-33.17.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): libpython2_7-1_0-2.7.18-33.17.1 libpython2_7-1_0-debuginfo-2.7.18-33.17.1 python-2.7.18-33.17.1 python-base-2.7.18-33.17.1 python-base-debuginfo-2.7.18-33.17.1 python-base-debugsource-2.7.18-33.17.1 python-curses-2.7.18-33.17.1 python-curses-debuginfo-2.7.18-33.17.1 python-debuginfo-2.7.18-33.17.1 python-debugsource-2.7.18-33.17.1 python-demo-2.7.18-33.17.1 python-devel-2.7.18-33.17.1 python-gdbm-2.7.18-33.17.1 python-gdbm-debuginfo-2.7.18-33.17.1 python-idle-2.7.18-33.17.1 python-tk-2.7.18-33.17.1 python-tk-debuginfo-2.7.18-33.17.1 python-xml-2.7.18-33.17.1 python-xml-debuginfo-2.7.18-33.17.1 - SUSE Linux Enterprise Server 12-SP5 (s390x x86_64): libpython2_7-1_0-32bit-2.7.18-33.17.1 libpython2_7-1_0-debuginfo-32bit-2.7.18-33.17.1 python-32bit-2.7.18-33.17.1 python-base-32bit-2.7.18-33.17.1 python-base-debuginfo-32bit-2.7.18-33.17.1 python-debuginfo-32bit-2.7.18-33.17.1 - SUSE Linux Enterprise Server 12-SP5 (noarch): python-doc-2.7.18-33.17.1 python-doc-pdf-2.7.18-33.17.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): libpython2_7-1_0-2.7.18-33.17.1 libpython2_7-1_0-debuginfo-2.7.18-33.17.1 python-2.7.18-33.17.1 python-base-2.7.18-33.17.1 python-base-debuginfo-2.7.18-33.17.1 python-base-debugsource-2.7.18-33.17.1 python-curses-2.7.18-33.17.1 python-curses-debuginfo-2.7.18-33.17.1 python-debuginfo-2.7.18-33.17.1 python-debugsource-2.7.18-33.17.1 python-demo-2.7.18-33.17.1 python-devel-2.7.18-33.17.1 python-gdbm-2.7.18-33.17.1 python-gdbm-debuginfo-2.7.18-33.17.1 python-idle-2.7.18-33.17.1 python-tk-2.7.18-33.17.1 python-tk-debuginfo-2.7.18-33.17.1 python-xml-2.7.18-33.17.1 python-xml-debuginfo-2.7.18-33.17.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (s390x x86_64): libpython2_7-1_0-32bit-2.7.18-33.17.1 libpython2_7-1_0-debuginfo-32bit-2.7.18-33.17.1 python-32bit-2.7.18-33.17.1 python-base-32bit-2.7.18-33.17.1 python-base-debuginfo-32bit-2.7.18-33.17.1 python-debuginfo-32bit-2.7.18-33.17.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (noarch): python-doc-2.7.18-33.17.1 python-doc-pdf-2.7.18-33.17.1 References: https://www.suse.com/security/cve/CVE-2022-45061.html https://bugzilla.suse.com/1202666 https://bugzilla.suse.com/1205244 From sle-updates at lists.suse.com Tue Nov 29 17:43:34 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 29 Nov 2022 18:43:34 +0100 (CET) Subject: SUSE-SU-2022:4277-1: important: Security update for binutils Message-ID: <20221129174334.EC5A8F7B8@maintenance.suse.de> SUSE Security Update: Security update for binutils ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:4277-1 Rating: important References: #1142579 #1185597 #1185712 #1188374 #1191473 #1191908 #1193929 #1194783 #1197592 #1198237 #1198458 #1202816 #1202966 #1202967 #1202969 PED-2029 PED-2030 PED-2031 PED-2032 PED-2033 PED-2034 PED-2035 PED-2038 SLE-25046 SLE-25047 Cross-References: CVE-2019-1010204 CVE-2021-3530 CVE-2021-3648 CVE-2021-3826 CVE-2021-45078 CVE-2021-46195 CVE-2022-27943 CVE-2022-38126 CVE-2022-38127 CVE-2022-38533 CVSS scores: CVE-2019-1010204 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2019-1010204 (SUSE): 4 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2021-3530 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-3530 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2021-3648 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2021-3826 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-3826 (SUSE): 6.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H CVE-2021-45078 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-45078 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2021-46195 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2021-46195 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2022-27943 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2022-27943 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2022-38126 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2022-38126 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-38127 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2022-38127 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-38533 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2022-38533 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N Affected Products: SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 9 ______________________________________________________________________________ An update that solves 10 vulnerabilities, contains 10 features and has 5 fixes is now available. Description: This update for binutils fixes the following issues: The following security bugs were fixed: - CVE-2019-1010204: Fixed out-of-bounds read in elfcpp/elfcpp_file.h (bsc#1142579). - CVE-2021-3530: Fixed stack-based buffer overflow in demangle_path() in rust-demangle.c (bsc#1185597). - CVE-2021-3648: Fixed infinite loop while demangling rust symbols (bsc#1188374). - CVE-2021-3826: Fixed heap/stack buffer overflow in the dlang_lname function in d-demangle.c (bsc#1202969). - CVE-2021-45078: Fixed out-of-bounds write in stab_xcoff_builtin_type() in stabs.c (bsc#1193929). - CVE-2021-46195: Fixed uncontrolled recursion in libiberty/rust-demangle.c (bsc#1194783). - CVE-2022-27943: Fixed stack exhaustion in demangle_const in (bsc#1197592). - CVE-2022-38126: Fixed assertion fail in the display_debug_names() function in binutils/dwarf.c (bsc#1202966). - CVE-2022-38127: Fixed NULL pointer dereference in the read_and_display_attr_value() function in binutils/dwarf.c (bsc#1202967). - CVE-2022-38533: Fixed heap out-of-bounds read in bfd_getl32 (bsc#1202816). The following non-security bugs were fixed: - SLE toolchain update of binutils, update to 2.39 from 2.37. - Update to 2.39: * The ELF linker will now generate a warning message if the stack is made executable. Similarly it will warn if the output binary contains a segment with all three of the read, write and execute permission bits set. These warnings are intended to help developers identify programs which might be vulnerable to attack via these executable memory regions. The warnings are enabled by default but can be disabled via a command line option. It is also possible to build a linker with the warnings disabled, should that be necessary. * The ELF linker now supports a --package-metadata option that allows embedding a JSON payload in accordance to the Package Metadata specification. * In linker scripts it is now possible to use TYPE= in an output section description to set the section type value. * The objdump program now supports coloured/colored syntax highlighting of its disassembler output for some architectures. (Currently: AVR, RiscV, s390, x86, x86_64). * The nm program now supports a --no-weak/-W option to make it ignore weak symbols. * The readelf and objdump programs now support a -wE option to prevent them from attempting to access debuginfod servers when following links. * The objcopy program's --weaken, --weaken-symbol, and --weaken-symbols options now works with unique symbols as well. - Update to 2.38: * elfedit: Add --output-abiversion option to update ABIVERSION. * Add support for the LoongArch instruction set. * Tools which display symbols or strings (readelf, strings, nm, objdump) have a new command line option which controls how unicode characters are handled. By default they are treated as normal for the tool. Using --unicode=locale will display them according to the current locale. Using --unicode=hex will display them as hex byte values, whilst --unicode=escape will display them as escape sequences. In addition using --unicode=highlight will display them as unicode escape sequences highlighted in red (if supported by the output device). * readelf -r dumps RELR relative relocations now. * Support for efi-app-aarch64, efi-rtdrv-aarch64 and efi-bsdrv-aarch64 has been added to objcopy in order to enable UEFI development using binutils (bsc#1198458). * ar: Add --thin for creating thin archives. -T is a deprecated alias without diagnostics. In many ar implementations -T has a different meaning, as specified by X/Open System Interface. * Add support for AArch64 system registers that were missing in previous releases. * Add support for the LoongArch instruction set. * Add a command-line option, -muse-unaligned-vector-move, for x86 target to encode aligned vector move as unaligned vector move. * Add support for Cortex-R52+ for Arm. * Add support for Cortex-A510, Cortex-A710, Cortex-X2 for AArch64. * Add support for Cortex-A710 for Arm. * Add support for Scalable Matrix Extension (SME) for AArch64. * The --multibyte-handling=[allow|warn|warn-sym-only] option tells the assembler what to when it encoutners multibyte characters in the input. The default is to allow them. Setting the option to "warn" will generate a warning message whenever any multibyte character is encountered. Using the option to "warn-sym-only" will make the assembler generate a warning whenever a symbol is defined containing multibyte characters. (References to undefined symbols will not generate warnings). * Outputs of .ds.x directive and .tfloat directive with hex input from x86 assembler have been reduced from 12 bytes to 10 bytes to match the output of .tfloat directive. * Add support for 'armv8.8-a', 'armv9-a', 'armv9.1-a', 'armv9.2-a' and 'armv9.3-a' for -march in AArch64 GAS. * Add support for 'armv8.7-a', 'armv8.8-a', 'armv9-a', 'armv9.1-a', 'armv9.2-a' and 'armv9.3-a' for -march in Arm GAS. * Add support for Intel AVX512_FP16 instructions. * Add -z pack-relative-relocs/-z no pack-relative-relocs to x86 ELF linker to pack relative relocations in the DT_RELR section. * Add support for the LoongArch architecture. * Add -z indirect-extern-access/-z noindirect-extern-access to x86 ELF linker to control canonical function pointers and copy relocation. * Add --max-cache-size=SIZE to set the the maximum cache size to SIZE bytes. - Fixed regression that prevented .ko.debug to be loaded in crash tool (bsc#1191908). - Explicitly enable --enable-warn-execstack=yes and --enable-warn-rwx-segments=yes. - Add gprofng subpackage. - Include recognition of 'z16' name for 'arch14' on s390. (bsc#1198237). - Add back fix for bsc#1191473, which got lost in the update to 2.38. - Install symlinks for all target specific tools on arm-eabi-none (bsc#1185712). - Enable PRU architecture for AM335x CPU (Beagle Bone Black board) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2022-4277=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2022-4277=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-4277=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2022-4277=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-4277=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2022-4277=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2022-4277=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2022-4277=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): binutils-2.39-9.50.1 binutils-debuginfo-2.39-9.50.1 binutils-debugsource-2.39-9.50.1 binutils-devel-2.39-9.50.1 libctf-nobfd0-2.39-9.50.1 libctf-nobfd0-debuginfo-2.39-9.50.1 libctf0-2.39-9.50.1 libctf0-debuginfo-2.39-9.50.1 - SUSE OpenStack Cloud 9 (x86_64): binutils-2.39-9.50.1 binutils-debuginfo-2.39-9.50.1 binutils-debugsource-2.39-9.50.1 binutils-devel-2.39-9.50.1 libctf-nobfd0-2.39-9.50.1 libctf-nobfd0-debuginfo-2.39-9.50.1 libctf0-2.39-9.50.1 libctf0-debuginfo-2.39-9.50.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): binutils-debuginfo-2.39-9.50.1 binutils-debugsource-2.39-9.50.1 binutils-devel-2.39-9.50.1 binutils-gold-2.39-9.50.1 binutils-gold-debuginfo-2.39-9.50.1 cross-ppc-binutils-2.39-9.50.1 cross-ppc-binutils-debuginfo-2.39-9.50.1 cross-ppc-binutils-debugsource-2.39-9.50.1 cross-spu-binutils-2.39-9.50.1 cross-spu-binutils-debuginfo-2.39-9.50.1 cross-spu-binutils-debugsource-2.39-9.50.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): binutils-2.39-9.50.1 binutils-debuginfo-2.39-9.50.1 binutils-debugsource-2.39-9.50.1 binutils-devel-2.39-9.50.1 libctf-nobfd0-2.39-9.50.1 libctf-nobfd0-debuginfo-2.39-9.50.1 libctf0-2.39-9.50.1 libctf0-debuginfo-2.39-9.50.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): binutils-2.39-9.50.1 binutils-debuginfo-2.39-9.50.1 binutils-debugsource-2.39-9.50.1 binutils-devel-2.39-9.50.1 libctf-nobfd0-2.39-9.50.1 libctf-nobfd0-debuginfo-2.39-9.50.1 libctf0-2.39-9.50.1 libctf0-debuginfo-2.39-9.50.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): binutils-2.39-9.50.1 binutils-debuginfo-2.39-9.50.1 binutils-debugsource-2.39-9.50.1 binutils-devel-2.39-9.50.1 libctf-nobfd0-2.39-9.50.1 libctf-nobfd0-debuginfo-2.39-9.50.1 libctf0-2.39-9.50.1 libctf0-debuginfo-2.39-9.50.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): binutils-2.39-9.50.1 binutils-debuginfo-2.39-9.50.1 binutils-debugsource-2.39-9.50.1 binutils-devel-2.39-9.50.1 libctf-nobfd0-2.39-9.50.1 libctf-nobfd0-debuginfo-2.39-9.50.1 libctf0-2.39-9.50.1 libctf0-debuginfo-2.39-9.50.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): binutils-2.39-9.50.1 binutils-debuginfo-2.39-9.50.1 binutils-debugsource-2.39-9.50.1 binutils-devel-2.39-9.50.1 libctf-nobfd0-2.39-9.50.1 libctf-nobfd0-debuginfo-2.39-9.50.1 libctf0-2.39-9.50.1 libctf0-debuginfo-2.39-9.50.1 References: https://www.suse.com/security/cve/CVE-2019-1010204.html https://www.suse.com/security/cve/CVE-2021-3530.html https://www.suse.com/security/cve/CVE-2021-3648.html https://www.suse.com/security/cve/CVE-2021-3826.html https://www.suse.com/security/cve/CVE-2021-45078.html https://www.suse.com/security/cve/CVE-2021-46195.html https://www.suse.com/security/cve/CVE-2022-27943.html https://www.suse.com/security/cve/CVE-2022-38126.html https://www.suse.com/security/cve/CVE-2022-38127.html https://www.suse.com/security/cve/CVE-2022-38533.html https://bugzilla.suse.com/1142579 https://bugzilla.suse.com/1185597 https://bugzilla.suse.com/1185712 https://bugzilla.suse.com/1188374 https://bugzilla.suse.com/1191473 https://bugzilla.suse.com/1191908 https://bugzilla.suse.com/1193929 https://bugzilla.suse.com/1194783 https://bugzilla.suse.com/1197592 https://bugzilla.suse.com/1198237 https://bugzilla.suse.com/1198458 https://bugzilla.suse.com/1202816 https://bugzilla.suse.com/1202966 https://bugzilla.suse.com/1202967 https://bugzilla.suse.com/1202969 From sle-updates at lists.suse.com Tue Nov 29 17:46:47 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 29 Nov 2022 18:46:47 +0100 (CET) Subject: SUSE-SU-2022:4278-1: moderate: Security update for supportutils Message-ID: <20221129174648.00E69F7A5@maintenance.suse.de> SUSE Security Update: Security update for supportutils ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:4278-1 Rating: moderate References: #1184689 #1188086 #1192252 #1192648 #1197428 #1200330 #1202269 #1202337 #1202417 #1203818 Affected Products: SUSE Enterprise Storage 7.1 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Micro 5.3 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.2 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.2 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.2 SUSE Manager Server 4.3 openSUSE Leap 15.3 openSUSE Leap 15.4 openSUSE Leap Micro 5.2 openSUSE Leap Micro 5.3 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update for supportutils fixes the following issues: Security issues fixed: - Passwords correctly removed from email.txt, updates.txt and fs-iscsi.txt (bsc#1203818) Bug fixes: - Added lifecycle information - Fixed KVM virtualization detection on bare metal (bsc#1184689) - Added logging using journalctl (bsc#1200330) - Get current sar data before collecting files (bsc#1192648) - Collects everything in /etc/multipath/ (bsc#1192252) - Collects power management information in hardware.txt (bsc#1197428) - Checks for suseconnect-ng or SUSEConnect packages (bsc#1202337) - Fixed conf_files and conf_text_files so y2log is gathered (bsc#1202269) - Update to nvme_info and block_info (bsc#1202417) - Added includedir directories from /etc/sudoers (bsc#1188086) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap Micro 5.3: zypper in -t patch openSUSE-Leap-Micro-5.3-2022-4278=1 - openSUSE Leap Micro 5.2: zypper in -t patch openSUSE-Leap-Micro-5.2-2022-4278=1 - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-4278=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-4278=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-4278=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-4278=1 - SUSE Linux Enterprise Micro 5.3: zypper in -t patch SUSE-SLE-Micro-5.3-2022-4278=1 - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-4278=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-4278=1 Package List: - openSUSE Leap Micro 5.3 (noarch): supportutils-3.1.21-150300.7.35.15.1 - openSUSE Leap Micro 5.2 (noarch): supportutils-3.1.21-150300.7.35.15.1 - openSUSE Leap 15.4 (noarch): supportutils-3.1.21-150300.7.35.15.1 - openSUSE Leap 15.3 (noarch): supportutils-3.1.21-150300.7.35.15.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (noarch): supportutils-3.1.21-150300.7.35.15.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch): supportutils-3.1.21-150300.7.35.15.1 - SUSE Linux Enterprise Micro 5.3 (noarch): supportutils-3.1.21-150300.7.35.15.1 - SUSE Linux Enterprise Micro 5.2 (noarch): supportutils-3.1.21-150300.7.35.15.1 - SUSE Linux Enterprise Micro 5.1 (noarch): supportutils-3.1.21-150300.7.35.15.1 References: https://bugzilla.suse.com/1184689 https://bugzilla.suse.com/1188086 https://bugzilla.suse.com/1192252 https://bugzilla.suse.com/1192648 https://bugzilla.suse.com/1197428 https://bugzilla.suse.com/1200330 https://bugzilla.suse.com/1202269 https://bugzilla.suse.com/1202337 https://bugzilla.suse.com/1202417 https://bugzilla.suse.com/1203818 From sle-updates at lists.suse.com Tue Nov 29 17:48:25 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 29 Nov 2022 18:48:25 +0100 (CET) Subject: SUSE-SU-2022:4279-1: moderate: Security update for systemd Message-ID: <20221129174825.2F950F7A5@maintenance.suse.de> SUSE Security Update: Security update for systemd ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:4279-1 Rating: moderate References: #1197244 #1198507 #1204968 Cross-References: CVE-2022-3821 CVSS scores: CVE-2022-3821 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3821 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 ______________________________________________________________________________ An update that solves one vulnerability and has two fixes is now available. Description: This update for systemd fixes the following issues: - CVE-2022-3821: Fixed buffer overrun in format_timespan() function (bsc#1204968). - Import commit 417bb0944e035969594fff83a3ab9c2ca9a56234 * 20743c1a44 logind: fix crash in logind on user-specified message string * b971b5f085 tmpfiles: check the directory we were supposed to create, not its parent * 2850271ea6 stat-util: replace is_dir() + is_dir_fd() by single is_dir_full() call * 3d3bd5fc8d systemd --user: call pam_loginuid when creating user at .service (#3120) (bsc#1198507) * 4b56c3540a parse-util: introduce pid_is_valid() * aa811a4c0c systemd-detect-virt: refine hypervisor detection (#7171) (bsc#1197244) Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-4279=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-4279=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): libudev-devel-228-157.43.2 systemd-debuginfo-228-157.43.2 systemd-debugsource-228-157.43.2 systemd-devel-228-157.43.2 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): libsystemd0-228-157.43.2 libsystemd0-debuginfo-228-157.43.2 libudev-devel-228-157.43.2 libudev1-228-157.43.2 libudev1-debuginfo-228-157.43.2 systemd-228-157.43.2 systemd-debuginfo-228-157.43.2 systemd-debugsource-228-157.43.2 systemd-devel-228-157.43.2 systemd-sysvinit-228-157.43.2 udev-228-157.43.2 udev-debuginfo-228-157.43.2 - SUSE Linux Enterprise Server 12-SP5 (s390x x86_64): libsystemd0-32bit-228-157.43.2 libsystemd0-debuginfo-32bit-228-157.43.2 libudev1-32bit-228-157.43.2 libudev1-debuginfo-32bit-228-157.43.2 systemd-32bit-228-157.43.2 systemd-debuginfo-32bit-228-157.43.2 - SUSE Linux Enterprise Server 12-SP5 (noarch): systemd-bash-completion-228-157.43.2 References: https://www.suse.com/security/cve/CVE-2022-3821.html https://bugzilla.suse.com/1197244 https://bugzilla.suse.com/1198507 https://bugzilla.suse.com/1204968 From sle-updates at lists.suse.com Tue Nov 29 17:49:19 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 29 Nov 2022 18:49:19 +0100 (CET) Subject: SUSE-SU-2022:4280-1: important: Security update for sudo Message-ID: <20221129174919.AE0A2F7A5@maintenance.suse.de> SUSE Security Update: Security update for sudo ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:4280-1 Rating: important References: #1197998 #1203201 #1204986 Cross-References: CVE-2022-43995 CVSS scores: CVE-2022-43995 (NVD) : 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H CVE-2022-43995 (SUSE): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H Affected Products: SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 ______________________________________________________________________________ An update that solves one vulnerability and has two fixes is now available. Description: This update for sudo fixes the following issues: Security fixes: - CVE-2022-43995: Fixed a potential heap-based buffer over-read when entering a password of seven characters or fewer and using the crypt() password backend (bsc#1204986). Other: - Make sure SIGCHLD is not ignored when sudo is executed; fixes race condition (bsc#1203201). - Change sudo-ldap schema from ASCII to UTF8 (bsc#1197998). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-4280=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-4280=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): sudo-debuginfo-1.8.27-4.30.1 sudo-debugsource-1.8.27-4.30.1 sudo-devel-1.8.27-4.30.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): sudo-1.8.27-4.30.1 sudo-debuginfo-1.8.27-4.30.1 sudo-debugsource-1.8.27-4.30.1 References: https://www.suse.com/security/cve/CVE-2022-43995.html https://bugzilla.suse.com/1197998 https://bugzilla.suse.com/1203201 https://bugzilla.suse.com/1204986 From sle-updates at lists.suse.com Tue Nov 29 17:50:40 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 29 Nov 2022 18:50:40 +0100 (CET) Subject: SUSE-SU-2022:4281-1: important: Security update for python3 Message-ID: <20221129175040.5EB3DF7A5@maintenance.suse.de> SUSE Security Update: Security update for python3 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:4281-1 Rating: important References: #1188607 #1203125 #1204577 Cross-References: CVE-2019-18348 CVE-2020-10735 CVE-2020-8492 CVE-2022-37454 CVSS scores: CVE-2019-18348 (NVD) : 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVE-2019-18348 (SUSE): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVE-2020-10735 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2020-10735 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2020-8492 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2020-8492 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2022-37454 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-37454 (SUSE): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Enterprise Storage 7.1 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Micro 5.3 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Module for Development Tools 15-SP3 SUSE Linux Enterprise Module for Development Tools 15-SP4 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.2 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.2 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.2 SUSE Manager Server 4.3 openSUSE Leap 15.3 openSUSE Leap 15.4 openSUSE Leap Micro 5.2 openSUSE Leap Micro 5.3 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for python3 fixes the following issues: - CVE-2022-37454: Fixed a buffer overflow in hashlib.sha3_* implementations. (bsc#1204577) - CVE-2020-10735: Fixed a bug to limit amount of digits converting text to int and vice vera. (bsc#1203125) The following non-security bug was fixed: - Fixed a crash in the garbage collection (bsc#1188607). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap Micro 5.3: zypper in -t patch openSUSE-Leap-Micro-5.3-2022-4281=1 - openSUSE Leap Micro 5.2: zypper in -t patch openSUSE-Leap-Micro-5.2-2022-4281=1 - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-4281=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-4281=1 - SUSE Linux Enterprise Module for Development Tools 15-SP4: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2022-4281=1 - SUSE Linux Enterprise Module for Development Tools 15-SP3: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2022-4281=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-4281=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-4281=1 - SUSE Linux Enterprise Micro 5.3: zypper in -t patch SUSE-SLE-Micro-5.3-2022-4281=1 - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-4281=1 Package List: - openSUSE Leap Micro 5.3 (aarch64 x86_64): libpython3_6m1_0-3.6.15-150300.10.37.2 libpython3_6m1_0-debuginfo-3.6.15-150300.10.37.2 python3-3.6.15-150300.10.37.2 python3-base-3.6.15-150300.10.37.2 python3-base-debuginfo-3.6.15-150300.10.37.2 python3-core-debugsource-3.6.15-150300.10.37.2 python3-debuginfo-3.6.15-150300.10.37.2 python3-debugsource-3.6.15-150300.10.37.2 - openSUSE Leap Micro 5.2 (aarch64 x86_64): libpython3_6m1_0-3.6.15-150300.10.37.2 libpython3_6m1_0-debuginfo-3.6.15-150300.10.37.2 python3-3.6.15-150300.10.37.2 python3-base-3.6.15-150300.10.37.2 python3-base-debuginfo-3.6.15-150300.10.37.2 python3-core-debugsource-3.6.15-150300.10.37.2 python3-debuginfo-3.6.15-150300.10.37.2 python3-debugsource-3.6.15-150300.10.37.2 - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): libpython3_6m1_0-3.6.15-150300.10.37.2 libpython3_6m1_0-debuginfo-3.6.15-150300.10.37.2 python3-3.6.15-150300.10.37.2 python3-base-3.6.15-150300.10.37.2 python3-base-debuginfo-3.6.15-150300.10.37.2 python3-core-debugsource-3.6.15-150300.10.37.2 python3-curses-3.6.15-150300.10.37.2 python3-curses-debuginfo-3.6.15-150300.10.37.2 python3-dbm-3.6.15-150300.10.37.2 python3-dbm-debuginfo-3.6.15-150300.10.37.2 python3-debuginfo-3.6.15-150300.10.37.2 python3-debugsource-3.6.15-150300.10.37.2 python3-devel-3.6.15-150300.10.37.2 python3-devel-debuginfo-3.6.15-150300.10.37.2 python3-doc-3.6.15-150300.10.37.1 python3-doc-devhelp-3.6.15-150300.10.37.1 python3-idle-3.6.15-150300.10.37.2 python3-testsuite-3.6.15-150300.10.37.2 python3-testsuite-debuginfo-3.6.15-150300.10.37.2 python3-tk-3.6.15-150300.10.37.2 python3-tk-debuginfo-3.6.15-150300.10.37.2 python3-tools-3.6.15-150300.10.37.2 - openSUSE Leap 15.4 (x86_64): libpython3_6m1_0-32bit-3.6.15-150300.10.37.2 libpython3_6m1_0-32bit-debuginfo-3.6.15-150300.10.37.2 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): libpython3_6m1_0-3.6.15-150300.10.37.2 libpython3_6m1_0-debuginfo-3.6.15-150300.10.37.2 python3-3.6.15-150300.10.37.2 python3-base-3.6.15-150300.10.37.2 python3-base-debuginfo-3.6.15-150300.10.37.2 python3-core-debugsource-3.6.15-150300.10.37.2 python3-curses-3.6.15-150300.10.37.2 python3-curses-debuginfo-3.6.15-150300.10.37.2 python3-dbm-3.6.15-150300.10.37.2 python3-dbm-debuginfo-3.6.15-150300.10.37.2 python3-debuginfo-3.6.15-150300.10.37.2 python3-debugsource-3.6.15-150300.10.37.2 python3-devel-3.6.15-150300.10.37.2 python3-devel-debuginfo-3.6.15-150300.10.37.2 python3-doc-3.6.15-150300.10.37.1 python3-doc-devhelp-3.6.15-150300.10.37.1 python3-idle-3.6.15-150300.10.37.2 python3-testsuite-3.6.15-150300.10.37.2 python3-testsuite-debuginfo-3.6.15-150300.10.37.2 python3-tk-3.6.15-150300.10.37.2 python3-tk-debuginfo-3.6.15-150300.10.37.2 python3-tools-3.6.15-150300.10.37.2 - openSUSE Leap 15.3 (x86_64): libpython3_6m1_0-32bit-3.6.15-150300.10.37.2 libpython3_6m1_0-32bit-debuginfo-3.6.15-150300.10.37.2 - SUSE Linux Enterprise Module for Development Tools 15-SP4 (aarch64 ppc64le s390x x86_64): python3-core-debugsource-3.6.15-150300.10.37.2 python3-tools-3.6.15-150300.10.37.2 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 ppc64le s390x x86_64): python3-core-debugsource-3.6.15-150300.10.37.2 python3-tools-3.6.15-150300.10.37.2 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): libpython3_6m1_0-3.6.15-150300.10.37.2 libpython3_6m1_0-debuginfo-3.6.15-150300.10.37.2 python3-3.6.15-150300.10.37.2 python3-base-3.6.15-150300.10.37.2 python3-base-debuginfo-3.6.15-150300.10.37.2 python3-core-debugsource-3.6.15-150300.10.37.2 python3-curses-3.6.15-150300.10.37.2 python3-curses-debuginfo-3.6.15-150300.10.37.2 python3-dbm-3.6.15-150300.10.37.2 python3-dbm-debuginfo-3.6.15-150300.10.37.2 python3-debuginfo-3.6.15-150300.10.37.2 python3-debugsource-3.6.15-150300.10.37.2 python3-devel-3.6.15-150300.10.37.2 python3-devel-debuginfo-3.6.15-150300.10.37.2 python3-idle-3.6.15-150300.10.37.2 python3-tk-3.6.15-150300.10.37.2 python3-tk-debuginfo-3.6.15-150300.10.37.2 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): libpython3_6m1_0-3.6.15-150300.10.37.2 libpython3_6m1_0-debuginfo-3.6.15-150300.10.37.2 python3-3.6.15-150300.10.37.2 python3-base-3.6.15-150300.10.37.2 python3-base-debuginfo-3.6.15-150300.10.37.2 python3-core-debugsource-3.6.15-150300.10.37.2 python3-curses-3.6.15-150300.10.37.2 python3-curses-debuginfo-3.6.15-150300.10.37.2 python3-dbm-3.6.15-150300.10.37.2 python3-dbm-debuginfo-3.6.15-150300.10.37.2 python3-debuginfo-3.6.15-150300.10.37.2 python3-debugsource-3.6.15-150300.10.37.2 python3-devel-3.6.15-150300.10.37.2 python3-devel-debuginfo-3.6.15-150300.10.37.2 python3-idle-3.6.15-150300.10.37.2 python3-tk-3.6.15-150300.10.37.2 python3-tk-debuginfo-3.6.15-150300.10.37.2 - SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64): libpython3_6m1_0-3.6.15-150300.10.37.2 libpython3_6m1_0-debuginfo-3.6.15-150300.10.37.2 python3-3.6.15-150300.10.37.2 python3-base-3.6.15-150300.10.37.2 python3-base-debuginfo-3.6.15-150300.10.37.2 python3-core-debugsource-3.6.15-150300.10.37.2 python3-debuginfo-3.6.15-150300.10.37.2 python3-debugsource-3.6.15-150300.10.37.2 - SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64): libpython3_6m1_0-3.6.15-150300.10.37.2 libpython3_6m1_0-debuginfo-3.6.15-150300.10.37.2 python3-3.6.15-150300.10.37.2 python3-base-3.6.15-150300.10.37.2 python3-base-debuginfo-3.6.15-150300.10.37.2 python3-core-debugsource-3.6.15-150300.10.37.2 python3-debuginfo-3.6.15-150300.10.37.2 python3-debugsource-3.6.15-150300.10.37.2 References: https://www.suse.com/security/cve/CVE-2019-18348.html https://www.suse.com/security/cve/CVE-2020-10735.html https://www.suse.com/security/cve/CVE-2020-8492.html https://www.suse.com/security/cve/CVE-2022-37454.html https://bugzilla.suse.com/1188607 https://bugzilla.suse.com/1203125 https://bugzilla.suse.com/1204577 From sle-updates at lists.suse.com Tue Nov 29 20:22:50 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 29 Nov 2022 21:22:50 +0100 (CET) Subject: SUSE-SU-2022:4293-1: moderate: Security update for freerdp Message-ID: <20221129202250.5F00AF7A5@maintenance.suse.de> SUSE Security Update: Security update for freerdp ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:4293-1 Rating: moderate References: #1205563 #1205564 Cross-References: CVE-2022-39318 CVE-2022-39319 CVSS scores: CVE-2022-39318 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-39318 (SUSE): 4.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:H CVE-2022-39319 (NVD) : 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H CVE-2022-39319 (SUSE): 6.1 CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:H Affected Products: SUSE Linux Enterprise Desktop 12-SP5 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Workstation Extension 12-SP5 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for freerdp fixes the following issues: - CVE-2022-39318: Fixed division by zero in urbdrc (bsc#1205563). - CVE-2022-39319: Fixed missing input buffer length check in urbdrc (bsc#1205564). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP5: zypper in -t patch SUSE-SLE-WE-12-SP5-2022-4293=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-4293=1 Package List: - SUSE Linux Enterprise Workstation Extension 12-SP5 (x86_64): freerdp-2.1.2-12.32.1 freerdp-debuginfo-2.1.2-12.32.1 freerdp-debugsource-2.1.2-12.32.1 freerdp-proxy-2.1.2-12.32.1 freerdp-server-2.1.2-12.32.1 libfreerdp2-2.1.2-12.32.1 libfreerdp2-debuginfo-2.1.2-12.32.1 libwinpr2-2.1.2-12.32.1 libwinpr2-debuginfo-2.1.2-12.32.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): freerdp-debuginfo-2.1.2-12.32.1 freerdp-debugsource-2.1.2-12.32.1 freerdp-devel-2.1.2-12.32.1 libfreerdp2-2.1.2-12.32.1 libfreerdp2-debuginfo-2.1.2-12.32.1 libwinpr2-2.1.2-12.32.1 libwinpr2-debuginfo-2.1.2-12.32.1 winpr2-devel-2.1.2-12.32.1 References: https://www.suse.com/security/cve/CVE-2022-39318.html https://www.suse.com/security/cve/CVE-2022-39319.html https://bugzilla.suse.com/1205563 https://bugzilla.suse.com/1205564 From sle-updates at lists.suse.com Tue Nov 29 20:23:44 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 29 Nov 2022 21:23:44 +0100 (CET) Subject: SUSE-RU-2022:4286-1: moderate: Recommended update for mozilla-nspr, mozilla-nss Message-ID: <20221129202344.69FA3F7A5@maintenance.suse.de> SUSE Recommended Update: Recommended update for mozilla-nspr, mozilla-nss ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:4286-1 Rating: moderate References: #1191546 #1198980 #1201298 #1204729 Affected Products: SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 9 ______________________________________________________________________________ An update that has four recommended fixes can now be installed. Description: This update for mozilla-nspr, mozilla-nss fixes the following issues: mozilla-nspr was updated to version 4.34.1: * add file descriptor sanity checks in the NSPR poll function. mozilla-nss was updated to NSS 3.79.2 (bsc#1204729) * Bump minimum NSPR version to 4.34.1. * Gracefully handle null nickname in CERT_GetCertNicknameWithValidity. Other issues fixed: - FIPS: Allow the use of DSA keys (verification only) (bsc#1201298). - FIPS: Add sftk_FIPSRepeatIntegrityCheck() to softoken's .def file (bsc#1198980). - FIPS: Allow the use of longer symmetric keys via the service level indicator (bsc#1191546). - FIPS: Hopefully export sftk_FIPSRepeatIntegrityCheck() correctly (bsc#1198980). - FIPS: Prevent sessions from getting flagged as non-FIPS (bsc#1191546). - FIPS: Mark DSA keygen unapproved (bsc#1191546, bsc#1201298). - FIPS: Prevent keys from getting flagged as non-FIPS and add remaining TLS mechanisms. - FIPS: Fixed an abort() when both NSS_FIPS and /proc FIPS mode are enabled. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2022-4286=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2022-4286=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-4286=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2022-4286=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-4286=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2022-4286=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2022-4286=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2022-4286=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): libfreebl3-3.79.2-58.83.2 libfreebl3-32bit-3.79.2-58.83.2 libfreebl3-debuginfo-3.79.2-58.83.2 libfreebl3-debuginfo-32bit-3.79.2-58.83.2 libfreebl3-hmac-3.79.2-58.83.2 libfreebl3-hmac-32bit-3.79.2-58.83.2 libsoftokn3-3.79.2-58.83.2 libsoftokn3-32bit-3.79.2-58.83.2 libsoftokn3-debuginfo-3.79.2-58.83.2 libsoftokn3-debuginfo-32bit-3.79.2-58.83.2 libsoftokn3-hmac-3.79.2-58.83.2 libsoftokn3-hmac-32bit-3.79.2-58.83.2 mozilla-nspr-32bit-4.34.1-19.26.2 mozilla-nspr-4.34.1-19.26.2 mozilla-nspr-debuginfo-32bit-4.34.1-19.26.2 mozilla-nspr-debuginfo-4.34.1-19.26.2 mozilla-nspr-debugsource-4.34.1-19.26.2 mozilla-nspr-devel-4.34.1-19.26.2 mozilla-nss-3.79.2-58.83.2 mozilla-nss-32bit-3.79.2-58.83.2 mozilla-nss-certs-3.79.2-58.83.2 mozilla-nss-certs-32bit-3.79.2-58.83.2 mozilla-nss-certs-debuginfo-3.79.2-58.83.2 mozilla-nss-certs-debuginfo-32bit-3.79.2-58.83.2 mozilla-nss-debuginfo-3.79.2-58.83.2 mozilla-nss-debuginfo-32bit-3.79.2-58.83.2 mozilla-nss-debugsource-3.79.2-58.83.2 mozilla-nss-devel-3.79.2-58.83.2 mozilla-nss-sysinit-3.79.2-58.83.2 mozilla-nss-sysinit-32bit-3.79.2-58.83.2 mozilla-nss-sysinit-debuginfo-3.79.2-58.83.2 mozilla-nss-sysinit-debuginfo-32bit-3.79.2-58.83.2 mozilla-nss-tools-3.79.2-58.83.2 mozilla-nss-tools-debuginfo-3.79.2-58.83.2 - SUSE OpenStack Cloud 9 (x86_64): libfreebl3-3.79.2-58.83.2 libfreebl3-32bit-3.79.2-58.83.2 libfreebl3-debuginfo-3.79.2-58.83.2 libfreebl3-debuginfo-32bit-3.79.2-58.83.2 libfreebl3-hmac-3.79.2-58.83.2 libfreebl3-hmac-32bit-3.79.2-58.83.2 libsoftokn3-3.79.2-58.83.2 libsoftokn3-32bit-3.79.2-58.83.2 libsoftokn3-debuginfo-3.79.2-58.83.2 libsoftokn3-debuginfo-32bit-3.79.2-58.83.2 libsoftokn3-hmac-3.79.2-58.83.2 libsoftokn3-hmac-32bit-3.79.2-58.83.2 mozilla-nspr-32bit-4.34.1-19.26.2 mozilla-nspr-4.34.1-19.26.2 mozilla-nspr-debuginfo-32bit-4.34.1-19.26.2 mozilla-nspr-debuginfo-4.34.1-19.26.2 mozilla-nspr-debugsource-4.34.1-19.26.2 mozilla-nspr-devel-4.34.1-19.26.2 mozilla-nss-3.79.2-58.83.2 mozilla-nss-32bit-3.79.2-58.83.2 mozilla-nss-certs-3.79.2-58.83.2 mozilla-nss-certs-32bit-3.79.2-58.83.2 mozilla-nss-certs-debuginfo-3.79.2-58.83.2 mozilla-nss-certs-debuginfo-32bit-3.79.2-58.83.2 mozilla-nss-debuginfo-3.79.2-58.83.2 mozilla-nss-debuginfo-32bit-3.79.2-58.83.2 mozilla-nss-debugsource-3.79.2-58.83.2 mozilla-nss-devel-3.79.2-58.83.2 mozilla-nss-sysinit-3.79.2-58.83.2 mozilla-nss-sysinit-32bit-3.79.2-58.83.2 mozilla-nss-sysinit-debuginfo-3.79.2-58.83.2 mozilla-nss-sysinit-debuginfo-32bit-3.79.2-58.83.2 mozilla-nss-tools-3.79.2-58.83.2 mozilla-nss-tools-debuginfo-3.79.2-58.83.2 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): mozilla-nspr-debuginfo-4.34.1-19.26.2 mozilla-nspr-debugsource-4.34.1-19.26.2 mozilla-nspr-devel-4.34.1-19.26.2 mozilla-nss-debuginfo-3.79.2-58.83.2 mozilla-nss-debugsource-3.79.2-58.83.2 mozilla-nss-devel-3.79.2-58.83.2 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): libfreebl3-3.79.2-58.83.2 libfreebl3-debuginfo-3.79.2-58.83.2 libfreebl3-hmac-3.79.2-58.83.2 libsoftokn3-3.79.2-58.83.2 libsoftokn3-debuginfo-3.79.2-58.83.2 libsoftokn3-hmac-3.79.2-58.83.2 mozilla-nspr-4.34.1-19.26.2 mozilla-nspr-debuginfo-4.34.1-19.26.2 mozilla-nspr-debugsource-4.34.1-19.26.2 mozilla-nspr-devel-4.34.1-19.26.2 mozilla-nss-3.79.2-58.83.2 mozilla-nss-certs-3.79.2-58.83.2 mozilla-nss-certs-debuginfo-3.79.2-58.83.2 mozilla-nss-debuginfo-3.79.2-58.83.2 mozilla-nss-debugsource-3.79.2-58.83.2 mozilla-nss-devel-3.79.2-58.83.2 mozilla-nss-sysinit-3.79.2-58.83.2 mozilla-nss-sysinit-debuginfo-3.79.2-58.83.2 mozilla-nss-tools-3.79.2-58.83.2 mozilla-nss-tools-debuginfo-3.79.2-58.83.2 - SUSE Linux Enterprise Server for SAP 12-SP4 (x86_64): libfreebl3-32bit-3.79.2-58.83.2 libfreebl3-debuginfo-32bit-3.79.2-58.83.2 libfreebl3-hmac-32bit-3.79.2-58.83.2 libsoftokn3-32bit-3.79.2-58.83.2 libsoftokn3-debuginfo-32bit-3.79.2-58.83.2 libsoftokn3-hmac-32bit-3.79.2-58.83.2 mozilla-nspr-32bit-4.34.1-19.26.2 mozilla-nspr-debuginfo-32bit-4.34.1-19.26.2 mozilla-nss-32bit-3.79.2-58.83.2 mozilla-nss-certs-32bit-3.79.2-58.83.2 mozilla-nss-certs-debuginfo-32bit-3.79.2-58.83.2 mozilla-nss-debuginfo-32bit-3.79.2-58.83.2 mozilla-nss-sysinit-32bit-3.79.2-58.83.2 mozilla-nss-sysinit-debuginfo-32bit-3.79.2-58.83.2 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): libfreebl3-3.79.2-58.83.2 libfreebl3-debuginfo-3.79.2-58.83.2 libfreebl3-hmac-3.79.2-58.83.2 libsoftokn3-3.79.2-58.83.2 libsoftokn3-debuginfo-3.79.2-58.83.2 libsoftokn3-hmac-3.79.2-58.83.2 mozilla-nspr-4.34.1-19.26.2 mozilla-nspr-debuginfo-4.34.1-19.26.2 mozilla-nspr-debugsource-4.34.1-19.26.2 mozilla-nspr-devel-4.34.1-19.26.2 mozilla-nss-3.79.2-58.83.2 mozilla-nss-certs-3.79.2-58.83.2 mozilla-nss-certs-debuginfo-3.79.2-58.83.2 mozilla-nss-debuginfo-3.79.2-58.83.2 mozilla-nss-debugsource-3.79.2-58.83.2 mozilla-nss-devel-3.79.2-58.83.2 mozilla-nss-sysinit-3.79.2-58.83.2 mozilla-nss-sysinit-debuginfo-3.79.2-58.83.2 mozilla-nss-tools-3.79.2-58.83.2 mozilla-nss-tools-debuginfo-3.79.2-58.83.2 - SUSE Linux Enterprise Server 12-SP5 (s390x x86_64): libfreebl3-32bit-3.79.2-58.83.2 libfreebl3-debuginfo-32bit-3.79.2-58.83.2 libfreebl3-hmac-32bit-3.79.2-58.83.2 libsoftokn3-32bit-3.79.2-58.83.2 libsoftokn3-debuginfo-32bit-3.79.2-58.83.2 libsoftokn3-hmac-32bit-3.79.2-58.83.2 mozilla-nspr-32bit-4.34.1-19.26.2 mozilla-nspr-debuginfo-32bit-4.34.1-19.26.2 mozilla-nss-32bit-3.79.2-58.83.2 mozilla-nss-certs-32bit-3.79.2-58.83.2 mozilla-nss-certs-debuginfo-32bit-3.79.2-58.83.2 mozilla-nss-debuginfo-32bit-3.79.2-58.83.2 mozilla-nss-sysinit-32bit-3.79.2-58.83.2 mozilla-nss-sysinit-debuginfo-32bit-3.79.2-58.83.2 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): libfreebl3-3.79.2-58.83.2 libfreebl3-debuginfo-3.79.2-58.83.2 libfreebl3-hmac-3.79.2-58.83.2 libsoftokn3-3.79.2-58.83.2 libsoftokn3-debuginfo-3.79.2-58.83.2 libsoftokn3-hmac-3.79.2-58.83.2 mozilla-nspr-4.34.1-19.26.2 mozilla-nspr-debuginfo-4.34.1-19.26.2 mozilla-nspr-debugsource-4.34.1-19.26.2 mozilla-nspr-devel-4.34.1-19.26.2 mozilla-nss-3.79.2-58.83.2 mozilla-nss-certs-3.79.2-58.83.2 mozilla-nss-certs-debuginfo-3.79.2-58.83.2 mozilla-nss-debuginfo-3.79.2-58.83.2 mozilla-nss-debugsource-3.79.2-58.83.2 mozilla-nss-devel-3.79.2-58.83.2 mozilla-nss-sysinit-3.79.2-58.83.2 mozilla-nss-sysinit-debuginfo-3.79.2-58.83.2 mozilla-nss-tools-3.79.2-58.83.2 mozilla-nss-tools-debuginfo-3.79.2-58.83.2 - SUSE Linux Enterprise Server 12-SP4-LTSS (s390x x86_64): libfreebl3-32bit-3.79.2-58.83.2 libfreebl3-debuginfo-32bit-3.79.2-58.83.2 libfreebl3-hmac-32bit-3.79.2-58.83.2 libsoftokn3-32bit-3.79.2-58.83.2 libsoftokn3-debuginfo-32bit-3.79.2-58.83.2 libsoftokn3-hmac-32bit-3.79.2-58.83.2 mozilla-nspr-32bit-4.34.1-19.26.2 mozilla-nspr-debuginfo-32bit-4.34.1-19.26.2 mozilla-nss-32bit-3.79.2-58.83.2 mozilla-nss-certs-32bit-3.79.2-58.83.2 mozilla-nss-certs-debuginfo-32bit-3.79.2-58.83.2 mozilla-nss-debuginfo-32bit-3.79.2-58.83.2 mozilla-nss-sysinit-32bit-3.79.2-58.83.2 mozilla-nss-sysinit-debuginfo-32bit-3.79.2-58.83.2 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): libfreebl3-3.79.2-58.83.2 libfreebl3-32bit-3.79.2-58.83.2 libfreebl3-debuginfo-3.79.2-58.83.2 libfreebl3-debuginfo-32bit-3.79.2-58.83.2 libfreebl3-hmac-3.79.2-58.83.2 libfreebl3-hmac-32bit-3.79.2-58.83.2 libsoftokn3-3.79.2-58.83.2 libsoftokn3-32bit-3.79.2-58.83.2 libsoftokn3-debuginfo-3.79.2-58.83.2 libsoftokn3-debuginfo-32bit-3.79.2-58.83.2 libsoftokn3-hmac-3.79.2-58.83.2 libsoftokn3-hmac-32bit-3.79.2-58.83.2 mozilla-nspr-32bit-4.34.1-19.26.2 mozilla-nspr-4.34.1-19.26.2 mozilla-nspr-debuginfo-32bit-4.34.1-19.26.2 mozilla-nspr-debuginfo-4.34.1-19.26.2 mozilla-nspr-debugsource-4.34.1-19.26.2 mozilla-nss-3.79.2-58.83.2 mozilla-nss-32bit-3.79.2-58.83.2 mozilla-nss-certs-3.79.2-58.83.2 mozilla-nss-certs-32bit-3.79.2-58.83.2 mozilla-nss-certs-debuginfo-3.79.2-58.83.2 mozilla-nss-certs-debuginfo-32bit-3.79.2-58.83.2 mozilla-nss-debuginfo-3.79.2-58.83.2 mozilla-nss-debuginfo-32bit-3.79.2-58.83.2 mozilla-nss-debugsource-3.79.2-58.83.2 mozilla-nss-sysinit-3.79.2-58.83.2 mozilla-nss-sysinit-32bit-3.79.2-58.83.2 mozilla-nss-sysinit-debuginfo-3.79.2-58.83.2 mozilla-nss-sysinit-debuginfo-32bit-3.79.2-58.83.2 mozilla-nss-tools-3.79.2-58.83.2 mozilla-nss-tools-debuginfo-3.79.2-58.83.2 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): libfreebl3-3.79.2-58.83.2 libfreebl3-32bit-3.79.2-58.83.2 libfreebl3-debuginfo-3.79.2-58.83.2 libfreebl3-debuginfo-32bit-3.79.2-58.83.2 libfreebl3-hmac-3.79.2-58.83.2 libfreebl3-hmac-32bit-3.79.2-58.83.2 libsoftokn3-3.79.2-58.83.2 libsoftokn3-32bit-3.79.2-58.83.2 libsoftokn3-debuginfo-3.79.2-58.83.2 libsoftokn3-debuginfo-32bit-3.79.2-58.83.2 libsoftokn3-hmac-3.79.2-58.83.2 libsoftokn3-hmac-32bit-3.79.2-58.83.2 mozilla-nspr-32bit-4.34.1-19.26.2 mozilla-nspr-4.34.1-19.26.2 mozilla-nspr-debuginfo-32bit-4.34.1-19.26.2 mozilla-nspr-debuginfo-4.34.1-19.26.2 mozilla-nspr-debugsource-4.34.1-19.26.2 mozilla-nss-3.79.2-58.83.2 mozilla-nss-32bit-3.79.2-58.83.2 mozilla-nss-certs-3.79.2-58.83.2 mozilla-nss-certs-32bit-3.79.2-58.83.2 mozilla-nss-certs-debuginfo-3.79.2-58.83.2 mozilla-nss-certs-debuginfo-32bit-3.79.2-58.83.2 mozilla-nss-debuginfo-3.79.2-58.83.2 mozilla-nss-debuginfo-32bit-3.79.2-58.83.2 mozilla-nss-debugsource-3.79.2-58.83.2 mozilla-nss-sysinit-3.79.2-58.83.2 mozilla-nss-sysinit-32bit-3.79.2-58.83.2 mozilla-nss-sysinit-debuginfo-3.79.2-58.83.2 mozilla-nss-sysinit-debuginfo-32bit-3.79.2-58.83.2 mozilla-nss-tools-3.79.2-58.83.2 mozilla-nss-tools-debuginfo-3.79.2-58.83.2 References: https://bugzilla.suse.com/1191546 https://bugzilla.suse.com/1198980 https://bugzilla.suse.com/1201298 https://bugzilla.suse.com/1204729 From sle-updates at lists.suse.com Tue Nov 29 20:24:51 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 29 Nov 2022 21:24:51 +0100 (CET) Subject: SUSE-SU-2022:4288-1: Security update for opencc Message-ID: <20221129202451.99BA6F7A5@maintenance.suse.de> SUSE Security Update: Security update for opencc ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:4288-1 Rating: low References: #1108310 Cross-References: CVE-2018-16982 CVSS scores: CVE-2018-16982 (NVD) : 5.5 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2018-16982 (SUSE): 3.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L Affected Products: SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for opencc fixes the following issues: - CVE-2018-16982: Fixed out-of-bounds keyOffset and valueOffset values in BinaryDict.cpp. (bsc#1108310) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-4288=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-4288=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): opencc-debuginfo-1.0.3-5.3.1 opencc-devel-1.0.3-5.3.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): libopencc2-1.0.3-5.3.1 opencc-1.0.3-5.3.1 opencc-data-1.0.3-5.3.1 opencc-debuginfo-1.0.3-5.3.1 References: https://www.suse.com/security/cve/CVE-2018-16982.html https://bugzilla.suse.com/1108310 From sle-updates at lists.suse.com Tue Nov 29 20:26:43 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 29 Nov 2022 21:26:43 +0100 (CET) Subject: SUSE-SU-2022:4282-1: important: Security update for vim Message-ID: <20221129202643.911BDF7A5@maintenance.suse.de> SUSE Security Update: Security update for vim ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:4282-1 Rating: important References: #1192478 #1202962 #1203110 #1203152 #1203155 #1203194 #1203272 #1203508 #1203509 #1203796 #1203797 #1203799 #1203820 #1203924 #1204779 Cross-References: CVE-2021-3928 CVE-2022-2980 CVE-2022-2982 CVE-2022-3037 CVE-2022-3099 CVE-2022-3134 CVE-2022-3153 CVE-2022-3234 CVE-2022-3235 CVE-2022-3278 CVE-2022-3296 CVE-2022-3297 CVE-2022-3324 CVE-2022-3352 CVE-2022-3705 CVSS scores: CVE-2021-3928 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-3928 (SUSE): 6.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:L CVE-2022-2980 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2022-2980 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2022-2982 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-2982 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2022-3037 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-3037 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2022-3099 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-3099 (SUSE): 5.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L CVE-2022-3134 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-3134 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2022-3153 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2022-3153 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2022-3234 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-3235 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-3235 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2022-3278 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2022-3278 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2022-3296 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-3296 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N CVE-2022-3297 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-3297 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2022-3324 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-3324 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-3352 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-3352 (SUSE): 5.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L CVE-2022-3705 (NVD) : 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-3705 (SUSE): 5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Enterprise Storage 7 SUSE Enterprise Storage 7.1 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Micro 5.3 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Module for Desktop Applications 15-SP3 SUSE Linux Enterprise Module for Desktop Applications 15-SP4 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.1 SUSE Manager Retail Branch Server 4.2 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.1 SUSE Manager Server 4.2 SUSE Manager Server 4.3 openSUSE Leap 15.3 openSUSE Leap 15.4 openSUSE Leap Micro 5.2 openSUSE Leap Micro 5.3 ______________________________________________________________________________ An update that fixes 15 vulnerabilities is now available. Description: This update for vim fixes the following issues: Updated to version 9.0 with patch level 0814: - CVE-2021-3928: Fixed stack-based buffer overflow (bsc#1192478). - CVE-2022-3234: Fixed heap-based buffer overflow (bsc#1203508). - CVE-2022-3235: Fixed use-after-free (bsc#1203509). - CVE-2022-3324: Fixed stack-based buffer overflow (bsc#1203820). - CVE-2022-3705: Fixed use-after-free in function qf_update_buffer of the file quickfix.c (bsc#1204779). - CVE-2022-2982: Fixed use-after-free in qf_fill_buffer() (bsc#1203152). - CVE-2022-3296: Fixed stack out of bounds read in ex_finally() in ex_eval.c (bsc#1203796). - CVE-2022-3297: Fixed use-after-free in process_next_cpt_value() at insexpand.c (bsc#1203797). - CVE-2022-3099: Fixed use-after-free in ex_docmd.c (bsc#1203110). - CVE-2022-3134: Fixed use-after-free in do_tag() (bsc#1203194). - CVE-2022-3153: Fixed NULL pointer dereference (bsc#1203272). - CVE-2022-3278: Fixed NULL pointer dereference in eval_next_non_blank() in eval.c (bsc#1203799). - CVE-2022-3352: Fixed use-after-free (bsc#1203924). - CVE-2022-2980: Fixed NULL pointer dereference in do_mouse() (bsc#1203155). - CVE-2022-3037: Fixed use-after-free (bsc#1202962). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap Micro 5.3: zypper in -t patch openSUSE-Leap-Micro-5.3-2022-4282=1 - openSUSE Leap Micro 5.2: zypper in -t patch openSUSE-Leap-Micro-5.2-2022-4282=1 - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-4282=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-4282=1 - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-4282=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-4282=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-4282=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-4282=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-4282=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-4282=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-4282=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-4282=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-4282=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-4282=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2022-4282=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP4: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP4-2022-4282=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP3-2022-4282=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-4282=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-4282=1 - SUSE Linux Enterprise Micro 5.3: zypper in -t patch SUSE-SLE-Micro-5.3-2022-4282=1 - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-4282=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-4282=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-4282=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-4282=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-4282=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-4282=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-4282=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-4282=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-4282=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-4282=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - openSUSE Leap Micro 5.3 (aarch64 x86_64): vim-debuginfo-9.0.0814-150000.5.28.1 vim-debugsource-9.0.0814-150000.5.28.1 vim-small-9.0.0814-150000.5.28.1 vim-small-debuginfo-9.0.0814-150000.5.28.1 - openSUSE Leap Micro 5.3 (noarch): vim-data-common-9.0.0814-150000.5.28.1 - openSUSE Leap Micro 5.2 (aarch64 x86_64): vim-debuginfo-9.0.0814-150000.5.28.1 vim-debugsource-9.0.0814-150000.5.28.1 vim-small-9.0.0814-150000.5.28.1 vim-small-debuginfo-9.0.0814-150000.5.28.1 - openSUSE Leap Micro 5.2 (noarch): vim-data-common-9.0.0814-150000.5.28.1 - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): gvim-9.0.0814-150000.5.28.1 gvim-debuginfo-9.0.0814-150000.5.28.1 vim-9.0.0814-150000.5.28.1 vim-debuginfo-9.0.0814-150000.5.28.1 vim-debugsource-9.0.0814-150000.5.28.1 vim-small-9.0.0814-150000.5.28.1 vim-small-debuginfo-9.0.0814-150000.5.28.1 - openSUSE Leap 15.4 (noarch): vim-data-9.0.0814-150000.5.28.1 vim-data-common-9.0.0814-150000.5.28.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): gvim-9.0.0814-150000.5.28.1 gvim-debuginfo-9.0.0814-150000.5.28.1 vim-9.0.0814-150000.5.28.1 vim-debuginfo-9.0.0814-150000.5.28.1 vim-debugsource-9.0.0814-150000.5.28.1 vim-small-9.0.0814-150000.5.28.1 vim-small-debuginfo-9.0.0814-150000.5.28.1 - openSUSE Leap 15.3 (noarch): vim-data-9.0.0814-150000.5.28.1 vim-data-common-9.0.0814-150000.5.28.1 - SUSE Manager Server 4.1 (ppc64le s390x x86_64): gvim-9.0.0814-150000.5.28.1 gvim-debuginfo-9.0.0814-150000.5.28.1 vim-9.0.0814-150000.5.28.1 vim-debuginfo-9.0.0814-150000.5.28.1 vim-debugsource-9.0.0814-150000.5.28.1 - SUSE Manager Server 4.1 (noarch): vim-data-9.0.0814-150000.5.28.1 vim-data-common-9.0.0814-150000.5.28.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): gvim-9.0.0814-150000.5.28.1 gvim-debuginfo-9.0.0814-150000.5.28.1 vim-9.0.0814-150000.5.28.1 vim-debuginfo-9.0.0814-150000.5.28.1 vim-debugsource-9.0.0814-150000.5.28.1 - SUSE Manager Retail Branch Server 4.1 (noarch): vim-data-9.0.0814-150000.5.28.1 vim-data-common-9.0.0814-150000.5.28.1 - SUSE Manager Proxy 4.1 (x86_64): gvim-9.0.0814-150000.5.28.1 gvim-debuginfo-9.0.0814-150000.5.28.1 vim-9.0.0814-150000.5.28.1 vim-debuginfo-9.0.0814-150000.5.28.1 vim-debugsource-9.0.0814-150000.5.28.1 - SUSE Manager Proxy 4.1 (noarch): vim-data-9.0.0814-150000.5.28.1 vim-data-common-9.0.0814-150000.5.28.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): gvim-9.0.0814-150000.5.28.1 gvim-debuginfo-9.0.0814-150000.5.28.1 vim-9.0.0814-150000.5.28.1 vim-debuginfo-9.0.0814-150000.5.28.1 vim-debugsource-9.0.0814-150000.5.28.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (noarch): vim-data-9.0.0814-150000.5.28.1 vim-data-common-9.0.0814-150000.5.28.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): gvim-9.0.0814-150000.5.28.1 gvim-debuginfo-9.0.0814-150000.5.28.1 vim-9.0.0814-150000.5.28.1 vim-debuginfo-9.0.0814-150000.5.28.1 vim-debugsource-9.0.0814-150000.5.28.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (noarch): vim-data-9.0.0814-150000.5.28.1 vim-data-common-9.0.0814-150000.5.28.1 - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): gvim-9.0.0814-150000.5.28.1 gvim-debuginfo-9.0.0814-150000.5.28.1 vim-9.0.0814-150000.5.28.1 vim-debuginfo-9.0.0814-150000.5.28.1 vim-debugsource-9.0.0814-150000.5.28.1 - SUSE Linux Enterprise Server for SAP 15 (noarch): vim-data-9.0.0814-150000.5.28.1 vim-data-common-9.0.0814-150000.5.28.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): gvim-9.0.0814-150000.5.28.1 gvim-debuginfo-9.0.0814-150000.5.28.1 vim-9.0.0814-150000.5.28.1 vim-debuginfo-9.0.0814-150000.5.28.1 vim-debugsource-9.0.0814-150000.5.28.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (noarch): vim-data-9.0.0814-150000.5.28.1 vim-data-common-9.0.0814-150000.5.28.1 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): gvim-9.0.0814-150000.5.28.1 gvim-debuginfo-9.0.0814-150000.5.28.1 vim-9.0.0814-150000.5.28.1 vim-debuginfo-9.0.0814-150000.5.28.1 vim-debugsource-9.0.0814-150000.5.28.1 - SUSE Linux Enterprise Server 15-SP2-BCL (noarch): vim-data-9.0.0814-150000.5.28.1 vim-data-common-9.0.0814-150000.5.28.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): gvim-9.0.0814-150000.5.28.1 gvim-debuginfo-9.0.0814-150000.5.28.1 vim-9.0.0814-150000.5.28.1 vim-debuginfo-9.0.0814-150000.5.28.1 vim-debugsource-9.0.0814-150000.5.28.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (noarch): vim-data-9.0.0814-150000.5.28.1 vim-data-common-9.0.0814-150000.5.28.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): gvim-9.0.0814-150000.5.28.1 gvim-debuginfo-9.0.0814-150000.5.28.1 vim-9.0.0814-150000.5.28.1 vim-debuginfo-9.0.0814-150000.5.28.1 vim-debugsource-9.0.0814-150000.5.28.1 - SUSE Linux Enterprise Server 15-SP1-BCL (noarch): vim-data-9.0.0814-150000.5.28.1 vim-data-common-9.0.0814-150000.5.28.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): gvim-9.0.0814-150000.5.28.1 gvim-debuginfo-9.0.0814-150000.5.28.1 vim-9.0.0814-150000.5.28.1 vim-debuginfo-9.0.0814-150000.5.28.1 vim-debugsource-9.0.0814-150000.5.28.1 - SUSE Linux Enterprise Server 15-LTSS (noarch): vim-data-9.0.0814-150000.5.28.1 vim-data-common-9.0.0814-150000.5.28.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP4 (aarch64 ppc64le s390x x86_64): gvim-9.0.0814-150000.5.28.1 gvim-debuginfo-9.0.0814-150000.5.28.1 vim-debuginfo-9.0.0814-150000.5.28.1 vim-debugsource-9.0.0814-150000.5.28.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (aarch64 ppc64le s390x x86_64): gvim-9.0.0814-150000.5.28.1 gvim-debuginfo-9.0.0814-150000.5.28.1 vim-debuginfo-9.0.0814-150000.5.28.1 vim-debugsource-9.0.0814-150000.5.28.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): vim-9.0.0814-150000.5.28.1 vim-debuginfo-9.0.0814-150000.5.28.1 vim-debugsource-9.0.0814-150000.5.28.1 vim-small-9.0.0814-150000.5.28.1 vim-small-debuginfo-9.0.0814-150000.5.28.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (noarch): vim-data-9.0.0814-150000.5.28.1 vim-data-common-9.0.0814-150000.5.28.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): vim-9.0.0814-150000.5.28.1 vim-debuginfo-9.0.0814-150000.5.28.1 vim-debugsource-9.0.0814-150000.5.28.1 vim-small-9.0.0814-150000.5.28.1 vim-small-debuginfo-9.0.0814-150000.5.28.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch): vim-data-9.0.0814-150000.5.28.1 vim-data-common-9.0.0814-150000.5.28.1 - SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64): vim-debuginfo-9.0.0814-150000.5.28.1 vim-debugsource-9.0.0814-150000.5.28.1 vim-small-9.0.0814-150000.5.28.1 vim-small-debuginfo-9.0.0814-150000.5.28.1 - SUSE Linux Enterprise Micro 5.3 (noarch): vim-data-common-9.0.0814-150000.5.28.1 - SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64): vim-debuginfo-9.0.0814-150000.5.28.1 vim-debugsource-9.0.0814-150000.5.28.1 vim-small-9.0.0814-150000.5.28.1 vim-small-debuginfo-9.0.0814-150000.5.28.1 - SUSE Linux Enterprise Micro 5.2 (noarch): vim-data-common-9.0.0814-150000.5.28.1 - SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64): vim-debuginfo-9.0.0814-150000.5.28.1 vim-debugsource-9.0.0814-150000.5.28.1 vim-small-9.0.0814-150000.5.28.1 vim-small-debuginfo-9.0.0814-150000.5.28.1 - SUSE Linux Enterprise Micro 5.1 (noarch): vim-data-common-9.0.0814-150000.5.28.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): gvim-9.0.0814-150000.5.28.1 gvim-debuginfo-9.0.0814-150000.5.28.1 vim-9.0.0814-150000.5.28.1 vim-debuginfo-9.0.0814-150000.5.28.1 vim-debugsource-9.0.0814-150000.5.28.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (noarch): vim-data-9.0.0814-150000.5.28.1 vim-data-common-9.0.0814-150000.5.28.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): gvim-9.0.0814-150000.5.28.1 gvim-debuginfo-9.0.0814-150000.5.28.1 vim-9.0.0814-150000.5.28.1 vim-debuginfo-9.0.0814-150000.5.28.1 vim-debugsource-9.0.0814-150000.5.28.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (noarch): vim-data-9.0.0814-150000.5.28.1 vim-data-common-9.0.0814-150000.5.28.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): gvim-9.0.0814-150000.5.28.1 gvim-debuginfo-9.0.0814-150000.5.28.1 vim-9.0.0814-150000.5.28.1 vim-debuginfo-9.0.0814-150000.5.28.1 vim-debugsource-9.0.0814-150000.5.28.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (noarch): vim-data-9.0.0814-150000.5.28.1 vim-data-common-9.0.0814-150000.5.28.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): gvim-9.0.0814-150000.5.28.1 gvim-debuginfo-9.0.0814-150000.5.28.1 vim-9.0.0814-150000.5.28.1 vim-debuginfo-9.0.0814-150000.5.28.1 vim-debugsource-9.0.0814-150000.5.28.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (noarch): vim-data-9.0.0814-150000.5.28.1 vim-data-common-9.0.0814-150000.5.28.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): gvim-9.0.0814-150000.5.28.1 gvim-debuginfo-9.0.0814-150000.5.28.1 vim-9.0.0814-150000.5.28.1 vim-debuginfo-9.0.0814-150000.5.28.1 vim-debugsource-9.0.0814-150000.5.28.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (noarch): vim-data-9.0.0814-150000.5.28.1 vim-data-common-9.0.0814-150000.5.28.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): gvim-9.0.0814-150000.5.28.1 gvim-debuginfo-9.0.0814-150000.5.28.1 vim-9.0.0814-150000.5.28.1 vim-debuginfo-9.0.0814-150000.5.28.1 vim-debugsource-9.0.0814-150000.5.28.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (noarch): vim-data-9.0.0814-150000.5.28.1 vim-data-common-9.0.0814-150000.5.28.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): gvim-9.0.0814-150000.5.28.1 gvim-debuginfo-9.0.0814-150000.5.28.1 vim-9.0.0814-150000.5.28.1 vim-debuginfo-9.0.0814-150000.5.28.1 vim-debugsource-9.0.0814-150000.5.28.1 - SUSE Enterprise Storage 7 (noarch): vim-data-9.0.0814-150000.5.28.1 vim-data-common-9.0.0814-150000.5.28.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): gvim-9.0.0814-150000.5.28.1 gvim-debuginfo-9.0.0814-150000.5.28.1 vim-9.0.0814-150000.5.28.1 vim-debuginfo-9.0.0814-150000.5.28.1 vim-debugsource-9.0.0814-150000.5.28.1 - SUSE Enterprise Storage 6 (noarch): vim-data-9.0.0814-150000.5.28.1 vim-data-common-9.0.0814-150000.5.28.1 - SUSE CaaS Platform 4.0 (x86_64): gvim-9.0.0814-150000.5.28.1 gvim-debuginfo-9.0.0814-150000.5.28.1 vim-9.0.0814-150000.5.28.1 vim-debuginfo-9.0.0814-150000.5.28.1 vim-debugsource-9.0.0814-150000.5.28.1 - SUSE CaaS Platform 4.0 (noarch): vim-data-9.0.0814-150000.5.28.1 vim-data-common-9.0.0814-150000.5.28.1 References: https://www.suse.com/security/cve/CVE-2021-3928.html https://www.suse.com/security/cve/CVE-2022-2980.html https://www.suse.com/security/cve/CVE-2022-2982.html https://www.suse.com/security/cve/CVE-2022-3037.html https://www.suse.com/security/cve/CVE-2022-3099.html https://www.suse.com/security/cve/CVE-2022-3134.html https://www.suse.com/security/cve/CVE-2022-3153.html https://www.suse.com/security/cve/CVE-2022-3234.html https://www.suse.com/security/cve/CVE-2022-3235.html https://www.suse.com/security/cve/CVE-2022-3278.html https://www.suse.com/security/cve/CVE-2022-3296.html https://www.suse.com/security/cve/CVE-2022-3297.html https://www.suse.com/security/cve/CVE-2022-3324.html https://www.suse.com/security/cve/CVE-2022-3352.html https://www.suse.com/security/cve/CVE-2022-3705.html https://bugzilla.suse.com/1192478 https://bugzilla.suse.com/1202962 https://bugzilla.suse.com/1203110 https://bugzilla.suse.com/1203152 https://bugzilla.suse.com/1203155 https://bugzilla.suse.com/1203194 https://bugzilla.suse.com/1203272 https://bugzilla.suse.com/1203508 https://bugzilla.suse.com/1203509 https://bugzilla.suse.com/1203796 https://bugzilla.suse.com/1203797 https://bugzilla.suse.com/1203799 https://bugzilla.suse.com/1203820 https://bugzilla.suse.com/1203924 https://bugzilla.suse.com/1204779 From sle-updates at lists.suse.com Tue Nov 29 20:29:37 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 29 Nov 2022 21:29:37 +0100 (CET) Subject: SUSE-RU-2022:4291-1: moderate: Recommended update for busybox-links Message-ID: <20221129202937.7149EF7A5@maintenance.suse.de> SUSE Recommended Update: Recommended update for busybox-links ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:4291-1 Rating: moderate References: Affected Products: openSUSE Leap 15.4 ______________________________________________________________________________ An update that has 0 recommended fixes can now be installed. Description: This update rebuilds busybox-links to match the current busybox version. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-4291=1 Package List: - openSUSE Leap 15.4 (noarch): busybox-adduser-1.35.0-150400.4.2.1 busybox-attr-1.35.0-150400.4.2.1 busybox-bc-1.35.0-150400.4.2.1 busybox-bind-utils-1.35.0-150400.4.2.1 busybox-bzip2-1.35.0-150400.4.2.1 busybox-coreutils-1.35.0-150400.4.2.1 busybox-cpio-1.35.0-150400.4.2.1 busybox-diffutils-1.35.0-150400.4.2.1 busybox-dos2unix-1.35.0-150400.4.2.1 busybox-ed-1.35.0-150400.4.2.1 busybox-findutils-1.35.0-150400.4.2.1 busybox-gawk-1.35.0-150400.4.2.1 busybox-grep-1.35.0-150400.4.2.1 busybox-gzip-1.35.0-150400.4.2.1 busybox-hostname-1.35.0-150400.4.2.1 busybox-iproute2-1.35.0-150400.4.2.1 busybox-iputils-1.35.0-150400.4.2.1 busybox-kbd-1.35.0-150400.4.2.1 busybox-kmod-1.35.0-150400.4.2.1 busybox-less-1.35.0-150400.4.2.1 busybox-links-1.35.0-150400.4.2.1 busybox-man-1.35.0-150400.4.2.1 busybox-misc-1.35.0-150400.4.2.1 busybox-ncurses-utils-1.35.0-150400.4.2.1 busybox-net-tools-1.35.0-150400.4.2.1 busybox-netcat-1.35.0-150400.4.2.1 busybox-patch-1.35.0-150400.4.2.1 busybox-policycoreutils-1.35.0-150400.4.2.1 busybox-procps-1.35.0-150400.4.2.1 busybox-psmisc-1.35.0-150400.4.2.1 busybox-sed-1.35.0-150400.4.2.1 busybox-selinux-tools-1.35.0-150400.4.2.1 busybox-sendmail-1.35.0-150400.4.2.1 busybox-sh-1.35.0-150400.4.2.1 busybox-sharutils-1.35.0-150400.4.2.1 busybox-syslogd-1.35.0-150400.4.2.1 busybox-sysvinit-tools-1.35.0-150400.4.2.1 busybox-tar-1.35.0-150400.4.2.1 busybox-telnet-1.35.0-150400.4.2.1 busybox-tftp-1.35.0-150400.4.2.1 busybox-time-1.35.0-150400.4.2.1 busybox-traceroute-1.35.0-150400.4.2.1 busybox-tunctl-1.35.0-150400.4.2.1 busybox-unzip-1.35.0-150400.4.2.1 busybox-util-linux-1.35.0-150400.4.2.1 busybox-vi-1.35.0-150400.4.2.1 busybox-vlan-1.35.0-150400.4.2.1 busybox-wget-1.35.0-150400.4.2.1 busybox-which-1.35.0-150400.4.2.1 busybox-whois-1.35.0-150400.4.2.1 busybox-xz-1.35.0-150400.4.2.1 References: From sle-updates at lists.suse.com Tue Nov 29 20:30:11 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 29 Nov 2022 21:30:11 +0100 (CET) Subject: SUSE-SU-2022:4292-1: moderate: Security update for freerdp Message-ID: <20221129203011.2ECD8F7A5@maintenance.suse.de> SUSE Security Update: Security update for freerdp ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:4292-1 Rating: moderate References: #1205563 #1205564 Cross-References: CVE-2022-39318 CVE-2022-39319 CVSS scores: CVE-2022-39318 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-39318 (SUSE): 4.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:H CVE-2022-39319 (NVD) : 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H CVE-2022-39319 (SUSE): 6.1 CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:H Affected Products: SUSE Enterprise Storage 7.1 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Workstation Extension 15-SP3 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for freerdp fixes the following issues: - CVE-2022-39318: Fixed division by zero in urbdrc (bsc#1205563). - CVE-2022-39319: Fixed missing input buffer length check in urbdrc (bsc#1205564). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-4292=1 - SUSE Linux Enterprise Workstation Extension 15-SP3: zypper in -t patch SUSE-SLE-Product-WE-15-SP3-2022-4292=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP3-2022-4292=1 Package List: - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): freerdp-2.1.2-150200.15.24.1 freerdp-debuginfo-2.1.2-150200.15.24.1 freerdp-debugsource-2.1.2-150200.15.24.1 freerdp-devel-2.1.2-150200.15.24.1 freerdp-proxy-2.1.2-150200.15.24.1 freerdp-proxy-debuginfo-2.1.2-150200.15.24.1 freerdp-server-2.1.2-150200.15.24.1 freerdp-server-debuginfo-2.1.2-150200.15.24.1 freerdp-wayland-2.1.2-150200.15.24.1 freerdp-wayland-debuginfo-2.1.2-150200.15.24.1 libfreerdp2-2.1.2-150200.15.24.1 libfreerdp2-debuginfo-2.1.2-150200.15.24.1 libuwac0-0-2.1.2-150200.15.24.1 libuwac0-0-debuginfo-2.1.2-150200.15.24.1 libwinpr2-2.1.2-150200.15.24.1 libwinpr2-debuginfo-2.1.2-150200.15.24.1 uwac0-0-devel-2.1.2-150200.15.24.1 winpr2-devel-2.1.2-150200.15.24.1 - SUSE Linux Enterprise Workstation Extension 15-SP3 (x86_64): freerdp-2.1.2-150200.15.24.1 freerdp-debuginfo-2.1.2-150200.15.24.1 freerdp-debugsource-2.1.2-150200.15.24.1 freerdp-devel-2.1.2-150200.15.24.1 freerdp-proxy-2.1.2-150200.15.24.1 freerdp-proxy-debuginfo-2.1.2-150200.15.24.1 libfreerdp2-2.1.2-150200.15.24.1 libfreerdp2-debuginfo-2.1.2-150200.15.24.1 libwinpr2-2.1.2-150200.15.24.1 libwinpr2-debuginfo-2.1.2-150200.15.24.1 winpr2-devel-2.1.2-150200.15.24.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (aarch64 ppc64le s390x): freerdp-2.1.2-150200.15.24.1 freerdp-debuginfo-2.1.2-150200.15.24.1 freerdp-debugsource-2.1.2-150200.15.24.1 freerdp-devel-2.1.2-150200.15.24.1 freerdp-proxy-2.1.2-150200.15.24.1 freerdp-proxy-debuginfo-2.1.2-150200.15.24.1 libfreerdp2-2.1.2-150200.15.24.1 libfreerdp2-debuginfo-2.1.2-150200.15.24.1 libwinpr2-2.1.2-150200.15.24.1 libwinpr2-debuginfo-2.1.2-150200.15.24.1 winpr2-devel-2.1.2-150200.15.24.1 References: https://www.suse.com/security/cve/CVE-2022-39318.html https://www.suse.com/security/cve/CVE-2022-39319.html https://bugzilla.suse.com/1205563 https://bugzilla.suse.com/1205564 From sle-updates at lists.suse.com Tue Nov 29 20:31:07 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 29 Nov 2022 21:31:07 +0100 (CET) Subject: SUSE-SU-2022:4294-1: moderate: Security update for supportutils Message-ID: <20221129203107.1A5EDF7A5@maintenance.suse.de> SUSE Security Update: Security update for supportutils ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:4294-1 Rating: moderate References: #1203818 Affected Products: SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 9 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update for supportutils fixes the following issues: Security issues fixed: - Passwords correctly removed from email.txt, updates.txt and fs-iscsi.txt (bsc#1203818) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2022-4294=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2022-4294=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2022-4294=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-4294=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2022-4294=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2022-4294=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2022-4294=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (noarch): supportutils-3.0.10-95.51.1 - SUSE OpenStack Cloud 9 (noarch): supportutils-3.0.10-95.51.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (noarch): supportutils-3.0.10-95.51.1 - SUSE Linux Enterprise Server 12-SP5 (noarch): supportutils-3.0.10-95.51.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (noarch): supportutils-3.0.10-95.51.1 - SUSE Linux Enterprise Server 12-SP3-BCL (noarch): supportutils-3.0.10-95.51.1 - SUSE Linux Enterprise Server 12-SP2-BCL (noarch): supportutils-3.0.10-95.51.1 References: https://bugzilla.suse.com/1203818 From sle-updates at lists.suse.com Tue Nov 29 20:32:03 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 29 Nov 2022 21:32:03 +0100 (CET) Subject: SUSE-SU-2022:4287-1: moderate: Security update for libmspack Message-ID: <20221129203203.86220F7A5@maintenance.suse.de> SUSE Security Update: Security update for libmspack ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:4287-1 Rating: moderate References: #1113040 Cross-References: CVE-2018-18586 CVSS scores: CVE-2018-18586 (NVD) : 5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Affected Products: SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for libmspack fixes the following issues: - CVE-2018-18586: Add leading slash protection to chmextract. (bsc#1113040) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-4287=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-4287=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): libmspack-debugsource-0.4-15.13.1 libmspack-devel-0.4-15.13.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): libmspack-debugsource-0.4-15.13.1 libmspack0-0.4-15.13.1 libmspack0-debuginfo-0.4-15.13.1 References: https://www.suse.com/security/cve/CVE-2018-18586.html https://bugzilla.suse.com/1113040 From sle-updates at lists.suse.com Tue Nov 29 20:33:13 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 29 Nov 2022 21:33:13 +0100 (CET) Subject: SUSE-SU-2022:4285-1: important: Security update for webkit2gtk3 Message-ID: <20221129203313.5466BF7A5@maintenance.suse.de> SUSE Security Update: Security update for webkit2gtk3 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:4285-1 Rating: important References: #1205120 #1205121 #1205122 #1205123 #1205124 Cross-References: CVE-2022-32888 CVE-2022-32923 CVE-2022-42799 CVE-2022-42823 CVE-2022-42824 CVSS scores: CVE-2022-32888 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-32888 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-32923 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N CVE-2022-32923 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N CVE-2022-42799 (NVD) : 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVE-2022-42799 (SUSE): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVE-2022-42823 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-42823 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-42824 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N CVE-2022-42824 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N Affected Products: SUSE Enterprise Storage 7 SUSE Enterprise Storage 7.1 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Desktop Applications 15-SP3 SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.1 SUSE Manager Retail Branch Server 4.2 SUSE Manager Server 4.1 SUSE Manager Server 4.2 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes 5 vulnerabilities is now available. Description: Security fixes: - CVE-2022-32888: Fixed possible arbitrary code execution via maliciously crafted web content (bsc#1205121). - CVE-2022-32923: Fixed possible information leak via maliciously crafted web content (bsc#1205122). - CVE-2022-42799: Fixed user interface spoofing when visiting a malicious website (bsc#1205123). - CVE-2022-42823: Fixed possible arbitrary code execution via maliciously crafted web content (bsc#1205120). - CVE-2022-42824: Fixed possible sensitive user information leak via maliciously crafted web content (bsc#1205124). Update to version 2.38.2: - Fix scrolling issues in some sites having fixed background. - Fix prolonged buffering during progressive live playback. - Fix the build with accessibility disabled. - Fix several crashes and rendering issues. Update to version 2.38.1: - Make xdg-dbus-proxy work if host session bus address is an abstract socket. - Use a single xdg-dbus-proxy process when sandbox is enabled. - Fix high resolution video playback due to unimplemented changeType operation. - Ensure GSubprocess uses posix_spawn() again and inherit file descriptors. - Fix player stucking in buffering (paused) state for progressive streaming. - Do not try to preconnect on link click when link preconnect setting is disabled. - Fix close status code returned when the client closes a WebSocket in some cases. - Fix media player duration calculation. - Fix several crashes and rendering issues. Update to version 2.38.0: - New media controls UI style. - Add new API to set WebView's Content-Security-Policy for web extensions support. - Make it possible to use the remote inspector from other browsers using WEBKIT_INSPECTOR_HTTP_SERVER env var. - MediaSession is enabled by default, allowing remote media control using MPRIS. - Add support for PDF documents using PDF.js. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-4285=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-4285=1 - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-4285=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-4285=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-4285=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-4285=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-4285=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-4285=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP3-2022-4285=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-4285=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-4285=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-4285=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-4285=1 Package List: - openSUSE Leap 15.4 (noarch): libwebkit2gtk3-lang-2.38.2-150200.54.2 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): libjavascriptcoregtk-4_0-18-2.38.2-150200.54.2 libjavascriptcoregtk-4_0-18-debuginfo-2.38.2-150200.54.2 libwebkit2gtk-4_0-37-2.38.2-150200.54.2 libwebkit2gtk-4_0-37-debuginfo-2.38.2-150200.54.2 typelib-1_0-JavaScriptCore-4_0-2.38.2-150200.54.2 typelib-1_0-WebKit2-4_0-2.38.2-150200.54.2 typelib-1_0-WebKit2WebExtension-4_0-2.38.2-150200.54.2 webkit-jsc-4-2.38.2-150200.54.2 webkit-jsc-4-debuginfo-2.38.2-150200.54.2 webkit2gtk-4_0-injected-bundles-2.38.2-150200.54.2 webkit2gtk-4_0-injected-bundles-debuginfo-2.38.2-150200.54.2 webkit2gtk3-debugsource-2.38.2-150200.54.2 webkit2gtk3-devel-2.38.2-150200.54.2 webkit2gtk3-minibrowser-2.38.2-150200.54.2 webkit2gtk3-minibrowser-debuginfo-2.38.2-150200.54.2 - openSUSE Leap 15.3 (x86_64): libjavascriptcoregtk-4_0-18-32bit-2.38.2-150200.54.2 libjavascriptcoregtk-4_0-18-32bit-debuginfo-2.38.2-150200.54.2 libwebkit2gtk-4_0-37-32bit-2.38.2-150200.54.2 libwebkit2gtk-4_0-37-32bit-debuginfo-2.38.2-150200.54.2 - openSUSE Leap 15.3 (noarch): libwebkit2gtk3-lang-2.38.2-150200.54.2 - SUSE Manager Server 4.1 (ppc64le s390x x86_64): libjavascriptcoregtk-4_0-18-2.38.2-150200.54.2 libjavascriptcoregtk-4_0-18-debuginfo-2.38.2-150200.54.2 libwebkit2gtk-4_0-37-2.38.2-150200.54.2 libwebkit2gtk-4_0-37-debuginfo-2.38.2-150200.54.2 typelib-1_0-JavaScriptCore-4_0-2.38.2-150200.54.2 typelib-1_0-WebKit2-4_0-2.38.2-150200.54.2 typelib-1_0-WebKit2WebExtension-4_0-2.38.2-150200.54.2 webkit2gtk-4_0-injected-bundles-2.38.2-150200.54.2 webkit2gtk-4_0-injected-bundles-debuginfo-2.38.2-150200.54.2 webkit2gtk3-debugsource-2.38.2-150200.54.2 webkit2gtk3-devel-2.38.2-150200.54.2 - SUSE Manager Server 4.1 (noarch): libwebkit2gtk3-lang-2.38.2-150200.54.2 - SUSE Manager Retail Branch Server 4.1 (noarch): libwebkit2gtk3-lang-2.38.2-150200.54.2 - SUSE Manager Retail Branch Server 4.1 (x86_64): libjavascriptcoregtk-4_0-18-2.38.2-150200.54.2 libjavascriptcoregtk-4_0-18-debuginfo-2.38.2-150200.54.2 libwebkit2gtk-4_0-37-2.38.2-150200.54.2 libwebkit2gtk-4_0-37-debuginfo-2.38.2-150200.54.2 typelib-1_0-JavaScriptCore-4_0-2.38.2-150200.54.2 typelib-1_0-WebKit2-4_0-2.38.2-150200.54.2 typelib-1_0-WebKit2WebExtension-4_0-2.38.2-150200.54.2 webkit2gtk-4_0-injected-bundles-2.38.2-150200.54.2 webkit2gtk-4_0-injected-bundles-debuginfo-2.38.2-150200.54.2 webkit2gtk3-debugsource-2.38.2-150200.54.2 webkit2gtk3-devel-2.38.2-150200.54.2 - SUSE Manager Proxy 4.1 (x86_64): libjavascriptcoregtk-4_0-18-2.38.2-150200.54.2 libjavascriptcoregtk-4_0-18-debuginfo-2.38.2-150200.54.2 libwebkit2gtk-4_0-37-2.38.2-150200.54.2 libwebkit2gtk-4_0-37-debuginfo-2.38.2-150200.54.2 typelib-1_0-JavaScriptCore-4_0-2.38.2-150200.54.2 typelib-1_0-WebKit2-4_0-2.38.2-150200.54.2 typelib-1_0-WebKit2WebExtension-4_0-2.38.2-150200.54.2 webkit2gtk-4_0-injected-bundles-2.38.2-150200.54.2 webkit2gtk-4_0-injected-bundles-debuginfo-2.38.2-150200.54.2 webkit2gtk3-debugsource-2.38.2-150200.54.2 webkit2gtk3-devel-2.38.2-150200.54.2 - SUSE Manager Proxy 4.1 (noarch): libwebkit2gtk3-lang-2.38.2-150200.54.2 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): libjavascriptcoregtk-4_0-18-2.38.2-150200.54.2 libjavascriptcoregtk-4_0-18-debuginfo-2.38.2-150200.54.2 libwebkit2gtk-4_0-37-2.38.2-150200.54.2 libwebkit2gtk-4_0-37-debuginfo-2.38.2-150200.54.2 typelib-1_0-JavaScriptCore-4_0-2.38.2-150200.54.2 typelib-1_0-WebKit2-4_0-2.38.2-150200.54.2 typelib-1_0-WebKit2WebExtension-4_0-2.38.2-150200.54.2 webkit2gtk-4_0-injected-bundles-2.38.2-150200.54.2 webkit2gtk-4_0-injected-bundles-debuginfo-2.38.2-150200.54.2 webkit2gtk3-debugsource-2.38.2-150200.54.2 webkit2gtk3-devel-2.38.2-150200.54.2 - SUSE Linux Enterprise Server for SAP 15-SP2 (noarch): libwebkit2gtk3-lang-2.38.2-150200.54.2 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): libjavascriptcoregtk-4_0-18-2.38.2-150200.54.2 libjavascriptcoregtk-4_0-18-debuginfo-2.38.2-150200.54.2 libwebkit2gtk-4_0-37-2.38.2-150200.54.2 libwebkit2gtk-4_0-37-debuginfo-2.38.2-150200.54.2 typelib-1_0-JavaScriptCore-4_0-2.38.2-150200.54.2 typelib-1_0-WebKit2-4_0-2.38.2-150200.54.2 typelib-1_0-WebKit2WebExtension-4_0-2.38.2-150200.54.2 webkit2gtk-4_0-injected-bundles-2.38.2-150200.54.2 webkit2gtk-4_0-injected-bundles-debuginfo-2.38.2-150200.54.2 webkit2gtk3-debugsource-2.38.2-150200.54.2 webkit2gtk3-devel-2.38.2-150200.54.2 - SUSE Linux Enterprise Server 15-SP2-LTSS (noarch): libwebkit2gtk3-lang-2.38.2-150200.54.2 - SUSE Linux Enterprise Server 15-SP2-BCL (noarch): libwebkit2gtk3-lang-2.38.2-150200.54.2 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): libjavascriptcoregtk-4_0-18-2.38.2-150200.54.2 libjavascriptcoregtk-4_0-18-debuginfo-2.38.2-150200.54.2 libwebkit2gtk-4_0-37-2.38.2-150200.54.2 libwebkit2gtk-4_0-37-debuginfo-2.38.2-150200.54.2 typelib-1_0-JavaScriptCore-4_0-2.38.2-150200.54.2 typelib-1_0-WebKit2-4_0-2.38.2-150200.54.2 typelib-1_0-WebKit2WebExtension-4_0-2.38.2-150200.54.2 webkit2gtk-4_0-injected-bundles-2.38.2-150200.54.2 webkit2gtk-4_0-injected-bundles-debuginfo-2.38.2-150200.54.2 webkit2gtk3-debugsource-2.38.2-150200.54.2 webkit2gtk3-devel-2.38.2-150200.54.2 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (aarch64 ppc64le s390x x86_64): typelib-1_0-JavaScriptCore-4_0-2.38.2-150200.54.2 typelib-1_0-WebKit2-4_0-2.38.2-150200.54.2 typelib-1_0-WebKit2WebExtension-4_0-2.38.2-150200.54.2 webkit2gtk3-debugsource-2.38.2-150200.54.2 webkit2gtk3-devel-2.38.2-150200.54.2 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): libjavascriptcoregtk-4_0-18-2.38.2-150200.54.2 libjavascriptcoregtk-4_0-18-debuginfo-2.38.2-150200.54.2 libwebkit2gtk-4_0-37-2.38.2-150200.54.2 libwebkit2gtk-4_0-37-debuginfo-2.38.2-150200.54.2 webkit2gtk-4_0-injected-bundles-2.38.2-150200.54.2 webkit2gtk-4_0-injected-bundles-debuginfo-2.38.2-150200.54.2 webkit2gtk3-debugsource-2.38.2-150200.54.2 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch): libwebkit2gtk3-lang-2.38.2-150200.54.2 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): libjavascriptcoregtk-4_0-18-2.38.2-150200.54.2 libjavascriptcoregtk-4_0-18-debuginfo-2.38.2-150200.54.2 libwebkit2gtk-4_0-37-2.38.2-150200.54.2 libwebkit2gtk-4_0-37-debuginfo-2.38.2-150200.54.2 typelib-1_0-JavaScriptCore-4_0-2.38.2-150200.54.2 typelib-1_0-WebKit2-4_0-2.38.2-150200.54.2 typelib-1_0-WebKit2WebExtension-4_0-2.38.2-150200.54.2 webkit2gtk-4_0-injected-bundles-2.38.2-150200.54.2 webkit2gtk-4_0-injected-bundles-debuginfo-2.38.2-150200.54.2 webkit2gtk3-debugsource-2.38.2-150200.54.2 webkit2gtk3-devel-2.38.2-150200.54.2 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (noarch): libwebkit2gtk3-lang-2.38.2-150200.54.2 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): libjavascriptcoregtk-4_0-18-2.38.2-150200.54.2 libjavascriptcoregtk-4_0-18-debuginfo-2.38.2-150200.54.2 libwebkit2gtk-4_0-37-2.38.2-150200.54.2 libwebkit2gtk-4_0-37-debuginfo-2.38.2-150200.54.2 typelib-1_0-JavaScriptCore-4_0-2.38.2-150200.54.2 typelib-1_0-WebKit2-4_0-2.38.2-150200.54.2 typelib-1_0-WebKit2WebExtension-4_0-2.38.2-150200.54.2 webkit2gtk-4_0-injected-bundles-2.38.2-150200.54.2 webkit2gtk-4_0-injected-bundles-debuginfo-2.38.2-150200.54.2 webkit2gtk3-debugsource-2.38.2-150200.54.2 webkit2gtk3-devel-2.38.2-150200.54.2 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (noarch): libwebkit2gtk3-lang-2.38.2-150200.54.2 - SUSE Enterprise Storage 7 (aarch64 x86_64): libjavascriptcoregtk-4_0-18-2.38.2-150200.54.2 libjavascriptcoregtk-4_0-18-debuginfo-2.38.2-150200.54.2 libwebkit2gtk-4_0-37-2.38.2-150200.54.2 libwebkit2gtk-4_0-37-debuginfo-2.38.2-150200.54.2 typelib-1_0-JavaScriptCore-4_0-2.38.2-150200.54.2 typelib-1_0-WebKit2-4_0-2.38.2-150200.54.2 typelib-1_0-WebKit2WebExtension-4_0-2.38.2-150200.54.2 webkit2gtk-4_0-injected-bundles-2.38.2-150200.54.2 webkit2gtk-4_0-injected-bundles-debuginfo-2.38.2-150200.54.2 webkit2gtk3-debugsource-2.38.2-150200.54.2 webkit2gtk3-devel-2.38.2-150200.54.2 - SUSE Enterprise Storage 7 (noarch): libwebkit2gtk3-lang-2.38.2-150200.54.2 References: https://www.suse.com/security/cve/CVE-2022-32888.html https://www.suse.com/security/cve/CVE-2022-32923.html https://www.suse.com/security/cve/CVE-2022-42799.html https://www.suse.com/security/cve/CVE-2022-42823.html https://www.suse.com/security/cve/CVE-2022-42824.html https://bugzilla.suse.com/1205120 https://bugzilla.suse.com/1205121 https://bugzilla.suse.com/1205122 https://bugzilla.suse.com/1205123 https://bugzilla.suse.com/1205124 From sle-updates at lists.suse.com Tue Nov 29 20:34:47 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 29 Nov 2022 21:34:47 +0100 (CET) Subject: SUSE-SU-2022:4283-1: important: Security update for webkit2gtk3 Message-ID: <20221129203447.BC6ADF7A5@maintenance.suse.de> SUSE Security Update: Security update for webkit2gtk3 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:4283-1 Rating: important References: #1205120 #1205121 #1205122 #1205123 #1205124 Cross-References: CVE-2022-32888 CVE-2022-32923 CVE-2022-42799 CVE-2022-42823 CVE-2022-42824 CVSS scores: CVE-2022-32888 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-32888 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-32923 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N CVE-2022-32923 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N CVE-2022-42799 (NVD) : 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVE-2022-42799 (SUSE): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVE-2022-42823 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-42823 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-42824 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N CVE-2022-42824 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N Affected Products: SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 9 ______________________________________________________________________________ An update that fixes 5 vulnerabilities is now available. Description: Security fixes: - CVE-2022-32888: Fixed possible arbitrary code execution via maliciously crafted web content (bsc#1205121). - CVE-2022-32923: Fixed possible information leak via maliciously crafted web content (bsc#1205122). - CVE-2022-42799: Fixed user interface spoofing when visiting a malicious website (bsc#1205123). - CVE-2022-42823: Fixed possible arbitrary code execution via maliciously crafted web content (bsc#1205120). - CVE-2022-42824: Fixed possible sensitive user information leak via maliciously crafted web content (bsc#1205124). Update to version 2.38.2: - Fix scrolling issues in some sites having fixed background. - Fix prolonged buffering during progressive live playback. - Fix the build with accessibility disabled. - Fix several crashes and rendering issues. Update to version 2.38.1: - Make xdg-dbus-proxy work if host session bus address is an abstract socket. - Use a single xdg-dbus-proxy process when sandbox is enabled. - Fix high resolution video playback due to unimplemented changeType operation. - Ensure GSubprocess uses posix_spawn() again and inherit file descriptors. - Fix player stucking in buffering (paused) state for progressive streaming. - Do not try to preconnect on link click when link preconnect setting is disabled. - Fix close status code returned when the client closes a WebSocket in some cases. - Fix media player duration calculation. - Fix several crashes and rendering issues. Update to version 2.38.0: - New media controls UI style. - Add new API to set WebView's Content-Security-Policy for web extensions support. - Make it possible to use the remote inspector from other browsers using WEBKIT_INSPECTOR_HTTP_SERVER env var. - MediaSession is enabled by default, allowing remote media control using MPRIS. - Add support for PDF documents using PDF.js. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2022-4283=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2022-4283=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-4283=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2022-4283=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-4283=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2022-4283=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2022-4283=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2022-4283=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): libjavascriptcoregtk-4_0-18-2.38.2-2.120.1 libjavascriptcoregtk-4_0-18-debuginfo-2.38.2-2.120.1 libwebkit2gtk-4_0-37-2.38.2-2.120.1 libwebkit2gtk-4_0-37-debuginfo-2.38.2-2.120.1 typelib-1_0-JavaScriptCore-4_0-2.38.2-2.120.1 typelib-1_0-WebKit2-4_0-2.38.2-2.120.1 typelib-1_0-WebKit2WebExtension-4_0-2.38.2-2.120.1 webkit2gtk-4_0-injected-bundles-2.38.2-2.120.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.38.2-2.120.1 webkit2gtk3-debugsource-2.38.2-2.120.1 - SUSE OpenStack Cloud Crowbar 9 (noarch): libwebkit2gtk3-lang-2.38.2-2.120.1 - SUSE OpenStack Cloud 9 (x86_64): libjavascriptcoregtk-4_0-18-2.38.2-2.120.1 libjavascriptcoregtk-4_0-18-debuginfo-2.38.2-2.120.1 libwebkit2gtk-4_0-37-2.38.2-2.120.1 libwebkit2gtk-4_0-37-debuginfo-2.38.2-2.120.1 typelib-1_0-JavaScriptCore-4_0-2.38.2-2.120.1 typelib-1_0-WebKit2-4_0-2.38.2-2.120.1 typelib-1_0-WebKit2WebExtension-4_0-2.38.2-2.120.1 webkit2gtk-4_0-injected-bundles-2.38.2-2.120.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.38.2-2.120.1 webkit2gtk3-debugsource-2.38.2-2.120.1 - SUSE OpenStack Cloud 9 (noarch): libwebkit2gtk3-lang-2.38.2-2.120.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): typelib-1_0-WebKit2WebExtension-4_0-2.38.2-2.120.1 webkit2gtk3-debugsource-2.38.2-2.120.1 webkit2gtk3-devel-2.38.2-2.120.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): libjavascriptcoregtk-4_0-18-2.38.2-2.120.1 libjavascriptcoregtk-4_0-18-debuginfo-2.38.2-2.120.1 libwebkit2gtk-4_0-37-2.38.2-2.120.1 libwebkit2gtk-4_0-37-debuginfo-2.38.2-2.120.1 typelib-1_0-JavaScriptCore-4_0-2.38.2-2.120.1 typelib-1_0-WebKit2-4_0-2.38.2-2.120.1 typelib-1_0-WebKit2WebExtension-4_0-2.38.2-2.120.1 webkit2gtk-4_0-injected-bundles-2.38.2-2.120.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.38.2-2.120.1 webkit2gtk3-debugsource-2.38.2-2.120.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (noarch): libwebkit2gtk3-lang-2.38.2-2.120.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): libjavascriptcoregtk-4_0-18-2.38.2-2.120.1 libjavascriptcoregtk-4_0-18-debuginfo-2.38.2-2.120.1 libwebkit2gtk-4_0-37-2.38.2-2.120.1 libwebkit2gtk-4_0-37-debuginfo-2.38.2-2.120.1 typelib-1_0-JavaScriptCore-4_0-2.38.2-2.120.1 typelib-1_0-WebKit2-4_0-2.38.2-2.120.1 typelib-1_0-WebKit2WebExtension-4_0-2.38.2-2.120.1 webkit2gtk-4_0-injected-bundles-2.38.2-2.120.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.38.2-2.120.1 webkit2gtk3-debugsource-2.38.2-2.120.1 - SUSE Linux Enterprise Server 12-SP5 (noarch): libwebkit2gtk3-lang-2.38.2-2.120.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): libjavascriptcoregtk-4_0-18-2.38.2-2.120.1 libjavascriptcoregtk-4_0-18-debuginfo-2.38.2-2.120.1 libwebkit2gtk-4_0-37-2.38.2-2.120.1 libwebkit2gtk-4_0-37-debuginfo-2.38.2-2.120.1 typelib-1_0-JavaScriptCore-4_0-2.38.2-2.120.1 typelib-1_0-WebKit2-4_0-2.38.2-2.120.1 typelib-1_0-WebKit2WebExtension-4_0-2.38.2-2.120.1 webkit2gtk-4_0-injected-bundles-2.38.2-2.120.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.38.2-2.120.1 webkit2gtk3-debugsource-2.38.2-2.120.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (noarch): libwebkit2gtk3-lang-2.38.2-2.120.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): libjavascriptcoregtk-4_0-18-2.38.2-2.120.1 libjavascriptcoregtk-4_0-18-debuginfo-2.38.2-2.120.1 libwebkit2gtk-4_0-37-2.38.2-2.120.1 libwebkit2gtk-4_0-37-debuginfo-2.38.2-2.120.1 typelib-1_0-JavaScriptCore-4_0-2.38.2-2.120.1 typelib-1_0-WebKit2-4_0-2.38.2-2.120.1 webkit2gtk-4_0-injected-bundles-2.38.2-2.120.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.38.2-2.120.1 webkit2gtk3-debugsource-2.38.2-2.120.1 - SUSE Linux Enterprise Server 12-SP2-BCL (noarch): libwebkit2gtk3-lang-2.38.2-2.120.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): libjavascriptcoregtk-4_0-18-2.38.2-2.120.1 libjavascriptcoregtk-4_0-18-debuginfo-2.38.2-2.120.1 libwebkit2gtk-4_0-37-2.38.2-2.120.1 libwebkit2gtk-4_0-37-debuginfo-2.38.2-2.120.1 typelib-1_0-JavaScriptCore-4_0-2.38.2-2.120.1 typelib-1_0-WebKit2-4_0-2.38.2-2.120.1 typelib-1_0-WebKit2WebExtension-4_0-2.38.2-2.120.1 webkit2gtk-4_0-injected-bundles-2.38.2-2.120.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.38.2-2.120.1 webkit2gtk3-debugsource-2.38.2-2.120.1 webkit2gtk3-devel-2.38.2-2.120.1 References: https://www.suse.com/security/cve/CVE-2022-32888.html https://www.suse.com/security/cve/CVE-2022-32923.html https://www.suse.com/security/cve/CVE-2022-42799.html https://www.suse.com/security/cve/CVE-2022-42823.html https://www.suse.com/security/cve/CVE-2022-42824.html https://bugzilla.suse.com/1205120 https://bugzilla.suse.com/1205121 https://bugzilla.suse.com/1205122 https://bugzilla.suse.com/1205123 https://bugzilla.suse.com/1205124 From sle-updates at lists.suse.com Tue Nov 29 20:36:25 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 29 Nov 2022 21:36:25 +0100 (CET) Subject: SUSE-SU-2022:4289-1: Security update for libdb-4_8 Message-ID: <20221129203625.4C0DAF7A5@maintenance.suse.de> SUSE Security Update: Security update for libdb-4_8 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:4289-1 Rating: low References: #1174414 Cross-References: CVE-2019-2708 CVSS scores: CVE-2019-2708 (NVD) : 3.3 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L CVE-2019-2708 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L Affected Products: SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for libdb-4_8 fixes the following issues: - CVE-2019-2708: Fixed partial DoS due to data store execution (bsc#1174414). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-4289=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-4289=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): libdb-4_8-debuginfo-4.8.30-33.1 libdb-4_8-debugsource-4.8.30-33.1 libdb-4_8-devel-4.8.30-33.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): db48-utils-4.8.30-33.1 libdb-4_8-4.8.30-33.1 libdb-4_8-debuginfo-4.8.30-33.1 libdb-4_8-debugsource-4.8.30-33.1 - SUSE Linux Enterprise Server 12-SP5 (s390x x86_64): libdb-4_8-32bit-4.8.30-33.1 libdb-4_8-debuginfo-32bit-4.8.30-33.1 References: https://www.suse.com/security/cve/CVE-2019-2708.html https://bugzilla.suse.com/1174414 From sle-updates at lists.suse.com Tue Nov 29 20:37:27 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 29 Nov 2022 21:37:27 +0100 (CET) Subject: SUSE-SU-2022:4284-1: important: Security update for webkit2gtk3 Message-ID: <20221129203727.44425F7A5@maintenance.suse.de> SUSE Security Update: Security update for webkit2gtk3 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:4284-1 Rating: important References: #1205120 #1205121 #1205122 #1205123 #1205124 Cross-References: CVE-2022-32888 CVE-2022-32923 CVE-2022-42799 CVE-2022-42823 CVE-2022-42824 CVSS scores: CVE-2022-32888 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-32888 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-32923 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N CVE-2022-32923 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N CVE-2022-42799 (NVD) : 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVE-2022-42799 (SUSE): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVE-2022-42823 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-42823 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-42824 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N CVE-2022-42824 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server for SAP 15-SP1 ______________________________________________________________________________ An update that fixes 5 vulnerabilities is now available. Description: Security fixes: - CVE-2022-32888: Fixed possible arbitrary code execution via maliciously crafted web content (bsc#1205121). - CVE-2022-32923: Fixed possible information leak via maliciously crafted web content (bsc#1205122). - CVE-2022-42799: Fixed user interface spoofing when visiting a malicious website (bsc#1205123). - CVE-2022-42823: Fixed possible arbitrary code execution via maliciously crafted web content (bsc#1205120). - CVE-2022-42824: Fixed possible sensitive user information leak via maliciously crafted web content (bsc#1205124). Update to version 2.38.2: - Fix scrolling issues in some sites having fixed background. - Fix prolonged buffering during progressive live playback. - Fix the build with accessibility disabled. - Fix several crashes and rendering issues. Update to version 2.38.1: - Make xdg-dbus-proxy work if host session bus address is an abstract socket. - Use a single xdg-dbus-proxy process when sandbox is enabled. - Fix high resolution video playback due to unimplemented changeType operation. - Ensure GSubprocess uses posix_spawn() again and inherit file descriptors. - Fix player stucking in buffering (paused) state for progressive streaming. - Do not try to preconnect on link click when link preconnect setting is disabled. - Fix close status code returned when the client closes a WebSocket in some cases. - Fix media player duration calculation. - Fix several crashes and rendering issues. Update to version 2.38.0: - New media controls UI style. - Add new API to set WebView's Content-Security-Policy for web extensions support. - Make it possible to use the remote inspector from other browsers using WEBKIT_INSPECTOR_HTTP_SERVER env var. - MediaSession is enabled by default, allowing remote media control using MPRIS. - Add support for PDF documents using PDF.js. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-4284=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-4284=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-4284=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-4284=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2022-4284=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-4284=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-4284=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-4284=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-4284=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-4284=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): libjavascriptcoregtk-4_0-18-2.38.2-150000.3.122.1 libjavascriptcoregtk-4_0-18-debuginfo-2.38.2-150000.3.122.1 libwebkit2gtk-4_0-37-2.38.2-150000.3.122.1 libwebkit2gtk-4_0-37-debuginfo-2.38.2-150000.3.122.1 typelib-1_0-JavaScriptCore-4_0-2.38.2-150000.3.122.1 typelib-1_0-WebKit2-4_0-2.38.2-150000.3.122.1 typelib-1_0-WebKit2WebExtension-4_0-2.38.2-150000.3.122.1 webkit2gtk-4_0-injected-bundles-2.38.2-150000.3.122.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.38.2-150000.3.122.1 webkit2gtk3-debugsource-2.38.2-150000.3.122.1 webkit2gtk3-devel-2.38.2-150000.3.122.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (noarch): libwebkit2gtk3-lang-2.38.2-150000.3.122.1 - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): libjavascriptcoregtk-4_0-18-2.38.2-150000.3.122.1 libjavascriptcoregtk-4_0-18-debuginfo-2.38.2-150000.3.122.1 libwebkit2gtk-4_0-37-2.38.2-150000.3.122.1 libwebkit2gtk-4_0-37-debuginfo-2.38.2-150000.3.122.1 typelib-1_0-JavaScriptCore-4_0-2.38.2-150000.3.122.1 typelib-1_0-WebKit2-4_0-2.38.2-150000.3.122.1 typelib-1_0-WebKit2WebExtension-4_0-2.38.2-150000.3.122.1 webkit2gtk-4_0-injected-bundles-2.38.2-150000.3.122.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.38.2-150000.3.122.1 webkit2gtk3-debugsource-2.38.2-150000.3.122.1 webkit2gtk3-devel-2.38.2-150000.3.122.1 - SUSE Linux Enterprise Server for SAP 15 (noarch): libwebkit2gtk3-lang-2.38.2-150000.3.122.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): libjavascriptcoregtk-4_0-18-2.38.2-150000.3.122.1 libjavascriptcoregtk-4_0-18-debuginfo-2.38.2-150000.3.122.1 libwebkit2gtk-4_0-37-2.38.2-150000.3.122.1 libwebkit2gtk-4_0-37-debuginfo-2.38.2-150000.3.122.1 typelib-1_0-JavaScriptCore-4_0-2.38.2-150000.3.122.1 typelib-1_0-WebKit2-4_0-2.38.2-150000.3.122.1 typelib-1_0-WebKit2WebExtension-4_0-2.38.2-150000.3.122.1 webkit2gtk-4_0-injected-bundles-2.38.2-150000.3.122.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.38.2-150000.3.122.1 webkit2gtk3-debugsource-2.38.2-150000.3.122.1 webkit2gtk3-devel-2.38.2-150000.3.122.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (noarch): libwebkit2gtk3-lang-2.38.2-150000.3.122.1 - SUSE Linux Enterprise Server 15-SP1-BCL (noarch): libwebkit2gtk3-lang-2.38.2-150000.3.122.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): libjavascriptcoregtk-4_0-18-2.38.2-150000.3.122.1 libjavascriptcoregtk-4_0-18-debuginfo-2.38.2-150000.3.122.1 libwebkit2gtk-4_0-37-2.38.2-150000.3.122.1 libwebkit2gtk-4_0-37-debuginfo-2.38.2-150000.3.122.1 typelib-1_0-JavaScriptCore-4_0-2.38.2-150000.3.122.1 typelib-1_0-WebKit2-4_0-2.38.2-150000.3.122.1 typelib-1_0-WebKit2WebExtension-4_0-2.38.2-150000.3.122.1 webkit2gtk-4_0-injected-bundles-2.38.2-150000.3.122.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.38.2-150000.3.122.1 webkit2gtk3-debugsource-2.38.2-150000.3.122.1 webkit2gtk3-devel-2.38.2-150000.3.122.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): libjavascriptcoregtk-4_0-18-2.38.2-150000.3.122.1 libjavascriptcoregtk-4_0-18-debuginfo-2.38.2-150000.3.122.1 libwebkit2gtk-4_0-37-2.38.2-150000.3.122.1 libwebkit2gtk-4_0-37-debuginfo-2.38.2-150000.3.122.1 typelib-1_0-JavaScriptCore-4_0-2.38.2-150000.3.122.1 typelib-1_0-WebKit2-4_0-2.38.2-150000.3.122.1 typelib-1_0-WebKit2WebExtension-4_0-2.38.2-150000.3.122.1 webkit2gtk-4_0-injected-bundles-2.38.2-150000.3.122.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.38.2-150000.3.122.1 webkit2gtk3-debugsource-2.38.2-150000.3.122.1 webkit2gtk3-devel-2.38.2-150000.3.122.1 - SUSE Linux Enterprise Server 15-LTSS (noarch): libwebkit2gtk3-lang-2.38.2-150000.3.122.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): libjavascriptcoregtk-4_0-18-2.38.2-150000.3.122.1 libjavascriptcoregtk-4_0-18-debuginfo-2.38.2-150000.3.122.1 libwebkit2gtk-4_0-37-2.38.2-150000.3.122.1 libwebkit2gtk-4_0-37-debuginfo-2.38.2-150000.3.122.1 typelib-1_0-JavaScriptCore-4_0-2.38.2-150000.3.122.1 typelib-1_0-WebKit2-4_0-2.38.2-150000.3.122.1 typelib-1_0-WebKit2WebExtension-4_0-2.38.2-150000.3.122.1 webkit2gtk-4_0-injected-bundles-2.38.2-150000.3.122.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.38.2-150000.3.122.1 webkit2gtk3-debugsource-2.38.2-150000.3.122.1 webkit2gtk3-devel-2.38.2-150000.3.122.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (noarch): libwebkit2gtk3-lang-2.38.2-150000.3.122.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): libjavascriptcoregtk-4_0-18-2.38.2-150000.3.122.1 libjavascriptcoregtk-4_0-18-debuginfo-2.38.2-150000.3.122.1 libwebkit2gtk-4_0-37-2.38.2-150000.3.122.1 libwebkit2gtk-4_0-37-debuginfo-2.38.2-150000.3.122.1 typelib-1_0-JavaScriptCore-4_0-2.38.2-150000.3.122.1 typelib-1_0-WebKit2-4_0-2.38.2-150000.3.122.1 typelib-1_0-WebKit2WebExtension-4_0-2.38.2-150000.3.122.1 webkit2gtk-4_0-injected-bundles-2.38.2-150000.3.122.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.38.2-150000.3.122.1 webkit2gtk3-debugsource-2.38.2-150000.3.122.1 webkit2gtk3-devel-2.38.2-150000.3.122.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (noarch): libwebkit2gtk3-lang-2.38.2-150000.3.122.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): libjavascriptcoregtk-4_0-18-2.38.2-150000.3.122.1 libjavascriptcoregtk-4_0-18-debuginfo-2.38.2-150000.3.122.1 libwebkit2gtk-4_0-37-2.38.2-150000.3.122.1 libwebkit2gtk-4_0-37-debuginfo-2.38.2-150000.3.122.1 typelib-1_0-JavaScriptCore-4_0-2.38.2-150000.3.122.1 typelib-1_0-WebKit2-4_0-2.38.2-150000.3.122.1 typelib-1_0-WebKit2WebExtension-4_0-2.38.2-150000.3.122.1 webkit2gtk-4_0-injected-bundles-2.38.2-150000.3.122.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.38.2-150000.3.122.1 webkit2gtk3-debugsource-2.38.2-150000.3.122.1 webkit2gtk3-devel-2.38.2-150000.3.122.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (noarch): libwebkit2gtk3-lang-2.38.2-150000.3.122.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): libjavascriptcoregtk-4_0-18-2.38.2-150000.3.122.1 libjavascriptcoregtk-4_0-18-debuginfo-2.38.2-150000.3.122.1 libwebkit2gtk-4_0-37-2.38.2-150000.3.122.1 libwebkit2gtk-4_0-37-debuginfo-2.38.2-150000.3.122.1 typelib-1_0-JavaScriptCore-4_0-2.38.2-150000.3.122.1 typelib-1_0-WebKit2-4_0-2.38.2-150000.3.122.1 typelib-1_0-WebKit2WebExtension-4_0-2.38.2-150000.3.122.1 webkit2gtk-4_0-injected-bundles-2.38.2-150000.3.122.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.38.2-150000.3.122.1 webkit2gtk3-debugsource-2.38.2-150000.3.122.1 webkit2gtk3-devel-2.38.2-150000.3.122.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (noarch): libwebkit2gtk3-lang-2.38.2-150000.3.122.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): libjavascriptcoregtk-4_0-18-2.38.2-150000.3.122.1 libjavascriptcoregtk-4_0-18-debuginfo-2.38.2-150000.3.122.1 libwebkit2gtk-4_0-37-2.38.2-150000.3.122.1 libwebkit2gtk-4_0-37-debuginfo-2.38.2-150000.3.122.1 typelib-1_0-JavaScriptCore-4_0-2.38.2-150000.3.122.1 typelib-1_0-WebKit2-4_0-2.38.2-150000.3.122.1 typelib-1_0-WebKit2WebExtension-4_0-2.38.2-150000.3.122.1 webkit2gtk-4_0-injected-bundles-2.38.2-150000.3.122.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.38.2-150000.3.122.1 webkit2gtk3-debugsource-2.38.2-150000.3.122.1 webkit2gtk3-devel-2.38.2-150000.3.122.1 - SUSE Enterprise Storage 6 (noarch): libwebkit2gtk3-lang-2.38.2-150000.3.122.1 - SUSE CaaS Platform 4.0 (noarch): libwebkit2gtk3-lang-2.38.2-150000.3.122.1 - SUSE CaaS Platform 4.0 (x86_64): libjavascriptcoregtk-4_0-18-2.38.2-150000.3.122.1 libjavascriptcoregtk-4_0-18-debuginfo-2.38.2-150000.3.122.1 libwebkit2gtk-4_0-37-2.38.2-150000.3.122.1 libwebkit2gtk-4_0-37-debuginfo-2.38.2-150000.3.122.1 typelib-1_0-JavaScriptCore-4_0-2.38.2-150000.3.122.1 typelib-1_0-WebKit2-4_0-2.38.2-150000.3.122.1 typelib-1_0-WebKit2WebExtension-4_0-2.38.2-150000.3.122.1 webkit2gtk-4_0-injected-bundles-2.38.2-150000.3.122.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.38.2-150000.3.122.1 webkit2gtk3-debugsource-2.38.2-150000.3.122.1 webkit2gtk3-devel-2.38.2-150000.3.122.1 References: https://www.suse.com/security/cve/CVE-2022-32888.html https://www.suse.com/security/cve/CVE-2022-32923.html https://www.suse.com/security/cve/CVE-2022-42799.html https://www.suse.com/security/cve/CVE-2022-42823.html https://www.suse.com/security/cve/CVE-2022-42824.html https://bugzilla.suse.com/1205120 https://bugzilla.suse.com/1205121 https://bugzilla.suse.com/1205122 https://bugzilla.suse.com/1205123 https://bugzilla.suse.com/1205124 From sle-updates at lists.suse.com Tue Nov 29 20:38:54 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 29 Nov 2022 21:38:54 +0100 (CET) Subject: SUSE-SU-2022:4290-1: moderate: Security update for java-1_8_0-ibm Message-ID: <20221129203854.5A6F6F7A5@maintenance.suse.de> SUSE Security Update: Security update for java-1_8_0-ibm ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:4290-1 Rating: moderate References: #1204468 #1204471 #1204472 #1204473 #1204475 #1204480 #1205302 Cross-References: CVE-2022-21618 CVE-2022-21619 CVE-2022-21624 CVE-2022-21626 CVE-2022-21628 CVE-2022-39399 CVSS scores: CVE-2022-21618 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVE-2022-21618 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVE-2022-21619 (NVD) : 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N CVE-2022-21619 (SUSE): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N CVE-2022-21624 (NVD) : 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N CVE-2022-21624 (SUSE): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N CVE-2022-21626 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2022-21626 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2022-21628 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2022-21628 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2022-39399 (NVD) : 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N CVE-2022-39399 (SUSE): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N Affected Products: SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 9 ______________________________________________________________________________ An update that solves 6 vulnerabilities and has one errata is now available. Description: This update for java-1_8_0-ibm fixes the following issues: - CVE-2022-21626: An unauthenticated attacker with network access via HTTPS can compromise Oracle Java SE, Oracle GraalVM Enterprise Edition (bsc#1204471). - CVE-2022-21618: An unauthenticated attacker with network access via Kerberos can compromise Oracle Java SE, Oracle GraalVM Enterprise Edition (bsc#1204468). - CVE-2022-21619: An unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE (bsc#1204473). - CVE-2022-21628: An unauthenticated attacker with network access via HTTP can compromise Oracle Java SE, Oracle GraalVM Enterprise Edition (bsc#1204472). - CVE-2022-21624: An unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise (bsc#1204475). - CVE-2022-39399: An unauthenticated attacker with network access via HTTP can compromise Oracle Java SE, Oracle GraalVM Enterprise Edition (bsc#1204480). - Update to Java 8.0 Service Refresh 7 Fix Pack 20 [bsc#1205302] * Security: - The IBM ORB Does Not Support Object-Serialisation Data Filtering - Large Allocation In CipherSuite - Avoid Evaluating Sslalgorithmconstraints Twice - Cache The Results Of Constraint Checks - An incorrect ShortBufferException is thrown by IBMJCEPlus, IBMJCEPlusFIPS during cipher update operation - Disable SHA-1 Signed Jars For Ea - JSSE Performance Improvement - Oracle Road Map Kerberos Deprecation Of 3DES And RC4 Encryption * Java 8/Orb: - Upgrade ibmcfw.jar To Version o2228.02 * Class Libraries: - Crash In Libjsor.So During An Rdma Failover - High CPU Consumption Observed In ZosEventPort$EventHandlerTask.run - Update Timezone Information To The Latest tzdata2022c * Jit Compiler: - Crash During JIT Compilation - Incorrect JIT Optimization Of Java Code - Incorrect Return From Class.isArray() - Unexpected ClassCastException - Performance Regression When Calling VM Helper Code On X86 * X/Os Extentions: - Add RSA-OAEP Cipher Function To IBMJCECCA - Update to Java 8.0 Service Refresh 7 Fix Pack 16 * Java Virtual Machine - Assertion failure at ClassLoaderRememberedSet.cpp - Assertion failure at StandardAccessBarrier.cpp when -Xgc:concurrentScavenge is set. - GC can have unflushed ownable synchronizer objects which can eventually lead to heap corruption and failure when -Xgc:concurrentScavenge is set. * JIT Compiler: - Incorrect JIT optimization of Java code - JAVA JIT Power: JIT compile time assert on AIX or LINUXPPC * Reliability and Serviceability: - javacore with "kill -3" SIGQUIT signal freezes Java process Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2022-4290=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2022-4290=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-4290=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2022-4290=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-4290=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2022-4290=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2022-4290=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2022-4290=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): java-1_8_0-ibm-1.8.0_sr7.20-30.99.1 java-1_8_0-ibm-alsa-1.8.0_sr7.20-30.99.1 java-1_8_0-ibm-devel-1.8.0_sr7.20-30.99.1 java-1_8_0-ibm-plugin-1.8.0_sr7.20-30.99.1 - SUSE OpenStack Cloud 9 (x86_64): java-1_8_0-ibm-1.8.0_sr7.20-30.99.1 java-1_8_0-ibm-alsa-1.8.0_sr7.20-30.99.1 java-1_8_0-ibm-devel-1.8.0_sr7.20-30.99.1 java-1_8_0-ibm-plugin-1.8.0_sr7.20-30.99.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (ppc64le s390x x86_64): java-1_8_0-ibm-devel-1.8.0_sr7.20-30.99.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): java-1_8_0-ibm-1.8.0_sr7.20-30.99.1 java-1_8_0-ibm-devel-1.8.0_sr7.20-30.99.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (x86_64): java-1_8_0-ibm-alsa-1.8.0_sr7.20-30.99.1 java-1_8_0-ibm-plugin-1.8.0_sr7.20-30.99.1 - SUSE Linux Enterprise Server 12-SP5 (ppc64le s390x x86_64): java-1_8_0-ibm-1.8.0_sr7.20-30.99.1 java-1_8_0-ibm-devel-1.8.0_sr7.20-30.99.1 - SUSE Linux Enterprise Server 12-SP5 (x86_64): java-1_8_0-ibm-alsa-1.8.0_sr7.20-30.99.1 java-1_8_0-ibm-plugin-1.8.0_sr7.20-30.99.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (ppc64le s390x x86_64): java-1_8_0-ibm-1.8.0_sr7.20-30.99.1 java-1_8_0-ibm-devel-1.8.0_sr7.20-30.99.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (x86_64): java-1_8_0-ibm-alsa-1.8.0_sr7.20-30.99.1 java-1_8_0-ibm-plugin-1.8.0_sr7.20-30.99.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): java-1_8_0-ibm-1.8.0_sr7.20-30.99.1 java-1_8_0-ibm-alsa-1.8.0_sr7.20-30.99.1 java-1_8_0-ibm-devel-1.8.0_sr7.20-30.99.1 java-1_8_0-ibm-plugin-1.8.0_sr7.20-30.99.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): java-1_8_0-ibm-1.8.0_sr7.20-30.99.1 java-1_8_0-ibm-alsa-1.8.0_sr7.20-30.99.1 java-1_8_0-ibm-devel-1.8.0_sr7.20-30.99.1 java-1_8_0-ibm-plugin-1.8.0_sr7.20-30.99.1 References: https://www.suse.com/security/cve/CVE-2022-21618.html https://www.suse.com/security/cve/CVE-2022-21619.html https://www.suse.com/security/cve/CVE-2022-21624.html https://www.suse.com/security/cve/CVE-2022-21626.html https://www.suse.com/security/cve/CVE-2022-21628.html https://www.suse.com/security/cve/CVE-2022-39399.html https://bugzilla.suse.com/1204468 https://bugzilla.suse.com/1204471 https://bugzilla.suse.com/1204472 https://bugzilla.suse.com/1204473 https://bugzilla.suse.com/1204475 https://bugzilla.suse.com/1204480 https://bugzilla.suse.com/1205302 From sle-updates at lists.suse.com Tue Nov 29 20:40:18 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 29 Nov 2022 21:40:18 +0100 (CET) Subject: SUSE-SU-2022:4296-1: Security update for libarchive Message-ID: <20221129204018.E487AF7A5@maintenance.suse.de> SUSE Security Update: Security update for libarchive ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:4296-1 Rating: low References: #1205629 Cross-References: CVE-2022-36227 CVSS scores: CVE-2022-36227 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-36227 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L Affected Products: SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for libarchive fixes the following issues: - CVE-2022-36227: Fixed potential NULL pointer dereference in __archive_write_allocate_filter() (bsc#1205629). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-4296=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-4296=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): libarchive-debugsource-3.3.3-32.8.1 libarchive-devel-3.3.3-32.8.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): libarchive-debugsource-3.3.3-32.8.1 libarchive13-3.3.3-32.8.1 libarchive13-debuginfo-3.3.3-32.8.1 References: https://www.suse.com/security/cve/CVE-2022-36227.html https://bugzilla.suse.com/1205629 From sle-updates at lists.suse.com Tue Nov 29 20:41:07 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 29 Nov 2022 21:41:07 +0100 (CET) Subject: SUSE-SU-2022:4295-1: moderate: Security update for dbus-1 Message-ID: <20221129204107.EA79DF790@maintenance.suse.de> SUSE Security Update: Security update for dbus-1 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:4295-1 Rating: moderate References: #1087072 #1204111 #1204112 #1204113 Cross-References: CVE-2022-42010 CVE-2022-42011 CVE-2022-42012 CVSS scores: CVE-2022-42010 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-42010 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L CVE-2022-42011 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-42011 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L CVE-2022-42012 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-42012 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L Affected Products: SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 ______________________________________________________________________________ An update that solves three vulnerabilities and has one errata is now available. Description: This update for dbus-1 fixes the following issues: - CVE-2022-42010: Fixed a potential crash that could be triggered by an invalid signature (bsc#1204111). - CVE-2022-42011: Fixed an out of bounds read caused by a fixed length array (bsc#1204112). - CVE-2022-42012: Fixed use-after-free and possible memory corruption via a message in non-native endianness with out-of-band Unix file descriptors (bsc#1204113). - Disable assertions to prevent unexpected DDoS attacks (bsc#1087072). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-4295=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-4295=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): dbus-1-debugsource-1.8.22-38.1 dbus-1-devel-1.8.22-38.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (noarch): dbus-1-devel-doc-1.8.22-38.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): dbus-1-1.8.22-38.1 dbus-1-debuginfo-1.8.22-38.1 dbus-1-debugsource-1.8.22-38.1 dbus-1-x11-1.8.22-38.1 dbus-1-x11-debuginfo-1.8.22-38.1 dbus-1-x11-debugsource-1.8.22-38.1 libdbus-1-3-1.8.22-38.1 libdbus-1-3-debuginfo-1.8.22-38.1 - SUSE Linux Enterprise Server 12-SP5 (s390x x86_64): libdbus-1-3-32bit-1.8.22-38.1 libdbus-1-3-debuginfo-32bit-1.8.22-38.1 References: https://www.suse.com/security/cve/CVE-2022-42010.html https://www.suse.com/security/cve/CVE-2022-42011.html https://www.suse.com/security/cve/CVE-2022-42012.html https://bugzilla.suse.com/1087072 https://bugzilla.suse.com/1204111 https://bugzilla.suse.com/1204112 https://bugzilla.suse.com/1204113 From sle-updates at lists.suse.com Wed Nov 30 08:25:33 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 30 Nov 2022 09:25:33 +0100 (CET) Subject: SUSE-CU-2022:3227-1: Recommended update of suse/sle-micro/5.3/toolbox Message-ID: <20221130082533.889F8FBA7@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.3/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3227-1 Container Tags : suse/sle-micro/5.3/toolbox:11.1 , suse/sle-micro/5.3/toolbox:11.1-5.2.47 , suse/sle-micro/5.3/toolbox:latest Container Release : 5.2.47 Severity : important Type : recommended References : 1199074 1203216 1203482 ----------------------------------------------------------------- The container suse/sle-micro/5.3/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4262-1 Released: Tue Nov 29 05:45:23 2022 Summary: Recommended update for lvm2 Type: recommended Severity: important References: 1199074,1203216,1203482 This update for lvm2 fixes the following issues: - Fix terminated lvmlockd not clearing/adopting locks, leading to inability to start volume group (bsc#1203216) - Fix device-mapper rpm package versioning to prevent migration issues (bsc#1199074) - Fix lvmlockd to support sanlock (bsc#1203482) The following package changes have been done: - libdevmapper1_03-2.03.05_1.02.163-150400.185.1 updated From sle-updates at lists.suse.com Wed Nov 30 08:25:39 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 30 Nov 2022 09:25:39 +0100 (CET) Subject: SUSE-CU-2022:3228-1: Security update of suse/sle-micro/5.3/toolbox Message-ID: <20221130082539.F3915FBA7@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.3/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3228-1 Container Tags : suse/sle-micro/5.3/toolbox:11.1 , suse/sle-micro/5.3/toolbox:11.1-5.2.48 , suse/sle-micro/5.3/toolbox:latest Container Release : 5.2.48 Severity : important Type : security References : 1184689 1188086 1188607 1192252 1192478 1192648 1197428 1200330 1202269 1202337 1202417 1202962 1203110 1203125 1203152 1203155 1203194 1203272 1203508 1203509 1203796 1203797 1203799 1203818 1203820 1203924 1204577 1204779 CVE-2019-18348 CVE-2020-10735 CVE-2020-8492 CVE-2021-3928 CVE-2022-2980 CVE-2022-2982 CVE-2022-3037 CVE-2022-3099 CVE-2022-3134 CVE-2022-3153 CVE-2022-3234 CVE-2022-3235 CVE-2022-3278 CVE-2022-3296 CVE-2022-3297 CVE-2022-3324 CVE-2022-3352 CVE-2022-3705 CVE-2022-37454 ----------------------------------------------------------------- The container suse/sle-micro/5.3/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4278-1 Released: Tue Nov 29 15:43:49 2022 Summary: Security update for supportutils Type: security Severity: moderate References: 1184689,1188086,1192252,1192648,1197428,1200330,1202269,1202337,1202417,1203818 This update for supportutils fixes the following issues: Security issues fixed: - Passwords correctly removed from email.txt, updates.txt and fs-iscsi.txt (bsc#1203818) Bug fixes: - Added lifecycle information - Fixed KVM virtualization detection on bare metal (bsc#1184689) - Added logging using journalctl (bsc#1200330) - Get current sar data before collecting files (bsc#1192648) - Collects everything in /etc/multipath/ (bsc#1192252) - Collects power management information in hardware.txt (bsc#1197428) - Checks for suseconnect-ng or SUSEConnect packages (bsc#1202337) - Fixed conf_files and conf_text_files so y2log is gathered (bsc#1202269) - Update to nvme_info and block_info (bsc#1202417) - Added includedir directories from /etc/sudoers (bsc#1188086) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4281-1 Released: Tue Nov 29 15:46:10 2022 Summary: Security update for python3 Type: security Severity: important References: 1188607,1203125,1204577,CVE-2019-18348,CVE-2020-10735,CVE-2020-8492,CVE-2022-37454 This update for python3 fixes the following issues: - CVE-2022-37454: Fixed a buffer overflow in hashlib.sha3_* implementations. (bsc#1204577) - CVE-2020-10735: Fixed a bug to limit amount of digits converting text to int and vice vera. (bsc#1203125) The following non-security bug was fixed: - Fixed a crash in the garbage collection (bsc#1188607). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4282-1 Released: Tue Nov 29 15:50:15 2022 Summary: Security update for vim Type: security Severity: important References: 1192478,1202962,1203110,1203152,1203155,1203194,1203272,1203508,1203509,1203796,1203797,1203799,1203820,1203924,1204779,CVE-2021-3928,CVE-2022-2980,CVE-2022-2982,CVE-2022-3037,CVE-2022-3099,CVE-2022-3134,CVE-2022-3153,CVE-2022-3234,CVE-2022-3235,CVE-2022-3278,CVE-2022-3296,CVE-2022-3297,CVE-2022-3324,CVE-2022-3352,CVE-2022-3705 This update for vim fixes the following issues: Updated to version 9.0 with patch level 0814: - CVE-2021-3928: Fixed stack-based buffer overflow (bsc#1192478). - CVE-2022-3234: Fixed heap-based buffer overflow (bsc#1203508). - CVE-2022-3235: Fixed use-after-free (bsc#1203509). - CVE-2022-3324: Fixed stack-based buffer overflow (bsc#1203820). - CVE-2022-3705: Fixed use-after-free in function qf_update_buffer of the file quickfix.c (bsc#1204779). - CVE-2022-2982: Fixed use-after-free in qf_fill_buffer() (bsc#1203152). - CVE-2022-3296: Fixed stack out of bounds read in ex_finally() in ex_eval.c (bsc#1203796). - CVE-2022-3297: Fixed use-after-free in process_next_cpt_value() at insexpand.c (bsc#1203797). - CVE-2022-3099: Fixed use-after-free in ex_docmd.c (bsc#1203110). - CVE-2022-3134: Fixed use-after-free in do_tag() (bsc#1203194). - CVE-2022-3153: Fixed NULL pointer dereference (bsc#1203272). - CVE-2022-3278: Fixed NULL pointer dereference in eval_next_non_blank() in eval.c (bsc#1203799). - CVE-2022-3352: Fixed use-after-free (bsc#1203924). - CVE-2022-2980: Fixed NULL pointer dereference in do_mouse() (bsc#1203155). - CVE-2022-3037: Fixed use-after-free (bsc#1202962). The following package changes have been done: - libpython3_6m1_0-3.6.15-150300.10.37.2 updated - python3-base-3.6.15-150300.10.37.2 updated - supportutils-3.1.21-150300.7.35.15.1 updated - vim-data-common-9.0.0814-150000.5.28.1 updated - vim-9.0.0814-150000.5.28.1 updated From sle-updates at lists.suse.com Wed Nov 30 08:35:08 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 30 Nov 2022 09:35:08 +0100 (CET) Subject: SUSE-CU-2022:3229-1: Recommended update of suse/sles12sp4 Message-ID: <20221130083508.9B141FBA7@maintenance.suse.de> SUSE Container Update Advisory: suse/sles12sp4 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3229-1 Container Tags : suse/sles12sp4:26.535 , suse/sles12sp4:latest Container Release : 26.535 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container suse/sles12sp4 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4245-1 Released: Mon Nov 28 10:53:20 2022 Summary: Recommended update for gcc12 Type: recommended Severity: moderate References: This update for gcc12 fixes the following issues: This update ship the GCC 12 compiler suite and its base libraries. The compiler baselibraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 11 ones. The new compilers for C, C++, and Fortran are provided in the SUSE Linux Enterprise Toolchain Module. To use gcc12 compilers use: - install 'gcc12' or 'gcc12-c++' or one of the other 'gcc12-COMPILER' frontend packages. - override your makefile to use CC=gcc12, CXX=g++12 and similar overrides for the other languages. For a full changelog with all new GCC12 features, check out https://gcc.gnu.org/gcc-12/changes.html The following package changes have been done: - base-container-licenses-3.0-1.329 updated - container-suseconnect-2.0.0-1.213 updated - libgcc_s1-12.2.1+git416-1.5.1 updated - libstdc++6-12.2.1+git416-1.5.1 updated From sle-updates at lists.suse.com Wed Nov 30 08:42:05 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 30 Nov 2022 09:42:05 +0100 (CET) Subject: SUSE-CU-2022:3231-1: Recommended update of suse/sles12sp5 Message-ID: <20221130084205.DCF13FBA7@maintenance.suse.de> SUSE Container Update Advisory: suse/sles12sp5 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3231-1 Container Tags : suse/sles12sp5:6.5.406 , suse/sles12sp5:latest Container Release : 6.5.406 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container suse/sles12sp5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4245-1 Released: Mon Nov 28 10:53:20 2022 Summary: Recommended update for gcc12 Type: recommended Severity: moderate References: This update for gcc12 fixes the following issues: This update ship the GCC 12 compiler suite and its base libraries. The compiler baselibraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 11 ones. The new compilers for C, C++, and Fortran are provided in the SUSE Linux Enterprise Toolchain Module. To use gcc12 compilers use: - install 'gcc12' or 'gcc12-c++' or one of the other 'gcc12-COMPILER' frontend packages. - override your makefile to use CC=gcc12, CXX=g++12 and similar overrides for the other languages. For a full changelog with all new GCC12 features, check out https://gcc.gnu.org/gcc-12/changes.html The following package changes have been done: - libgcc_s1-12.2.1+git416-1.5.1 updated - libstdc++6-12.2.1+git416-1.5.1 updated From sle-updates at lists.suse.com Wed Nov 30 08:42:11 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 30 Nov 2022 09:42:11 +0100 (CET) Subject: SUSE-CU-2022:3232-1: Security update of suse/sles12sp5 Message-ID: <20221130084211.8BEB2FBA7@maintenance.suse.de> SUSE Container Update Advisory: suse/sles12sp5 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3232-1 Container Tags : suse/sles12sp5:6.5.407 , suse/sles12sp5:latest Container Release : 6.5.407 Severity : moderate Type : security References : 1197244 1198507 1204968 CVE-2022-3821 ----------------------------------------------------------------- The container suse/sles12sp5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4279-1 Released: Tue Nov 29 15:44:34 2022 Summary: Security update for systemd Type: security Severity: moderate References: 1197244,1198507,1204968,CVE-2022-3821 This update for systemd fixes the following issues: - CVE-2022-3821: Fixed buffer overrun in format_timespan() function (bsc#1204968). - Import commit 417bb0944e035969594fff83a3ab9c2ca9a56234 * 20743c1a44 logind: fix crash in logind on user-specified message string * b971b5f085 tmpfiles: check the directory we were supposed to create, not its parent * 2850271ea6 stat-util: replace is_dir() + is_dir_fd() by single is_dir_full() call * 3d3bd5fc8d systemd --user: call pam_loginuid when creating user at .service (#3120) (bsc#1198507) * 4b56c3540a parse-util: introduce pid_is_valid() * aa811a4c0c systemd-detect-virt: refine hypervisor detection (#7171) (bsc#1197244) The following package changes have been done: - libsystemd0-228-157.43.2 updated - libudev1-228-157.43.2 updated From sle-updates at lists.suse.com Wed Nov 30 09:01:58 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 30 Nov 2022 10:01:58 +0100 (CET) Subject: SUSE-CU-2022:3233-1: Recommended update of suse/sle15 Message-ID: <20221130090158.A066BFBA7@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3233-1 Container Tags : suse/sle15:15.0 , suse/sle15:15.0.4.22.649 Container Release : 4.22.649 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4256-1 Released: Mon Nov 28 12:36:32 2022 Summary: Recommended update for gcc12 Type: recommended Severity: moderate References: This update for gcc12 fixes the following issues: This update ship the GCC 12 compiler suite and its base libraries. The compiler baselibraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 11 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP3 and SP4, and provided in the 'Development Tools' module. The Go, D and Ada language compiler parts are available unsupported via the PackageHub repositories. To use gcc12 compilers use: - install 'gcc12' or 'gcc12-c++' or one of the other 'gcc12-COMPILER' frontend packages. - override your Makefile to use CC=gcc12, CXX=g++12 and similar overrides for the other languages. For a full changelog with all new GCC12 features, check out https://gcc.gnu.org/gcc-12/changes.html The following package changes have been done: - libgcc_s1-12.2.1+git416-150000.1.5.1 updated - libstdc++6-12.2.1+git416-150000.1.5.1 updated From sle-updates at lists.suse.com Wed Nov 30 09:18:11 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 30 Nov 2022 10:18:11 +0100 (CET) Subject: SUSE-CU-2022:3234-1: Recommended update of suse/sle15 Message-ID: <20221130091811.3409EFBA7@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3234-1 Container Tags : suse/sle15:15.1 , suse/sle15:15.1.6.2.712 Container Release : 6.2.712 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4256-1 Released: Mon Nov 28 12:36:32 2022 Summary: Recommended update for gcc12 Type: recommended Severity: moderate References: This update for gcc12 fixes the following issues: This update ship the GCC 12 compiler suite and its base libraries. The compiler baselibraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 11 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP3 and SP4, and provided in the 'Development Tools' module. The Go, D and Ada language compiler parts are available unsupported via the PackageHub repositories. To use gcc12 compilers use: - install 'gcc12' or 'gcc12-c++' or one of the other 'gcc12-COMPILER' frontend packages. - override your Makefile to use CC=gcc12, CXX=g++12 and similar overrides for the other languages. For a full changelog with all new GCC12 features, check out https://gcc.gnu.org/gcc-12/changes.html The following package changes have been done: - libgcc_s1-12.2.1+git416-150000.1.5.1 updated - libstdc++6-12.2.1+git416-150000.1.5.1 updated From sle-updates at lists.suse.com Wed Nov 30 09:30:36 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 30 Nov 2022 10:30:36 +0100 (CET) Subject: SUSE-CU-2022:3235-1: Recommended update of suse/sle15 Message-ID: <20221130093036.920BEFBA7@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3235-1 Container Tags : suse/sle15:15.2 , suse/sle15:15.2.9.5.235 Container Release : 9.5.235 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4256-1 Released: Mon Nov 28 12:36:32 2022 Summary: Recommended update for gcc12 Type: recommended Severity: moderate References: This update for gcc12 fixes the following issues: This update ship the GCC 12 compiler suite and its base libraries. The compiler baselibraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 11 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP3 and SP4, and provided in the 'Development Tools' module. The Go, D and Ada language compiler parts are available unsupported via the PackageHub repositories. To use gcc12 compilers use: - install 'gcc12' or 'gcc12-c++' or one of the other 'gcc12-COMPILER' frontend packages. - override your Makefile to use CC=gcc12, CXX=g++12 and similar overrides for the other languages. For a full changelog with all new GCC12 features, check out https://gcc.gnu.org/gcc-12/changes.html The following package changes have been done: - libgcc_s1-12.2.1+git416-150000.1.5.1 updated - libstdc++6-12.2.1+git416-150000.1.5.1 updated From sle-updates at lists.suse.com Wed Nov 30 09:37:17 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 30 Nov 2022 10:37:17 +0100 (CET) Subject: SUSE-CU-2022:3236-1: Recommended update of bci/bci-init Message-ID: <20221130093717.84F59FBA7@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-init ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3236-1 Container Tags : bci/bci-init:15.3 , bci/bci-init:15.3.21.69 Container Release : 21.69 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container bci/bci-init was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4256-1 Released: Mon Nov 28 12:36:32 2022 Summary: Recommended update for gcc12 Type: recommended Severity: moderate References: This update for gcc12 fixes the following issues: This update ship the GCC 12 compiler suite and its base libraries. The compiler baselibraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 11 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP3 and SP4, and provided in the 'Development Tools' module. The Go, D and Ada language compiler parts are available unsupported via the PackageHub repositories. To use gcc12 compilers use: - install 'gcc12' or 'gcc12-c++' or one of the other 'gcc12-COMPILER' frontend packages. - override your Makefile to use CC=gcc12, CXX=g++12 and similar overrides for the other languages. For a full changelog with all new GCC12 features, check out https://gcc.gnu.org/gcc-12/changes.html The following package changes have been done: - libgcc_s1-12.2.1+git416-150000.1.5.1 updated - libstdc++6-12.2.1+git416-150000.1.5.1 updated - container:sles15-image-15.0.0-17.20.77 updated From sle-updates at lists.suse.com Wed Nov 30 09:37:22 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 30 Nov 2022 10:37:22 +0100 (CET) Subject: SUSE-CU-2022:3237-1: Recommended update of bci/bci-init Message-ID: <20221130093722.C254FFBA7@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-init ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3237-1 Container Tags : bci/bci-init:15.3 , bci/bci-init:15.3.21.70 Container Release : 21.70 Severity : moderate Type : recommended References : 1198523 1199074 1203216 ----------------------------------------------------------------- The container bci/bci-init was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4270-1 Released: Tue Nov 29 13:20:45 2022 Summary: Recommended update for lvm2 Type: recommended Severity: moderate References: 1198523,1199074,1203216 This update for lvm2 fixes the following issues: - Design changes to avoid kernel panic (bsc#1198523) - Fix device-mapper rpm package versioning to prevent migration issues (bsc#1199074) - killed lvmlockd doesn't clear/adopt locks leading to inability to start volume group (bsc#1203216) The following package changes have been done: - libdevmapper1_03-2.03.05_1.02.163-150200.8.49.1 updated From sle-updates at lists.suse.com Wed Nov 30 09:37:45 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 30 Nov 2022 10:37:45 +0100 (CET) Subject: SUSE-CU-2022:3238-1: Recommended update of bci/bci-micro Message-ID: <20221130093745.6B91AFBA7@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-micro ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3238-1 Container Tags : bci/bci-micro:15.3 , bci/bci-micro:15.3.22.27 Container Release : 22.27 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container bci/bci-micro was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4256-1 Released: Mon Nov 28 12:36:32 2022 Summary: Recommended update for gcc12 Type: recommended Severity: moderate References: This update for gcc12 fixes the following issues: This update ship the GCC 12 compiler suite and its base libraries. The compiler baselibraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 11 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP3 and SP4, and provided in the 'Development Tools' module. The Go, D and Ada language compiler parts are available unsupported via the PackageHub repositories. To use gcc12 compilers use: - install 'gcc12' or 'gcc12-c++' or one of the other 'gcc12-COMPILER' frontend packages. - override your Makefile to use CC=gcc12, CXX=g++12 and similar overrides for the other languages. For a full changelog with all new GCC12 features, check out https://gcc.gnu.org/gcc-12/changes.html The following package changes have been done: - libgcc_s1-12.2.1+git416-150000.1.5.1 updated - libstdc++6-12.2.1+git416-150000.1.5.1 updated From sle-updates at lists.suse.com Wed Nov 30 09:40:24 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 30 Nov 2022 10:40:24 +0100 (CET) Subject: SUSE-CU-2022:3239-1: Recommended update of bci/bci-minimal Message-ID: <20221130094024.0D888FBA7@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-minimal ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3239-1 Container Tags : bci/bci-minimal:15.3 , bci/bci-minimal:15.3.32.60 Container Release : 32.60 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container bci/bci-minimal was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4256-1 Released: Mon Nov 28 12:36:32 2022 Summary: Recommended update for gcc12 Type: recommended Severity: moderate References: This update for gcc12 fixes the following issues: This update ship the GCC 12 compiler suite and its base libraries. The compiler baselibraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 11 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP3 and SP4, and provided in the 'Development Tools' module. The Go, D and Ada language compiler parts are available unsupported via the PackageHub repositories. To use gcc12 compilers use: - install 'gcc12' or 'gcc12-c++' or one of the other 'gcc12-COMPILER' frontend packages. - override your Makefile to use CC=gcc12, CXX=g++12 and similar overrides for the other languages. For a full changelog with all new GCC12 features, check out https://gcc.gnu.org/gcc-12/changes.html The following package changes have been done: - libgcc_s1-12.2.1+git416-150000.1.5.1 updated - libstdc++6-12.2.1+git416-150000.1.5.1 updated - container:micro-image-15.3.0-22.27 updated From sle-updates at lists.suse.com Wed Nov 30 09:46:31 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 30 Nov 2022 10:46:31 +0100 (CET) Subject: SUSE-CU-2022:3240-1: Recommended update of bci/python Message-ID: <20221130094631.ED25FFBA7@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3240-1 Container Tags : bci/python:3 , bci/python:3.9 , bci/python:3.9-21.6 Container Release : 21.6 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4256-1 Released: Mon Nov 28 12:36:32 2022 Summary: Recommended update for gcc12 Type: recommended Severity: moderate References: This update for gcc12 fixes the following issues: This update ship the GCC 12 compiler suite and its base libraries. The compiler baselibraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 11 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP3 and SP4, and provided in the 'Development Tools' module. The Go, D and Ada language compiler parts are available unsupported via the PackageHub repositories. To use gcc12 compilers use: - install 'gcc12' or 'gcc12-c++' or one of the other 'gcc12-COMPILER' frontend packages. - override your Makefile to use CC=gcc12, CXX=g++12 and similar overrides for the other languages. For a full changelog with all new GCC12 features, check out https://gcc.gnu.org/gcc-12/changes.html The following package changes have been done: - libgcc_s1-12.2.1+git416-150000.1.5.1 updated - libstdc++6-12.2.1+git416-150000.1.5.1 updated - container:sles15-image-15.0.0-17.20.77 updated From sle-updates at lists.suse.com Wed Nov 30 09:54:41 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 30 Nov 2022 10:54:41 +0100 (CET) Subject: SUSE-CU-2022:3241-1: Recommended update of suse/sle15 Message-ID: <20221130095441.382B0FBA7@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3241-1 Container Tags : bci/bci-base:15.3 , bci/bci-base:15.3.17.20.77 , suse/sle15:15.3 , suse/sle15:15.3.17.20.77 Container Release : 17.20.77 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4256-1 Released: Mon Nov 28 12:36:32 2022 Summary: Recommended update for gcc12 Type: recommended Severity: moderate References: This update for gcc12 fixes the following issues: This update ship the GCC 12 compiler suite and its base libraries. The compiler baselibraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 11 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP3 and SP4, and provided in the 'Development Tools' module. The Go, D and Ada language compiler parts are available unsupported via the PackageHub repositories. To use gcc12 compilers use: - install 'gcc12' or 'gcc12-c++' or one of the other 'gcc12-COMPILER' frontend packages. - override your Makefile to use CC=gcc12, CXX=g++12 and similar overrides for the other languages. For a full changelog with all new GCC12 features, check out https://gcc.gnu.org/gcc-12/changes.html The following package changes have been done: - libgcc_s1-12.2.1+git416-150000.1.5.1 updated - libstdc++6-12.2.1+git416-150000.1.5.1 updated From sle-updates at lists.suse.com Wed Nov 30 09:56:14 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 30 Nov 2022 10:56:14 +0100 (CET) Subject: SUSE-CU-2022:3242-1: Security update of suse/389-ds Message-ID: <20221130095614.E3457FBA7@maintenance.suse.de> SUSE Container Update Advisory: suse/389-ds ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3242-1 Container Tags : suse/389-ds:2.0 , suse/389-ds:2.0-17.60 , suse/389-ds:latest Container Release : 17.60 Severity : important Type : security References : 1188607 1203125 1204577 CVE-2019-18348 CVE-2020-10735 CVE-2020-8492 CVE-2022-37454 ----------------------------------------------------------------- The container suse/389-ds was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4281-1 Released: Tue Nov 29 15:46:10 2022 Summary: Security update for python3 Type: security Severity: important References: 1188607,1203125,1204577,CVE-2019-18348,CVE-2020-10735,CVE-2020-8492,CVE-2022-37454 This update for python3 fixes the following issues: - CVE-2022-37454: Fixed a buffer overflow in hashlib.sha3_* implementations. (bsc#1204577) - CVE-2020-10735: Fixed a bug to limit amount of digits converting text to int and vice vera. (bsc#1203125) The following non-security bug was fixed: - Fixed a crash in the garbage collection (bsc#1188607). The following package changes have been done: - python3-base-3.6.15-150300.10.37.2 updated - libpython3_6m1_0-3.6.15-150300.10.37.2 updated From sle-updates at lists.suse.com Wed Nov 30 09:56:20 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 30 Nov 2022 10:56:20 +0100 (CET) Subject: SUSE-CU-2022:3243-1: Security update of bci/bci-busybox Message-ID: <20221130095620.5707AFBA7@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-busybox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3243-1 Container Tags : bci/bci-busybox:15.4 , bci/bci-busybox:15.4.13.2 , bci/bci-busybox:latest Container Release : 13.2 Severity : important Type : security References : 1064976 1064978 1069412 1099260 1099263 1102912 1121426 1121428 1184522 1192869 951562 970662 970663 991940 CVE-2011-5325 CVE-2015-9261 CVE-2016-2147 CVE-2016-2148 CVE-2016-6301 CVE-2017-15873 CVE-2017-15874 CVE-2017-16544 CVE-2018-1000500 CVE-2018-1000517 CVE-2018-20679 CVE-2019-5747 CVE-2021-28831 CVE-2021-42373 CVE-2021-42374 CVE-2021-42375 CVE-2021-42376 CVE-2021-42377 CVE-2021-42378 CVE-2021-42379 CVE-2021-42380 CVE-2021-42381 CVE-2021-42382 CVE-2021-42383 CVE-2021-42384 CVE-2021-42385 CVE-2021-42386 ----------------------------------------------------------------- The container bci/bci-busybox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3959-1 Released: Fri Nov 11 15:38:11 2022 Summary: Security update for busybox Type: security Severity: important References: 1064976,1064978,1069412,1099260,1099263,1102912,1121426,1121428,1184522,1192869,951562,970662,970663,991940,CVE-2011-5325,CVE-2015-9261,CVE-2016-2147,CVE-2016-2148,CVE-2016-6301,CVE-2017-15873,CVE-2017-15874,CVE-2017-16544,CVE-2018-1000500,CVE-2018-1000517,CVE-2018-20679,CVE-2019-5747,CVE-2021-28831,CVE-2021-42373,CVE-2021-42374,CVE-2021-42375,CVE-2021-42376,CVE-2021-42377,CVE-2021-42378,CVE-2021-42379,CVE-2021-42380,CVE-2021-42381,CVE-2021-42382,CVE-2021-42383,CVE-2021-42384,CVE-2021-42385,CVE-2021-42386 This update for busybox fixes the following issues: - Enable switch_root With this change virtme --force-initramfs works as expected. - Enable udhcpc busybox was updated to 1.35.0 - Adjust busybox.config for new features in find, date and cpio - Annotate CVEs already fixed in upstream, but not mentioned in .changes yet: * CVE-2017-16544 (bsc#1069412): Insufficient sanitization of filenames when autocompleting * CVE-2015-9261 (bsc#1102912): huft_build misuses a pointer, causing segfaults * CVE-2016-2147 (bsc#970663): out of bounds write (heap) due to integer underflow in udhcpc * CVE-2016-2148 (bsc#970662): heap-based buffer overflow in OPTION_6RD parsing * CVE-2016-6301 (bsc#991940): NTP server denial of service flaw * CVE-2017-15873 (bsc#1064976): The get_next_block function in archival/libarchive/decompress_bunzip2.c has an Integer Overflow * CVE-2017-15874 (bsc#1064978): archival/libarchive/decompress_unlzma.c has an Integer Underflow * CVE-2019-5747 (bsc#1121428): out of bounds read in udhcp components * CVE-2021-42373, CVE-2021-42374, CVE-2021-42375, CVE-2021-42376, CVE-2021-42377, CVE-2021-42378, CVE-2021-42379, CVE-2021-42380, CVE-2021-42381, CVE-2021-42382, CVE-2021-42383, CVE-2021-42384, CVE-2021-42385, CVE-2021-42386 (bsc#1192869) : v1.34.0 bugfixes * CVE-2021-28831 (bsc#1184522): invalid free or segmentation fault via malformed gzip data * CVE-2018-20679 (bsc#1121426): out of bounds read in udhcp * CVE-2018-1000517 (bsc#1099260): Heap-based buffer overflow in the retrieve_file_data() * CVE-2011-5325 (bsc#951562): tar directory traversal * CVE-2018-1000500 (bsc#1099263): wget: Missing SSL certificate validation ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4291-1 Released: Tue Nov 29 16:00:24 2022 Summary: Recommended update for busybox-links Type: recommended Severity: moderate References: This update rebuilds busybox-links to match the current busybox version. The following package changes have been done: - busybox-adduser-1.35.0-150400.4.2.1 updated - busybox-attr-1.35.0-150400.4.2.1 updated - busybox-bc-1.35.0-150400.4.2.1 updated - busybox-bind-utils-1.35.0-150400.4.2.1 updated - busybox-bzip2-1.35.0-150400.4.2.1 updated - busybox-coreutils-1.35.0-150400.4.2.1 updated - busybox-cpio-1.35.0-150400.4.2.1 updated - busybox-diffutils-1.35.0-150400.4.2.1 updated - busybox-dos2unix-1.35.0-150400.4.2.1 updated - busybox-ed-1.35.0-150400.4.2.1 updated - busybox-findutils-1.35.0-150400.4.2.1 updated - busybox-gawk-1.35.0-150400.4.2.1 updated - busybox-grep-1.35.0-150400.4.2.1 updated - busybox-gzip-1.35.0-150400.4.2.1 updated - busybox-hostname-1.35.0-150400.4.2.1 updated - busybox-iproute2-1.35.0-150400.4.2.1 updated - busybox-iputils-1.35.0-150400.4.2.1 updated - busybox-kbd-1.35.0-150400.4.2.1 updated - busybox-less-1.35.0-150400.4.2.1 updated - busybox-links-1.35.0-150400.4.2.1 updated - busybox-man-1.35.0-150400.4.2.1 updated - busybox-misc-1.35.0-150400.4.2.1 updated - busybox-ncurses-utils-1.35.0-150400.4.2.1 updated - busybox-net-tools-1.35.0-150400.4.2.1 updated - busybox-netcat-1.35.0-150400.4.2.1 updated - busybox-patch-1.35.0-150400.4.2.1 updated - busybox-policycoreutils-1.35.0-150400.4.2.1 updated - busybox-procps-1.35.0-150400.4.2.1 updated - busybox-psmisc-1.35.0-150400.4.2.1 updated - busybox-sed-1.35.0-150400.4.2.1 updated - busybox-selinux-tools-1.35.0-150400.4.2.1 updated - busybox-sendmail-1.35.0-150400.4.2.1 updated - busybox-sharutils-1.35.0-150400.4.2.1 updated - busybox-sh-1.35.0-150400.4.2.1 updated - busybox-syslogd-1.35.0-150400.4.2.1 updated - busybox-sysvinit-tools-1.35.0-150400.4.2.1 updated - busybox-tar-1.35.0-150400.4.2.1 updated - busybox-telnet-1.35.0-150400.4.2.1 updated - busybox-tftp-1.35.0-150400.4.2.1 updated - busybox-time-1.35.0-150400.4.2.1 updated - busybox-traceroute-1.35.0-150400.4.2.1 updated - busybox-tunctl-1.35.0-150400.4.2.1 updated - busybox-unzip-1.35.0-150400.4.2.1 updated - busybox-util-linux-1.35.0-150400.4.2.1 updated - busybox-vi-1.35.0-150400.4.2.1 updated - busybox-vlan-1.35.0-150400.4.2.1 updated - busybox-wget-1.35.0-150400.4.2.1 updated - busybox-which-1.35.0-150400.4.2.1 updated - busybox-whois-1.35.0-150400.4.2.1 updated - busybox-xz-1.35.0-150400.4.2.1 updated - busybox-1.35.0-150400.3.3.1 updated From sle-updates at lists.suse.com Wed Nov 30 09:56:27 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 30 Nov 2022 10:56:27 +0100 (CET) Subject: SUSE-CU-2022:3244-1: Recommended update of suse/registry Message-ID: <20221130095627.C3622FBA7@maintenance.suse.de> SUSE Container Update Advisory: suse/registry ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3244-1 Container Tags : suse/registry:2.8 , suse/registry:2.8-4.4 , suse/registry:latest Container Release : 4.4 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container suse/registry was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4256-1 Released: Mon Nov 28 12:36:32 2022 Summary: Recommended update for gcc12 Type: recommended Severity: moderate References: This update for gcc12 fixes the following issues: This update ship the GCC 12 compiler suite and its base libraries. The compiler baselibraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 11 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP3 and SP4, and provided in the 'Development Tools' module. The Go, D and Ada language compiler parts are available unsupported via the PackageHub repositories. To use gcc12 compilers use: - install 'gcc12' or 'gcc12-c++' or one of the other 'gcc12-COMPILER' frontend packages. - override your Makefile to use CC=gcc12, CXX=g++12 and similar overrides for the other languages. For a full changelog with all new GCC12 features, check out https://gcc.gnu.org/gcc-12/changes.html The following package changes have been done: - libgcc_s1-12.2.1+git416-150000.1.5.1 updated - libstdc++6-12.2.1+git416-150000.1.5.1 updated - container:micro-image-15.4.0-16.2 updated From sle-updates at lists.suse.com Wed Nov 30 09:58:01 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 30 Nov 2022 10:58:01 +0100 (CET) Subject: SUSE-CU-2022:3245-1: Recommended update of bci/bci-init Message-ID: <20221130095801.4A524FBA7@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-init ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3245-1 Container Tags : bci/bci-init:15.4 , bci/bci-init:15.4.24.47 , bci/bci-init:latest Container Release : 24.47 Severity : important Type : recommended References : 1199074 1203216 1203482 ----------------------------------------------------------------- The container bci/bci-init was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4256-1 Released: Mon Nov 28 12:36:32 2022 Summary: Recommended update for gcc12 Type: recommended Severity: moderate References: This update for gcc12 fixes the following issues: This update ship the GCC 12 compiler suite and its base libraries. The compiler baselibraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 11 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP3 and SP4, and provided in the 'Development Tools' module. The Go, D and Ada language compiler parts are available unsupported via the PackageHub repositories. To use gcc12 compilers use: - install 'gcc12' or 'gcc12-c++' or one of the other 'gcc12-COMPILER' frontend packages. - override your Makefile to use CC=gcc12, CXX=g++12 and similar overrides for the other languages. For a full changelog with all new GCC12 features, check out https://gcc.gnu.org/gcc-12/changes.html ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4262-1 Released: Tue Nov 29 05:45:23 2022 Summary: Recommended update for lvm2 Type: recommended Severity: important References: 1199074,1203216,1203482 This update for lvm2 fixes the following issues: - Fix terminated lvmlockd not clearing/adopting locks, leading to inability to start volume group (bsc#1203216) - Fix device-mapper rpm package versioning to prevent migration issues (bsc#1199074) - Fix lvmlockd to support sanlock (bsc#1203482) The following package changes have been done: - libgcc_s1-12.2.1+git416-150000.1.5.1 updated - libstdc++6-12.2.1+git416-150000.1.5.1 updated - libdevmapper1_03-2.03.05_1.02.163-150400.185.1 updated - container:sles15-image-15.0.0-27.14.21 updated From sle-updates at lists.suse.com Wed Nov 30 09:59:39 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 30 Nov 2022 10:59:39 +0100 (CET) Subject: SUSE-CU-2022:3246-1: Security update of bci/nodejs Message-ID: <20221130095939.24477FBA7@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3246-1 Container Tags : bci/node:14 , bci/node:14-35.44 , bci/nodejs:14 , bci/nodejs:14-35.44 Container Release : 35.44 Severity : important Type : security References : 1188607 1203125 1204577 CVE-2019-18348 CVE-2020-10735 CVE-2020-8492 CVE-2022-37454 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4281-1 Released: Tue Nov 29 15:46:10 2022 Summary: Security update for python3 Type: security Severity: important References: 1188607,1203125,1204577,CVE-2019-18348,CVE-2020-10735,CVE-2020-8492,CVE-2022-37454 This update for python3 fixes the following issues: - CVE-2022-37454: Fixed a buffer overflow in hashlib.sha3_* implementations. (bsc#1204577) - CVE-2020-10735: Fixed a bug to limit amount of digits converting text to int and vice vera. (bsc#1203125) The following non-security bug was fixed: - Fixed a crash in the garbage collection (bsc#1188607). The following package changes have been done: - libpython3_6m1_0-3.6.15-150300.10.37.2 updated - python3-base-3.6.15-150300.10.37.2 updated From sle-updates at lists.suse.com Wed Nov 30 10:02:22 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 30 Nov 2022 11:02:22 +0100 (CET) Subject: SUSE-CU-2022:3247-1: Recommended update of suse/pcp Message-ID: <20221130100222.6CFC4FD2D@maintenance.suse.de> SUSE Container Update Advisory: suse/pcp ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3247-1 Container Tags : suse/pcp:5 , suse/pcp:5.2 , suse/pcp:5.2.2 , suse/pcp:5.2.2-11.96 , suse/pcp:latest Container Release : 11.96 Severity : important Type : recommended References : 1199074 1203216 1203482 ----------------------------------------------------------------- The container suse/pcp was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4256-1 Released: Mon Nov 28 12:36:32 2022 Summary: Recommended update for gcc12 Type: recommended Severity: moderate References: This update for gcc12 fixes the following issues: This update ship the GCC 12 compiler suite and its base libraries. The compiler baselibraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 11 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP3 and SP4, and provided in the 'Development Tools' module. The Go, D and Ada language compiler parts are available unsupported via the PackageHub repositories. To use gcc12 compilers use: - install 'gcc12' or 'gcc12-c++' or one of the other 'gcc12-COMPILER' frontend packages. - override your Makefile to use CC=gcc12, CXX=g++12 and similar overrides for the other languages. For a full changelog with all new GCC12 features, check out https://gcc.gnu.org/gcc-12/changes.html ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4262-1 Released: Tue Nov 29 05:45:23 2022 Summary: Recommended update for lvm2 Type: recommended Severity: important References: 1199074,1203216,1203482 This update for lvm2 fixes the following issues: - Fix terminated lvmlockd not clearing/adopting locks, leading to inability to start volume group (bsc#1203216) - Fix device-mapper rpm package versioning to prevent migration issues (bsc#1199074) - Fix lvmlockd to support sanlock (bsc#1203482) The following package changes have been done: - libgcc_s1-12.2.1+git416-150000.1.5.1 updated - libstdc++6-12.2.1+git416-150000.1.5.1 updated - libdevmapper1_03-2.03.05_1.02.163-150400.185.1 updated - container:bci-bci-init-15.4-15.4-24.47 updated From sle-updates at lists.suse.com Wed Nov 30 10:04:10 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 30 Nov 2022 11:04:10 +0100 (CET) Subject: SUSE-CU-2022:3224-1: Recommended update of bci/python Message-ID: <20221130100410.422D9FD2D@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3224-1 Container Tags : bci/python:3 , bci/python:3.6 , bci/python:3.6-31.6 Container Release : 31.6 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4256-1 Released: Mon Nov 28 12:36:32 2022 Summary: Recommended update for gcc12 Type: recommended Severity: moderate References: This update for gcc12 fixes the following issues: This update ship the GCC 12 compiler suite and its base libraries. The compiler baselibraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 11 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP3 and SP4, and provided in the 'Development Tools' module. The Go, D and Ada language compiler parts are available unsupported via the PackageHub repositories. To use gcc12 compilers use: - install 'gcc12' or 'gcc12-c++' or one of the other 'gcc12-COMPILER' frontend packages. - override your Makefile to use CC=gcc12, CXX=g++12 and similar overrides for the other languages. For a full changelog with all new GCC12 features, check out https://gcc.gnu.org/gcc-12/changes.html The following package changes have been done: - libgcc_s1-12.2.1+git416-150000.1.5.1 updated - libstdc++6-12.2.1+git416-150000.1.5.1 updated From sle-updates at lists.suse.com Wed Nov 30 10:37:47 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 30 Nov 2022 11:37:47 +0100 (CET) Subject: SUSE-CU-2022:3224-1: Recommended update of bci/python Message-ID: <20221130103747.5D9C6FBA7@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3224-1 Container Tags : bci/python:3 , bci/python:3.6 , bci/python:3.6-31.6 Container Release : 31.6 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4256-1 Released: Mon Nov 28 12:36:32 2022 Summary: Recommended update for gcc12 Type: recommended Severity: moderate References: This update for gcc12 fixes the following issues: This update ship the GCC 12 compiler suite and its base libraries. The compiler baselibraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 11 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP3 and SP4, and provided in the 'Development Tools' module. The Go, D and Ada language compiler parts are available unsupported via the PackageHub repositories. To use gcc12 compilers use: - install 'gcc12' or 'gcc12-c++' or one of the other 'gcc12-COMPILER' frontend packages. - override your Makefile to use CC=gcc12, CXX=g++12 and similar overrides for the other languages. For a full changelog with all new GCC12 features, check out https://gcc.gnu.org/gcc-12/changes.html The following package changes have been done: - libgcc_s1-12.2.1+git416-150000.1.5.1 updated - libstdc++6-12.2.1+git416-150000.1.5.1 updated From sle-updates at lists.suse.com Wed Nov 30 10:37:50 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 30 Nov 2022 11:37:50 +0100 (CET) Subject: SUSE-CU-2022:3249-1: Security update of bci/python Message-ID: <20221130103750.6862FFBA7@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3249-1 Container Tags : bci/python:3 , bci/python:3.6 , bci/python:3.6-31.7 Container Release : 31.7 Severity : important Type : security References : 1188607 1203125 1204577 CVE-2019-18348 CVE-2020-10735 CVE-2020-8492 CVE-2022-37454 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4281-1 Released: Tue Nov 29 15:46:10 2022 Summary: Security update for python3 Type: security Severity: important References: 1188607,1203125,1204577,CVE-2019-18348,CVE-2020-10735,CVE-2020-8492,CVE-2022-37454 This update for python3 fixes the following issues: - CVE-2022-37454: Fixed a buffer overflow in hashlib.sha3_* implementations. (bsc#1204577) - CVE-2020-10735: Fixed a bug to limit amount of digits converting text to int and vice vera. (bsc#1203125) The following non-security bug was fixed: - Fixed a crash in the garbage collection (bsc#1188607). The following package changes have been done: - libpython3_6m1_0-3.6.15-150300.10.37.2 updated - python3-base-3.6.15-150300.10.37.2 updated - python3-devel-3.6.15-150300.10.37.2 updated - container:sles15-image-15.0.0-27.14.21 updated From sle-updates at lists.suse.com Wed Nov 30 10:40:40 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 30 Nov 2022 11:40:40 +0100 (CET) Subject: SUSE-CU-2022:3250-1: Recommended update of bci/ruby Message-ID: <20221130104040.9F0F4FBA7@maintenance.suse.de> SUSE Container Update Advisory: bci/ruby ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3250-1 Container Tags : bci/ruby:2 , bci/ruby:2.5 , bci/ruby:2.5-31.38 , bci/ruby:latest Container Release : 31.38 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container bci/ruby was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4256-1 Released: Mon Nov 28 12:36:32 2022 Summary: Recommended update for gcc12 Type: recommended Severity: moderate References: This update for gcc12 fixes the following issues: This update ship the GCC 12 compiler suite and its base libraries. The compiler baselibraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 11 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP3 and SP4, and provided in the 'Development Tools' module. The Go, D and Ada language compiler parts are available unsupported via the PackageHub repositories. To use gcc12 compilers use: - install 'gcc12' or 'gcc12-c++' or one of the other 'gcc12-COMPILER' frontend packages. - override your Makefile to use CC=gcc12, CXX=g++12 and similar overrides for the other languages. For a full changelog with all new GCC12 features, check out https://gcc.gnu.org/gcc-12/changes.html The following package changes have been done: - libgcc_s1-12.2.1+git416-150000.1.5.1 updated - libstdc++6-12.2.1+git416-150000.1.5.1 updated - libatomic1-12.2.1+git416-150000.1.5.1 updated - libgomp1-12.2.1+git416-150000.1.5.1 updated - libitm1-12.2.1+git416-150000.1.5.1 updated - liblsan0-12.2.1+git416-150000.1.5.1 updated From sle-updates at lists.suse.com Wed Nov 30 10:42:31 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 30 Nov 2022 11:42:31 +0100 (CET) Subject: SUSE-CU-2022:3251-1: Recommended update of bci/rust Message-ID: <20221130104231.7BE07FBA7@maintenance.suse.de> SUSE Container Update Advisory: bci/rust ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3251-1 Container Tags : bci/rust:1.59 , bci/rust:1.59-9.105 Container Release : 9.105 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container bci/rust was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4256-1 Released: Mon Nov 28 12:36:32 2022 Summary: Recommended update for gcc12 Type: recommended Severity: moderate References: This update for gcc12 fixes the following issues: This update ship the GCC 12 compiler suite and its base libraries. The compiler baselibraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 11 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP3 and SP4, and provided in the 'Development Tools' module. The Go, D and Ada language compiler parts are available unsupported via the PackageHub repositories. To use gcc12 compilers use: - install 'gcc12' or 'gcc12-c++' or one of the other 'gcc12-COMPILER' frontend packages. - override your Makefile to use CC=gcc12, CXX=g++12 and similar overrides for the other languages. For a full changelog with all new GCC12 features, check out https://gcc.gnu.org/gcc-12/changes.html The following package changes have been done: - libgcc_s1-12.2.1+git416-150000.1.5.1 updated - libstdc++6-12.2.1+git416-150000.1.5.1 updated - libatomic1-12.2.1+git416-150000.1.5.1 updated - libgomp1-12.2.1+git416-150000.1.5.1 updated - libitm1-12.2.1+git416-150000.1.5.1 updated - liblsan0-12.2.1+git416-150000.1.5.1 updated From sle-updates at lists.suse.com Wed Nov 30 10:44:15 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 30 Nov 2022 11:44:15 +0100 (CET) Subject: SUSE-CU-2022:3252-1: Recommended update of bci/rust Message-ID: <20221130104415.7A31AFBA7@maintenance.suse.de> SUSE Container Update Advisory: bci/rust ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3252-1 Container Tags : bci/rust:1.60 , bci/rust:1.60-6.45 Container Release : 6.45 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container bci/rust was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4256-1 Released: Mon Nov 28 12:36:32 2022 Summary: Recommended update for gcc12 Type: recommended Severity: moderate References: This update for gcc12 fixes the following issues: This update ship the GCC 12 compiler suite and its base libraries. The compiler baselibraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 11 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP3 and SP4, and provided in the 'Development Tools' module. The Go, D and Ada language compiler parts are available unsupported via the PackageHub repositories. To use gcc12 compilers use: - install 'gcc12' or 'gcc12-c++' or one of the other 'gcc12-COMPILER' frontend packages. - override your Makefile to use CC=gcc12, CXX=g++12 and similar overrides for the other languages. For a full changelog with all new GCC12 features, check out https://gcc.gnu.org/gcc-12/changes.html The following package changes have been done: - libgcc_s1-12.2.1+git416-150000.1.5.1 updated - libstdc++6-12.2.1+git416-150000.1.5.1 updated - libatomic1-12.2.1+git416-150000.1.5.1 updated - libgomp1-12.2.1+git416-150000.1.5.1 updated - libitm1-12.2.1+git416-150000.1.5.1 updated - liblsan0-12.2.1+git416-150000.1.5.1 updated From sle-updates at lists.suse.com Wed Nov 30 10:45:35 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 30 Nov 2022 11:45:35 +0100 (CET) Subject: SUSE-CU-2022:3253-1: Recommended update of bci/rust Message-ID: <20221130104535.90BC7FBA7@maintenance.suse.de> SUSE Container Update Advisory: bci/rust ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3253-1 Container Tags : bci/rust:1.61 , bci/rust:1.61-9.4 Container Release : 9.4 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container bci/rust was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4256-1 Released: Mon Nov 28 12:36:32 2022 Summary: Recommended update for gcc12 Type: recommended Severity: moderate References: This update for gcc12 fixes the following issues: This update ship the GCC 12 compiler suite and its base libraries. The compiler baselibraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 11 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP3 and SP4, and provided in the 'Development Tools' module. The Go, D and Ada language compiler parts are available unsupported via the PackageHub repositories. To use gcc12 compilers use: - install 'gcc12' or 'gcc12-c++' or one of the other 'gcc12-COMPILER' frontend packages. - override your Makefile to use CC=gcc12, CXX=g++12 and similar overrides for the other languages. For a full changelog with all new GCC12 features, check out https://gcc.gnu.org/gcc-12/changes.html The following package changes have been done: - libgcc_s1-12.2.1+git416-150000.1.5.1 updated - libstdc++6-12.2.1+git416-150000.1.5.1 updated - libatomic1-12.2.1+git416-150000.1.5.1 updated - libgomp1-12.2.1+git416-150000.1.5.1 updated - libitm1-12.2.1+git416-150000.1.5.1 updated - liblsan0-12.2.1+git416-150000.1.5.1 updated - libubsan1-12.2.1+git416-150000.1.5.1 updated From sle-updates at lists.suse.com Wed Nov 30 10:46:51 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 30 Nov 2022 11:46:51 +0100 (CET) Subject: SUSE-CU-2022:3254-1: Recommended update of bci/rust Message-ID: <20221130104651.41F71FBA7@maintenance.suse.de> SUSE Container Update Advisory: bci/rust ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3254-1 Container Tags : bci/rust:1.62 , bci/rust:1.62-5.6 Container Release : 5.6 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container bci/rust was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4236-1 Released: Fri Nov 25 18:20:32 2022 Summary: Recommended update for linux-glibc-devel Type: recommended Severity: moderate References: This update for linux-glibc-devel fixes the following issues: - Add the rest of 1.0 IAA operation definitions to the user header (jsc#PED-813). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4256-1 Released: Mon Nov 28 12:36:32 2022 Summary: Recommended update for gcc12 Type: recommended Severity: moderate References: This update for gcc12 fixes the following issues: This update ship the GCC 12 compiler suite and its base libraries. The compiler baselibraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 11 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP3 and SP4, and provided in the 'Development Tools' module. The Go, D and Ada language compiler parts are available unsupported via the PackageHub repositories. To use gcc12 compilers use: - install 'gcc12' or 'gcc12-c++' or one of the other 'gcc12-COMPILER' frontend packages. - override your Makefile to use CC=gcc12, CXX=g++12 and similar overrides for the other languages. For a full changelog with all new GCC12 features, check out https://gcc.gnu.org/gcc-12/changes.html The following package changes have been done: - libgcc_s1-12.2.1+git416-150000.1.5.1 updated - libstdc++6-12.2.1+git416-150000.1.5.1 updated - libatomic1-12.2.1+git416-150000.1.5.1 updated - libgomp1-12.2.1+git416-150000.1.5.1 updated - libitm1-12.2.1+git416-150000.1.5.1 updated - liblsan0-12.2.1+git416-150000.1.5.1 updated - libubsan1-12.2.1+git416-150000.1.5.1 updated - linux-glibc-devel-5.14-150400.6.3.1 updated From sle-updates at lists.suse.com Wed Nov 30 10:47:43 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 30 Nov 2022 11:47:43 +0100 (CET) Subject: SUSE-CU-2022:3255-1: Recommended update of bci/rust Message-ID: <20221130104743.5C889FBA7@maintenance.suse.de> SUSE Container Update Advisory: bci/rust ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3255-1 Container Tags : bci/rust:1.63 , bci/rust:1.63-4.21 Container Release : 4.21 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container bci/rust was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4256-1 Released: Mon Nov 28 12:36:32 2022 Summary: Recommended update for gcc12 Type: recommended Severity: moderate References: This update for gcc12 fixes the following issues: This update ship the GCC 12 compiler suite and its base libraries. The compiler baselibraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 11 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP3 and SP4, and provided in the 'Development Tools' module. The Go, D and Ada language compiler parts are available unsupported via the PackageHub repositories. To use gcc12 compilers use: - install 'gcc12' or 'gcc12-c++' or one of the other 'gcc12-COMPILER' frontend packages. - override your Makefile to use CC=gcc12, CXX=g++12 and similar overrides for the other languages. For a full changelog with all new GCC12 features, check out https://gcc.gnu.org/gcc-12/changes.html The following package changes have been done: - libgcc_s1-12.2.1+git416-150000.1.5.1 updated - libstdc++6-12.2.1+git416-150000.1.5.1 updated - libatomic1-12.2.1+git416-150000.1.5.1 updated - libgomp1-12.2.1+git416-150000.1.5.1 updated - libitm1-12.2.1+git416-150000.1.5.1 updated - liblsan0-12.2.1+git416-150000.1.5.1 updated - libubsan1-12.2.1+git416-150000.1.5.1 updated From sle-updates at lists.suse.com Wed Nov 30 10:48:12 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 30 Nov 2022 11:48:12 +0100 (CET) Subject: SUSE-CU-2022:3256-1: Recommended update of bci/rust Message-ID: <20221130104812.16D52FBA7@maintenance.suse.de> SUSE Container Update Advisory: bci/rust ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3256-1 Container Tags : bci/rust:1.64 , bci/rust:1.64-3.6 Container Release : 3.6 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container bci/rust was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4256-1 Released: Mon Nov 28 12:36:32 2022 Summary: Recommended update for gcc12 Type: recommended Severity: moderate References: This update for gcc12 fixes the following issues: This update ship the GCC 12 compiler suite and its base libraries. The compiler baselibraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 11 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP3 and SP4, and provided in the 'Development Tools' module. The Go, D and Ada language compiler parts are available unsupported via the PackageHub repositories. To use gcc12 compilers use: - install 'gcc12' or 'gcc12-c++' or one of the other 'gcc12-COMPILER' frontend packages. - override your Makefile to use CC=gcc12, CXX=g++12 and similar overrides for the other languages. For a full changelog with all new GCC12 features, check out https://gcc.gnu.org/gcc-12/changes.html The following package changes have been done: - libgcc_s1-12.2.1+git416-150000.1.5.1 updated - libstdc++6-12.2.1+git416-150000.1.5.1 updated - libatomic1-12.2.1+git416-150000.1.5.1 updated - libgomp1-12.2.1+git416-150000.1.5.1 updated - libitm1-12.2.1+git416-150000.1.5.1 updated - liblsan0-12.2.1+git416-150000.1.5.1 updated - libubsan1-12.2.1+git416-150000.1.5.1 updated From sle-updates at lists.suse.com Wed Nov 30 10:49:55 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 30 Nov 2022 11:49:55 +0100 (CET) Subject: SUSE-CU-2022:3258-1: Recommended update of suse/sle15 Message-ID: <20221130104955.10ACEFBA7@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3258-1 Container Tags : bci/bci-base:15.4 , bci/bci-base:15.4.27.14.21 , suse/sle15:15.4 , suse/sle15:15.4.27.14.21 Container Release : 27.14.21 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4256-1 Released: Mon Nov 28 12:36:32 2022 Summary: Recommended update for gcc12 Type: recommended Severity: moderate References: This update for gcc12 fixes the following issues: This update ship the GCC 12 compiler suite and its base libraries. The compiler baselibraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 11 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP3 and SP4, and provided in the 'Development Tools' module. The Go, D and Ada language compiler parts are available unsupported via the PackageHub repositories. To use gcc12 compilers use: - install 'gcc12' or 'gcc12-c++' or one of the other 'gcc12-COMPILER' frontend packages. - override your Makefile to use CC=gcc12, CXX=g++12 and similar overrides for the other languages. For a full changelog with all new GCC12 features, check out https://gcc.gnu.org/gcc-12/changes.html The following package changes have been done: - libgcc_s1-12.2.1+git416-150000.1.5.1 updated - libstdc++6-12.2.1+git416-150000.1.5.1 updated From sle-updates at lists.suse.com Wed Nov 30 10:51:39 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 30 Nov 2022 11:51:39 +0100 (CET) Subject: SUSE-CU-2022:3259-1: Security update of suse/sle-micro/5.1/toolbox Message-ID: <20221130105139.9FA02FBA7@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.1/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3259-1 Container Tags : suse/sle-micro/5.1/toolbox:11.1 , suse/sle-micro/5.1/toolbox:11.1-2.2.326 , suse/sle-micro/5.1/toolbox:latest Container Release : 2.2.326 Severity : important Type : security References : 1184689 1188086 1188607 1192252 1192478 1192648 1197428 1198523 1199074 1200330 1202269 1202337 1202417 1202962 1203110 1203125 1203152 1203155 1203194 1203216 1203272 1203508 1203509 1203796 1203797 1203799 1203818 1203820 1203924 1204577 1204779 CVE-2019-18348 CVE-2020-10735 CVE-2020-8492 CVE-2021-3928 CVE-2022-2980 CVE-2022-2982 CVE-2022-3037 CVE-2022-3099 CVE-2022-3134 CVE-2022-3153 CVE-2022-3234 CVE-2022-3235 CVE-2022-3278 CVE-2022-3296 CVE-2022-3297 CVE-2022-3324 CVE-2022-3352 CVE-2022-3705 CVE-2022-37454 ----------------------------------------------------------------- The container suse/sle-micro/5.1/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4270-1 Released: Tue Nov 29 13:20:45 2022 Summary: Recommended update for lvm2 Type: recommended Severity: moderate References: 1198523,1199074,1203216 This update for lvm2 fixes the following issues: - Design changes to avoid kernel panic (bsc#1198523) - Fix device-mapper rpm package versioning to prevent migration issues (bsc#1199074) - killed lvmlockd doesn't clear/adopt locks leading to inability to start volume group (bsc#1203216) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4278-1 Released: Tue Nov 29 15:43:49 2022 Summary: Security update for supportutils Type: security Severity: moderate References: 1184689,1188086,1192252,1192648,1197428,1200330,1202269,1202337,1202417,1203818 This update for supportutils fixes the following issues: Security issues fixed: - Passwords correctly removed from email.txt, updates.txt and fs-iscsi.txt (bsc#1203818) Bug fixes: - Added lifecycle information - Fixed KVM virtualization detection on bare metal (bsc#1184689) - Added logging using journalctl (bsc#1200330) - Get current sar data before collecting files (bsc#1192648) - Collects everything in /etc/multipath/ (bsc#1192252) - Collects power management information in hardware.txt (bsc#1197428) - Checks for suseconnect-ng or SUSEConnect packages (bsc#1202337) - Fixed conf_files and conf_text_files so y2log is gathered (bsc#1202269) - Update to nvme_info and block_info (bsc#1202417) - Added includedir directories from /etc/sudoers (bsc#1188086) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4281-1 Released: Tue Nov 29 15:46:10 2022 Summary: Security update for python3 Type: security Severity: important References: 1188607,1203125,1204577,CVE-2019-18348,CVE-2020-10735,CVE-2020-8492,CVE-2022-37454 This update for python3 fixes the following issues: - CVE-2022-37454: Fixed a buffer overflow in hashlib.sha3_* implementations. (bsc#1204577) - CVE-2020-10735: Fixed a bug to limit amount of digits converting text to int and vice vera. (bsc#1203125) The following non-security bug was fixed: - Fixed a crash in the garbage collection (bsc#1188607). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4282-1 Released: Tue Nov 29 15:50:15 2022 Summary: Security update for vim Type: security Severity: important References: 1192478,1202962,1203110,1203152,1203155,1203194,1203272,1203508,1203509,1203796,1203797,1203799,1203820,1203924,1204779,CVE-2021-3928,CVE-2022-2980,CVE-2022-2982,CVE-2022-3037,CVE-2022-3099,CVE-2022-3134,CVE-2022-3153,CVE-2022-3234,CVE-2022-3235,CVE-2022-3278,CVE-2022-3296,CVE-2022-3297,CVE-2022-3324,CVE-2022-3352,CVE-2022-3705 This update for vim fixes the following issues: Updated to version 9.0 with patch level 0814: - CVE-2021-3928: Fixed stack-based buffer overflow (bsc#1192478). - CVE-2022-3234: Fixed heap-based buffer overflow (bsc#1203508). - CVE-2022-3235: Fixed use-after-free (bsc#1203509). - CVE-2022-3324: Fixed stack-based buffer overflow (bsc#1203820). - CVE-2022-3705: Fixed use-after-free in function qf_update_buffer of the file quickfix.c (bsc#1204779). - CVE-2022-2982: Fixed use-after-free in qf_fill_buffer() (bsc#1203152). - CVE-2022-3296: Fixed stack out of bounds read in ex_finally() in ex_eval.c (bsc#1203796). - CVE-2022-3297: Fixed use-after-free in process_next_cpt_value() at insexpand.c (bsc#1203797). - CVE-2022-3099: Fixed use-after-free in ex_docmd.c (bsc#1203110). - CVE-2022-3134: Fixed use-after-free in do_tag() (bsc#1203194). - CVE-2022-3153: Fixed NULL pointer dereference (bsc#1203272). - CVE-2022-3278: Fixed NULL pointer dereference in eval_next_non_blank() in eval.c (bsc#1203799). - CVE-2022-3352: Fixed use-after-free (bsc#1203924). - CVE-2022-2980: Fixed NULL pointer dereference in do_mouse() (bsc#1203155). - CVE-2022-3037: Fixed use-after-free (bsc#1202962). The following package changes have been done: - libdevmapper1_03-2.03.05_1.02.163-150200.8.49.1 updated - libpython3_6m1_0-3.6.15-150300.10.37.2 updated - python3-base-3.6.15-150300.10.37.2 updated - supportutils-3.1.21-150300.7.35.15.1 updated - vim-data-common-9.0.0814-150000.5.28.1 updated - vim-9.0.0814-150000.5.28.1 updated From sle-updates at lists.suse.com Wed Nov 30 10:58:47 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 30 Nov 2022 11:58:47 +0100 (CET) Subject: SUSE-CU-2022:3262-1: Security update of suse/sle-micro/5.2/toolbox Message-ID: <20221130105847.EB3A7FBA7@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.2/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3262-1 Container Tags : suse/sle-micro/5.2/toolbox:11.1 , suse/sle-micro/5.2/toolbox:11.1-6.2.147 , suse/sle-micro/5.2/toolbox:latest Container Release : 6.2.147 Severity : important Type : security References : 1184689 1188086 1188607 1192252 1192478 1192648 1197428 1198523 1199074 1200330 1202269 1202337 1202417 1202962 1203110 1203125 1203152 1203155 1203194 1203216 1203272 1203508 1203509 1203796 1203797 1203799 1203818 1203820 1203924 1204577 1204779 CVE-2019-18348 CVE-2020-10735 CVE-2020-8492 CVE-2021-3928 CVE-2022-2980 CVE-2022-2982 CVE-2022-3037 CVE-2022-3099 CVE-2022-3134 CVE-2022-3153 CVE-2022-3234 CVE-2022-3235 CVE-2022-3278 CVE-2022-3296 CVE-2022-3297 CVE-2022-3324 CVE-2022-3352 CVE-2022-3705 CVE-2022-37454 ----------------------------------------------------------------- The container suse/sle-micro/5.2/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4270-1 Released: Tue Nov 29 13:20:45 2022 Summary: Recommended update for lvm2 Type: recommended Severity: moderate References: 1198523,1199074,1203216 This update for lvm2 fixes the following issues: - Design changes to avoid kernel panic (bsc#1198523) - Fix device-mapper rpm package versioning to prevent migration issues (bsc#1199074) - killed lvmlockd doesn't clear/adopt locks leading to inability to start volume group (bsc#1203216) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4278-1 Released: Tue Nov 29 15:43:49 2022 Summary: Security update for supportutils Type: security Severity: moderate References: 1184689,1188086,1192252,1192648,1197428,1200330,1202269,1202337,1202417,1203818 This update for supportutils fixes the following issues: Security issues fixed: - Passwords correctly removed from email.txt, updates.txt and fs-iscsi.txt (bsc#1203818) Bug fixes: - Added lifecycle information - Fixed KVM virtualization detection on bare metal (bsc#1184689) - Added logging using journalctl (bsc#1200330) - Get current sar data before collecting files (bsc#1192648) - Collects everything in /etc/multipath/ (bsc#1192252) - Collects power management information in hardware.txt (bsc#1197428) - Checks for suseconnect-ng or SUSEConnect packages (bsc#1202337) - Fixed conf_files and conf_text_files so y2log is gathered (bsc#1202269) - Update to nvme_info and block_info (bsc#1202417) - Added includedir directories from /etc/sudoers (bsc#1188086) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4281-1 Released: Tue Nov 29 15:46:10 2022 Summary: Security update for python3 Type: security Severity: important References: 1188607,1203125,1204577,CVE-2019-18348,CVE-2020-10735,CVE-2020-8492,CVE-2022-37454 This update for python3 fixes the following issues: - CVE-2022-37454: Fixed a buffer overflow in hashlib.sha3_* implementations. (bsc#1204577) - CVE-2020-10735: Fixed a bug to limit amount of digits converting text to int and vice vera. (bsc#1203125) The following non-security bug was fixed: - Fixed a crash in the garbage collection (bsc#1188607). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4282-1 Released: Tue Nov 29 15:50:15 2022 Summary: Security update for vim Type: security Severity: important References: 1192478,1202962,1203110,1203152,1203155,1203194,1203272,1203508,1203509,1203796,1203797,1203799,1203820,1203924,1204779,CVE-2021-3928,CVE-2022-2980,CVE-2022-2982,CVE-2022-3037,CVE-2022-3099,CVE-2022-3134,CVE-2022-3153,CVE-2022-3234,CVE-2022-3235,CVE-2022-3278,CVE-2022-3296,CVE-2022-3297,CVE-2022-3324,CVE-2022-3352,CVE-2022-3705 This update for vim fixes the following issues: Updated to version 9.0 with patch level 0814: - CVE-2021-3928: Fixed stack-based buffer overflow (bsc#1192478). - CVE-2022-3234: Fixed heap-based buffer overflow (bsc#1203508). - CVE-2022-3235: Fixed use-after-free (bsc#1203509). - CVE-2022-3324: Fixed stack-based buffer overflow (bsc#1203820). - CVE-2022-3705: Fixed use-after-free in function qf_update_buffer of the file quickfix.c (bsc#1204779). - CVE-2022-2982: Fixed use-after-free in qf_fill_buffer() (bsc#1203152). - CVE-2022-3296: Fixed stack out of bounds read in ex_finally() in ex_eval.c (bsc#1203796). - CVE-2022-3297: Fixed use-after-free in process_next_cpt_value() at insexpand.c (bsc#1203797). - CVE-2022-3099: Fixed use-after-free in ex_docmd.c (bsc#1203110). - CVE-2022-3134: Fixed use-after-free in do_tag() (bsc#1203194). - CVE-2022-3153: Fixed NULL pointer dereference (bsc#1203272). - CVE-2022-3278: Fixed NULL pointer dereference in eval_next_non_blank() in eval.c (bsc#1203799). - CVE-2022-3352: Fixed use-after-free (bsc#1203924). - CVE-2022-2980: Fixed NULL pointer dereference in do_mouse() (bsc#1203155). - CVE-2022-3037: Fixed use-after-free (bsc#1202962). The following package changes have been done: - libdevmapper1_03-2.03.05_1.02.163-150200.8.49.1 updated - libpython3_6m1_0-3.6.15-150300.10.37.2 updated - python3-base-3.6.15-150300.10.37.2 updated - supportutils-3.1.21-150300.7.35.15.1 updated - vim-data-common-9.0.0814-150000.5.28.1 updated - vim-9.0.0814-150000.5.28.1 updated From sle-updates at lists.suse.com Wed Nov 30 10:59:23 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 30 Nov 2022 11:59:23 +0100 (CET) Subject: SUSE-CU-2022:3263-1: Security update of trento/trento-db Message-ID: <20221130105923.9EDC7FBA7@maintenance.suse.de> SUSE Container Update Advisory: trento/trento-db ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3263-1 Container Tags : trento/trento-db:14.5 , trento/trento-db:14.5-rev1.0.0 , trento/trento-db:14.5-rev1.0.0-build2.2.178 , trento/trento-db:latest Container Release : 2.2.178 Severity : important Type : security References : 1033084 1033085 1033086 1033087 1033088 1033089 1033090 1047178 1082318 1104264 1106390 1107066 1107067 1111973 1112723 1112726 1123685 1125007 1167864 1177460 1180995 1181961 1197178 1198341 1198627 1198731 1198752 1199140 1199492 1199944 1200800 1200842 1201680 1201959 1201978 1202175 1202310 1202324 1202593 1202812 1203018 1203046 1203652 1203911 1204137 1204179 1204211 1204366 1204367 1204383 1204649 1204968 1205156 CVE-2016-3709 CVE-2017-6512 CVE-2017-7607 CVE-2017-7608 CVE-2017-7609 CVE-2017-7610 CVE-2017-7611 CVE-2017-7612 CVE-2017-7613 CVE-2018-16062 CVE-2018-16402 CVE-2018-16403 CVE-2018-18310 CVE-2018-18520 CVE-2018-18521 CVE-2019-7146 CVE-2019-7148 CVE-2019-7149 CVE-2019-7150 CVE-2019-7664 CVE-2019-7665 CVE-2020-10696 CVE-2021-20206 CVE-2021-46828 CVE-2022-1664 CVE-2022-29458 CVE-2022-2990 CVE-2022-31252 CVE-2022-32221 CVE-2022-35252 CVE-2022-37434 CVE-2022-3821 CVE-2022-40303 CVE-2022-40304 ----------------------------------------------------------------- The container trento/trento-db was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2614-1 Released: Mon Aug 1 10:41:04 2022 Summary: Security update for dwarves and elfutils Type: security Severity: moderate References: 1033084,1033085,1033086,1033087,1033088,1033089,1033090,1082318,1104264,1106390,1107066,1107067,1111973,1112723,1112726,1123685,1125007,CVE-2017-7607,CVE-2017-7608,CVE-2017-7609,CVE-2017-7610,CVE-2017-7611,CVE-2017-7612,CVE-2017-7613,CVE-2018-16062,CVE-2018-16402,CVE-2018-16403,CVE-2018-18310,CVE-2018-18520,CVE-2018-18521,CVE-2019-7146,CVE-2019-7148,CVE-2019-7149,CVE-2019-7150,CVE-2019-7664,CVE-2019-7665 This update for dwarves and elfutils fixes the following issues: elfutils was updated to version 0.177 (jsc#SLE-24501): - elfclassify: New tool to analyze ELF objects. - readelf: Print DW_AT_data_member_location as decimal offset. Decode DW_AT_discr_list block attributes. - libdw: Add DW_AT_GNU_numerator, DW_AT_GNU_denominator and DW_AT_GNU_bias. - libdwelf: Add dwelf_elf_e_machine_string. dwelf_elf_begin now only returns NULL when there is an error reading or decompressing a file. If the file is not an ELF file an ELF handle of type ELF_K_NONE is returned. - backends: Add support for C-SKY. Update to version 0.176: - build: Add new --enable-install-elfh option. Do NOT use this for system installs (it overrides glibc elf.h). - backends: riscv improved core file and return value location support. - Fixes: - CVE-2019-7146, CVE-2019-7148, CVE-2019-7149, CVE-2019-7664 - CVE-2019-7150: dwfl_segment_report_module doesn't check whether the dyn data read from core file is truncated (bsc#1123685) - CVE-2019-7665: NT_PLATFORM core file note should be a zero terminated string (CVE is a bit misleading, as this is not a bug in libelf as described) (bsc#1125007) Update to version 0.175: - readelf: Handle mutliple .debug_macro sections. Recognize and parse GNU Property, NT_VERSION and GNU Build Attribute ELF Notes. - strip: Handle SHT_GROUP correctly. Add strip --reloc-debug-sections-only option. Handle relocations against GNU compressed sections. - libdwelf: New function dwelf_elf_begin. - libcpu: Recognize bpf jump variants BPF_JLT, BPF_JLE, BPF_JSLT and BPF_JSLE. backends: RISCV handles ADD/SUB relocations. Handle SHT_X86_64_UNWIND. - CVE-2018-18521: arlib: Divide-by-zero vulnerabilities in the function arlib_add_symbols() used by eu-ranlib (bsc#1112723) - CVE-2018-18310: Invalid Address Read problem in dwfl_segment_report_module.c (bsc#1111973) - CVE-2018-18520: eu-size: Bad handling of ar files inside are files (bsc#1112726) Update to version 0.174: - libelf, libdw and all tools now handle extended shnum and shstrndx correctly. - elfcompress: Don't rewrite input file if no section data needs updating. Try harder to keep same file mode bits (suid) on rewrite. - strip: Handle mixed (out of order) allocated/non-allocated sections. - unstrip: Handle SHT_GROUP sections. - backends: RISCV and M68K now have backend implementations to generate CFI based backtraces. - Fixes: - CVE-2018-16402: libelf: denial of service/double free on an attempt to decompress the same section twice (bsc#1107066) Double-free crash in nm and readelf - CVE-2018-16403: heap buffer overflow in readelf (bsc#1107067) - CVE-2018-16062: heap-buffer-overflow in /elfutils/libdw/dwarf_getaranges.c:156 (bsc#1106390) Update to version 0.173: - More fixes for crashes and hangs found by afl-fuzz. In particular various functions now detect and break infinite loops caused by bad DIE tree cycles. - readelf: Will now lookup the size and signedness of constant value types to display them correctly (and not just how they were encoded). - libdw: New function dwarf_next_lines to read CU-less .debug_line data. dwarf_begin_elf now accepts ELF files containing just .debug_line or .debug_frame sections (which can be read without needing a DIE tree from the .debug_info section). Removed dwarf_getscn_info, which was never implemented. - backends: Handle BPF simple relocations. The RISCV backends now handles ABI specific CFI and knows about RISCV register types and names. Update to version 0.172: - Various bug fixes in libdw and eu-readelf dealing with bad DWARF5 data. Thanks to running the afl fuzzer on eu-readelf and various testcases. Update to version 0.171: - DWARF5 and split dwarf, including GNU DebugFission, are supported now. Data can be read from the new DWARF sections .debug_addr, .debug_line_str, .debug_loclists, .debug_str_offsets and .debug_rnglists. Plus the new DWARF5 and GNU DebugFission encodings of the existing .debug sections. Also in split DWARF .dwo (DWARF object) files. This support is mostly handled by existing functions (dwarf_getlocation*, dwarf_getsrclines, dwarf_ranges, dwarf_form*, etc.) now returning the data from the new sections and data formats. But some new functions have been added to more easily get information about skeleton and split compile units (dwarf_get_units and dwarf_cu_info), handle new attribute data (dwarf_getabbrevattr_data) and to keep references to Dwarf_Dies that might come from different sections or files (dwarf_die_addr_die). - Not yet supported are .dwp (Dwarf Package) and .sup (Dwarf Supplementary) files, the .debug_names index, the .debug_cu_index and .debug_tu_index sections. Only a single .debug_info (and .debug_types) section are currently handled. - readelf: Handle all new DWARF5 sections. --debug-dump=info+ will show split unit DIEs when found. --dwarf-skeleton can be used when inspecting a .dwo file. Recognizes GNU locviews with --debug-dump=loc. - libdw: New functions dwarf_die_addr_die, dwarf_get_units, dwarf_getabbrevattr_data and dwarf_cu_info. libdw will now try to resolve the alt file on first use of an alt attribute FORM when not set yet with dwarf_set_alt. dwarf_aggregate_size() now works with multi-dimensional arrays. - libdwfl: Use process_vm_readv when available instead of ptrace. backends: Add a RISC-V backend. There were various improvements to build on Windows. The sha1 and md5 implementations have been removed, they weren't used. Update to version 0.170: - libdw: Added new DWARF5 attribute, tag, character encoding, language code, calling convention, defaulted member function and macro constants to dwarf.h. New functions dwarf_default_lower_bound and dwarf_line_file. dwarf_peel_type now handles DWARF5 immutable, packed and shared tags. dwarf_getmacros now handles DWARF5 .debug_macro sections. - strip: Add -R, --remove-section=SECTION and --keep-section=SECTION. - backends: The bpf disassembler is now always build on all platforms. Update to version 0.169: - backends: Add support for EM_PPC64 GNU_ATTRIBUTES. Frame pointer unwinding fallback support for i386, x86_64, aarch64. - translations: Update Polish translation. - CVE-2017-7611: elfutils: DoS (heap-based buffer over-read and application crash) via a crafted ELF file (bsc#1033088) - CVE-2017-7610: elflint: heap-based buffer overflow in check_group (bsc#1033087) - CVE-2017-7609: memory allocation failure in __libelf_decompress (bsc#1033086) - CVE-2017-7607: heap-based buffer overflow in handle_gnu_hashi (readelf.c) (bsc#1033084) - CVE-2017-7608: heap-based buffer overflow in ebl_object_note_type_name (eblobjnotetypename.c) (bsc#1033085) - CVE-2017-7613: elfutils: denial of service (memory consumption) via a crafted ELF file (bsc#1033090) - CVE-2017-7612: elfutils: denial of service (heap-based buffer over-read and application crash) via a crafted ELF file (bsc#1033089) - Don't make elfutils recommend elfutils-lang as elfutils-lang already supplements elfutils. dwarves is shipped new in version 1.22 to provide tooling for use by the Linux Kernel BTF verification framework. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2717-1 Released: Tue Aug 9 12:54:16 2022 Summary: Security update for ncurses Type: security Severity: moderate References: 1198627,CVE-2022-29458 This update for ncurses fixes the following issues: - CVE-2022-29458: Fixed segfaulting out-of-bounds read in convert_strings in tinfo/read_entry.c (bsc#1198627). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2904-1 Released: Fri Aug 26 05:28:34 2022 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1198341 This update for openldap2 fixes the following issues: - Prevent memory reuse which may lead to instability (bsc#1198341) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2929-1 Released: Mon Aug 29 11:21:47 2022 Summary: Recommended update for timezone Type: recommended Severity: important References: 1202310 This update for timezone fixes the following issue: - Reflect new Chile DST change (bsc#1202310) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2947-1 Released: Wed Aug 31 09:16:21 2022 Summary: Security update for zlib Type: security Severity: important References: 1202175,CVE-2022-37434 This update for zlib fixes the following issues: - CVE-2022-37434: Fixed heap-based buffer over-read or buffer overflow via large gzip header extra field (bsc#1202175). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2982-1 Released: Thu Sep 1 12:33:47 2022 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1197178,1198731,1200842 This update for util-linux fixes the following issues: - su: Change owner and mode for pty (bsc#1200842) - agetty: Resolve tty name even if stdin is specified (bsc#1197178) - libmount: When moving a mount point, update all sub mount entries in utab (bsc#1198731) - mesg: use only stat() to get the current terminal status (bsc#1200842) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3004-1 Released: Fri Sep 2 15:02:14 2022 Summary: Security update for curl Type: security Severity: low References: 1202593,CVE-2022-35252 This update for curl fixes the following issues: - CVE-2022-35252: Fixed a potential injection of control characters into cookies, which could be exploited by sister sites to cause a denial of service (bsc#1202593). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3127-1 Released: Wed Sep 7 04:36:10 2022 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1198752,1200800 This update for libtirpc fixes the following issues: - Exclude ipv6 addresses in client protocol version 2 code (bsc#1200800) - Fix memory leak in params.r_addr assignement (bsc#1198752) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3262-1 Released: Tue Sep 13 15:34:29 2022 Summary: Recommended update for gcc11 Type: recommended Severity: moderate References: 1199140 This update for gcc11 ships some missing 32bit libraries for s390x. (bsc#1199140) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3271-1 Released: Wed Sep 14 06:45:39 2022 Summary: Security update for perl Type: security Severity: moderate References: 1047178,CVE-2017-6512 This update for perl fixes the following issues: - CVE-2017-6512: Fixed File::Path rmtree/remove_tree race condition (bsc#1047178). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3276-1 Released: Thu Sep 15 06:15:29 2022 Summary: This update fixes the following issues: Type: recommended Severity: moderate References: Implement ECO jsc#SLE-20950 to fix the channel configuration for libeconf-devel having L3 support (instead of unsupported). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3305-1 Released: Mon Sep 19 11:45:57 2022 Summary: Security update for libtirpc Type: security Severity: important References: 1201680,CVE-2021-46828 This update for libtirpc fixes the following issues: - CVE-2021-46828: Fixed denial of service vulnerability with lots of connections (bsc#1201680). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3394-1 Released: Mon Sep 26 16:05:19 2022 Summary: Security update for permissions Type: security Severity: moderate References: 1203018,CVE-2022-31252 This update for permissions fixes the following issues: - CVE-2022-31252: Fixed chkstat group controlled paths (bsc#1203018). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3555-1 Released: Mon Oct 10 14:05:12 2022 Summary: Recommended update for aaa_base Type: recommended Severity: important References: 1199492 This update for aaa_base fixes the following issues: - The wrapper rootsh is not a restricted shell. (bsc#1199492) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3766-1 Released: Wed Oct 26 11:38:01 2022 Summary: Security update for buildah Type: security Severity: important References: 1167864,1181961,1202812,CVE-2020-10696,CVE-2021-20206,CVE-2022-2990 This update for buildah fixes the following issues: - CVE-2021-20206: Fixed an issue in libcni that could allow an attacker to execute arbitrary binaries on the host (bsc#1181961). - CVE-2020-10696: Fixed an issue that could lead to files being overwritten during the image building process (bsc#1167864). - CVE-2022-2990: Fixed possible information disclosure and modification / bsc#1202812 Buildah was updated to version 1.27.1: * run: add container gid to additional groups - Add fix for CVE-2022-2990 / bsc#1202812 Update to version 1.27.0: * Don't try to call runLabelStdioPipes if spec.Linux is not set * build: support filtering cache by duration using --cache-ttl * build: support building from commit when using git repo as build context * build: clean up git repos correctly when using subdirs * integration tests: quote '?' in shell scripts * test: manifest inspect should have OCIv1 annotation * vendor: bump to c/common at 87fab4b7019a * Failure to determine a file or directory should print an error * refactor: remove unused CommitOptions from generateBuildOutput * stage_executor: generate output for cases with no commit * stage_executor, commit: output only if last stage in build * Use errors.Is() instead of os.Is{Not,}Exist * Minor test tweak for podman-remote compatibility * Cirrus: Use the latest imgts container * imagebuildah: complain about the right Dockerfile * tests: don't try to wrap `nil` errors * cmd/buildah.commitCmd: don't shadow 'err' * cmd/buildah.pullCmd: complain about DecryptConfig/EncryptConfig * Fix a copy/paste error message * Fix a typo in an error message * build,cache: support pulling/pushing cache layers to/from remote sources * Update vendor of containers/(common, storage, image) * Rename chroot/run.go to chroot/run_linux.go * Don't bother telling codespell to skip files that don't exist * Set user namespace defaults correctly for the library * imagebuildah: optimize cache hits for COPY and ADD instructions * Cirrus: Update VM images w/ updated bats * docs, run: show SELinux label flag for cache and bind mounts * imagebuildah, build: remove undefined concurrent writes * bump github.com/opencontainers/runtime-tools * Add FreeBSD support for 'buildah info' * Vendor in latest containers/(storage, common, image) * Add freebsd cross build targets * Make the jail package build on 32bit platforms * Cirrus: Ensure the build-push VM image is labeled * GHA: Fix dynamic script filename * Vendor in containers/(common, storage, image) * Run codespell * Remove import of github.com/pkg/errors * Avoid using cgo in pkg/jail * Rename footypes to fooTypes for naming consistency * Move cleanupTempVolumes and cleanupRunMounts to run_common.go * Make the various run mounts work for FreeBSD * Move get{Bind,Tmpfs,Secret,SSH}Mount to run_common.go * Move runSetupRunMounts to run_common.go * Move cleanableDestinationListFromMounts to run_common.go * Make setupMounts and runSetupBuiltinVolumes work on FreeBSD * Move setupMounts and runSetupBuiltinVolumes to run_common.go * Tidy up - runMakeStdioPipe can't be shared with linux * Move runAcceptTerminal to run_common.go * Move stdio copying utilities to run_common.go * Move runUsingRuntime and runCollectOutput to run_common.go * Move fileCloser, waitForSync and contains to run_common.go * Move checkAndOverrideIsolationOptions to run_common.go * Move DefaultNamespaceOptions to run_common.go * Move getNetworkInterface to run_common.go * Move configureEnvironment to run_common.go * Don't crash in configureUIDGID if Process.Capabilities is nil * Move configureUIDGID to run_common.go * Move runLookupPath to run_common.go * Move setupTerminal to run_common.go * Move etc file generation utilities to run_common.go * Add run support for FreeBSD * Add a simple FreeBSD jail library * Add FreeBSD support to pkg/chrootuser * Sync call signature for RunUsingChroot with chroot/run.go * test: verify feature to resolve basename with args * vendor: bump openshift/imagebuilder to master at 4151e43 * GHA: Remove required reserved-name use * buildah: set XDG_RUNTIME_DIR before setting default runroot * imagebuildah: honor build output even if build container is not commited * chroot: honor DefaultErrnoRet * [CI:DOCS] improve pull-policy documentation * tests: retrofit test since --file does not supports dir * Switch to golang native error wrapping * BuildDockerfiles: error out if path to containerfile is a directory * define.downloadToDirectory: fail early if bad HTTP response * GHA: Allow re-use of Cirrus-Cron fail-mail workflow * add: fail on bad http response instead of writing to container * [CI:DOCS] Update buildahimage comment * lint: inspectable is never nil * vendor: c/common to common at 7e1563b * build: support OCI hooks for ephemeral build containers * [CI:BUILD] Install latest buildah instead of compiling * Add subid support with BuildRequires and BUILDTAG [NO NEW TESTS NEEDED] * Make sure cpp is installed in buildah images * demo: use unshare for rootless invocations * buildah.spec.rpkg: initial addition * build: fix test for subid 4 * build, userns: add support for --userns=auto * Fix building upstream buildah image * Remove redundant buildahimages-are-sane validation * Docs: Update multi-arch buildah images readme * Cirrus: Migrate multiarch build off github actions * retrofit-tests: we skip unused stages so use stages * stage_executor: dont rely on stage while looking for additional-context * buildkit, multistage: skip computing unwanted stages * More test cleanup * copier: work around freebsd bug for 'mkdir /' * Replace $BUILDAH_BINARY with buildah() function * Fix up buildah images * Make util and copier build on FreeBSD * Vendor in latest github.com/sirupsen/logrus * Makefile: allow building without .git * run_unix: don't return an error from getNetworkInterface * run_unix: return a valid DefaultNamespaceOptions * Update vendor of containers/storage * chroot: use ActKillThread instead of ActKill * use resolvconf package from c/common/libnetwork * update c/common to latest main * copier: add `NoOverwriteNonDirDir` option * Sort buildoptions and move cli/build functions to internal * Fix TODO: de-spaghettify run mounts * Move options parsing out of build.go and into pkg/cli * [CI:DOCS] Tutorial 04 - Include Debian/Ubuntu deps * build, multiarch: support splitting build logs for --platform * [CI:BUILD] WIP Cleanup Image Dockerfiles * cli remove stutter * docker-parity: ignore sanity check if baseImage history is null * build, commit: allow disabling image history with --omit-history * Fix use generic/ambiguous DEBUG name * Cirrus: use Ubuntu 22.04 LTS * Fix codespell errors * Remove util.StringInSlice because it is defined in containers/common * buildah: add support for renaming a device in rootless setups * squash: never use build cache when computing last step of last stage * Update vendor of containers/(common, storage, image) * buildkit: supports additionalBuildContext in builds via --build-context * buildah source pull/push: show progress bar * run: allow resuing secret twice in different RUN steps * test helpers: default to being rootless-aware * Add --cpp-flag flag to buildah build * build: accept branch and subdirectory when context is git repo * Vendor in latest containers/common * vendor: update c/storage and c/image * Fix gentoo install docs * copier: move NSS load to new process * Add test for prevention of reusing encrypted layers * Make `buildah build --label foo` create an empty 'foo' label again Update to version 1.26.4: * build, multiarch: support splitting build logs for --platform * copier: add `NoOverwriteNonDirDir` option * docker-parity: ignore sanity check if baseImage history is null * build, commit: allow disabling image history with --omit-history * buildkit: supports additionalBuildContext in builds via --build-context * Add --cpp-flag flag to buildah build Update to version 1.26.3: * define.downloadToDirectory: fail early if bad HTTP response * add: fail on bad http response instead of writing to container * squash: never use build cache when computing last step of last stage * run: allow resuing secret twice in different RUN steps * integration tests: update expected error messages * integration tests: quote '?' in shell scripts * Use errors.Is() to check for storage errors * lint: inspectable is never nil * chroot: use ActKillThread instead of ActKill * chroot: honor DefaultErrnoRet * Set user namespace defaults correctly for the library * contrib/rpm/buildah.spec: fix `rpm` parser warnings Drop requires on apparmor pattern, should be moved elsewhere for systems which want AppArmor instead of SELinux. - Update BuildRequires to libassuan-devel >= 2.5.2, pkgconfig file is required to build. Update to version 1.26.2: * buildah: add support for renaming a device in rootless setups Update to version 1.26.1: * Make `buildah build --label foo` create an empty 'foo' label again * imagebuildah,build: move deepcopy of args before we spawn goroutine * Vendor in containers/storage v1.40.2 * buildah.BuilderOptions.DefaultEnv is ignored, so mark it as deprecated * help output: get more consistent about option usage text * Handle OS version and features flags * buildah build: --annotation and --label should remove values * buildah build: add a --env * buildah: deep copy options.Args before performing concurrent build/stage * test: inline platform and builtinargs behaviour * vendor: bump imagebuilder to master/009dbc6 * build: automatically set correct TARGETPLATFORM where expected * Vendor in containers/(common, storage, image) * imagebuildah, executor: process arg variables while populating baseMap * buildkit: add support for custom build output with --output * Cirrus: Update CI VMs to F36 * fix staticcheck linter warning for deprecated function * Fix docs build on FreeBSD * copier.unwrapError(): update for Go 1.16 * copier.PutOptions: add StripSetuidBit/StripSetgidBit/StripStickyBit * copier.Put(): write to read-only directories * Ed's periodic test cleanup * using consistent lowercase 'invalid' word in returned err msg * use etchosts package from c/common * run: set actual hostname in /etc/hostname to match docker parity * Update vendor of containers/(common,storage,image) * manifest-create: allow creating manifest list from local image * Update vendor of storage,common,image * Initialize network backend before first pull * oci spec: change special mount points for namespaces * tests/helpers.bash: assert handle corner cases correctly * buildah: actually use containers.conf settings * integration tests: learn to start a dummy registry * Fix error check to work on Podman * buildah build should accept at most one arg * tests: reduce concurrency for flaky bud-multiple-platform-no-run * vendor in latest containers/common,image,storage * manifest-add: allow override arch,variant while adding image * Remove a stray `\` from .containerenv * Vendor in latest opencontainers/selinux v1.10.1 * build, commit: allow removing default identity labels * Create shorter names for containers based on image IDs * test: skip rootless on cgroupv2 in root env * fix hang when oci runtime fails * Set permissions for GitHub actions * copier test: use correct UID/GID in test archives * run: set parent-death signals and forward SIGHUP/SIGINT/SIGTERM ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3773-1 Released: Wed Oct 26 12:19:29 2022 Summary: Security update for curl Type: security Severity: important References: 1204383,CVE-2022-32221 This update for curl fixes the following issues: - CVE-2022-32221: Fixed POST following PUT confusion (bsc#1204383). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3776-1 Released: Wed Oct 26 14:06:43 2022 Summary: Recommended update for permissions Type: recommended Severity: important References: 1203911,1204137 This update for permissions fixes the following issues: - Revert changes that replaced ping capabilities with ICMP_PROTO sockets. Older SUSE Linux Enterprise versions don't properly support ICMP_PROTO sockets feature yet (bsc#1204137) - Fix regression introduced by backport of security fix (bsc#1203911) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3871-1 Released: Fri Nov 4 13:26:29 2022 Summary: Security update for libxml2 Type: security Severity: important References: 1201978,1204366,1204367,CVE-2016-3709,CVE-2022-40303,CVE-2022-40304 This update for libxml2 fixes the following issues: - CVE-2016-3709: Fixed possible XSS vulnerability (bsc#1201978). - CVE-2022-40303: Fixed integer overflows with XML_PARSE_HUGE (bsc#1204366). - CVE-2022-40304: Fixed dict corruption caused by entity reference cycles (bsc#1204367). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3901-1 Released: Tue Nov 8 10:50:06 2022 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1180995,1203046 This update for openssl-1_1 fixes the following issues: - Default to RFC7919 groups when generating ECDH parameters using 'genpkey' or 'dhparam' in FIPS mode (bsc#1180995) - Fix memory leaks (bsc#1203046) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3910-1 Released: Tue Nov 8 13:05:04 2022 Summary: Recommended update for pam Type: recommended Severity: moderate References: This update for pam fixes the following issue: - Update pam_motd to the most current version. (PED-1712) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3961-1 Released: Mon Nov 14 07:33:50 2022 Summary: Recommended update for zlib Type: recommended Severity: important References: 1203652 This update for zlib fixes the following issues: - Fix updating strm.adler with inflate() if DFLTCC is used (bsc#1203652) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3973-1 Released: Mon Nov 14 15:38:25 2022 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1201959,1204211 This update for util-linux fixes the following issues: - Fix file conflict during upgrade (bsc#1204211) - libuuid improvements (bsc#1201959, PED-1150): libuuid: Fix range when parsing UUIDs. Improve cache handling for short running applications-increment the cache size over runtime. Implement continuous clock handling for time based UUIDs. Check clock value from clock file to provide seamless libuuid. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4056-1 Released: Thu Nov 17 15:38:08 2022 Summary: Security update for systemd Type: security Severity: moderate References: 1204179,1204968,CVE-2022-3821 This update for systemd fixes the following issues: - CVE-2022-3821: Fixed buffer overrun in format_timespan() function (bsc#1204968). - Import commit 56bee38fd0da18dad5fc5c5d12c02238a22b50e2 * 8a70235d8a core: Add trigger limit for path units * 93e544f3a0 core/mount: also add default before dependency for automount mount units * 5916a7748c logind: fix crash in logind on user-specified message string - Document udev naming scheme (bsc#1204179). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4066-1 Released: Fri Nov 18 10:43:00 2022 Summary: Recommended update for timezone Type: recommended Severity: important References: 1177460,1202324,1204649,1205156 This update for timezone fixes the following issues: Update timezone version from 2022a to 2022f (bsc#1177460, bsc#1204649, bsc#1205156): - Mexico will no longer observe DST except near the US border - Chihuahua moves to year-round -06 on 2022-10-30 - Fiji no longer observes DST - In vanguard form, GMT is now a Zone and Etc/GMT a link - zic now supports links to links, and vanguard form uses this - Simplify four Ontario zones - Fix a Y2438 bug when reading TZif data - Enable 64-bit time_t on 32-bit glibc platforms - Omit large-file support when no longer needed - Jordan and Syria switch from +02/+03 with DST to year-round +03 - Palestine transitions are now Saturdays at 02:00 - Simplify three Ukraine zones into one - Improve tzselect on intercontinental Zones - Chile's DST is delayed by a week in September 2022 (bsc#1202324) - Iran no longer observes DST after 2022 - Rename Europe/Kiev to Europe/Kyiv - New `zic -R` command option - Vanguard form now uses %z ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4081-1 Released: Fri Nov 18 15:40:46 2022 Summary: Security update for dpkg Type: security Severity: low References: 1199944,CVE-2022-1664 This update for dpkg fixes the following issues: - CVE-2022-1664: Fixed a directory traversal vulnerability in Dpkg::Source::Archive (bsc#1199944). The following package changes have been done: - libldap-data-2.4.46-150200.14.11.2 updated - libtirpc-netconfig-1.2.6-150300.3.14.1 updated - glibc-2.31-150300.41.1 updated - libuuid1-2.36.2-150300.4.28.1 updated - libsmartcols1-2.36.2-150300.4.28.1 updated - libgpg-error0-1.42-150300.9.3.1 updated - libeconf0-0.4.4+git20220104.962774f-150300.3.8.1 updated - libblkid1-2.36.2-150300.4.28.1 updated - perl-base-5.26.1-150300.17.11.1 updated - libfdisk1-2.36.2-150300.4.28.1 updated - libz1-1.2.11-150000.3.36.1 updated - libgcc_s1-11.3.0+git1637-150000.1.11.2 updated - libxml2-2-2.9.7-150000.3.51.1 updated - libstdc++6-11.3.0+git1637-150000.1.11.2 updated - libncurses6-6.1-150000.5.12.1 updated - terminfo-base-6.1-150000.5.12.1 updated - ncurses-utils-6.1-150000.5.12.1 updated - libopenssl1_1-1.1.1d-150200.11.54.1 updated - libopenssl1_1-hmac-1.1.1d-150200.11.54.1 updated - libldap-2_4-2-2.4.46-150200.14.11.2 updated - libdw1-0.177-150300.11.3.1 updated - libelf1-0.177-150300.11.3.1 updated - libebl-plugins-0.177-150300.11.3.1 updated - libudev1-246.16-150300.7.54.1 updated - libsystemd0-246.16-150300.7.54.1 updated - libmount1-2.36.2-150300.4.28.1 updated - krb5-1.19.2-150300.7.7.1 updated - libtirpc3-1.2.6-150300.3.14.1 updated - libcurl4-7.66.0-150200.4.42.1 updated - permissions-20181225-150200.23.20.1 updated - pam-1.3.0-150000.6.61.1 updated - util-linux-2.36.2-150300.4.28.1 updated - aaa_base-84.87+git20180409.04c9dae-150300.10.3.1 updated - timezone-2022f-150000.75.15.1 updated - update-alternatives-1.19.0.4-150000.4.4.1 updated - systemd-246.16-150300.7.54.1 updated - udev-246.16-150300.7.54.1 updated - container:sles15-image-15.0.0-17.20.75 updated From sle-updates at lists.suse.com Wed Nov 30 11:00:04 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 30 Nov 2022 12:00:04 +0100 (CET) Subject: SUSE-CU-2022:3264-1: Security update of trento/trento-runner Message-ID: <20221130110004.54333FD2D@maintenance.suse.de> SUSE Container Update Advisory: trento/trento-runner ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3264-1 Container Tags : trento/trento-runner:1.1.0 , trento/trento-runner:1.1.0-build4.19.12 , trento/trento-runner:latest Container Release : 4.19.12 Severity : critical Type : security References : 1033084 1033085 1033086 1033087 1033088 1033089 1033090 1047178 1082318 1101820 1104264 1106390 1107066 1107067 1111973 1112723 1112726 1123685 1125007 1137373 1142579 1149792 1167864 1176785 1177083 1177460 1180995 1181658 1181961 1181994 1185597 1185712 1188006 1188374 1189802 1191473 1193929 1194708 1194783 1195059 1195157 1195773 1197178 1197570 1197592 1198237 1198341 1198507 1198627 1198731 1198732 1198752 1199079 1199492 1199944 1200170 1200800 1200842 1201680 1201783 1201959 1201978 1202175 1202310 1202324 1202593 1202750 1202812 1202816 1202868 1202966 1202967 1202969 1203018 1203046 1203652 1203911 1204137 1204179 1204211 1204366 1204367 1204383 1204649 1204690 1204968 1205156 CVE-2016-3709 CVE-2017-6512 CVE-2017-7607 CVE-2017-7608 CVE-2017-7609 CVE-2017-7610 CVE-2017-7611 CVE-2017-7612 CVE-2017-7613 CVE-2018-10903 CVE-2018-16062 CVE-2018-16402 CVE-2018-16403 CVE-2018-18310 CVE-2018-18520 CVE-2018-18521 CVE-2019-1010204 CVE-2019-7146 CVE-2019-7148 CVE-2019-7149 CVE-2019-7150 CVE-2019-7664 CVE-2019-7665 CVE-2020-10696 CVE-2021-20206 CVE-2021-3530 CVE-2021-3648 CVE-2021-36690 CVE-2021-3826 CVE-2021-45078 CVE-2021-46195 CVE-2021-46828 CVE-2021-46848 CVE-2022-1664 CVE-2022-27943 CVE-2022-29458 CVE-2022-2990 CVE-2022-31252 CVE-2022-32221 CVE-2022-35252 CVE-2022-35737 CVE-2022-37434 CVE-2022-38126 CVE-2022-38127 CVE-2022-3821 CVE-2022-38533 CVE-2022-40303 CVE-2022-40304 ----------------------------------------------------------------- The container trento/trento-runner was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2470-1 Released: Thu Jul 21 04:40:14 2022 Summary: Recommended update for systemd Type: recommended Severity: important References: 1137373,1181658,1194708,1195157,1197570,1198507,1198732,1200170 This update for systemd fixes the following issues: - Allow control characters in environment variable values (bsc#1200170) - Call pam_loginuid when creating user at .service (bsc#1198507) - Fix parsing error in s390 udev rules conversion script (bsc#1198732) - Fix issues with multipath setup (bsc#1137373, bsc#1181658, bsc#1194708, bsc#1195157, bsc#1197570) - Flagsify EscapeStyle and make ESCAPE_BACKSLASH_ONELINE implicit - Revert 'basic/env-util: (mostly) follow POSIX for what variable names are allowed' - basic/env-util: (mostly) follow POSIX for what variable names are allowed - basic/env-util: make function shorter - basic/escape: add mode where empty arguments are still shown as '' - basic/escape: always escape newlines in shell_escape() - basic/escape: escape control characters, but not utf-8, in shell quoting - basic/escape: use consistent location for '*' in function declarations - basic/string-util: inline iterator variable declarations - basic/string-util: simplify how str_realloc() is used - basic/string-util: split out helper function - core/device: device_coldplug(): don't set DEVICE_DEAD - core/device: do not downgrade device state if it is already enumerated - core/device: drop unnecessary condition - string-util: explicitly cast character to unsigned - string-util: fix build error on aarch64 - test-env-util: Verify that \r is disallowed in env var values - test-env-util: print function headers ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2614-1 Released: Mon Aug 1 10:41:04 2022 Summary: Security update for dwarves and elfutils Type: security Severity: moderate References: 1033084,1033085,1033086,1033087,1033088,1033089,1033090,1082318,1104264,1106390,1107066,1107067,1111973,1112723,1112726,1123685,1125007,CVE-2017-7607,CVE-2017-7608,CVE-2017-7609,CVE-2017-7610,CVE-2017-7611,CVE-2017-7612,CVE-2017-7613,CVE-2018-16062,CVE-2018-16402,CVE-2018-16403,CVE-2018-18310,CVE-2018-18520,CVE-2018-18521,CVE-2019-7146,CVE-2019-7148,CVE-2019-7149,CVE-2019-7150,CVE-2019-7664,CVE-2019-7665 This update for dwarves and elfutils fixes the following issues: elfutils was updated to version 0.177 (jsc#SLE-24501): - elfclassify: New tool to analyze ELF objects. - readelf: Print DW_AT_data_member_location as decimal offset. Decode DW_AT_discr_list block attributes. - libdw: Add DW_AT_GNU_numerator, DW_AT_GNU_denominator and DW_AT_GNU_bias. - libdwelf: Add dwelf_elf_e_machine_string. dwelf_elf_begin now only returns NULL when there is an error reading or decompressing a file. If the file is not an ELF file an ELF handle of type ELF_K_NONE is returned. - backends: Add support for C-SKY. Update to version 0.176: - build: Add new --enable-install-elfh option. Do NOT use this for system installs (it overrides glibc elf.h). - backends: riscv improved core file and return value location support. - Fixes: - CVE-2019-7146, CVE-2019-7148, CVE-2019-7149, CVE-2019-7664 - CVE-2019-7150: dwfl_segment_report_module doesn't check whether the dyn data read from core file is truncated (bsc#1123685) - CVE-2019-7665: NT_PLATFORM core file note should be a zero terminated string (CVE is a bit misleading, as this is not a bug in libelf as described) (bsc#1125007) Update to version 0.175: - readelf: Handle mutliple .debug_macro sections. Recognize and parse GNU Property, NT_VERSION and GNU Build Attribute ELF Notes. - strip: Handle SHT_GROUP correctly. Add strip --reloc-debug-sections-only option. Handle relocations against GNU compressed sections. - libdwelf: New function dwelf_elf_begin. - libcpu: Recognize bpf jump variants BPF_JLT, BPF_JLE, BPF_JSLT and BPF_JSLE. backends: RISCV handles ADD/SUB relocations. Handle SHT_X86_64_UNWIND. - CVE-2018-18521: arlib: Divide-by-zero vulnerabilities in the function arlib_add_symbols() used by eu-ranlib (bsc#1112723) - CVE-2018-18310: Invalid Address Read problem in dwfl_segment_report_module.c (bsc#1111973) - CVE-2018-18520: eu-size: Bad handling of ar files inside are files (bsc#1112726) Update to version 0.174: - libelf, libdw and all tools now handle extended shnum and shstrndx correctly. - elfcompress: Don't rewrite input file if no section data needs updating. Try harder to keep same file mode bits (suid) on rewrite. - strip: Handle mixed (out of order) allocated/non-allocated sections. - unstrip: Handle SHT_GROUP sections. - backends: RISCV and M68K now have backend implementations to generate CFI based backtraces. - Fixes: - CVE-2018-16402: libelf: denial of service/double free on an attempt to decompress the same section twice (bsc#1107066) Double-free crash in nm and readelf - CVE-2018-16403: heap buffer overflow in readelf (bsc#1107067) - CVE-2018-16062: heap-buffer-overflow in /elfutils/libdw/dwarf_getaranges.c:156 (bsc#1106390) Update to version 0.173: - More fixes for crashes and hangs found by afl-fuzz. In particular various functions now detect and break infinite loops caused by bad DIE tree cycles. - readelf: Will now lookup the size and signedness of constant value types to display them correctly (and not just how they were encoded). - libdw: New function dwarf_next_lines to read CU-less .debug_line data. dwarf_begin_elf now accepts ELF files containing just .debug_line or .debug_frame sections (which can be read without needing a DIE tree from the .debug_info section). Removed dwarf_getscn_info, which was never implemented. - backends: Handle BPF simple relocations. The RISCV backends now handles ABI specific CFI and knows about RISCV register types and names. Update to version 0.172: - Various bug fixes in libdw and eu-readelf dealing with bad DWARF5 data. Thanks to running the afl fuzzer on eu-readelf and various testcases. Update to version 0.171: - DWARF5 and split dwarf, including GNU DebugFission, are supported now. Data can be read from the new DWARF sections .debug_addr, .debug_line_str, .debug_loclists, .debug_str_offsets and .debug_rnglists. Plus the new DWARF5 and GNU DebugFission encodings of the existing .debug sections. Also in split DWARF .dwo (DWARF object) files. This support is mostly handled by existing functions (dwarf_getlocation*, dwarf_getsrclines, dwarf_ranges, dwarf_form*, etc.) now returning the data from the new sections and data formats. But some new functions have been added to more easily get information about skeleton and split compile units (dwarf_get_units and dwarf_cu_info), handle new attribute data (dwarf_getabbrevattr_data) and to keep references to Dwarf_Dies that might come from different sections or files (dwarf_die_addr_die). - Not yet supported are .dwp (Dwarf Package) and .sup (Dwarf Supplementary) files, the .debug_names index, the .debug_cu_index and .debug_tu_index sections. Only a single .debug_info (and .debug_types) section are currently handled. - readelf: Handle all new DWARF5 sections. --debug-dump=info+ will show split unit DIEs when found. --dwarf-skeleton can be used when inspecting a .dwo file. Recognizes GNU locviews with --debug-dump=loc. - libdw: New functions dwarf_die_addr_die, dwarf_get_units, dwarf_getabbrevattr_data and dwarf_cu_info. libdw will now try to resolve the alt file on first use of an alt attribute FORM when not set yet with dwarf_set_alt. dwarf_aggregate_size() now works with multi-dimensional arrays. - libdwfl: Use process_vm_readv when available instead of ptrace. backends: Add a RISC-V backend. There were various improvements to build on Windows. The sha1 and md5 implementations have been removed, they weren't used. Update to version 0.170: - libdw: Added new DWARF5 attribute, tag, character encoding, language code, calling convention, defaulted member function and macro constants to dwarf.h. New functions dwarf_default_lower_bound and dwarf_line_file. dwarf_peel_type now handles DWARF5 immutable, packed and shared tags. dwarf_getmacros now handles DWARF5 .debug_macro sections. - strip: Add -R, --remove-section=SECTION and --keep-section=SECTION. - backends: The bpf disassembler is now always build on all platforms. Update to version 0.169: - backends: Add support for EM_PPC64 GNU_ATTRIBUTES. Frame pointer unwinding fallback support for i386, x86_64, aarch64. - translations: Update Polish translation. - CVE-2017-7611: elfutils: DoS (heap-based buffer over-read and application crash) via a crafted ELF file (bsc#1033088) - CVE-2017-7610: elflint: heap-based buffer overflow in check_group (bsc#1033087) - CVE-2017-7609: memory allocation failure in __libelf_decompress (bsc#1033086) - CVE-2017-7607: heap-based buffer overflow in handle_gnu_hashi (readelf.c) (bsc#1033084) - CVE-2017-7608: heap-based buffer overflow in ebl_object_note_type_name (eblobjnotetypename.c) (bsc#1033085) - CVE-2017-7613: elfutils: denial of service (memory consumption) via a crafted ELF file (bsc#1033090) - CVE-2017-7612: elfutils: denial of service (heap-based buffer over-read and application crash) via a crafted ELF file (bsc#1033089) - Don't make elfutils recommend elfutils-lang as elfutils-lang already supplements elfutils. dwarves is shipped new in version 1.22 to provide tooling for use by the Linux Kernel BTF verification framework. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2717-1 Released: Tue Aug 9 12:54:16 2022 Summary: Security update for ncurses Type: security Severity: moderate References: 1198627,CVE-2022-29458 This update for ncurses fixes the following issues: - CVE-2022-29458: Fixed segfaulting out-of-bounds read in convert_strings in tinfo/read_entry.c (bsc#1198627). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2904-1 Released: Fri Aug 26 05:28:34 2022 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1198341 This update for openldap2 fixes the following issues: - Prevent memory reuse which may lead to instability (bsc#1198341) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2921-1 Released: Fri Aug 26 15:17:43 2022 Summary: Recommended update for systemd Type: recommended Severity: important References: 1195059 This update for systemd fixes the following issues: - Drop or soften some of the deprecation warnings (jsc#PED-944) - Ensure root user can login even if systemd-user-sessions.service is not activated yet (bsc#1195059) - tmpfiles: check for the correct directory ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2929-1 Released: Mon Aug 29 11:21:47 2022 Summary: Recommended update for timezone Type: recommended Severity: important References: 1202310 This update for timezone fixes the following issue: - Reflect new Chile DST change (bsc#1202310) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2947-1 Released: Wed Aug 31 09:16:21 2022 Summary: Security update for zlib Type: security Severity: important References: 1202175,CVE-2022-37434 This update for zlib fixes the following issues: - CVE-2022-37434: Fixed heap-based buffer over-read or buffer overflow via large gzip header extra field (bsc#1202175). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2982-1 Released: Thu Sep 1 12:33:47 2022 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1197178,1198731,1200842 This update for util-linux fixes the following issues: - su: Change owner and mode for pty (bsc#1200842) - agetty: Resolve tty name even if stdin is specified (bsc#1197178) - libmount: When moving a mount point, update all sub mount entries in utab (bsc#1198731) - mesg: use only stat() to get the current terminal status (bsc#1200842) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3004-1 Released: Fri Sep 2 15:02:14 2022 Summary: Security update for curl Type: security Severity: low References: 1202593,CVE-2022-35252 This update for curl fixes the following issues: - CVE-2022-35252: Fixed a potential injection of control characters into cookies, which could be exploited by sister sites to cause a denial of service (bsc#1202593). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3127-1 Released: Wed Sep 7 04:36:10 2022 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1198752,1200800 This update for libtirpc fixes the following issues: - Exclude ipv6 addresses in client protocol version 2 code (bsc#1200800) - Fix memory leak in params.r_addr assignement (bsc#1198752) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3271-1 Released: Wed Sep 14 06:45:39 2022 Summary: Security update for perl Type: security Severity: moderate References: 1047178,CVE-2017-6512 This update for perl fixes the following issues: - CVE-2017-6512: Fixed File::Path rmtree/remove_tree race condition (bsc#1047178). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3276-1 Released: Thu Sep 15 06:15:29 2022 Summary: This update fixes the following issues: Type: recommended Severity: moderate References: Implement ECO jsc#SLE-20950 to fix the channel configuration for libeconf-devel having L3 support (instead of unsupported). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3305-1 Released: Mon Sep 19 11:45:57 2022 Summary: Security update for libtirpc Type: security Severity: important References: 1201680,CVE-2021-46828 This update for libtirpc fixes the following issues: - CVE-2021-46828: Fixed denial of service vulnerability with lots of connections (bsc#1201680). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3307-1 Released: Mon Sep 19 13:26:51 2022 Summary: Security update for sqlite3 Type: security Severity: moderate References: 1189802,1195773,1201783,CVE-2021-36690,CVE-2022-35737 This update for sqlite3 fixes the following issues: - CVE-2022-35737: Fixed an array-bounds overflow if billions of bytes are used in a string argument to a C API (bnc#1201783). - CVE-2021-36690: Fixed an issue with the SQLite Expert extension when a column has no collating sequence (bsc#1189802). - Package the Tcl bindings here again so that we only ship one copy of SQLite (bsc#1195773). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3394-1 Released: Mon Sep 26 16:05:19 2022 Summary: Security update for permissions Type: security Severity: moderate References: 1203018,CVE-2022-31252 This update for permissions fixes the following issues: - CVE-2022-31252: Fixed chkstat group controlled paths (bsc#1203018). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3395-1 Released: Mon Sep 26 16:35:18 2022 Summary: Recommended update for ca-certificates-mozilla Type: recommended Severity: moderate References: 1181994,1188006,1199079,1202868 This update for ca-certificates-mozilla fixes the following issues: Updated to 2.56 state of Mozilla SSL root CAs (bsc#1202868) - Added: - Certainly Root E1 - Certainly Root R1 - DigiCert SMIME ECC P384 Root G5 - DigiCert SMIME RSA4096 Root G5 - DigiCert TLS ECC P384 Root G5 - DigiCert TLS RSA4096 Root G5 - E-Tugra Global Root CA ECC v3 - E-Tugra Global Root CA RSA v3 - Removed: - Hellenic Academic and Research Institutions RootCA 2011 Updated to 2.54 state of Mozilla SSL root CAs (bsc#1199079) - Added: - Autoridad de Certificacion Firmaprofesional CIF A62634068 - D-TRUST BR Root CA 1 2020 - D-TRUST EV Root CA 1 2020 - GlobalSign ECC Root CA R4 - GTS Root R1 - GTS Root R2 - GTS Root R3 - GTS Root R4 - HiPKI Root CA - G1 - ISRG Root X2 - Telia Root CA v2 - vTrus ECC Root CA - vTrus Root CA - Removed: - Cybertrust Global Root - DST Root CA X3 - DigiNotar PKIoverheid CA Organisatie - G2 - GlobalSign ECC Root CA R4 - GlobalSign Root CA R2 - GTS Root R1 - GTS Root R2 - GTS Root R3 - GTS Root R4 Updated to 2.50 state of the Mozilla NSS Certificate store (bsc#1188006) - Added: - HARICA Client ECC Root CA 2021 - HARICA Client RSA Root CA 2021 - HARICA TLS ECC Root CA 2021 - HARICA TLS RSA Root CA 2021 - TunTrust Root CA Updated to 2.46 state of the Mozilla NSS Certificate store (bsc#1181994) - Added new root CAs: - NAVER Global Root Certification Authority - Removed old root CAs: - GeoTrust Global CA - GeoTrust Primary Certification Authority - GeoTrust Primary Certification Authority - G3 - GeoTrust Universal CA - GeoTrust Universal CA 2 - thawte Primary Root CA - thawte Primary Root CA - G2 - thawte Primary Root CA - G3 - VeriSign Class 3 Public Primary Certification Authority - G4 - VeriSign Class 3 Public Primary Certification Authority - G5 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3555-1 Released: Mon Oct 10 14:05:12 2022 Summary: Recommended update for aaa_base Type: recommended Severity: important References: 1199492 This update for aaa_base fixes the following issues: - The wrapper rootsh is not a restricted shell. (bsc#1199492) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3766-1 Released: Wed Oct 26 11:38:01 2022 Summary: Security update for buildah Type: security Severity: important References: 1167864,1181961,1202812,CVE-2020-10696,CVE-2021-20206,CVE-2022-2990 This update for buildah fixes the following issues: - CVE-2021-20206: Fixed an issue in libcni that could allow an attacker to execute arbitrary binaries on the host (bsc#1181961). - CVE-2020-10696: Fixed an issue that could lead to files being overwritten during the image building process (bsc#1167864). - CVE-2022-2990: Fixed possible information disclosure and modification / bsc#1202812 Buildah was updated to version 1.27.1: * run: add container gid to additional groups - Add fix for CVE-2022-2990 / bsc#1202812 Update to version 1.27.0: * Don't try to call runLabelStdioPipes if spec.Linux is not set * build: support filtering cache by duration using --cache-ttl * build: support building from commit when using git repo as build context * build: clean up git repos correctly when using subdirs * integration tests: quote '?' in shell scripts * test: manifest inspect should have OCIv1 annotation * vendor: bump to c/common at 87fab4b7019a * Failure to determine a file or directory should print an error * refactor: remove unused CommitOptions from generateBuildOutput * stage_executor: generate output for cases with no commit * stage_executor, commit: output only if last stage in build * Use errors.Is() instead of os.Is{Not,}Exist * Minor test tweak for podman-remote compatibility * Cirrus: Use the latest imgts container * imagebuildah: complain about the right Dockerfile * tests: don't try to wrap `nil` errors * cmd/buildah.commitCmd: don't shadow 'err' * cmd/buildah.pullCmd: complain about DecryptConfig/EncryptConfig * Fix a copy/paste error message * Fix a typo in an error message * build,cache: support pulling/pushing cache layers to/from remote sources * Update vendor of containers/(common, storage, image) * Rename chroot/run.go to chroot/run_linux.go * Don't bother telling codespell to skip files that don't exist * Set user namespace defaults correctly for the library * imagebuildah: optimize cache hits for COPY and ADD instructions * Cirrus: Update VM images w/ updated bats * docs, run: show SELinux label flag for cache and bind mounts * imagebuildah, build: remove undefined concurrent writes * bump github.com/opencontainers/runtime-tools * Add FreeBSD support for 'buildah info' * Vendor in latest containers/(storage, common, image) * Add freebsd cross build targets * Make the jail package build on 32bit platforms * Cirrus: Ensure the build-push VM image is labeled * GHA: Fix dynamic script filename * Vendor in containers/(common, storage, image) * Run codespell * Remove import of github.com/pkg/errors * Avoid using cgo in pkg/jail * Rename footypes to fooTypes for naming consistency * Move cleanupTempVolumes and cleanupRunMounts to run_common.go * Make the various run mounts work for FreeBSD * Move get{Bind,Tmpfs,Secret,SSH}Mount to run_common.go * Move runSetupRunMounts to run_common.go * Move cleanableDestinationListFromMounts to run_common.go * Make setupMounts and runSetupBuiltinVolumes work on FreeBSD * Move setupMounts and runSetupBuiltinVolumes to run_common.go * Tidy up - runMakeStdioPipe can't be shared with linux * Move runAcceptTerminal to run_common.go * Move stdio copying utilities to run_common.go * Move runUsingRuntime and runCollectOutput to run_common.go * Move fileCloser, waitForSync and contains to run_common.go * Move checkAndOverrideIsolationOptions to run_common.go * Move DefaultNamespaceOptions to run_common.go * Move getNetworkInterface to run_common.go * Move configureEnvironment to run_common.go * Don't crash in configureUIDGID if Process.Capabilities is nil * Move configureUIDGID to run_common.go * Move runLookupPath to run_common.go * Move setupTerminal to run_common.go * Move etc file generation utilities to run_common.go * Add run support for FreeBSD * Add a simple FreeBSD jail library * Add FreeBSD support to pkg/chrootuser * Sync call signature for RunUsingChroot with chroot/run.go * test: verify feature to resolve basename with args * vendor: bump openshift/imagebuilder to master at 4151e43 * GHA: Remove required reserved-name use * buildah: set XDG_RUNTIME_DIR before setting default runroot * imagebuildah: honor build output even if build container is not commited * chroot: honor DefaultErrnoRet * [CI:DOCS] improve pull-policy documentation * tests: retrofit test since --file does not supports dir * Switch to golang native error wrapping * BuildDockerfiles: error out if path to containerfile is a directory * define.downloadToDirectory: fail early if bad HTTP response * GHA: Allow re-use of Cirrus-Cron fail-mail workflow * add: fail on bad http response instead of writing to container * [CI:DOCS] Update buildahimage comment * lint: inspectable is never nil * vendor: c/common to common at 7e1563b * build: support OCI hooks for ephemeral build containers * [CI:BUILD] Install latest buildah instead of compiling * Add subid support with BuildRequires and BUILDTAG [NO NEW TESTS NEEDED] * Make sure cpp is installed in buildah images * demo: use unshare for rootless invocations * buildah.spec.rpkg: initial addition * build: fix test for subid 4 * build, userns: add support for --userns=auto * Fix building upstream buildah image * Remove redundant buildahimages-are-sane validation * Docs: Update multi-arch buildah images readme * Cirrus: Migrate multiarch build off github actions * retrofit-tests: we skip unused stages so use stages * stage_executor: dont rely on stage while looking for additional-context * buildkit, multistage: skip computing unwanted stages * More test cleanup * copier: work around freebsd bug for 'mkdir /' * Replace $BUILDAH_BINARY with buildah() function * Fix up buildah images * Make util and copier build on FreeBSD * Vendor in latest github.com/sirupsen/logrus * Makefile: allow building without .git * run_unix: don't return an error from getNetworkInterface * run_unix: return a valid DefaultNamespaceOptions * Update vendor of containers/storage * chroot: use ActKillThread instead of ActKill * use resolvconf package from c/common/libnetwork * update c/common to latest main * copier: add `NoOverwriteNonDirDir` option * Sort buildoptions and move cli/build functions to internal * Fix TODO: de-spaghettify run mounts * Move options parsing out of build.go and into pkg/cli * [CI:DOCS] Tutorial 04 - Include Debian/Ubuntu deps * build, multiarch: support splitting build logs for --platform * [CI:BUILD] WIP Cleanup Image Dockerfiles * cli remove stutter * docker-parity: ignore sanity check if baseImage history is null * build, commit: allow disabling image history with --omit-history * Fix use generic/ambiguous DEBUG name * Cirrus: use Ubuntu 22.04 LTS * Fix codespell errors * Remove util.StringInSlice because it is defined in containers/common * buildah: add support for renaming a device in rootless setups * squash: never use build cache when computing last step of last stage * Update vendor of containers/(common, storage, image) * buildkit: supports additionalBuildContext in builds via --build-context * buildah source pull/push: show progress bar * run: allow resuing secret twice in different RUN steps * test helpers: default to being rootless-aware * Add --cpp-flag flag to buildah build * build: accept branch and subdirectory when context is git repo * Vendor in latest containers/common * vendor: update c/storage and c/image * Fix gentoo install docs * copier: move NSS load to new process * Add test for prevention of reusing encrypted layers * Make `buildah build --label foo` create an empty 'foo' label again Update to version 1.26.4: * build, multiarch: support splitting build logs for --platform * copier: add `NoOverwriteNonDirDir` option * docker-parity: ignore sanity check if baseImage history is null * build, commit: allow disabling image history with --omit-history * buildkit: supports additionalBuildContext in builds via --build-context * Add --cpp-flag flag to buildah build Update to version 1.26.3: * define.downloadToDirectory: fail early if bad HTTP response * add: fail on bad http response instead of writing to container * squash: never use build cache when computing last step of last stage * run: allow resuing secret twice in different RUN steps * integration tests: update expected error messages * integration tests: quote '?' in shell scripts * Use errors.Is() to check for storage errors * lint: inspectable is never nil * chroot: use ActKillThread instead of ActKill * chroot: honor DefaultErrnoRet * Set user namespace defaults correctly for the library * contrib/rpm/buildah.spec: fix `rpm` parser warnings Drop requires on apparmor pattern, should be moved elsewhere for systems which want AppArmor instead of SELinux. - Update BuildRequires to libassuan-devel >= 2.5.2, pkgconfig file is required to build. Update to version 1.26.2: * buildah: add support for renaming a device in rootless setups Update to version 1.26.1: * Make `buildah build --label foo` create an empty 'foo' label again * imagebuildah,build: move deepcopy of args before we spawn goroutine * Vendor in containers/storage v1.40.2 * buildah.BuilderOptions.DefaultEnv is ignored, so mark it as deprecated * help output: get more consistent about option usage text * Handle OS version and features flags * buildah build: --annotation and --label should remove values * buildah build: add a --env * buildah: deep copy options.Args before performing concurrent build/stage * test: inline platform and builtinargs behaviour * vendor: bump imagebuilder to master/009dbc6 * build: automatically set correct TARGETPLATFORM where expected * Vendor in containers/(common, storage, image) * imagebuildah, executor: process arg variables while populating baseMap * buildkit: add support for custom build output with --output * Cirrus: Update CI VMs to F36 * fix staticcheck linter warning for deprecated function * Fix docs build on FreeBSD * copier.unwrapError(): update for Go 1.16 * copier.PutOptions: add StripSetuidBit/StripSetgidBit/StripStickyBit * copier.Put(): write to read-only directories * Ed's periodic test cleanup * using consistent lowercase 'invalid' word in returned err msg * use etchosts package from c/common * run: set actual hostname in /etc/hostname to match docker parity * Update vendor of containers/(common,storage,image) * manifest-create: allow creating manifest list from local image * Update vendor of storage,common,image * Initialize network backend before first pull * oci spec: change special mount points for namespaces * tests/helpers.bash: assert handle corner cases correctly * buildah: actually use containers.conf settings * integration tests: learn to start a dummy registry * Fix error check to work on Podman * buildah build should accept at most one arg * tests: reduce concurrency for flaky bud-multiple-platform-no-run * vendor in latest containers/common,image,storage * manifest-add: allow override arch,variant while adding image * Remove a stray `\` from .containerenv * Vendor in latest opencontainers/selinux v1.10.1 * build, commit: allow removing default identity labels * Create shorter names for containers based on image IDs * test: skip rootless on cgroupv2 in root env * fix hang when oci runtime fails * Set permissions for GitHub actions * copier test: use correct UID/GID in test archives * run: set parent-death signals and forward SIGHUP/SIGINT/SIGTERM ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3773-1 Released: Wed Oct 26 12:19:29 2022 Summary: Security update for curl Type: security Severity: important References: 1204383,CVE-2022-32221 This update for curl fixes the following issues: - CVE-2022-32221: Fixed POST following PUT confusion (bsc#1204383). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3776-1 Released: Wed Oct 26 14:06:43 2022 Summary: Recommended update for permissions Type: recommended Severity: important References: 1203911,1204137 This update for permissions fixes the following issues: - Revert changes that replaced ping capabilities with ICMP_PROTO sockets. Older SUSE Linux Enterprise versions don't properly support ICMP_PROTO sockets feature yet (bsc#1204137) - Fix regression introduced by backport of security fix (bsc#1203911) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3784-1 Released: Wed Oct 26 18:03:28 2022 Summary: Security update for libtasn1 Type: security Severity: critical References: 1204690,CVE-2021-46848 This update for libtasn1 fixes the following issues: - CVE-2021-46848: Fixed off-by-one array size check that affects asn1_encode_simple_der (bsc#1204690) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3871-1 Released: Fri Nov 4 13:26:29 2022 Summary: Security update for libxml2 Type: security Severity: important References: 1201978,1204366,1204367,CVE-2016-3709,CVE-2022-40303,CVE-2022-40304 This update for libxml2 fixes the following issues: - CVE-2016-3709: Fixed possible XSS vulnerability (bsc#1201978). - CVE-2022-40303: Fixed integer overflows with XML_PARSE_HUGE (bsc#1204366). - CVE-2022-40304: Fixed dict corruption caused by entity reference cycles (bsc#1204367). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3901-1 Released: Tue Nov 8 10:50:06 2022 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1180995,1203046 This update for openssl-1_1 fixes the following issues: - Default to RFC7919 groups when generating ECDH parameters using 'genpkey' or 'dhparam' in FIPS mode (bsc#1180995) - Fix memory leaks (bsc#1203046) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3910-1 Released: Tue Nov 8 13:05:04 2022 Summary: Recommended update for pam Type: recommended Severity: moderate References: This update for pam fixes the following issue: - Update pam_motd to the most current version. (PED-1712) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3961-1 Released: Mon Nov 14 07:33:50 2022 Summary: Recommended update for zlib Type: recommended Severity: important References: 1203652 This update for zlib fixes the following issues: - Fix updating strm.adler with inflate() if DFLTCC is used (bsc#1203652) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3973-1 Released: Mon Nov 14 15:38:25 2022 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1201959,1204211 This update for util-linux fixes the following issues: - Fix file conflict during upgrade (bsc#1204211) - libuuid improvements (bsc#1201959, PED-1150): libuuid: Fix range when parsing UUIDs. Improve cache handling for short running applications-increment the cache size over runtime. Implement continuous clock handling for time based UUIDs. Check clock value from clock file to provide seamless libuuid. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4044-1 Released: Thu Nov 17 09:07:24 2022 Summary: Security update for python-cryptography, python-cryptography-vectors Type: security Severity: important References: 1101820,1149792,1176785,1177083,CVE-2018-10903 This update for python-cryptography, python-cryptography-vectors fixes the following issues: - Update in SLE-15 (bsc#1177083, jsc#PM-2730, jsc#SLE-18312) - Refresh patches for new version - Update in SLE-15 (bsc#1176785, jsc#ECO-3105, jsc#PM-2352) - update to 2.9.2 * 2.9.2 - 2020-04-22 - Updated the macOS wheel to fix an issue where it would not run on macOS versions older than 10.15. * 2.9.1 - 2020-04-21 - Updated Windows, macOS, and manylinux wheels to be compiled with OpenSSL 1.1.1g. * 2.9 - 2020-04-02 - BACKWARDS INCOMPATIBLE: Support for Python 3.4 has been removed due to low usage and maintenance burden. - BACKWARDS INCOMPATIBLE: Support for OpenSSL 1.0.1 has been removed. Users on older version of OpenSSL will need to upgrade. - BACKWARDS INCOMPATIBLE: Support for LibreSSL 2.6.x has been removed. - Removed support for calling public_bytes() with no arguments, as per our deprecation policy. You must now pass encoding and format. - BACKWARDS INCOMPATIBLE: Reversed the order in which rfc4514_string() returns the RDNs as required by RFC 4514. - Updated Windows, macOS, and manylinux wheels to be compiled with OpenSSL 1.1.1f. - Added support for parsing single_extensions in an OCSP response. - NameAttribute values can now be empty strings. - Add openSSL_111d.patch to make this version of the package compatible with OpenSSL 1.1.1d, thus fixing bsc#1149792. - bsc#1101820 CVE-2018-10903 GCM tag forgery via truncated tag in finalize_with_tag API - Update in SLE-15 (bsc#1177083, jsc#PM-2730, jsc#SLE-18312) - Include in SLE-15 (bsc#1176785, jsc#ECO-3105, jsc#PM-2352) - update to 2.9.2: * updated vectors for the cryptography 2.9.2 testing ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4056-1 Released: Thu Nov 17 15:38:08 2022 Summary: Security update for systemd Type: security Severity: moderate References: 1204179,1204968,CVE-2022-3821 This update for systemd fixes the following issues: - CVE-2022-3821: Fixed buffer overrun in format_timespan() function (bsc#1204968). - Import commit 56bee38fd0da18dad5fc5c5d12c02238a22b50e2 * 8a70235d8a core: Add trigger limit for path units * 93e544f3a0 core/mount: also add default before dependency for automount mount units * 5916a7748c logind: fix crash in logind on user-specified message string - Document udev naming scheme (bsc#1204179). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4066-1 Released: Fri Nov 18 10:43:00 2022 Summary: Recommended update for timezone Type: recommended Severity: important References: 1177460,1202324,1204649,1205156 This update for timezone fixes the following issues: Update timezone version from 2022a to 2022f (bsc#1177460, bsc#1204649, bsc#1205156): - Mexico will no longer observe DST except near the US border - Chihuahua moves to year-round -06 on 2022-10-30 - Fiji no longer observes DST - In vanguard form, GMT is now a Zone and Etc/GMT a link - zic now supports links to links, and vanguard form uses this - Simplify four Ontario zones - Fix a Y2438 bug when reading TZif data - Enable 64-bit time_t on 32-bit glibc platforms - Omit large-file support when no longer needed - Jordan and Syria switch from +02/+03 with DST to year-round +03 - Palestine transitions are now Saturdays at 02:00 - Simplify three Ukraine zones into one - Improve tzselect on intercontinental Zones - Chile's DST is delayed by a week in September 2022 (bsc#1202324) - Iran no longer observes DST after 2022 - Rename Europe/Kiev to Europe/Kyiv - New `zic -R` command option - Vanguard form now uses %z ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4081-1 Released: Fri Nov 18 15:40:46 2022 Summary: Security update for dpkg Type: security Severity: low References: 1199944,CVE-2022-1664 This update for dpkg fixes the following issues: - CVE-2022-1664: Fixed a directory traversal vulnerability in Dpkg::Source::Archive (bsc#1199944). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4146-1 Released: Mon Nov 21 09:56:12 2022 Summary: Security update for binutils Type: security Severity: moderate References: 1142579,1185597,1185712,1188374,1191473,1193929,1194783,1197592,1198237,1202816,1202966,1202967,1202969,CVE-2019-1010204,CVE-2021-3530,CVE-2021-3648,CVE-2021-3826,CVE-2021-45078,CVE-2021-46195,CVE-2022-27943,CVE-2022-38126,CVE-2022-38127,CVE-2022-38533 This update for binutils fixes the following issues: The following security bugs were fixed: - CVE-2019-1010204: Fixed out-of-bounds read in elfcpp/elfcpp_file.h (bsc#1142579). - CVE-2021-3530: Fixed stack-based buffer overflow in demangle_path() in rust-demangle.c (bsc#1185597). - CVE-2021-3648: Fixed infinite loop while demangling rust symbols (bsc#1188374). - CVE-2021-3826: Fixed heap/stack buffer overflow in the dlang_lname function in d-demangle.c (bsc#1202969). - CVE-2021-45078: Fixed out-of-bounds write in stab_xcoff_builtin_type() in stabs.c (bsc#1193929). - CVE-2021-46195: Fixed uncontrolled recursion in libiberty/rust-demangle.c (bsc#1194783). - CVE-2022-27943: Fixed stack exhaustion in demangle_const in (bsc#1197592). - CVE-2022-38126: Fixed assertion fail in the display_debug_names() function in binutils/dwarf.c (bsc#1202966). - CVE-2022-38127: Fixed NULL pointer dereference in the read_and_display_attr_value() function in binutils/dwarf.c (bsc#1202967). - CVE-2022-38533: Fixed heap out-of-bounds read in bfd_getl32 (bsc#1202816). The following non-security bugs were fixed: - SLE toolchain update of binutils, update to 2.39 from 2.37. - Update to 2.39: * The ELF linker will now generate a warning message if the stack is made executable. Similarly it will warn if the output binary contains a segment with all three of the read, write and execute permission bits set. These warnings are intended to help developers identify programs which might be vulnerable to attack via these executable memory regions. The warnings are enabled by default but can be disabled via a command line option. It is also possible to build a linker with the warnings disabled, should that be necessary. * The ELF linker now supports a --package-metadata option that allows embedding a JSON payload in accordance to the Package Metadata specification. * In linker scripts it is now possible to use TYPE= in an output section description to set the section type value. * The objdump program now supports coloured/colored syntax highlighting of its disassembler output for some architectures. (Currently: AVR, RiscV, s390, x86, x86_64). * The nm program now supports a --no-weak/-W option to make it ignore weak symbols. * The readelf and objdump programs now support a -wE option to prevent them from attempting to access debuginfod servers when following links. * The objcopy program's --weaken, --weaken-symbol, and --weaken-symbols options now works with unique symbols as well. - Update to 2.38: * elfedit: Add --output-abiversion option to update ABIVERSION. * Add support for the LoongArch instruction set. * Tools which display symbols or strings (readelf, strings, nm, objdump) have a new command line option which controls how unicode characters are handled. By default they are treated as normal for the tool. Using --unicode=locale will display them according to the current locale. Using --unicode=hex will display them as hex byte values, whilst --unicode=escape will display them as escape sequences. In addition using --unicode=highlight will display them as unicode escape sequences highlighted in red (if supported by the output device). * readelf -r dumps RELR relative relocations now. * Support for efi-app-aarch64, efi-rtdrv-aarch64 and efi-bsdrv-aarch64 has been added to objcopy in order to enable UEFI development using binutils. * ar: Add --thin for creating thin archives. -T is a deprecated alias without diagnostics. In many ar implementations -T has a different meaning, as specified by X/Open System Interface. * Add support for AArch64 system registers that were missing in previous releases. * Add support for the LoongArch instruction set. * Add a command-line option, -muse-unaligned-vector-move, for x86 target to encode aligned vector move as unaligned vector move. * Add support for Cortex-R52+ for Arm. * Add support for Cortex-A510, Cortex-A710, Cortex-X2 for AArch64. * Add support for Cortex-A710 for Arm. * Add support for Scalable Matrix Extension (SME) for AArch64. * The --multibyte-handling=[allow|warn|warn-sym-only] option tells the assembler what to when it encoutners multibyte characters in the input. The default is to allow them. Setting the option to 'warn' will generate a warning message whenever any multibyte character is encountered. Using the option to 'warn-sym-only' will make the assembler generate a warning whenever a symbol is defined containing multibyte characters. (References to undefined symbols will not generate warnings). * Outputs of .ds.x directive and .tfloat directive with hex input from x86 assembler have been reduced from 12 bytes to 10 bytes to match the output of .tfloat directive. * Add support for 'armv8.8-a', 'armv9-a', 'armv9.1-a', 'armv9.2-a' and 'armv9.3-a' for -march in AArch64 GAS. * Add support for 'armv8.7-a', 'armv8.8-a', 'armv9-a', 'armv9.1-a', 'armv9.2-a' and 'armv9.3-a' for -march in Arm GAS. * Add support for Intel AVX512_FP16 instructions. * Add -z pack-relative-relocs/-z no pack-relative-relocs to x86 ELF linker to pack relative relocations in the DT_RELR section. * Add support for the LoongArch architecture. * Add -z indirect-extern-access/-z noindirect-extern-access to x86 ELF linker to control canonical function pointers and copy relocation. * Add --max-cache-size=SIZE to set the the maximum cache size to SIZE bytes. - Explicitly enable --enable-warn-execstack=yes and --enable-warn-rwx-segments=yes. - Add gprofng subpackage. - Include recognition of 'z16' name for 'arch14' on s390. (bsc#1198237). - Add back fix for bsc#1191473, which got lost in the update to 2.38. - Install symlinks for all target specific tools on arm-eabi-none (bsc#1185712). - Enable PRU architecture for AM335x CPU (Beagle Bone Black board) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4198-1 Released: Wed Nov 23 13:15:04 2022 Summary: Recommended update for rpm Type: recommended Severity: moderate References: 1202750 This update for rpm fixes the following issues: - Strip critical bit in signature subpackage parsing - No longer deadlock DNF after pubkey import (bsc#1202750) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4256-1 Released: Mon Nov 28 12:36:32 2022 Summary: Recommended update for gcc12 Type: recommended Severity: moderate References: This update for gcc12 fixes the following issues: This update ship the GCC 12 compiler suite and its base libraries. The compiler baselibraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 11 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP3 and SP4, and provided in the 'Development Tools' module. The Go, D and Ada language compiler parts are available unsupported via the PackageHub repositories. To use gcc12 compilers use: - install 'gcc12' or 'gcc12-c++' or one of the other 'gcc12-COMPILER' frontend packages. - override your Makefile to use CC=gcc12, CXX=g++12 and similar overrides for the other languages. For a full changelog with all new GCC12 features, check out https://gcc.gnu.org/gcc-12/changes.html The following package changes have been done: - libldap-data-2.4.46-150200.14.11.2 updated - libtirpc-netconfig-1.2.6-150300.3.14.1 updated - glibc-2.31-150300.41.1 updated - libuuid1-2.36.2-150300.4.28.1 updated - libsmartcols1-2.36.2-150300.4.28.1 updated - libgpg-error0-1.42-150300.9.3.1 updated - libeconf0-0.4.4+git20220104.962774f-150300.3.8.1 updated - libblkid1-2.36.2-150300.4.28.1 updated - perl-base-5.26.1-150300.17.11.1 updated - libfdisk1-2.36.2-150300.4.28.1 updated - libz1-1.2.11-150000.3.36.1 updated - libsqlite3-0-3.39.3-150000.3.17.1 updated - libgcc_s1-11.3.0+git1637-150000.1.11.2 updated - libxml2-2-2.9.7-150000.3.51.1 updated - libstdc++6-11.3.0+git1637-150000.1.11.2 updated - libncurses6-6.1-150000.5.12.1 updated - terminfo-base-6.1-150000.5.12.1 updated - ncurses-utils-6.1-150000.5.12.1 updated - libopenssl1_1-1.1.1d-150200.11.54.1 updated - libopenssl1_1-hmac-1.1.1d-150200.11.54.1 updated - libldap-2_4-2-2.4.46-150200.14.11.2 updated - libdw1-0.177-150300.11.3.1 updated - libelf1-0.177-150300.11.3.1 updated - libebl-plugins-0.177-150300.11.3.1 updated - libudev1-246.16-150300.7.54.1 updated - libsystemd0-246.16-150300.7.54.1 updated - libmount1-2.36.2-150300.4.28.1 updated - krb5-1.19.2-150300.7.7.1 updated - libtirpc3-1.2.6-150300.3.14.1 updated - libcurl4-7.66.0-150200.4.42.1 updated - permissions-20181225-150200.23.20.1 updated - pam-1.3.0-150000.6.61.1 updated - util-linux-2.36.2-150300.4.28.1 updated - aaa_base-84.87+git20180409.04c9dae-150300.10.3.1 updated - libtasn1-6-4.13-150000.4.8.1 updated - libtasn1-4.13-150000.4.8.1 updated - timezone-2022f-150000.75.15.1 updated - openssl-1_1-1.1.1d-150200.11.54.1 updated - ca-certificates-mozilla-2.56-150200.24.1 updated - libatomic1-12.2.1+git416-150000.1.5.1 updated - libctf-nobfd0-2.39-150100.7.40.1 updated - libgomp1-12.2.1+git416-150000.1.5.1 updated - libitm1-12.2.1+git416-150000.1.5.1 updated - liblsan0-12.2.1+git416-150000.1.5.1 updated - update-alternatives-1.19.0.4-150000.4.4.1 updated - libctf0-2.39-150100.7.40.1 updated - binutils-2.39-150100.7.40.1 updated - python3-rpm-4.14.3-150300.52.1 updated - python3-MarkupSafe-1.1.1-150300.1.2 updated - python3-cryptography-2.9.2-150200.13.1 updated - container:sles15-image-15.0.0-17.20.75 updated From sle-updates at lists.suse.com Wed Nov 30 11:00:37 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 30 Nov 2022 12:00:37 +0100 (CET) Subject: SUSE-CU-2022:3265-1: Security update of trento/trento-web Message-ID: <20221130110037.294F8FD2D@maintenance.suse.de> SUSE Container Update Advisory: trento/trento-web ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3265-1 Container Tags : trento/trento-web:1.2.0 , trento/trento-web:1.2.0-build4.18.11 , trento/trento-web:latest Container Release : 4.18.11 Severity : important Type : security References : 1033084 1033085 1033086 1033087 1033088 1033089 1033090 1047178 1082318 1104264 1106390 1107066 1107067 1111973 1112723 1112726 1123685 1125007 1137373 1167864 1177460 1180995 1181658 1181961 1194708 1195059 1195157 1197178 1197570 1198341 1198507 1198627 1198731 1198732 1198752 1199140 1199492 1200170 1200800 1200842 1200855 1201560 1201640 1201680 1201942 1201959 1201978 1202175 1202310 1202324 1202593 1202812 1203018 1203046 1203652 1203911 1204137 1204179 1204211 1204366 1204367 1204383 1204649 1204968 1205156 CVE-2016-3709 CVE-2017-6512 CVE-2017-7607 CVE-2017-7608 CVE-2017-7609 CVE-2017-7610 CVE-2017-7611 CVE-2017-7612 CVE-2017-7613 CVE-2018-16062 CVE-2018-16402 CVE-2018-16403 CVE-2018-18310 CVE-2018-18520 CVE-2018-18521 CVE-2019-7146 CVE-2019-7148 CVE-2019-7149 CVE-2019-7150 CVE-2019-7664 CVE-2019-7665 CVE-2020-10696 CVE-2021-20206 CVE-2021-46828 CVE-2022-29458 CVE-2022-2990 CVE-2022-31252 CVE-2022-32221 CVE-2022-35252 CVE-2022-37434 CVE-2022-3821 CVE-2022-40303 CVE-2022-40304 ----------------------------------------------------------------- The container trento/trento-web was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2470-1 Released: Thu Jul 21 04:40:14 2022 Summary: Recommended update for systemd Type: recommended Severity: important References: 1137373,1181658,1194708,1195157,1197570,1198507,1198732,1200170 This update for systemd fixes the following issues: - Allow control characters in environment variable values (bsc#1200170) - Call pam_loginuid when creating user at .service (bsc#1198507) - Fix parsing error in s390 udev rules conversion script (bsc#1198732) - Fix issues with multipath setup (bsc#1137373, bsc#1181658, bsc#1194708, bsc#1195157, bsc#1197570) - Flagsify EscapeStyle and make ESCAPE_BACKSLASH_ONELINE implicit - Revert 'basic/env-util: (mostly) follow POSIX for what variable names are allowed' - basic/env-util: (mostly) follow POSIX for what variable names are allowed - basic/env-util: make function shorter - basic/escape: add mode where empty arguments are still shown as '' - basic/escape: always escape newlines in shell_escape() - basic/escape: escape control characters, but not utf-8, in shell quoting - basic/escape: use consistent location for '*' in function declarations - basic/string-util: inline iterator variable declarations - basic/string-util: simplify how str_realloc() is used - basic/string-util: split out helper function - core/device: device_coldplug(): don't set DEVICE_DEAD - core/device: do not downgrade device state if it is already enumerated - core/device: drop unnecessary condition - string-util: explicitly cast character to unsigned - string-util: fix build error on aarch64 - test-env-util: Verify that \r is disallowed in env var values - test-env-util: print function headers ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2494-1 Released: Thu Jul 21 15:16:42 2022 Summary: Recommended update for glibc Type: recommended Severity: important References: 1200855,1201560,1201640 This update for glibc fixes the following issues: - Remove tunables from static tls surplus patch which caused crashes (bsc#1200855) - i386: Disable check_consistency for GCC 5 and above (bsc#1201640, BZ #25788) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2614-1 Released: Mon Aug 1 10:41:04 2022 Summary: Security update for dwarves and elfutils Type: security Severity: moderate References: 1033084,1033085,1033086,1033087,1033088,1033089,1033090,1082318,1104264,1106390,1107066,1107067,1111973,1112723,1112726,1123685,1125007,CVE-2017-7607,CVE-2017-7608,CVE-2017-7609,CVE-2017-7610,CVE-2017-7611,CVE-2017-7612,CVE-2017-7613,CVE-2018-16062,CVE-2018-16402,CVE-2018-16403,CVE-2018-18310,CVE-2018-18520,CVE-2018-18521,CVE-2019-7146,CVE-2019-7148,CVE-2019-7149,CVE-2019-7150,CVE-2019-7664,CVE-2019-7665 This update for dwarves and elfutils fixes the following issues: elfutils was updated to version 0.177 (jsc#SLE-24501): - elfclassify: New tool to analyze ELF objects. - readelf: Print DW_AT_data_member_location as decimal offset. Decode DW_AT_discr_list block attributes. - libdw: Add DW_AT_GNU_numerator, DW_AT_GNU_denominator and DW_AT_GNU_bias. - libdwelf: Add dwelf_elf_e_machine_string. dwelf_elf_begin now only returns NULL when there is an error reading or decompressing a file. If the file is not an ELF file an ELF handle of type ELF_K_NONE is returned. - backends: Add support for C-SKY. Update to version 0.176: - build: Add new --enable-install-elfh option. Do NOT use this for system installs (it overrides glibc elf.h). - backends: riscv improved core file and return value location support. - Fixes: - CVE-2019-7146, CVE-2019-7148, CVE-2019-7149, CVE-2019-7664 - CVE-2019-7150: dwfl_segment_report_module doesn't check whether the dyn data read from core file is truncated (bsc#1123685) - CVE-2019-7665: NT_PLATFORM core file note should be a zero terminated string (CVE is a bit misleading, as this is not a bug in libelf as described) (bsc#1125007) Update to version 0.175: - readelf: Handle mutliple .debug_macro sections. Recognize and parse GNU Property, NT_VERSION and GNU Build Attribute ELF Notes. - strip: Handle SHT_GROUP correctly. Add strip --reloc-debug-sections-only option. Handle relocations against GNU compressed sections. - libdwelf: New function dwelf_elf_begin. - libcpu: Recognize bpf jump variants BPF_JLT, BPF_JLE, BPF_JSLT and BPF_JSLE. backends: RISCV handles ADD/SUB relocations. Handle SHT_X86_64_UNWIND. - CVE-2018-18521: arlib: Divide-by-zero vulnerabilities in the function arlib_add_symbols() used by eu-ranlib (bsc#1112723) - CVE-2018-18310: Invalid Address Read problem in dwfl_segment_report_module.c (bsc#1111973) - CVE-2018-18520: eu-size: Bad handling of ar files inside are files (bsc#1112726) Update to version 0.174: - libelf, libdw and all tools now handle extended shnum and shstrndx correctly. - elfcompress: Don't rewrite input file if no section data needs updating. Try harder to keep same file mode bits (suid) on rewrite. - strip: Handle mixed (out of order) allocated/non-allocated sections. - unstrip: Handle SHT_GROUP sections. - backends: RISCV and M68K now have backend implementations to generate CFI based backtraces. - Fixes: - CVE-2018-16402: libelf: denial of service/double free on an attempt to decompress the same section twice (bsc#1107066) Double-free crash in nm and readelf - CVE-2018-16403: heap buffer overflow in readelf (bsc#1107067) - CVE-2018-16062: heap-buffer-overflow in /elfutils/libdw/dwarf_getaranges.c:156 (bsc#1106390) Update to version 0.173: - More fixes for crashes and hangs found by afl-fuzz. In particular various functions now detect and break infinite loops caused by bad DIE tree cycles. - readelf: Will now lookup the size and signedness of constant value types to display them correctly (and not just how they were encoded). - libdw: New function dwarf_next_lines to read CU-less .debug_line data. dwarf_begin_elf now accepts ELF files containing just .debug_line or .debug_frame sections (which can be read without needing a DIE tree from the .debug_info section). Removed dwarf_getscn_info, which was never implemented. - backends: Handle BPF simple relocations. The RISCV backends now handles ABI specific CFI and knows about RISCV register types and names. Update to version 0.172: - Various bug fixes in libdw and eu-readelf dealing with bad DWARF5 data. Thanks to running the afl fuzzer on eu-readelf and various testcases. Update to version 0.171: - DWARF5 and split dwarf, including GNU DebugFission, are supported now. Data can be read from the new DWARF sections .debug_addr, .debug_line_str, .debug_loclists, .debug_str_offsets and .debug_rnglists. Plus the new DWARF5 and GNU DebugFission encodings of the existing .debug sections. Also in split DWARF .dwo (DWARF object) files. This support is mostly handled by existing functions (dwarf_getlocation*, dwarf_getsrclines, dwarf_ranges, dwarf_form*, etc.) now returning the data from the new sections and data formats. But some new functions have been added to more easily get information about skeleton and split compile units (dwarf_get_units and dwarf_cu_info), handle new attribute data (dwarf_getabbrevattr_data) and to keep references to Dwarf_Dies that might come from different sections or files (dwarf_die_addr_die). - Not yet supported are .dwp (Dwarf Package) and .sup (Dwarf Supplementary) files, the .debug_names index, the .debug_cu_index and .debug_tu_index sections. Only a single .debug_info (and .debug_types) section are currently handled. - readelf: Handle all new DWARF5 sections. --debug-dump=info+ will show split unit DIEs when found. --dwarf-skeleton can be used when inspecting a .dwo file. Recognizes GNU locviews with --debug-dump=loc. - libdw: New functions dwarf_die_addr_die, dwarf_get_units, dwarf_getabbrevattr_data and dwarf_cu_info. libdw will now try to resolve the alt file on first use of an alt attribute FORM when not set yet with dwarf_set_alt. dwarf_aggregate_size() now works with multi-dimensional arrays. - libdwfl: Use process_vm_readv when available instead of ptrace. backends: Add a RISC-V backend. There were various improvements to build on Windows. The sha1 and md5 implementations have been removed, they weren't used. Update to version 0.170: - libdw: Added new DWARF5 attribute, tag, character encoding, language code, calling convention, defaulted member function and macro constants to dwarf.h. New functions dwarf_default_lower_bound and dwarf_line_file. dwarf_peel_type now handles DWARF5 immutable, packed and shared tags. dwarf_getmacros now handles DWARF5 .debug_macro sections. - strip: Add -R, --remove-section=SECTION and --keep-section=SECTION. - backends: The bpf disassembler is now always build on all platforms. Update to version 0.169: - backends: Add support for EM_PPC64 GNU_ATTRIBUTES. Frame pointer unwinding fallback support for i386, x86_64, aarch64. - translations: Update Polish translation. - CVE-2017-7611: elfutils: DoS (heap-based buffer over-read and application crash) via a crafted ELF file (bsc#1033088) - CVE-2017-7610: elflint: heap-based buffer overflow in check_group (bsc#1033087) - CVE-2017-7609: memory allocation failure in __libelf_decompress (bsc#1033086) - CVE-2017-7607: heap-based buffer overflow in handle_gnu_hashi (readelf.c) (bsc#1033084) - CVE-2017-7608: heap-based buffer overflow in ebl_object_note_type_name (eblobjnotetypename.c) (bsc#1033085) - CVE-2017-7613: elfutils: denial of service (memory consumption) via a crafted ELF file (bsc#1033090) - CVE-2017-7612: elfutils: denial of service (heap-based buffer over-read and application crash) via a crafted ELF file (bsc#1033089) - Don't make elfutils recommend elfutils-lang as elfutils-lang already supplements elfutils. dwarves is shipped new in version 1.22 to provide tooling for use by the Linux Kernel BTF verification framework. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2717-1 Released: Tue Aug 9 12:54:16 2022 Summary: Security update for ncurses Type: security Severity: moderate References: 1198627,CVE-2022-29458 This update for ncurses fixes the following issues: - CVE-2022-29458: Fixed segfaulting out-of-bounds read in convert_strings in tinfo/read_entry.c (bsc#1198627). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2904-1 Released: Fri Aug 26 05:28:34 2022 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1198341 This update for openldap2 fixes the following issues: - Prevent memory reuse which may lead to instability (bsc#1198341) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2921-1 Released: Fri Aug 26 15:17:43 2022 Summary: Recommended update for systemd Type: recommended Severity: important References: 1195059 This update for systemd fixes the following issues: - Drop or soften some of the deprecation warnings (jsc#PED-944) - Ensure root user can login even if systemd-user-sessions.service is not activated yet (bsc#1195059) - tmpfiles: check for the correct directory ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2929-1 Released: Mon Aug 29 11:21:47 2022 Summary: Recommended update for timezone Type: recommended Severity: important References: 1202310 This update for timezone fixes the following issue: - Reflect new Chile DST change (bsc#1202310) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2947-1 Released: Wed Aug 31 09:16:21 2022 Summary: Security update for zlib Type: security Severity: important References: 1202175,CVE-2022-37434 This update for zlib fixes the following issues: - CVE-2022-37434: Fixed heap-based buffer over-read or buffer overflow via large gzip header extra field (bsc#1202175). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2982-1 Released: Thu Sep 1 12:33:47 2022 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1197178,1198731,1200842 This update for util-linux fixes the following issues: - su: Change owner and mode for pty (bsc#1200842) - agetty: Resolve tty name even if stdin is specified (bsc#1197178) - libmount: When moving a mount point, update all sub mount entries in utab (bsc#1198731) - mesg: use only stat() to get the current terminal status (bsc#1200842) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3004-1 Released: Fri Sep 2 15:02:14 2022 Summary: Security update for curl Type: security Severity: low References: 1202593,CVE-2022-35252 This update for curl fixes the following issues: - CVE-2022-35252: Fixed a potential injection of control characters into cookies, which could be exploited by sister sites to cause a denial of service (bsc#1202593). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3127-1 Released: Wed Sep 7 04:36:10 2022 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1198752,1200800 This update for libtirpc fixes the following issues: - Exclude ipv6 addresses in client protocol version 2 code (bsc#1200800) - Fix memory leak in params.r_addr assignement (bsc#1198752) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3262-1 Released: Tue Sep 13 15:34:29 2022 Summary: Recommended update for gcc11 Type: recommended Severity: moderate References: 1199140 This update for gcc11 ships some missing 32bit libraries for s390x. (bsc#1199140) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3271-1 Released: Wed Sep 14 06:45:39 2022 Summary: Security update for perl Type: security Severity: moderate References: 1047178,CVE-2017-6512 This update for perl fixes the following issues: - CVE-2017-6512: Fixed File::Path rmtree/remove_tree race condition (bsc#1047178). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3276-1 Released: Thu Sep 15 06:15:29 2022 Summary: This update fixes the following issues: Type: recommended Severity: moderate References: Implement ECO jsc#SLE-20950 to fix the channel configuration for libeconf-devel having L3 support (instead of unsupported). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3305-1 Released: Mon Sep 19 11:45:57 2022 Summary: Security update for libtirpc Type: security Severity: important References: 1201680,CVE-2021-46828 This update for libtirpc fixes the following issues: - CVE-2021-46828: Fixed denial of service vulnerability with lots of connections (bsc#1201680). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3394-1 Released: Mon Sep 26 16:05:19 2022 Summary: Security update for permissions Type: security Severity: moderate References: 1203018,CVE-2022-31252 This update for permissions fixes the following issues: - CVE-2022-31252: Fixed chkstat group controlled paths (bsc#1203018). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3452-1 Released: Wed Sep 28 12:13:43 2022 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1201942 This update for glibc fixes the following issues: - Reversing calculation of __x86_shared_non_temporal_threshold (bsc#1201942) - powerpc: Optimized memcmp for power10 (jsc#PED-987) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3555-1 Released: Mon Oct 10 14:05:12 2022 Summary: Recommended update for aaa_base Type: recommended Severity: important References: 1199492 This update for aaa_base fixes the following issues: - The wrapper rootsh is not a restricted shell. (bsc#1199492) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3766-1 Released: Wed Oct 26 11:38:01 2022 Summary: Security update for buildah Type: security Severity: important References: 1167864,1181961,1202812,CVE-2020-10696,CVE-2021-20206,CVE-2022-2990 This update for buildah fixes the following issues: - CVE-2021-20206: Fixed an issue in libcni that could allow an attacker to execute arbitrary binaries on the host (bsc#1181961). - CVE-2020-10696: Fixed an issue that could lead to files being overwritten during the image building process (bsc#1167864). - CVE-2022-2990: Fixed possible information disclosure and modification / bsc#1202812 Buildah was updated to version 1.27.1: * run: add container gid to additional groups - Add fix for CVE-2022-2990 / bsc#1202812 Update to version 1.27.0: * Don't try to call runLabelStdioPipes if spec.Linux is not set * build: support filtering cache by duration using --cache-ttl * build: support building from commit when using git repo as build context * build: clean up git repos correctly when using subdirs * integration tests: quote '?' in shell scripts * test: manifest inspect should have OCIv1 annotation * vendor: bump to c/common at 87fab4b7019a * Failure to determine a file or directory should print an error * refactor: remove unused CommitOptions from generateBuildOutput * stage_executor: generate output for cases with no commit * stage_executor, commit: output only if last stage in build * Use errors.Is() instead of os.Is{Not,}Exist * Minor test tweak for podman-remote compatibility * Cirrus: Use the latest imgts container * imagebuildah: complain about the right Dockerfile * tests: don't try to wrap `nil` errors * cmd/buildah.commitCmd: don't shadow 'err' * cmd/buildah.pullCmd: complain about DecryptConfig/EncryptConfig * Fix a copy/paste error message * Fix a typo in an error message * build,cache: support pulling/pushing cache layers to/from remote sources * Update vendor of containers/(common, storage, image) * Rename chroot/run.go to chroot/run_linux.go * Don't bother telling codespell to skip files that don't exist * Set user namespace defaults correctly for the library * imagebuildah: optimize cache hits for COPY and ADD instructions * Cirrus: Update VM images w/ updated bats * docs, run: show SELinux label flag for cache and bind mounts * imagebuildah, build: remove undefined concurrent writes * bump github.com/opencontainers/runtime-tools * Add FreeBSD support for 'buildah info' * Vendor in latest containers/(storage, common, image) * Add freebsd cross build targets * Make the jail package build on 32bit platforms * Cirrus: Ensure the build-push VM image is labeled * GHA: Fix dynamic script filename * Vendor in containers/(common, storage, image) * Run codespell * Remove import of github.com/pkg/errors * Avoid using cgo in pkg/jail * Rename footypes to fooTypes for naming consistency * Move cleanupTempVolumes and cleanupRunMounts to run_common.go * Make the various run mounts work for FreeBSD * Move get{Bind,Tmpfs,Secret,SSH}Mount to run_common.go * Move runSetupRunMounts to run_common.go * Move cleanableDestinationListFromMounts to run_common.go * Make setupMounts and runSetupBuiltinVolumes work on FreeBSD * Move setupMounts and runSetupBuiltinVolumes to run_common.go * Tidy up - runMakeStdioPipe can't be shared with linux * Move runAcceptTerminal to run_common.go * Move stdio copying utilities to run_common.go * Move runUsingRuntime and runCollectOutput to run_common.go * Move fileCloser, waitForSync and contains to run_common.go * Move checkAndOverrideIsolationOptions to run_common.go * Move DefaultNamespaceOptions to run_common.go * Move getNetworkInterface to run_common.go * Move configureEnvironment to run_common.go * Don't crash in configureUIDGID if Process.Capabilities is nil * Move configureUIDGID to run_common.go * Move runLookupPath to run_common.go * Move setupTerminal to run_common.go * Move etc file generation utilities to run_common.go * Add run support for FreeBSD * Add a simple FreeBSD jail library * Add FreeBSD support to pkg/chrootuser * Sync call signature for RunUsingChroot with chroot/run.go * test: verify feature to resolve basename with args * vendor: bump openshift/imagebuilder to master at 4151e43 * GHA: Remove required reserved-name use * buildah: set XDG_RUNTIME_DIR before setting default runroot * imagebuildah: honor build output even if build container is not commited * chroot: honor DefaultErrnoRet * [CI:DOCS] improve pull-policy documentation * tests: retrofit test since --file does not supports dir * Switch to golang native error wrapping * BuildDockerfiles: error out if path to containerfile is a directory * define.downloadToDirectory: fail early if bad HTTP response * GHA: Allow re-use of Cirrus-Cron fail-mail workflow * add: fail on bad http response instead of writing to container * [CI:DOCS] Update buildahimage comment * lint: inspectable is never nil * vendor: c/common to common at 7e1563b * build: support OCI hooks for ephemeral build containers * [CI:BUILD] Install latest buildah instead of compiling * Add subid support with BuildRequires and BUILDTAG [NO NEW TESTS NEEDED] * Make sure cpp is installed in buildah images * demo: use unshare for rootless invocations * buildah.spec.rpkg: initial addition * build: fix test for subid 4 * build, userns: add support for --userns=auto * Fix building upstream buildah image * Remove redundant buildahimages-are-sane validation * Docs: Update multi-arch buildah images readme * Cirrus: Migrate multiarch build off github actions * retrofit-tests: we skip unused stages so use stages * stage_executor: dont rely on stage while looking for additional-context * buildkit, multistage: skip computing unwanted stages * More test cleanup * copier: work around freebsd bug for 'mkdir /' * Replace $BUILDAH_BINARY with buildah() function * Fix up buildah images * Make util and copier build on FreeBSD * Vendor in latest github.com/sirupsen/logrus * Makefile: allow building without .git * run_unix: don't return an error from getNetworkInterface * run_unix: return a valid DefaultNamespaceOptions * Update vendor of containers/storage * chroot: use ActKillThread instead of ActKill * use resolvconf package from c/common/libnetwork * update c/common to latest main * copier: add `NoOverwriteNonDirDir` option * Sort buildoptions and move cli/build functions to internal * Fix TODO: de-spaghettify run mounts * Move options parsing out of build.go and into pkg/cli * [CI:DOCS] Tutorial 04 - Include Debian/Ubuntu deps * build, multiarch: support splitting build logs for --platform * [CI:BUILD] WIP Cleanup Image Dockerfiles * cli remove stutter * docker-parity: ignore sanity check if baseImage history is null * build, commit: allow disabling image history with --omit-history * Fix use generic/ambiguous DEBUG name * Cirrus: use Ubuntu 22.04 LTS * Fix codespell errors * Remove util.StringInSlice because it is defined in containers/common * buildah: add support for renaming a device in rootless setups * squash: never use build cache when computing last step of last stage * Update vendor of containers/(common, storage, image) * buildkit: supports additionalBuildContext in builds via --build-context * buildah source pull/push: show progress bar * run: allow resuing secret twice in different RUN steps * test helpers: default to being rootless-aware * Add --cpp-flag flag to buildah build * build: accept branch and subdirectory when context is git repo * Vendor in latest containers/common * vendor: update c/storage and c/image * Fix gentoo install docs * copier: move NSS load to new process * Add test for prevention of reusing encrypted layers * Make `buildah build --label foo` create an empty 'foo' label again Update to version 1.26.4: * build, multiarch: support splitting build logs for --platform * copier: add `NoOverwriteNonDirDir` option * docker-parity: ignore sanity check if baseImage history is null * build, commit: allow disabling image history with --omit-history * buildkit: supports additionalBuildContext in builds via --build-context * Add --cpp-flag flag to buildah build Update to version 1.26.3: * define.downloadToDirectory: fail early if bad HTTP response * add: fail on bad http response instead of writing to container * squash: never use build cache when computing last step of last stage * run: allow resuing secret twice in different RUN steps * integration tests: update expected error messages * integration tests: quote '?' in shell scripts * Use errors.Is() to check for storage errors * lint: inspectable is never nil * chroot: use ActKillThread instead of ActKill * chroot: honor DefaultErrnoRet * Set user namespace defaults correctly for the library * contrib/rpm/buildah.spec: fix `rpm` parser warnings Drop requires on apparmor pattern, should be moved elsewhere for systems which want AppArmor instead of SELinux. - Update BuildRequires to libassuan-devel >= 2.5.2, pkgconfig file is required to build. Update to version 1.26.2: * buildah: add support for renaming a device in rootless setups Update to version 1.26.1: * Make `buildah build --label foo` create an empty 'foo' label again * imagebuildah,build: move deepcopy of args before we spawn goroutine * Vendor in containers/storage v1.40.2 * buildah.BuilderOptions.DefaultEnv is ignored, so mark it as deprecated * help output: get more consistent about option usage text * Handle OS version and features flags * buildah build: --annotation and --label should remove values * buildah build: add a --env * buildah: deep copy options.Args before performing concurrent build/stage * test: inline platform and builtinargs behaviour * vendor: bump imagebuilder to master/009dbc6 * build: automatically set correct TARGETPLATFORM where expected * Vendor in containers/(common, storage, image) * imagebuildah, executor: process arg variables while populating baseMap * buildkit: add support for custom build output with --output * Cirrus: Update CI VMs to F36 * fix staticcheck linter warning for deprecated function * Fix docs build on FreeBSD * copier.unwrapError(): update for Go 1.16 * copier.PutOptions: add StripSetuidBit/StripSetgidBit/StripStickyBit * copier.Put(): write to read-only directories * Ed's periodic test cleanup * using consistent lowercase 'invalid' word in returned err msg * use etchosts package from c/common * run: set actual hostname in /etc/hostname to match docker parity * Update vendor of containers/(common,storage,image) * manifest-create: allow creating manifest list from local image * Update vendor of storage,common,image * Initialize network backend before first pull * oci spec: change special mount points for namespaces * tests/helpers.bash: assert handle corner cases correctly * buildah: actually use containers.conf settings * integration tests: learn to start a dummy registry * Fix error check to work on Podman * buildah build should accept at most one arg * tests: reduce concurrency for flaky bud-multiple-platform-no-run * vendor in latest containers/common,image,storage * manifest-add: allow override arch,variant while adding image * Remove a stray `\` from .containerenv * Vendor in latest opencontainers/selinux v1.10.1 * build, commit: allow removing default identity labels * Create shorter names for containers based on image IDs * test: skip rootless on cgroupv2 in root env * fix hang when oci runtime fails * Set permissions for GitHub actions * copier test: use correct UID/GID in test archives * run: set parent-death signals and forward SIGHUP/SIGINT/SIGTERM ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3773-1 Released: Wed Oct 26 12:19:29 2022 Summary: Security update for curl Type: security Severity: important References: 1204383,CVE-2022-32221 This update for curl fixes the following issues: - CVE-2022-32221: Fixed POST following PUT confusion (bsc#1204383). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3776-1 Released: Wed Oct 26 14:06:43 2022 Summary: Recommended update for permissions Type: recommended Severity: important References: 1203911,1204137 This update for permissions fixes the following issues: - Revert changes that replaced ping capabilities with ICMP_PROTO sockets. Older SUSE Linux Enterprise versions don't properly support ICMP_PROTO sockets feature yet (bsc#1204137) - Fix regression introduced by backport of security fix (bsc#1203911) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3871-1 Released: Fri Nov 4 13:26:29 2022 Summary: Security update for libxml2 Type: security Severity: important References: 1201978,1204366,1204367,CVE-2016-3709,CVE-2022-40303,CVE-2022-40304 This update for libxml2 fixes the following issues: - CVE-2016-3709: Fixed possible XSS vulnerability (bsc#1201978). - CVE-2022-40303: Fixed integer overflows with XML_PARSE_HUGE (bsc#1204366). - CVE-2022-40304: Fixed dict corruption caused by entity reference cycles (bsc#1204367). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3901-1 Released: Tue Nov 8 10:50:06 2022 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1180995,1203046 This update for openssl-1_1 fixes the following issues: - Default to RFC7919 groups when generating ECDH parameters using 'genpkey' or 'dhparam' in FIPS mode (bsc#1180995) - Fix memory leaks (bsc#1203046) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3910-1 Released: Tue Nov 8 13:05:04 2022 Summary: Recommended update for pam Type: recommended Severity: moderate References: This update for pam fixes the following issue: - Update pam_motd to the most current version. (PED-1712) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3961-1 Released: Mon Nov 14 07:33:50 2022 Summary: Recommended update for zlib Type: recommended Severity: important References: 1203652 This update for zlib fixes the following issues: - Fix updating strm.adler with inflate() if DFLTCC is used (bsc#1203652) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3973-1 Released: Mon Nov 14 15:38:25 2022 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1201959,1204211 This update for util-linux fixes the following issues: - Fix file conflict during upgrade (bsc#1204211) - libuuid improvements (bsc#1201959, PED-1150): libuuid: Fix range when parsing UUIDs. Improve cache handling for short running applications-increment the cache size over runtime. Implement continuous clock handling for time based UUIDs. Check clock value from clock file to provide seamless libuuid. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4056-1 Released: Thu Nov 17 15:38:08 2022 Summary: Security update for systemd Type: security Severity: moderate References: 1204179,1204968,CVE-2022-3821 This update for systemd fixes the following issues: - CVE-2022-3821: Fixed buffer overrun in format_timespan() function (bsc#1204968). - Import commit 56bee38fd0da18dad5fc5c5d12c02238a22b50e2 * 8a70235d8a core: Add trigger limit for path units * 93e544f3a0 core/mount: also add default before dependency for automount mount units * 5916a7748c logind: fix crash in logind on user-specified message string - Document udev naming scheme (bsc#1204179). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4066-1 Released: Fri Nov 18 10:43:00 2022 Summary: Recommended update for timezone Type: recommended Severity: important References: 1177460,1202324,1204649,1205156 This update for timezone fixes the following issues: Update timezone version from 2022a to 2022f (bsc#1177460, bsc#1204649, bsc#1205156): - Mexico will no longer observe DST except near the US border - Chihuahua moves to year-round -06 on 2022-10-30 - Fiji no longer observes DST - In vanguard form, GMT is now a Zone and Etc/GMT a link - zic now supports links to links, and vanguard form uses this - Simplify four Ontario zones - Fix a Y2438 bug when reading TZif data - Enable 64-bit time_t on 32-bit glibc platforms - Omit large-file support when no longer needed - Jordan and Syria switch from +02/+03 with DST to year-round +03 - Palestine transitions are now Saturdays at 02:00 - Simplify three Ukraine zones into one - Improve tzselect on intercontinental Zones - Chile's DST is delayed by a week in September 2022 (bsc#1202324) - Iran no longer observes DST after 2022 - Rename Europe/Kiev to Europe/Kyiv - New `zic -R` command option - Vanguard form now uses %z The following package changes have been done: - libldap-data-2.4.46-150200.14.11.2 updated - libtirpc-netconfig-1.2.6-150300.3.14.1 updated - glibc-2.31-150300.41.1 updated - libuuid1-2.36.2-150300.4.28.1 updated - libsmartcols1-2.36.2-150300.4.28.1 updated - libgpg-error0-1.42-150300.9.3.1 updated - libeconf0-0.4.4+git20220104.962774f-150300.3.8.1 updated - libblkid1-2.36.2-150300.4.28.1 updated - perl-base-5.26.1-150300.17.11.1 updated - libfdisk1-2.36.2-150300.4.28.1 updated - libz1-1.2.11-150000.3.36.1 updated - libgcc_s1-11.3.0+git1637-150000.1.11.2 updated - libxml2-2-2.9.7-150000.3.51.1 updated - libstdc++6-11.3.0+git1637-150000.1.11.2 updated - libncurses6-6.1-150000.5.12.1 updated - terminfo-base-6.1-150000.5.12.1 updated - ncurses-utils-6.1-150000.5.12.1 updated - libopenssl1_1-1.1.1d-150200.11.54.1 updated - libopenssl1_1-hmac-1.1.1d-150200.11.54.1 updated - libldap-2_4-2-2.4.46-150200.14.11.2 updated - libdw1-0.177-150300.11.3.1 updated - libelf1-0.177-150300.11.3.1 updated - libebl-plugins-0.177-150300.11.3.1 updated - libudev1-246.16-150300.7.54.1 updated - libsystemd0-246.16-150300.7.54.1 updated - libmount1-2.36.2-150300.4.28.1 updated - krb5-1.19.2-150300.7.7.1 updated - libtirpc3-1.2.6-150300.3.14.1 updated - libcurl4-7.66.0-150200.4.42.1 updated - permissions-20181225-150200.23.20.1 updated - pam-1.3.0-150000.6.61.1 updated - util-linux-2.36.2-150300.4.28.1 updated - aaa_base-84.87+git20180409.04c9dae-150300.10.3.1 updated - timezone-2022f-150000.75.15.1 updated - container:nodejs-16-image-15.0.0-17.20.75 updated - container:sles15-image-15.0.0-17.20.75 updated From sle-updates at lists.suse.com Wed Nov 30 17:19:24 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 30 Nov 2022 18:19:24 +0100 (CET) Subject: SUSE-RU-2022:4297-1: important: Recommended update for pdsh, slurm_22_05 Message-ID: <20221130171924.A330AFD2D@maintenance.suse.de> SUSE Recommended Update: Recommended update for pdsh, slurm_22_05 ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:4297-1 Rating: important References: SLE-21334 Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has 0 recommended fixes and contains one feature can now be installed. Description: This update for pdsh, slurm_22_05 fixes the following issues: Slurm was updated to 22.05.5 - Fixes a number of moderate severity issues, noteable are: * Load hash plugin at slurmstepd launch time to prevent issues loading the plugin at step completion if the Slurm installation is upgraded. * Update nvml plugin to match the unique id format for MIG devices in new Nvidia drivers. * Fix multi-node step launch failure when nodes in the controller aren't in natural order. This can happen with inconsistent node naming (such as node15 and node052) or with dynamic nodes which can register in any order. * job_container/tmpfs - cleanup containers even when the .ns file isn't mounted anymore. * Wait up to PrologEpilogTimeout before shutting down slurmd to allow prolog and epilog scripts to complete or timeout. Previously, slurmd waited 120 seconds before timing out and killing prolog and epilog scripts. - Do not deduplicate files of testsuite Slurm configuration. This directory is supposed to be mounted over /etc/slurm therefore it must not contain softlinks to the files in this directory. - Fix a potential security vulnerability in the test package (bsc#1201674, CVE-2022-31251). - update to 22.05.2 with following fixes: * Fix regression which allowed the oversubscription of licenses. * Fix a segfault in slurmctld when requesting gres in job arrays. - Allow log in as user 'slurm'. This allows admins to run certain priviledged commands more easily without becoming root. update to 22.05.0 with following changes: - Support for dynamic node addition and removal - Support for native Linux cgroup v2 operation - Newly added plugins to support HPE Slingshot 11 networks (switch/hpe_slingshot), and Intel Xe GPUs (gpu/oneapi) - Added new acct_gather_interconnect/sysfs plugin to collect statistics from arbitrary network interfaces. - Expanded and synced set of environment variables available in the Prolog/Epilog/PrologSlurmctld/EpilogSlurmctld scripts. - New "--prefer" option to job submissions to allow for a "soft constraint" request to influence node selection. - Optional support for license planning in the backfill scheduler with "bf_licenses" option in SchedulerParameters. - Add a comment about the CommunicationParameters=block_null_hash option warning users who migrate - just in case. - Update to 21.08.8 which fixes CVE-2022-29500 (bsc#1199278), CVE-2022-29501 (bsc#1199279), and CVE-2022-29502 (bsc#1199281). - Added 'CommunicationParameters=block_null_hash' to slurm.conf, please add this parameter to existing configurations. - Update to 21.08.7 with following changes: * openapi/v0.0.37 - correct calculation for bf_queue_len_mean in /diag. * Avoid shrinking a reservation when overlapping with downed nodes. * Only check TRES limits against current usage for TRES requested by the job. * Do not allocate shared gres (MPS) in whole-node allocations * Constrain slurmstepd to job/step cgroup like in previous versions of Slurm. * Fix warnings on 32-bit compilers related to printf() formats. * Fix reconfigure issues after disabling/reenabling the GANG PreemptMode. * Fix race condition where a cgroup was being deleted while another step was creating it. * Set the slurmd port correctly if multi-slurmd * Fix FAIL mail not being sent if a job was cancelled due to preemption. * slurmrestd - move debug logs for HTTP handling to be gated by debugflag NETWORK to avoid unnecessary logging of communication contents. * Fix issue with bad memory access when shrinking running steps. * Fix various issues with internal job accounting with GRES when jobs are shrunk. * Fix ipmi polling on slurmd reconfig or restart. * Fix srun crash when reserved ports are being used and het step fails to launch. * openapi/dbv0.0.37 - fix DELETE execution path on /user/{user_name}. * slurmctld - Properly requeue all components of a het job if PrologSlurmctld fails. * rlimits - remove final calls to limit nofiles to 4096 but to instead use the max possible nofiles in slurmd and slurmdbd. * Allow the DBD agent to load large messages (up to MAX_BUF_SIZE) from state. * Fix potential deadlock during slurmctld restart when there is a completing job. * slurmstepd - reduce user requested soft rlimits when they are above max hard rlimits to avoid rlimit request being completely ignored and processes using default limits. * Fix Slurm user commands displaying available features as active features when no features were active. * Don't power down nodes that are rebooting. * Clear pending node reboot on power down request. * Ignore node registrations while node is powering down. * Don't reboot any node that is power down. * Don't allow a node to reboot if it's marked for power down. * Fix issuing reboot and downing when rebooting a powering up node. * Clear DRAIN on node after failing to resume before ResumeTimeout. * Prevent repeating power down if node fails to resume before ResumeTimeout. * Fix federated cloud node communication with srun and cloud_dns. * Fix jobs being scheduled on nodes marked to be powered_down when idle. * Fix problem where a privileged user could not view array tasks specified by _ when PrivateData had the jobs value set. - Changes in Slurm 21.08.6 * Fix plugin_name definitions in a number of plugins to improve logging. * Close sbcast file transfers when job is cancelled. * scrontab - fix handling of --gpus and --ntasks-per-gpu options. * sched/backfill - fix job_queue_rec_t memory leak. * Fix magnetic reservation logic in both main and backfill schedulers. * job_container/tmpfs - fix memory leak when using InitScript. * slurmrestd / openapi - fix memory leaks. * Fix slurmctld segfault due to job array resv_list double free. * Fix multi-reservation job testing logic. * Fix slurmctld segfault due to insufficient job reservation parse validation. * Fix main and backfill schedulers handling for already rejected job array. * sched/backfill - restore resv_ptr after yielding locks. * acct_gather_energy/xcc - appropriately close and destroy the IPMI context. * Protect slurmstepd from making multiple calls to the cleanup logic. * Prevent slurmstepd segfault at cleanup time in mpi_fini(). * Fix slurmctld sometimes hanging if shutdown while PrologSlurmctld or EpilogSlurmctld were running and PrologEpilogTimeout is set in slurm.conf. * Fix affinity of the batch step if batch host is different than the first node in the allocation. * slurmdbd - fix segfault after multiple failover/failback operations. * Fix jobcomp filetxt job selection condition. * Fix -f flag of sacct not being used. * Select cores for job steps according to the socket distribution. Previously, sockets were always filled before selecting cores from the next socket. * Keep node in Future state if epilog completes while in Future state. * Fix erroneous --constraint behavior by preventing multiple sets of brackets. * Make ResetAccrueTime update the job's accrue_time to now. * Fix sattach initialization with configless mode. * Revert packing limit checks affecting pmi2. * sacct - fixed assertion failure when using -c option and a federation display * Fix issue that allowed steps to overallocate the job's memory. * Fix the sanity check mode of AutoDetect so that it actually works. * Fix deallocated nodes that didn't actually launch a job from waiting for Epilogslurmctld to complete before clearing completing node's state. * Job should be in a completing state if EpilogSlurmctld when being requeued. * Fix job not being requeued properly if all node epilog's completed before EpilogSlurmctld finished. * Keep job completing until EpilogSlurmctld is completed even when "downing" a node. * Fix handling reboot with multiple job features. * Fix nodes getting powered down when creating new partitions. * Fix bad bit_realloc which potentially could lead to bad memory access. * slurmctld - remove limit on the number of open files. * Fix bug where job_state file of size above 2GB wasn't saved without any error message. * Fix various issues with no_consume gres. * Fix regression in 21.08.0rc1 where job steps failed to launch on systems that reserved a CPU in a cgroup outside of Slurm (for example, on systems with WekaIO). * Fix OverTimeLimit not being reset on scontrol reconfigure when it is removed from slurm.conf. * serializer/yaml - use dynamic buffer to allow creation of YAML outputs larger than 1MiB. * Fix minor memory leak affecting openapi users at process termination. * Fix batch jobs not resolving the username when nss_slurm is enabled. * slurmrestd - Avoid slurmrestd ignoring invalid HTTP method if the response serialized without error. * openapi/dbv0.0.37 - Correct conditional that caused the diag output to give an internal server error status on success. * Make --mem-bind=sort work with task_affinity * Fix sacctmgr to set MaxJobsAccruePer{User|Account} and MinPrioThres in sacctmgr add qos, modify already worked correctly. * job_container/tmpfs - avoid printing extraneous error messages in Prolog and Epilog, and when the job completes. * Fix step CPU memory allocation with --threads-per-core without --exact. * Remove implicit --exact when --threads-per-core or --hint=nomultithread is used. * Do not allow a step to request more threads per core than the allocation did. * Remove implicit --exact when --cpus-per-task is used. - update to 21.08.5 with following changes: * Fix issue where typeless GRES node updates were not immediately reflected. * Fix setting the default scrontab job working directory so that it's the home of the different user (*u ) and not that of root or SlurmUser editor. * Fix stepd not respecting SlurmdSyslogDebug. * Fix concurrency issue with squeue. * Fix job start time not being reset after launch when job is packed onto already booting node. * Fix updating SLURM_NODE_ALIASES for jobs packed onto powering up nodes. * Cray - Fix issues with starting hetjobs. * auth/jwks - Print fatal() message when jwks is configured but file could not be opened. * If sacctmgr has an association with an unknown qos as the default qos print 'UNKN*###' instead of leaving a blank name. * Correctly determine task count when giving --cpus-per-gpu, --gpus and *-ntasks-per-node without task count. * slurmctld - Fix places where the global last_job_update was not being set to the time of update when a job's reason and description were updated. * slurmctld - Fix case where a job submitted with more than one partition would not have its reason updated while waiting to start. * Fix memory leak in node feature rebooting. * Fix time limit permanetly set to 1 minute by backfill for job array tasks higher than the first with QOS NoReserve flag and PreemptMode configured. * Fix sacct -N to show jobs that started in the current second * Fix issue on running steps where both SLURM_NTASKS_PER_TRES and SLURM_NTASKS_PER_GPU are set. * Handle oversubscription request correctly when also requesting *-ntasks-per-tres. * Correctly detect when a step requests bad gres inside an allocation. * slurmstepd - Correct possible deadlock when UnkillableStepTimeout triggers. * srun - use maximum number of open files while handling job I/O. * Fix writing to Xauthority files on root_squash NFS exports, which was preventing X11 forwarding from completing setup. * Fix regression in 21.08.0rc1 that broke --gres=none. * Fix srun --cpus-per-task and --threads-per-core not implicitly setting *-exact. It was meant to work this way in 21.08. * Fix regression in 21.08.0 that broke dynamic future nodes. * Fix dynamic future nodes remembering active state on restart. * Fix powered down nodes getting stuck in COMPLETING+POWERED_DOWN when job is cancelled before nodes are powering up. updated to 21.08.4 which fixes (CVE-2021-43337) which is only present in 21.08 tree. * CVE-2021-43337: For sites using the new AccountingStoreFlags=job_script and/or job_env options, an issue was reported with the access control rules in SlurmDBD that will permit users to request job scripts and environment files that they should not have access to. (Scripts/environments are meant to only be accessible by user accounts with administrator privileges, by account coordinators for jobs submitted under their account, and by the user themselves.) changes from 21.08.3: * This includes a number of fixes since the last release a month ago, including one critical fix to prevent a communication issue between slurmctld and slurmdbd for sites that have started using the new AccountingStoreFlags=job_script functionality. - Utilize sysuser infrastructure to set user/group slurm. For munge authentication slurm should have a fixed UID across all nodes including the management server. Set it to 120 - Limit firewalld service definitions to SUSE versions >= 15. - added service definitions for firewalld (JSC#SLE-22741) update to 21.08.2 - major change: * removed of support of the TaskAffinity=yes option in cgroup.conf. Please consider using "TaskPlugins=cgroup,affinity" in slurm.conf as an option. - minor changes and bugfixes: * slurmctld - fix how the max number of cores on a node in a partition are calculated when the partition contains multi*socket nodes. This in turn corrects certain jobs node count estimations displayed client*side. * job_submit/cray_aries - fix "craynetwork" GRES specification after changes introduced in 21.08.0rc1 that made TRES always have a type prefix. * Ignore nonsensical check in the slurmd for [Pro|Epi]logSlurmctld. * Fix writing to stderr/syslog when systemd runs slurmctld in the foreground. * Fix issue with updating job started with node range. * Fix issue with nodes not clearing state in the database when the slurmctld is started with clean*start. * Fix hetjob components > 1 timing out due to InactiveLimit. * Fix sprio printing -nan for normalized association priority if PriorityWeightAssoc was not defined. * Disallow FirstJobId=0. * Preserve job start info in the database for a requeued job that hadn't registered the first time in the database yet. * Only send one message on prolog failure from the slurmd. * Remove support for TaskAffinity=yes in cgroup.conf. * accounting_storage/mysql - fix issue where querying jobs via sacct *-whole-hetjob=yes or slurmrestd (which automatically includes this flag) could in some cases return more records than expected. * Fix issue for preemption of job array task that makes afterok dependency fail. Additionally, send emails when requeueing happens due to preemption. * Fix sending requeue mail type. * Properly resize a job's GRES bitmaps and counts when resizing the job. * Fix node being able to transition to CLOUD state from non-cloud state. * Fix regression introduced in 21.08.0rc1 which broke a step's ability to inherit GRES from the job when the step didn't request GRES but the job did. * Fix errors in logic when picking nodes based on bracketed anded constraints. This also enforces the requirement to have a count when using such constraints. * Handle job resize better in the database. * Exclude currently running, resized jobs from the runaway jobs list. * Make it possible to shrink a job more than once. - moved pam module from /lib64 to /usr/lib64 which fixes bsc#1191095 via the macro %_pam_moduledir updated to 21.08.1 with following bug fixes: * Fix potential memory leak if a problem happens while allocating GRES for a job. * If an overallocation of GRES happens terminate the creation of a job. * AutoDetect=nvml: Fatal if no devices found in MIG mode. * Print federation and cluster sacctmgr error messages to stderr. * Fix off by one error in --gpu-bind=mask_gpu. * Add --gpu-bind=none to disable gpu binding when using --gpus-per-task. * Handle the burst buffer state "alloc-revoke" which previously would not display in the job correctly. * Fix issue in the slurmstepd SPANK prolog/epilog handler where configuration values were used before being initialized. * Restore a step's ability to utilize all of an allocations memory if --mem=0. * Fix --cpu-bind=verbose garbage taskid. * Fix cgroup task affinity issues from garbage taskid info. * Make gres_job_state_validate() client logging behavior as before 44466a4641. * Fix steps with --hint overriding an allocation with --threads-per-core. * Require requesting a GPU if --mem-per-gpu is requested. * Return error early if a job is requesting --ntasks-per-gpu and no gpus or task count. * Properly clear out pending step if unavailable to run with available resources. * Kill all processes spawned by burst_buffer.lua including decendents. * openapi/v0.0.{35,36,37} - Avoid setting default values of min_cpus, job name, cwd, mail_type, and contiguous on job update. * openapi/v0.0.{35,36,37} - Clear user hold on job update if hold=false. * Prevent CRON_JOB flag from being cleared when loading job state. * sacctmgr - Fix deleting WCKeys when not specifying a cluster. * Fix getting memory for a step when the first node in the step isn't the first node in the allocation. * Make SelectTypeParameters=CR_Core_Memory default for cons_tres and cons_res. * Correctly handle mutex unlocks in the gres code if failures happen. * Give better error message if -m plane is given with no size. * Fix --distribution=arbitrary for salloc. * Fix jobcomp/script regression introduced in 21.08.0rc1 0c75b9ac9d. * Only send the batch node in the step_hostlist in the job credential. * When setting affinity for the batch step don't assume the batch host is node 0. * In task/affinity better checking for node existence when laying out affinity. * slurmrestd - fix job submission with auth/jwt. - Make configure arg '--with-pmix' conditional. - Move openapi plugins to package slurm-restd. updated to 21.08.0, major changes: * A new "AccountingStoreFlags=job_script" option to store the job scripts directly in SlurmDBD. * Added "sacct -o SubmitLine" format option to get the submit line of a job/step. * Changes to the node state management so that nodes are marked as PLANNED instead of IDLE if the scheduler is still accumulating resources while waiting to launch a job on them. * RS256 token support in auth/jwt. * Overhaul of the cgroup subsystems to simplify operation, mitigate a number of inherent race conditions, and prepare for future cgroup v2 support. * Further improvements to cloud node power state management. * A new child process of the Slurm controller called "slurmscriptd" responsible for executing PrologSlurmctld and EpilogSlurmctld scripts, which significantly reduces performance issues associated with enabling those options. * A new burst_buffer/lua plugin allowing for site-specific asynchronous job data management. * Fixes to the job_container/tmpfs plugin to allow the slurmd process to be restarted while the job is running without issue. * Added json/yaml output to sacct, squeue, and sinfo commands. * Added a new node_features/helpers plugin to provide a generic way to change settings on a compute node across a reboot. * Added support for automatically detecting and broadcasting shared libraries for an executable launched with "srun --bcast". * Added initial OCI container execution support with a new --container option to sbatch and srun. * Improved "configless" support by allowing multiple control servers to be specified through the slurmd --conf-server option, and send additional configuration files at startup including cli_filter.lua. Changes in pdsh: - Preparing pdsh for Slurm 22.05. * No later version of Slurm builds on 32 bit. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-4297=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-4297=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-4297=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-4297=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): pdsh-slurm_20_02-2.34-150100.10.14.1 pdsh-slurm_20_02-debuginfo-2.34-150100.10.14.1 pdsh_slurm_20_02-debugsource-2.34-150100.10.14.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): pdsh-slurm_20_02-2.34-150100.10.14.1 pdsh-slurm_20_02-debuginfo-2.34-150100.10.14.1 pdsh_slurm_20_02-debugsource-2.34-150100.10.14.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): libnss_slurm2_22_05-22.05.5-150100.3.3.1 libnss_slurm2_22_05-debuginfo-22.05.5-150100.3.3.1 libpmi0_22_05-22.05.5-150100.3.3.1 libpmi0_22_05-debuginfo-22.05.5-150100.3.3.1 libslurm38-22.05.5-150100.3.3.1 libslurm38-debuginfo-22.05.5-150100.3.3.1 pdsh-2.34-150100.10.14.1 pdsh-debuginfo-2.34-150100.10.14.1 pdsh-debugsource-2.34-150100.10.14.1 pdsh-dshgroup-2.34-150100.10.14.1 pdsh-dshgroup-debuginfo-2.34-150100.10.14.1 pdsh-genders-2.34-150100.10.14.1 pdsh-genders-debuginfo-2.34-150100.10.14.1 pdsh-machines-2.34-150100.10.14.1 pdsh-machines-debuginfo-2.34-150100.10.14.1 pdsh-netgroup-2.34-150100.10.14.1 pdsh-netgroup-debuginfo-2.34-150100.10.14.1 pdsh-slurm-2.34-150100.10.14.1 pdsh-slurm-debuginfo-2.34-150100.10.14.1 pdsh-slurm_20_02-2.34-150100.10.14.1 pdsh-slurm_20_02-debuginfo-2.34-150100.10.14.1 pdsh-slurm_22_05-2.34-150100.10.14.1 pdsh-slurm_22_05-debuginfo-2.34-150100.10.14.1 pdsh_slurm_20_02-debugsource-2.34-150100.10.14.1 pdsh_slurm_22_05-debugsource-2.34-150100.10.14.1 perl-slurm_22_05-22.05.5-150100.3.3.1 perl-slurm_22_05-debuginfo-22.05.5-150100.3.3.1 slurm_22_05-22.05.5-150100.3.3.1 slurm_22_05-auth-none-22.05.5-150100.3.3.1 slurm_22_05-auth-none-debuginfo-22.05.5-150100.3.3.1 slurm_22_05-debuginfo-22.05.5-150100.3.3.1 slurm_22_05-debugsource-22.05.5-150100.3.3.1 slurm_22_05-devel-22.05.5-150100.3.3.1 slurm_22_05-lua-22.05.5-150100.3.3.1 slurm_22_05-lua-debuginfo-22.05.5-150100.3.3.1 slurm_22_05-munge-22.05.5-150100.3.3.1 slurm_22_05-munge-debuginfo-22.05.5-150100.3.3.1 slurm_22_05-node-22.05.5-150100.3.3.1 slurm_22_05-node-debuginfo-22.05.5-150100.3.3.1 slurm_22_05-pam_slurm-22.05.5-150100.3.3.1 slurm_22_05-pam_slurm-debuginfo-22.05.5-150100.3.3.1 slurm_22_05-plugins-22.05.5-150100.3.3.1 slurm_22_05-plugins-debuginfo-22.05.5-150100.3.3.1 slurm_22_05-rest-22.05.5-150100.3.3.1 slurm_22_05-rest-debuginfo-22.05.5-150100.3.3.1 slurm_22_05-slurmdbd-22.05.5-150100.3.3.1 slurm_22_05-slurmdbd-debuginfo-22.05.5-150100.3.3.1 slurm_22_05-sql-22.05.5-150100.3.3.1 slurm_22_05-sql-debuginfo-22.05.5-150100.3.3.1 slurm_22_05-sview-22.05.5-150100.3.3.1 slurm_22_05-sview-debuginfo-22.05.5-150100.3.3.1 slurm_22_05-torque-22.05.5-150100.3.3.1 slurm_22_05-torque-debuginfo-22.05.5-150100.3.3.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (noarch): slurm_22_05-config-22.05.5-150100.3.3.1 slurm_22_05-config-man-22.05.5-150100.3.3.1 slurm_22_05-doc-22.05.5-150100.3.3.1 slurm_22_05-webdoc-22.05.5-150100.3.3.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): libnss_slurm2_22_05-22.05.5-150100.3.3.1 libnss_slurm2_22_05-debuginfo-22.05.5-150100.3.3.1 libpmi0_22_05-22.05.5-150100.3.3.1 libpmi0_22_05-debuginfo-22.05.5-150100.3.3.1 libslurm38-22.05.5-150100.3.3.1 libslurm38-debuginfo-22.05.5-150100.3.3.1 pdsh-2.34-150100.10.14.1 pdsh-debuginfo-2.34-150100.10.14.1 pdsh-debugsource-2.34-150100.10.14.1 pdsh-dshgroup-2.34-150100.10.14.1 pdsh-dshgroup-debuginfo-2.34-150100.10.14.1 pdsh-genders-2.34-150100.10.14.1 pdsh-genders-debuginfo-2.34-150100.10.14.1 pdsh-machines-2.34-150100.10.14.1 pdsh-machines-debuginfo-2.34-150100.10.14.1 pdsh-netgroup-2.34-150100.10.14.1 pdsh-netgroup-debuginfo-2.34-150100.10.14.1 pdsh-slurm-2.34-150100.10.14.1 pdsh-slurm-debuginfo-2.34-150100.10.14.1 pdsh-slurm_20_02-2.34-150100.10.14.1 pdsh-slurm_20_02-debuginfo-2.34-150100.10.14.1 pdsh-slurm_22_05-2.34-150100.10.14.1 pdsh-slurm_22_05-debuginfo-2.34-150100.10.14.1 pdsh_slurm_20_02-debugsource-2.34-150100.10.14.1 pdsh_slurm_22_05-debugsource-2.34-150100.10.14.1 perl-slurm_22_05-22.05.5-150100.3.3.1 perl-slurm_22_05-debuginfo-22.05.5-150100.3.3.1 slurm_22_05-22.05.5-150100.3.3.1 slurm_22_05-auth-none-22.05.5-150100.3.3.1 slurm_22_05-auth-none-debuginfo-22.05.5-150100.3.3.1 slurm_22_05-debuginfo-22.05.5-150100.3.3.1 slurm_22_05-debugsource-22.05.5-150100.3.3.1 slurm_22_05-devel-22.05.5-150100.3.3.1 slurm_22_05-lua-22.05.5-150100.3.3.1 slurm_22_05-lua-debuginfo-22.05.5-150100.3.3.1 slurm_22_05-munge-22.05.5-150100.3.3.1 slurm_22_05-munge-debuginfo-22.05.5-150100.3.3.1 slurm_22_05-node-22.05.5-150100.3.3.1 slurm_22_05-node-debuginfo-22.05.5-150100.3.3.1 slurm_22_05-openlava-22.05.5-150100.3.3.1 slurm_22_05-pam_slurm-22.05.5-150100.3.3.1 slurm_22_05-pam_slurm-debuginfo-22.05.5-150100.3.3.1 slurm_22_05-plugins-22.05.5-150100.3.3.1 slurm_22_05-plugins-debuginfo-22.05.5-150100.3.3.1 slurm_22_05-rest-22.05.5-150100.3.3.1 slurm_22_05-rest-debuginfo-22.05.5-150100.3.3.1 slurm_22_05-slurmdbd-22.05.5-150100.3.3.1 slurm_22_05-slurmdbd-debuginfo-22.05.5-150100.3.3.1 slurm_22_05-sql-22.05.5-150100.3.3.1 slurm_22_05-sql-debuginfo-22.05.5-150100.3.3.1 slurm_22_05-sview-22.05.5-150100.3.3.1 slurm_22_05-sview-debuginfo-22.05.5-150100.3.3.1 slurm_22_05-torque-22.05.5-150100.3.3.1 slurm_22_05-torque-debuginfo-22.05.5-150100.3.3.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (noarch): slurm_22_05-config-22.05.5-150100.3.3.1 slurm_22_05-config-man-22.05.5-150100.3.3.1 slurm_22_05-doc-22.05.5-150100.3.3.1 slurm_22_05-webdoc-22.05.5-150100.3.3.1 References: From sle-updates at lists.suse.com Wed Nov 30 17:20:02 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 30 Nov 2022 18:20:02 +0100 (CET) Subject: SUSE-RU-2022:4299-1: moderate: Recommended update for dconf Message-ID: <20221130172002.12A49FD2D@maintenance.suse.de> SUSE Recommended Update: Recommended update for dconf ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:4299-1 Rating: moderate References: #1203344 #971074 Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Module for Desktop Applications 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for dconf fixes the following issues: - Re-enable fix for `dconf update` to restore correct permissions on db files (bsc#971074, bsc#1203344) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-4299=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP4: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP4-2022-4299=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-4299=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): dconf-0.40.0-150400.3.3.2 dconf-debuginfo-0.40.0-150400.3.3.2 dconf-debugsource-0.40.0-150400.3.3.2 dconf-devel-0.40.0-150400.3.3.2 gsettings-backend-dconf-0.40.0-150400.3.3.2 gsettings-backend-dconf-debuginfo-0.40.0-150400.3.3.2 libdconf1-0.40.0-150400.3.3.2 libdconf1-debuginfo-0.40.0-150400.3.3.2 - openSUSE Leap 15.4 (x86_64): gsettings-backend-dconf-32bit-0.40.0-150400.3.3.2 gsettings-backend-dconf-32bit-debuginfo-0.40.0-150400.3.3.2 libdconf1-32bit-0.40.0-150400.3.3.2 libdconf1-32bit-debuginfo-0.40.0-150400.3.3.2 - SUSE Linux Enterprise Module for Desktop Applications 15-SP4 (aarch64 ppc64le s390x x86_64): dconf-debuginfo-0.40.0-150400.3.3.2 dconf-debugsource-0.40.0-150400.3.3.2 dconf-devel-0.40.0-150400.3.3.2 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): dconf-0.40.0-150400.3.3.2 dconf-debuginfo-0.40.0-150400.3.3.2 dconf-debugsource-0.40.0-150400.3.3.2 gsettings-backend-dconf-0.40.0-150400.3.3.2 gsettings-backend-dconf-debuginfo-0.40.0-150400.3.3.2 libdconf1-0.40.0-150400.3.3.2 libdconf1-debuginfo-0.40.0-150400.3.3.2 References: https://bugzilla.suse.com/1203344 https://bugzilla.suse.com/971074 From sle-updates at lists.suse.com Wed Nov 30 17:20:52 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 30 Nov 2022 18:20:52 +0100 (CET) Subject: SUSE-RU-2022:4300-1: moderate: Recommended update for nodejs16 Message-ID: <20221130172052.C43CBFD2D@maintenance.suse.de> SUSE Recommended Update: Recommended update for nodejs16 ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:4300-1 Rating: moderate References: #1205568 Affected Products: SUSE Linux Enterprise High Performance Computing 12 SUSE Linux Enterprise Module for Web Scripting 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP Applications 12 SUSE Linux Enterprise Server for SAP Applications 12-SP3 SUSE Linux Enterprise Server for SAP Applications 12-SP4 SUSE Linux Enterprise Server for SAP Applications 12-SP5 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for nodejs16 fixes the following issues: - This fixes a bug during unpacking the nodejs16 source rpm (bsc#1205568) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Web Scripting 12: zypper in -t patch SUSE-SLE-Module-Web-Scripting-12-2022-4300=1 Package List: - SUSE Linux Enterprise Module for Web Scripting 12 (aarch64 ppc64le s390x x86_64): nodejs16-16.18.1-8.21.1 nodejs16-debuginfo-16.18.1-8.21.1 nodejs16-debugsource-16.18.1-8.21.1 nodejs16-devel-16.18.1-8.21.1 npm16-16.18.1-8.21.1 - SUSE Linux Enterprise Module for Web Scripting 12 (noarch): nodejs16-docs-16.18.1-8.21.1 References: https://bugzilla.suse.com/1205568 From sle-updates at lists.suse.com Wed Nov 30 20:18:54 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 30 Nov 2022 21:18:54 +0100 (CET) Subject: SUSE-SU-2022:1758-2: Security update for glib2 Message-ID: <20221130201854.1EAA9FD2D@maintenance.suse.de> SUSE Security Update: Security update for glib2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1758-2 Rating: low References: #1183533 Cross-References: CVE-2021-28153 CVSS scores: CVE-2021-28153 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVE-2021-28153 (SUSE): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N Affected Products: SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server for SAP 12-SP4 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 9 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for glib2 fixes the following issues: - CVE-2021-28153: Fixed a dangling symlink when g_file_replace() is used with G_FILE_CREATE_REPLACE_DESTINATION (bsc#1183533). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2022-1758=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2022-1758=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2022-1758=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2022-1758=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2022-1758=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (noarch): glib2-lang-2.48.2-12.28.1 - SUSE OpenStack Cloud Crowbar 9 (x86_64): glib2-debugsource-2.48.2-12.28.1 glib2-tools-2.48.2-12.28.1 glib2-tools-debuginfo-2.48.2-12.28.1 libgio-2_0-0-2.48.2-12.28.1 libgio-2_0-0-32bit-2.48.2-12.28.1 libgio-2_0-0-debuginfo-2.48.2-12.28.1 libgio-2_0-0-debuginfo-32bit-2.48.2-12.28.1 libglib-2_0-0-2.48.2-12.28.1 libglib-2_0-0-32bit-2.48.2-12.28.1 libglib-2_0-0-debuginfo-2.48.2-12.28.1 libglib-2_0-0-debuginfo-32bit-2.48.2-12.28.1 libgmodule-2_0-0-2.48.2-12.28.1 libgmodule-2_0-0-32bit-2.48.2-12.28.1 libgmodule-2_0-0-debuginfo-2.48.2-12.28.1 libgmodule-2_0-0-debuginfo-32bit-2.48.2-12.28.1 libgobject-2_0-0-2.48.2-12.28.1 libgobject-2_0-0-32bit-2.48.2-12.28.1 libgobject-2_0-0-debuginfo-2.48.2-12.28.1 libgobject-2_0-0-debuginfo-32bit-2.48.2-12.28.1 libgthread-2_0-0-2.48.2-12.28.1 libgthread-2_0-0-32bit-2.48.2-12.28.1 libgthread-2_0-0-debuginfo-2.48.2-12.28.1 libgthread-2_0-0-debuginfo-32bit-2.48.2-12.28.1 - SUSE OpenStack Cloud 9 (x86_64): glib2-debugsource-2.48.2-12.28.1 glib2-tools-2.48.2-12.28.1 glib2-tools-debuginfo-2.48.2-12.28.1 libgio-2_0-0-2.48.2-12.28.1 libgio-2_0-0-32bit-2.48.2-12.28.1 libgio-2_0-0-debuginfo-2.48.2-12.28.1 libgio-2_0-0-debuginfo-32bit-2.48.2-12.28.1 libglib-2_0-0-2.48.2-12.28.1 libglib-2_0-0-32bit-2.48.2-12.28.1 libglib-2_0-0-debuginfo-2.48.2-12.28.1 libglib-2_0-0-debuginfo-32bit-2.48.2-12.28.1 libgmodule-2_0-0-2.48.2-12.28.1 libgmodule-2_0-0-32bit-2.48.2-12.28.1 libgmodule-2_0-0-debuginfo-2.48.2-12.28.1 libgmodule-2_0-0-debuginfo-32bit-2.48.2-12.28.1 libgobject-2_0-0-2.48.2-12.28.1 libgobject-2_0-0-32bit-2.48.2-12.28.1 libgobject-2_0-0-debuginfo-2.48.2-12.28.1 libgobject-2_0-0-debuginfo-32bit-2.48.2-12.28.1 libgthread-2_0-0-2.48.2-12.28.1 libgthread-2_0-0-32bit-2.48.2-12.28.1 libgthread-2_0-0-debuginfo-2.48.2-12.28.1 libgthread-2_0-0-debuginfo-32bit-2.48.2-12.28.1 - SUSE OpenStack Cloud 9 (noarch): glib2-lang-2.48.2-12.28.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): glib2-debugsource-2.48.2-12.28.1 glib2-tools-2.48.2-12.28.1 glib2-tools-debuginfo-2.48.2-12.28.1 libgio-2_0-0-2.48.2-12.28.1 libgio-2_0-0-debuginfo-2.48.2-12.28.1 libglib-2_0-0-2.48.2-12.28.1 libglib-2_0-0-debuginfo-2.48.2-12.28.1 libgmodule-2_0-0-2.48.2-12.28.1 libgmodule-2_0-0-debuginfo-2.48.2-12.28.1 libgobject-2_0-0-2.48.2-12.28.1 libgobject-2_0-0-debuginfo-2.48.2-12.28.1 libgthread-2_0-0-2.48.2-12.28.1 libgthread-2_0-0-debuginfo-2.48.2-12.28.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (noarch): glib2-lang-2.48.2-12.28.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (x86_64): libgio-2_0-0-32bit-2.48.2-12.28.1 libgio-2_0-0-debuginfo-32bit-2.48.2-12.28.1 libglib-2_0-0-32bit-2.48.2-12.28.1 libglib-2_0-0-debuginfo-32bit-2.48.2-12.28.1 libgmodule-2_0-0-32bit-2.48.2-12.28.1 libgmodule-2_0-0-debuginfo-32bit-2.48.2-12.28.1 libgobject-2_0-0-32bit-2.48.2-12.28.1 libgobject-2_0-0-debuginfo-32bit-2.48.2-12.28.1 libgthread-2_0-0-32bit-2.48.2-12.28.1 libgthread-2_0-0-debuginfo-32bit-2.48.2-12.28.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): glib2-debugsource-2.48.2-12.28.1 glib2-tools-2.48.2-12.28.1 glib2-tools-debuginfo-2.48.2-12.28.1 libgio-2_0-0-2.48.2-12.28.1 libgio-2_0-0-debuginfo-2.48.2-12.28.1 libglib-2_0-0-2.48.2-12.28.1 libglib-2_0-0-debuginfo-2.48.2-12.28.1 libgmodule-2_0-0-2.48.2-12.28.1 libgmodule-2_0-0-debuginfo-2.48.2-12.28.1 libgobject-2_0-0-2.48.2-12.28.1 libgobject-2_0-0-debuginfo-2.48.2-12.28.1 libgthread-2_0-0-2.48.2-12.28.1 libgthread-2_0-0-debuginfo-2.48.2-12.28.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (s390x x86_64): libgio-2_0-0-32bit-2.48.2-12.28.1 libgio-2_0-0-debuginfo-32bit-2.48.2-12.28.1 libglib-2_0-0-32bit-2.48.2-12.28.1 libglib-2_0-0-debuginfo-32bit-2.48.2-12.28.1 libgmodule-2_0-0-32bit-2.48.2-12.28.1 libgmodule-2_0-0-debuginfo-32bit-2.48.2-12.28.1 libgobject-2_0-0-32bit-2.48.2-12.28.1 libgobject-2_0-0-debuginfo-32bit-2.48.2-12.28.1 libgthread-2_0-0-32bit-2.48.2-12.28.1 libgthread-2_0-0-debuginfo-32bit-2.48.2-12.28.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (noarch): glib2-lang-2.48.2-12.28.1 - SUSE Linux Enterprise Server 12-SP2-BCL (noarch): glib2-lang-2.48.2-12.28.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): glib2-debugsource-2.48.2-12.28.1 glib2-tools-2.48.2-12.28.1 glib2-tools-debuginfo-2.48.2-12.28.1 libgio-2_0-0-2.48.2-12.28.1 libgio-2_0-0-32bit-2.48.2-12.28.1 libgio-2_0-0-debuginfo-2.48.2-12.28.1 libgio-2_0-0-debuginfo-32bit-2.48.2-12.28.1 libglib-2_0-0-2.48.2-12.28.1 libglib-2_0-0-32bit-2.48.2-12.28.1 libglib-2_0-0-debuginfo-2.48.2-12.28.1 libglib-2_0-0-debuginfo-32bit-2.48.2-12.28.1 libgmodule-2_0-0-2.48.2-12.28.1 libgmodule-2_0-0-32bit-2.48.2-12.28.1 libgmodule-2_0-0-debuginfo-2.48.2-12.28.1 libgmodule-2_0-0-debuginfo-32bit-2.48.2-12.28.1 libgobject-2_0-0-2.48.2-12.28.1 libgobject-2_0-0-32bit-2.48.2-12.28.1 libgobject-2_0-0-debuginfo-2.48.2-12.28.1 libgobject-2_0-0-debuginfo-32bit-2.48.2-12.28.1 libgthread-2_0-0-2.48.2-12.28.1 libgthread-2_0-0-32bit-2.48.2-12.28.1 libgthread-2_0-0-debuginfo-2.48.2-12.28.1 libgthread-2_0-0-debuginfo-32bit-2.48.2-12.28.1 References: https://www.suse.com/security/cve/CVE-2021-28153.html https://bugzilla.suse.com/1183533 From sle-updates at lists.suse.com Wed Nov 30 20:19:40 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 30 Nov 2022 21:19:40 +0100 (CET) Subject: SUSE-RU-2022:3389-2: moderate: Recommended update for libgcrypt Message-ID: <20221130201940.DBC83FD2D@maintenance.suse.de> SUSE Recommended Update: Recommended update for libgcrypt ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:3389-2 Rating: moderate References: #1200095 Affected Products: SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server for SAP 12-SP4 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 9 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for libgcrypt fixes the following issues: - FIPS: Auto-initialize drbg if needed. (bsc#1200095) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2022-3389=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2022-3389=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2022-3389=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2022-3389=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2022-3389=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2022-3389=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): libgcrypt-debugsource-1.6.1-16.83.1 libgcrypt20-1.6.1-16.83.1 libgcrypt20-32bit-1.6.1-16.83.1 libgcrypt20-debuginfo-1.6.1-16.83.1 libgcrypt20-debuginfo-32bit-1.6.1-16.83.1 libgcrypt20-hmac-1.6.1-16.83.1 libgcrypt20-hmac-32bit-1.6.1-16.83.1 - SUSE OpenStack Cloud 9 (x86_64): libgcrypt-debugsource-1.6.1-16.83.1 libgcrypt20-1.6.1-16.83.1 libgcrypt20-32bit-1.6.1-16.83.1 libgcrypt20-debuginfo-1.6.1-16.83.1 libgcrypt20-debuginfo-32bit-1.6.1-16.83.1 libgcrypt20-hmac-1.6.1-16.83.1 libgcrypt20-hmac-32bit-1.6.1-16.83.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): libgcrypt-debugsource-1.6.1-16.83.1 libgcrypt20-1.6.1-16.83.1 libgcrypt20-debuginfo-1.6.1-16.83.1 libgcrypt20-hmac-1.6.1-16.83.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (x86_64): libgcrypt20-32bit-1.6.1-16.83.1 libgcrypt20-debuginfo-32bit-1.6.1-16.83.1 libgcrypt20-hmac-32bit-1.6.1-16.83.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): libgcrypt-debugsource-1.6.1-16.83.1 libgcrypt20-1.6.1-16.83.1 libgcrypt20-debuginfo-1.6.1-16.83.1 libgcrypt20-hmac-1.6.1-16.83.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (s390x x86_64): libgcrypt20-32bit-1.6.1-16.83.1 libgcrypt20-debuginfo-32bit-1.6.1-16.83.1 libgcrypt20-hmac-32bit-1.6.1-16.83.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): libgcrypt-debugsource-1.6.1-16.83.1 libgcrypt20-1.6.1-16.83.1 libgcrypt20-32bit-1.6.1-16.83.1 libgcrypt20-debuginfo-1.6.1-16.83.1 libgcrypt20-debuginfo-32bit-1.6.1-16.83.1 libgcrypt20-hmac-1.6.1-16.83.1 libgcrypt20-hmac-32bit-1.6.1-16.83.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): libgcrypt-debugsource-1.6.1-16.83.1 libgcrypt20-1.6.1-16.83.1 libgcrypt20-32bit-1.6.1-16.83.1 libgcrypt20-debuginfo-1.6.1-16.83.1 libgcrypt20-debuginfo-32bit-1.6.1-16.83.1 libgcrypt20-hmac-1.6.1-16.83.1 libgcrypt20-hmac-32bit-1.6.1-16.83.1 References: https://bugzilla.suse.com/1200095 From sle-updates at lists.suse.com Wed Nov 30 20:20:25 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 30 Nov 2022 21:20:25 +0100 (CET) Subject: SUSE-SU-2022:3942-2: moderate: Security update for glibc Message-ID: <20221130202025.DEAEAFD2D@maintenance.suse.de> SUSE Security Update: Security update for glibc ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3942-2 Rating: moderate References: #1193625 #1196852 Cross-References: CVE-2015-8985 CVSS scores: CVE-2015-8985 (NVD) : 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2015-8985 (SUSE): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server for SAP 12-SP4 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 9 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for glibc fixes the following issues: - CVE-2015-8985: Fixed assertion failure in pop_fail_stack when executing a malformed regexp (bsc#1193625) - x86: fix stack alignment in pthread_cond_[timed]wait (bsc#1196852) - Recognize ppc64p7 arch to build for power7 Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2022-3942=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2022-3942=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2022-3942=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2022-3942=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): glibc-2.22-114.22.1 glibc-32bit-2.22-114.22.1 glibc-debuginfo-2.22-114.22.1 glibc-debuginfo-32bit-2.22-114.22.1 glibc-debugsource-2.22-114.22.1 glibc-devel-2.22-114.22.1 glibc-devel-32bit-2.22-114.22.1 glibc-devel-debuginfo-2.22-114.22.1 glibc-devel-debuginfo-32bit-2.22-114.22.1 glibc-locale-2.22-114.22.1 glibc-locale-32bit-2.22-114.22.1 glibc-locale-debuginfo-2.22-114.22.1 glibc-locale-debuginfo-32bit-2.22-114.22.1 glibc-profile-2.22-114.22.1 glibc-profile-32bit-2.22-114.22.1 nscd-2.22-114.22.1 nscd-debuginfo-2.22-114.22.1 - SUSE OpenStack Cloud Crowbar 9 (noarch): glibc-html-2.22-114.22.1 glibc-i18ndata-2.22-114.22.1 glibc-info-2.22-114.22.1 - SUSE OpenStack Cloud 9 (noarch): glibc-html-2.22-114.22.1 glibc-i18ndata-2.22-114.22.1 glibc-info-2.22-114.22.1 - SUSE OpenStack Cloud 9 (x86_64): glibc-2.22-114.22.1 glibc-32bit-2.22-114.22.1 glibc-debuginfo-2.22-114.22.1 glibc-debuginfo-32bit-2.22-114.22.1 glibc-debugsource-2.22-114.22.1 glibc-devel-2.22-114.22.1 glibc-devel-32bit-2.22-114.22.1 glibc-devel-debuginfo-2.22-114.22.1 glibc-devel-debuginfo-32bit-2.22-114.22.1 glibc-locale-2.22-114.22.1 glibc-locale-32bit-2.22-114.22.1 glibc-locale-debuginfo-2.22-114.22.1 glibc-locale-debuginfo-32bit-2.22-114.22.1 glibc-profile-2.22-114.22.1 glibc-profile-32bit-2.22-114.22.1 nscd-2.22-114.22.1 nscd-debuginfo-2.22-114.22.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): glibc-2.22-114.22.1 glibc-debuginfo-2.22-114.22.1 glibc-debugsource-2.22-114.22.1 glibc-devel-2.22-114.22.1 glibc-devel-debuginfo-2.22-114.22.1 glibc-locale-2.22-114.22.1 glibc-locale-debuginfo-2.22-114.22.1 glibc-profile-2.22-114.22.1 nscd-2.22-114.22.1 nscd-debuginfo-2.22-114.22.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (noarch): glibc-html-2.22-114.22.1 glibc-i18ndata-2.22-114.22.1 glibc-info-2.22-114.22.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (x86_64): glibc-32bit-2.22-114.22.1 glibc-debuginfo-32bit-2.22-114.22.1 glibc-devel-32bit-2.22-114.22.1 glibc-devel-debuginfo-32bit-2.22-114.22.1 glibc-locale-32bit-2.22-114.22.1 glibc-locale-debuginfo-32bit-2.22-114.22.1 glibc-profile-32bit-2.22-114.22.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): glibc-2.22-114.22.1 glibc-debuginfo-2.22-114.22.1 glibc-debugsource-2.22-114.22.1 glibc-devel-2.22-114.22.1 glibc-devel-debuginfo-2.22-114.22.1 glibc-locale-2.22-114.22.1 glibc-locale-debuginfo-2.22-114.22.1 glibc-profile-2.22-114.22.1 nscd-2.22-114.22.1 nscd-debuginfo-2.22-114.22.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (s390x x86_64): glibc-32bit-2.22-114.22.1 glibc-debuginfo-32bit-2.22-114.22.1 glibc-devel-32bit-2.22-114.22.1 glibc-devel-debuginfo-32bit-2.22-114.22.1 glibc-locale-32bit-2.22-114.22.1 glibc-locale-debuginfo-32bit-2.22-114.22.1 glibc-profile-32bit-2.22-114.22.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (noarch): glibc-html-2.22-114.22.1 glibc-i18ndata-2.22-114.22.1 glibc-info-2.22-114.22.1 References: https://www.suse.com/security/cve/CVE-2015-8985.html https://bugzilla.suse.com/1193625 https://bugzilla.suse.com/1196852